AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Idan Plotnik, Vishal Gupta - ASW #329 Security Weekly Podcast Network (Video) podcast

Artwork

Tech News Tech News Hacking Hackingnews Security Securitynews Video Security Weekly Productions SecurityWeek

Player FM - Internet Radio Done Right

11 subscribers

اضافه شده در five سال پیش
Looks like the publisher may have taken this series offline or changed its URL. Please contact support if you believe it should be working, the feed URL is invalid, or you have any other concerns about it.

محتوای ارائه شده توسط Security Weekly Productions. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Security Weekly Productions یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

L

Lost Cultures: Living Legacies

Lost Cultures: Living Legacies podcast artwork

Lost Cultures: Living Legacies podcast artwork

1
Bermuda: The Crossroads of the Atlantic 51:57

24 روز پیش51:57

پخش در آینده

پخش در آینده

دوست داشته شد

51:57

On the Season 2 debut of Lost Cultures: Living Legacies , we travel to Bermuda, an Atlantic island whose history spans centuries and continents. Once uninhabited, Bermuda became a vital stop in transatlantic trade, a maritime stronghold, and a cultural crossroads shaped by African, European, Caribbean, and Native American influences. Guests Dr. Kristy Warren and Dr. Edward Harris trace its transformation from an uninhabited island to a strategic outpost shaped by shipwrecks, colonization, the transatlantic slave trade, and the rise and fall of empires. Plus, former Director of Tourism Gary Phillips shares the story of the Gombey tradition, a vibrant performance art rooted in resistance, migration, and cultural fusion. Together, they reveal how Bermuda’s layered past continues to shape its people, culture, and identity today. You can also find us online at ⁠travelandleisure.com/lostcultures Learn more about your ad choices. Visit podcastchoices.com/adchoices…

Security Weekly Podcast Network (Video) « »
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Idan Plotnik, Vishal Gupta - ASW #329

حدود یک سال پیش 1:03:03

اشتراک گذاری

MP4•خانه قسمت

Fetch error

Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on May 17, 2025 07:08 (28d ago)

What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.

محتوای ارائه شده توسط Security Weekly Productions. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Security Weekly Productions یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices.

Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec.

This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them!

Gen AI is being adopted faster than company’s policy and data security can keep up, and as LLM’s become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits.

Customer case studies: https://www.seclore.com/resources/customer-case-studies/

Seclore Blog: https://www.seclore.com/blog/

This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them!

Show Notes: https://securityweekly.com/asw-329

… continue reading

4527 قسمت

#Tech #News #Tech News #Hacking #Hackingnews #Security #Securitynews #Video #Security Weekly Productions #SecurityWeek

Artwork

AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Idan Plotnik, Vishal Gupta - ASW #329

Security Weekly Podcast Network (Video)

11 subscribers

published حدود یک سال پیش

اشتراک گذاری

MP4•خانه قسمت

Fetch error

Hmmm there seems to be a problem fetching this series right now. Last successful fetch was on May 17, 2025 07:08 (28d ago)

What now? This series will be checked again in the next day. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.

محتوای ارائه شده توسط Security Weekly Productions. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Security Weekly Productions یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices.

Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec.

This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them!

Gen AI is being adopted faster than company’s policy and data security can keep up, and as LLM’s become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits.

Customer case studies: https://www.seclore.com/resources/customer-case-studies/

Seclore Blog: https://www.seclore.com/blog/

This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them!

Show Notes: https://securityweekly.com/asw-329

… continue reading

4527 قسمت

#Tech #News #Tech News #Hacking #Hackingnews #Security #Securitynews #Video #Security Weekly Productions #SecurityWeek

