Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Jul 24, 2024

SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more!

Show Notes: https://securityweekly.com/asw-292

Jul 23, 2024

Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader.

Show Notes: https://securityweekly.com/bsw-357

Jul 23, 2024

Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders.

Segment resources:

Show Notes: https://securityweekly.com/asw-292

Jul 23, 2024

Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-400

Jul 23, 2024

Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms.

Show Notes: https://securityweekly.com/bsw-357

Jul 19, 2024

In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need for thorough testing and third-party risk management. Emphasizing the importance of understanding and planning for system failures, the hosts highlight the necessity for comprehensive inventories, continuous monitoring, and robust backup plans to ensure business continuity and resilience. Tune in for expert insights into mitigating the significant consequences of system failures.

Show Notes: https://securityweekly.com/swn-399

Jul 19, 2024

In this week's enterprise security news,

  1. Google is rumored to be considering acquiring Wiz for $23 BILLION
  2. ThreatConnect acquires Polarity
  3. XBOW and Sola Security are interesting new companies we’ll discuss
  4. What does “shared responsibility” actually mean?
  5. Palo Alto probably isn’t going to buy your startup
  6. Snowflake-related breaches continue getting worse
  7. MUCH less AI talk than usual
  8. Defragmenting your browser

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-368

Jul 19, 2024

On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups that almost never fail and funding that survives every market downturn.

So why are failures also breaking records? What are we getting wrong? Why are we failing?

These are the questions Richard, Katie, and I will try to answer in this segment.

Segment Resources:

Show Notes: https://securityweekly.com/esw-368

Jul 19, 2024

Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry as a whole.

We also talk myths and reality about a cybersecurity career. Can you really make $100k just a few years in? Is it really an entry level field? Are you better off entering cyber from IT or the military?

Segment Resources:

Show Notes: https://securityweekly.com/esw-368

Jul 18, 2024

Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues!

Show Notes: https://securityweekly.com/psw-835

Jul 18, 2024

Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers!

Segment Resources:

Major 3D Printer Websites:

Major 3D File libraries:

Youtube Channels:

  • Uncle Jessy
  • CnC Kitchen
  • The Edge of Tech
  • Makers Muse

Show Notes: https://securityweekly.com/psw-835

Jul 16, 2024

Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more!

Show Notes: https://securityweekly.com/asw-291

Jul 16, 2024

Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-398

Jul 16, 2024

How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-influenced tools more effective and useful in the context that developers need -- writing secure code.

Show Notes: https://securityweekly.com/asw-291

Jul 16, 2024

In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more!

Show Notes: https://securityweekly.com/bsw-356

Jul 15, 2024

Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach provides implementation guidance on the controls required to maximize your coverage, including premium discounts, higher ransomware supplements, and a reduction is deductibles. If you're struggling with cyber insurance, don't miss this interview.

Show Notes: https://securityweekly.com/bsw-356

Jul 12, 2024

Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-397

Jul 12, 2024

Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows.

Show Notes: https://securityweekly.com/psw-834

Jul 12, 2024

In this week's enterprise security news,

  1. Seed rounds are getting huge
  2. Lots of funding for niche security vendors
  3. Rapid7 acquires Noetic Cyber
  4. but Rapid7 is also rumored to sell itself!
  5. Slack battles infostealers
  6. The loss of Chevron deference impacts cyber
  7. Should cybersecurity put up a no vacancy sign?
  8. Figma and Google both make some embarrassing mistakes
  9. The RockYou2024 file does NOT contain 10 billion passwords
  10. I introduce a new news category: AI indegestion

All that and more, on this episode of Enterprise Security Weekly!

Show Notes: https://securityweekly.com/esw-367

Jul 12, 2024

I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and shadow IT. Identity is one of the most common entry points for attacks, so we've got to do better as an industry here.

We'll cover a variety of topics in this interview, including:

  • Why Henrique chose to go to Saviynt from Gartner
  • Vendor risk concentration in identity
  • Resilience in identity, especially when depending on a SaaS IdP
  • Identity attack evolution (and the creation of the ITDR category)
  • What's working in identity to move things forward, and what is holding us back

This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviynt to learn more about them!

Show Notes: https://securityweekly.com/esw-367

Jul 11, 2024

Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars.

Segment Resources:

Show Notes: https://securityweekly.com/psw-834

Jul 9, 2024

Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland, and more, are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-396

Jul 9, 2024

Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.

Segment resources

Show Notes: https://securityweekly.com/asw-290

Jul 9, 2024

In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more!

Show Notes: https://securityweekly.com/bsw-355

Jul 9, 2024

Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!

Show Notes: https://securityweekly.com/asw-290

1 2 3 4 5 6 7 Next » 59