همه قسمت ها

×

Artwork

1
Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More... - SWN #477 33:54

29 روز پیش33:54

پخش در آینده

پخش در آینده

دوست داشته شد

33:54

Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-477

Artwork

1
Ransomware in your CPU - PSW #874 1:58:19

30 روز پیش1:58:19

پخش در آینده

پخش در آینده

دوست داشته شد

1:58:19

This week in the security news: Android catches up to iOS with its own lockdown mode Just in case, there is a new CVE foundation Branch privilege injection attacks My screen is vulnerable The return of embedded devices to take over the world - 15 years later Attackers are going after MagicINFO Hacking Starlink Mitel SIP phones can be hacked Reversing with Hopper Supercharge your Ghidra with AI Pretending to be an anti-virus to bypass anti-virus macOS RCE - perfect colors End of life routers are a hackers dream, and how info sharing sucks Ransomware in your CPU Disable ASUS DriverHub Age verification and privacy concerns Show Notes: https://securityweekly.com/psw-874…

Artwork

1
CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Derek Manky, Gunter Ollmann - BSW #395 1:06:28

۴ weeks پیش1:06:28

پخش در آینده

پخش در آینده

دوست داشته شد

1:06:28

In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac . This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025? gl=1*zwbjgz* gcl aw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.* gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Show Notes: https://securityweekly.com/bsw-395…

Artwork

1
Deepfake, South Korea, Moonlander, ChineseAI, FBI, AI damages professional reputation - SWN #476 29:03

۵ weeks پیش29:03

پخش در آینده

پخش در آینده

دوست داشته شد

29:03

Deepfake porn, South Korea, Operation Moonlander, Chinese AI, FBI, AI use damages professional reputation, Joshua Marpet and More Show Notes: https://securityweekly.com/swn-476

Artwork

1
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330 1:09:38

۵ weeks پیش1:09:38

پخش در آینده

پخش در آینده

دوست داشته شد

1:09:38

Developers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't really change based on who write the code, whether human or AI. But more code means more reasons for appsec to scale its practices and figure out how to establish trust in code, packages, and designs. Rey Bango shares his experience with secure code reviews and where developer education fits in among the adoption of LLMs. As businesses rapidly embrace SaaS and AI-powered applications at an unprecedented rate, many small-to-medium sized businesses (SMBs) struggle to keep up due to complex tech stacks and limited visibility into the skyrocketing app sprawl. These modern challenges demand a smarter, more streamlined approach to identity and access management. Learn how LastPass is reimagining access control through “Secure Access Experiences” - starting with the introduction of SaaS Monitoring capabilities designed to bring clarity to even the most chaotic environments. Secure Access Experiences - https://www.lastpass.com/solutions/secure-access This segment is sponsored by LastPass. Visit https://securityweekly.com/lastpassrsac to learn more about them! Cloud Application Detection and Response (CADR) has burst onto the scene as one of the hottest categories in security, with numerous vendors touting a variety of capabilities and making promises on how bringing detection and response to the application-level will be a game changer. In this segment, Gal Elbaz, co-founder and CTO of Oligo Security, will dive into what CADR is, who it helps, and what the future will look like for this game changing technology. Segment Resources - https://www.oligo.security/company/whyoligo To see Oligo in action, please visit https://securityweekly.com/oligorsac Show Notes: https://securityweekly.com/asw-330…

Artwork

1
Secrets and their role in infrastructure security - Jawahar Sivasankaran, Chas Clawson, Sergey Gorbaty, Fernando Medrano - ESW #406 2:14:05

۵ weeks پیش2:14:05

پخش در آینده

پخش در آینده

دوست داشته شد

2:14:05

Segment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2 - Weekly Enterprise News In this week's enterprise security news, we have: Funding, mostly focused on identity security and ‘secure-by-design’ Palo Alto acquires one of the more mature AI security startups, Protect AI LimaCharlie is first with a cybersecurity-focused MCP offering Meta releases a ton of open source AI security tooling, including LlamaFirewall Exploring the state of AI in the SOC The first research on whether AI is replacing jobs is out Some CEOs are requiring employees to be more productive with AI Are prompts the new IOCs? Are puppies the new booth babes? We get closure on two previous stories we covered: one about an ex-Disney employee, and one about a tiny dog Segment 3 - Executive Interviews from RSAC CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges. CERT Water Management Case Study Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report 2025 TIP Buyer’s Guide This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo! SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps. Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations Blog: RSAC 2025 Intelligent Security Operations Brief: Sumo Logic Threat Intelligence Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world LinkedIn Live: Implications of AI in a modern defense strategy This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! Show Notes: https://securityweekly.com/esw-406…

Artwork

1
Sudo watch, AI Dreams, Kickidler, Powershool, Old Man Router, PSMU, Aaran Leyland... - SWN #475 33:52

۵ weeks پیش33:52

پخش در آینده

پخش در آینده

دوست داشته شد

33:52

Sudo watch this show, Hallucinations, Kickidler, Powershool redux, Old Man Router, PSMU, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-475

Artwork

1
Are You Down With RDP? - PSW #873 2:04:49

۵ weeks پیش2:04:49

پخش در آینده

پخش در آینده

دوست داشته شد

2:04:49

Security news for this week: RDP and credentials that are not really revoked, and some RDP bitmap caching fun Some magic info on MagicINFO Vulnerability Management Zombies There is a backdoor in your e-commerce Airborne: vulnerabilities in AirPlay Bring your own installer - crafty EDR bypass The Signal clone used by US government officials: shocker: has been hacked AI slop vulnerability reporting Bricking iPhones with a single line of code Hacking planet technology Vibe hacking for the win? Cybersecurity CEO arrested for deploying malware Hello my perverted friend FastCGI - fast, but vulnerable Chapters: 0:00 Opening and introductions 2:43 Panel introductions and conference recaps 4:46 Conference announcements and Corncon discussion 8:05 RSAC 2025 recap and vulnerability management trends 15:44 RDP credential revocation flaw in Windows 11 34:57 Apple AirPlay "wormable" vulnerabilities and third-party device risks 44:10 Signal clone breach used by US officials (TeleMessage incident) 55:38 Supply chain attack: Magento extensions backdoor 66:12 "Hello my perverted friend": Sextortion scam analysis 72:10 Security culture and phishing awareness at home 75:25 Digital signage vulnerabilities: Samsung MagicInfo 81:41 Threat hunting tradecraft and blue team operations 88:38 AI slop in vulnerability reporting and vibe hacking 98:59 Apple notification DoS and sandbox bypass 101:24 VMware licensing controversy and alternatives 107:14 CEO arrested for planting malware in hospital systems 116:06 FastCGI vulnerabilities in embedded/IoT systems 122:12 Rooting Android phones and device locking 124:08 Closing and outro Show Notes: https://securityweekly.com/psw-873…

Artwork

1
C-Suite Gaps, Cybersecurity is not Working to Solve Exposures and Supply Chain Risks - Lenny Zeltser, Dr. Aleksandr Yampolskiy - BSW #394 1:04:40

۵ weeks پیش1:04:40

پخش در آینده

پخش در آینده

دوست داشته شد

1:04:40

In the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company’s latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He’ll also explore what this launch means for Axonius’ mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Show Notes: https://securityweekly.com/bsw-394…

Artwork

1
Deepfake Porn Bots, Skype, dd, Venom Spider, CISA, IT Helpdesk, Rob Allen... - Rob Allen - SWN #474 36:47

۶ weeks پیش36:47

پخش در آینده

پخش در آینده

دوست داشته شد

36:47

Deepfake Porn Bots, Skype, dd, Venom Spider, CISA, IT Helpdesk, Rob Allen, and more on the Security Weekly News. Segment Resources: https://cybersecuritynews.com/cyber-security-company-ceo-arrested/ This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-474…

Artwork

1
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Idan Plotnik, Vishal Gupta - ASW #329 1:03:03

۶ weeks پیش1:03:03

پخش در آینده

پخش در آینده

دوست داشته شد

1:03:03

We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices. Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Gen AI is being adopted faster than company’s policy and data security can keep up, and as LLM’s become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits. Customer case studies: https://www.seclore.com/resources/customer-case-studies/ Seclore Blog: https://www.seclore.com/blog/ This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them! Show Notes: https://securityweekly.com/asw-329…

Artwork

1
2025 Security Trends: Identity, Endpoint, Cloud & the Rise of Browser Threats - Hed Kovetz, Vivek Ramachandran, Rob Allen, Jason Mical, Alex Pinto, Lori Robinson - ESW #405 1:42:44

۶ weeks پیش1:42:44

پخش در آینده

پخش در آینده

دوست داشته شد

1:42:44

Now in its 18th year, the Verizon Business DBIR is one of the industry’s longest standing and leading reports on the current cybersecurity landscape. This year’s report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac . Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint’s latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint’s Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it’s now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren’t just hacking systems anymore—they’re hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today’s most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405…

Artwork

1
Security Weekly News Interviews Leaders of NECCDC competition - SWN #473 32:02

۶ weeks پیش32:02

پخش در آینده

پخش در آینده

دوست داشته شد

32:02

Join us for a special in-person edition of the Security Weekly News! Show Notes: https://securityweekly.com/swn-473

Artwork

1
AI Tips, Tricks, and Traps! - PSW #872 1:37:21

۶ weeks پیش1:37:21

پخش در آینده

پخش در آینده

دوست داشته شد

1:37:21

The PSW crew discusses tips, tricks, and traps for using AI and LLMs. We discuss a wide range of AI-related topics, including how to utilize AI tools for writing, coding, data analysis, website design, and more! Some key takeaways include: AI has rapidly shifted from novelty to an essential tool in security and other fields. Paid AI versions offer significant advantages for professionals. Legal, ethical, and copyright questions around AI-generated content remain unresolved. Human skills, critical thinking, communication, and adaptability are more important than ever. AI is a powerful assistant, but not a replacement for expertise, creativity, or judgment. Fact-checking AI outputs and understanding bias are critical in the age of generative AI. This episode offers a comprehensive, practical, and philosophical look at how AI is reshaping security, education, and society, providing both optimism and caution for the future. Show Notes: https://securityweekly.com/psw-872…

Artwork

1
Say Easy, Do Hard - Defining Objectives and Key Results Aligned to Business Goals - BSW #393 49:58

۶ weeks پیش49:58

پخش در آینده

پخش در آینده

دوست داشته شد

49:58

In today’s ever-evolving business landscape, organizations face diverse risks, including cyber risks, that can significantly affect their operations and overall prosperity. Aligning risk management strategies with organizational objectives is crucial for effectively mitigating these potential threats and fostering sustainable growth. Easier said than done. In this Say Easy, Do Hard segment, we discuss the challenges of aligning security and risk to the business, a topic we discuss often on the show. But this time, we do the hard part, by defining Objectives and Key Results aligned to Business Goals. Show Notes: https://securityweekly.com/bsw-393…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Security Weekly News Interviews Participants and Coaches at NECCDC - SWN #472 33:34

۷ weeks پیش33:34

پخش در آینده

پخش در آینده

دوست داشته شد

33:34

Join us for a special in-person edition of the Security Weekly News! Show Notes: https://securityweekly.com/swn-472

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328 44:08

۷ weeks پیش44:08

پخش در آینده

پخش در آینده

دوست داشته شد

44:08

In this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why designs should put classes of vulns into dungeons. But we can't threat model a secure design forever and we can't oversimplify guidance for a design to be "more secure". Kalyani Pawar and Jack Cable join the discussion to provide advice on evaluating secure designs through examples of strong and weak designs we've seen over the years. We highlight the importance of designing systems to serve users and consider what it means to have a secure design with a poor UX. As we talk about the strategy and tactics of secure design, we share why framing this as a challenge in preventing dangerous errors can help devs make practical engineering decisions that improve appsec for everyone. Resources https://owasp.org/Top10/A04 2021-Insecure Design/ https://dl.acm.org/doi/10.5555/1251421.1251435 https://www.threatmodelingmanifesto.org https://www.ietf.org/rfc/rfc9700.html https://www.cisa.gov/resources-tools/resources/secure-by-design Show Notes: https://securityweekly.com/asw-328…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
The Future of Access Management - Jeff Shiner - ESW #404 39:05

۷ weeks پیش39:05

پخش در آینده

پخش در آینده

دوست داشته شد

39:05

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He’ll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. Show Notes: https://securityweekly.com/esw-404…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
The reason for Zoom's outage is crazy, huge funding amounts before RSA - ESW #404 40:37

۷ weeks پیش40:37

پخش در آینده

پخش در آینده

دوست داشته شد

40:37

In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-404…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Reviewing the Verizon 2025 Data Breach Investigations Report - ESW #404 40:42

۷ weeks پیش40:42

پخش در آینده

پخش در آینده

دوست داشته شد

40:42

In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Beating the AI Game, Ripple, Numerology, Darcula, Special Guests from Hidden Layer... - Malcolm Harkins, Kasimir Schulz - SWN #471 34:02

۷ weeks پیش34:02

پخش در آینده

پخش در آینده

دوست داشته شد

34:02

Beating the AI Game, Ripple (not that one), Numerology, Darcula, Special Guests, and More, on this edition of the Security Weekly News. Special Guests from Hidden Layer to talk about this article: https://www.forbes.com/sites/tonybradley/2025/04/24/one-prompt-can-bypass-every-major-llms-safeguards/ Show Notes: https://securityweekly.com/swn-471…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Hacking Crosswalks and Attacking Boilers - PSW #871 2:04:15

۷ weeks پیش2:04:15

پخش در آینده

پخش در آینده

دوست داشته شد

2:04:15

The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patching is not enough, auditing the PHP source code, reading the MEGA advisories, threat actors lie about data breaches (you don't say?), the data breach that Hertz, CISA warns of ransomware, some can't get Ahold of data breaches, please don't let people take control of your PC over Zoom and Paul's hot takes on: 4chan hack, the CVE program, and Microsoft Recall! Show Notes: https://securityweekly.com/psw-871…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
ISO 42001 Certification, CIOs Struggle to Align Strategies, and CISOs Rethink Hiring - Martin Tschammer - BSW #392 1:03:55

۷ weeks پیش1:03:55

پخش در آینده

پخش در آینده

دوست داشته شد

1:03:55

AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizing AI-based products or services, ensuring responsible development and use of AI systems. But how do you get certified? What's the process look like? Martin Tschammer, Head of Security at Synthesia, joins Business Security Weekly to share his ISO 42001 certification journey. From corporate culture to the witness audit, Martin walks us through the certification process and the benefits they have gained from the certification. If you're considering ISO 42001 certification, this interview is a must see. In the leadership and communications section, Are 2 CEOs Better Than 1? Here Are The Benefits and Drawbacks You Must Consider, CISOs rethink hiring to emphasize skills over degrees and experience, Why Clear Executive Communication Is a Silent Driver of Organizational Success, and more! Show Notes: https://securityweekly.com/bsw-392…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Brains, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet - SWN #470 31:59

۸ weeks پیش31:59

پخش در آینده

پخش در آینده

دوست داشته شد

31:59

Brains, Scams, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-470

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Managing Secrets - Vlad Matsiiako - ASW #327 1:03:03

۸ weeks پیش1:03:03

پخش در آینده

پخش در آینده

دوست داشته شد

1:03:03

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Show Notes: https://securityweekly.com/asw-327…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Tailscale rakes it in, CVE dead to us, cool Chrome extensions, dog saves toddler - ESW #403 57:56

۸ weeks پیش57:56

پخش در آینده

پخش در آینده

دوست داشته شد

57:56

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-403…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
The past, present, and future of enterprise AI - Pravi Devineni - ESW #403 39:13

۸ weeks پیش39:13

پخش در آینده

پخش در آینده

دوست داشته شد

39:13

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane . Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of AI and try to end on a positive or hopeful note! Show Notes: https://securityweekly.com/esw-403…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Patch It Like You Stole It: Vulnerability Management Lifestyle Choices - Matthew Toussain - ESW #403 34:44

۸ weeks پیش34:44

پخش در آینده

پخش در آینده

دوست داشته شد

34:44

What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like: disconnects between vulnerability analysts and asset owners gaps and issues in vulnerability discovery and asset management different options for workflows between security and IT: which is best? patching it like you stole it Oh, did we mention Matt built an open source vuln scanner? https://sirius.publickey.io/ Show Notes: https://securityweekly.com/esw-403…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet... - SWN #469 36:06

۸ weeks پیش36:06

پخش در آینده

پخش در آینده

دوست داشته شد

36:06

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-469

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA... - PSW #870 2:06:35

۸ weeks پیش2:06:35

پخش در آینده

پخش در آینده

دوست داشته شد

2:06:35

Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA, College, who knows, a lot more... On Paul's Security Weekly. Show Notes: https://securityweekly.com/psw-870

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Deny By Default as CISOs Battle Platform Fatigue and Show Value to the Board - Danny Jenkins - BSW #391 1:05:34

۸ weeks پیش1:05:34

پخش در آینده

پخش در آینده

دوست داشته شد

1:05:34

Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model? Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all actions are blocked by default, with only explicitly approved activities allowed. This shift enhances security, reduces vulnerabilities, and sets a new standard for protecting organizations from cyber threats. ‍ Danny will discuss how ThreatLocker not only protects your endpoints and data from zero-day malware, ransomware, and other malicious software, but provides solutions for easy onboarding, management, and eliminates the lengthy approval processes of traditional solutions. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! In the leadership and communications section, Bridging the Gap Between the CISO & the Board of Directors, CISO MindMap 2025: What do InfoSec Professionals Really Do?, How to Prevent Strategy Fatigue, and more! Show Notes: https://securityweekly.com/bsw-391…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland - SWN #468 35:45

۹ weeks پیش35:45

پخش در آینده

پخش در آینده

دوست داشته شد

35:45

QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland, and more, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-468

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326 1:14:45

۹ weeks پیش1:14:45

پخش در آینده

پخش در آینده

دوست داشته شد

1:14:45

The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. WAFs are delivering value in a way that orgs are relying on them more for bot management and fraud detection. But adopting phishing-resistant authentication solutions like passkeys and deploying WAFs still seem peripheral to secure by design principles. We discuss what's necessary for establishing a secure environment and why so many orgs still look to tools. And with LLMs writing so much code, we continue to look for ways LLMs can help appsec in addition to all the ways LLMs keep recreating appsec problems. Resources https://www.forrester.com/blogs/breaches-and-lawsuits-and-fines-oh-my-what-we-learned-the-hard-way-from-2024/ https://www.forrester.com/blogs/wafs-are-now-the-center-of-application-protection-suites/ https://www.forrester.com/blogs/are-you-making-these-devsecops-mistakes-the-four-phases-you-need-to-know-before-your-code-becomes-your-vulnerability/ In the news, crates.io logging mistake shows the errors of missing redactions, LLMs give us slopsquatting as a variation on typosquatting, CaMeL kicks sand on prompt injection attacks, using NTLM flaws as lessons for authentication designs, tradeoffs between containers and WebAssembly, research gaps in the world of Programmable Logic Controllers, and more! Show Notes: https://securityweekly.com/asw-326…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
The rise of MSSPs, CVE drama, Detection Engineering How-To & Doggie Survival Skills - ESW #402 51:20

۹ weeks پیش51:20

پخش در آینده

پخش در آینده

دوست داشته شد

51:20

In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn’t want to be found All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-402…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
What is old is new again: default deny on the endpoint - Danny Jenkins - ESW #402 36:20

۹ weeks پیش36:20

پخش در آینده

پخش در آینده

دوست داشته شد

36:20

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we’ll be talking to Threatlocker’s CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-402…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
I SIEM, you SIEM, we all SIEM for a Data Security Strategy - Colby DeRodeff - ESW #402 35:43

۹ weeks پیش35:43

پخش در آینده

پخش در آینده

دوست داشته شد

35:43

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don’t even need to give up an email address to read it! In this interview, we’ll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader’s Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More... - SWN #467 35:45

۹ weeks پیش35:45

پخش در آینده

پخش در آینده

دوست داشته شد

35:45

Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-467

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
You Should Just Patch - PSW #869 2:05:21

۹ weeks پیش2:05:21

پخش در آینده

پخش در آینده

دوست داشته شد

2:05:21

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid credit cards, another post that vanished from the Internet, hiding in NVRAM, protecting the Linux kernel, you down with MCP?, more EOL IoT, bypassing kernel protections, when are you ready for a pen test, red team and bug bounty, what EDR is really missing, and based on this story you should just patch everything all the time! Show Notes: https://securityweekly.com/psw-869…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Balancing AI Opportunities vs. Risks to Drive Better Business Outcomes - Summer Fowler, Matt Muller - BSW #390 1:02:39

۹ weeks پیش1:02:39

پخش در آینده

پخش در آینده

دوست داشته شد

1:02:39

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the need of security and privacy in AI with the opportunities that come with accelerating adoption? Matt Muller, Field CISO at Tines, joins Business Security Weekly to discuss the unprecedented challenges facing Chief Information Security Officers (CISOs) and approaches to mitigate AI's security and privacy risks. In this interview, we'll discuss ways to mitigate AI's security and privacy risks and strategies to help ease AI stress on security teams. Segment Resources: - https://www.tines.com/blog/cisos-report-addressing-ai-pressures/ - https://www.tines.com/blog/ai-enterprise-mitigate-security-privacy-risks/ In our second interview, we dig into the challenges of securing Artificial Intelligence. Are you being asked to secure AI initiatives? What questions should you be asking your developers or vendors to validate security and privacy concerns? Who better to ask than Summer Fowler, CISO at Torc Robotics, a self-driving trucking company. Summer will guide us on her AI security journey to help us understand: Regulatory requirements regarding AI Build vs. buy decisions Security considerations for both build and buy scenarios Resources to help guide you Show Notes: https://securityweekly.com/bsw-390…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
DOS, Web Cams, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Josh Marpet... - SWN #466 33:48

10 weeks پیش33:48

پخش در آینده

پخش در آینده

دوست داشته شد

33:48

DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-466

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
In Search of Secure Design - ASW #325 1:07:36

10 weeks پیش1:07:36

پخش در آینده

پخش در آینده

دوست داشته شد

1:07:36

We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure design and how do we get there? There are plenty of secure practices that orgs should implement are supply chains, authentication, and the SDLC. Those practices address important areas of risk, but only indirectly influence a secure design. We look at tactics from coding styles to design councils as we search for guidance that makes software more secure. Segment resources https://owasp.org/Top10/A04 2021-Insecure Design/ https://www.cisa.gov/securebydesign/pledge https://www.cisa.gov/securebydesign https://kccnceu2025.sched.com/event/1xBJR/keynote-rust-in-the-linux-kernel-a-new-era-for-cloud-native-performance-and-security-greg-kroah-hartman-linux-kernel-maintainer-fellow-the-linux-foundation https://newsletter.pragmaticengineer.com/p/how-linux-is-built-with-greg-kroah https://daniel.haxx.se/blog/2025/04/07/writing-c-for-curl/ Show Notes: https://securityweekly.com/asw-325…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Best of Cyber April Fools, Tons of Free Tools, runZero positioned to disrupt? - ESW #401 49:54

10 weeks پیش49:54

پخش در آینده

پخش در آینده

دوست داشته شد

49:54

This week, in the enterprise security news, we check the vibes we check the funding we check runZero’s latest release notes tons of free tools! the latest TTPs supply chain threats certs won’t save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401 43:15

10 weeks پیش43:15

پخش در آینده

پخش در آینده

دوست داشته شد

43:15

You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs Show Notes: https://securityweekly.com/esw-401…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
Soft skills for engineers - Evgeniy Kharam - ESW #401 30:15

10 weeks پیش30:15

پخش در آینده

پخش در آینده

دوست داشته شد

30:15

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything , as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book Show Notes: https://securityweekly.com/esw-401…

S

Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video) podcast artwork

1
AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland... - SWN #465 30:51

10 weeks پیش30:51

پخش در آینده

پخش در آینده

دوست داشته شد

30:51

AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-465

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

به بیش از 500 موضوع گوش کنید

راهنمای مرجع سریع

پادکست های برتر

Timche podcast | پادکست اقتصادی تیمچه

طنزپردازی | tanzpardazi

نود و هشت، پنجاه و سه

GoushFilm | گوش‌فیلم

Alireza Nourizadeh

رادیو فردا

ChannelB پادکست فارسی

در حین کاوش به این نمایش گوش دهید