Security Weekly Podcast Network (Audio)

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year’s conference. In this episode: -You Don’t Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at “the speed of relevance.” -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape.   Segment Resources ThreatLocker® Defense Against Configurations (DAC): https://www.threatlocker.com/platform/defense-against-configurations Book a demo to see DAC in action. Visit https://securityweekly.com/threatlockerisw to learn more! This segment is sponsored by Ridge IT Cyber. Visit https://securityweekly.com/ridgeisw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-435

Aaron Leland, a security practitioner, and Josh Marpet, an expert in SIM swapping, delve into the crucial topic of mobile device security and strategies for handling phone loss. They share personal theft stories, highlighting the urgency of being prepared while traveling. The duo discusses immediate response tactics, from bricking phones to utilizing Find My iPhone. Practical advice includes using strong passcodes, protecting critical apps with biometrics, and having a disaster plan in place. Tune in for expert insights on safeguarding your digital life!

Dive into the fascinating world of vibe coding as Paul shares his hands-on experiment with a Python Flask app. He reveals how AI, particularly Claude, generated extensive documentation and code, while discussing methodologies for creating and securing software. The team debates the balance between vibe coding and hand-coding, explores the integration of various exploit databases, and emphasizes the importance of human oversight in AI development. Get ready for insights on using AI to enhance productivity in software creation!

The Security Weekly 25 index hits near all-time highs, reflecting a strong NASDAQ performance. Excitingly, Netskope's IPO is ensuring stability in the index despite upcoming acquisitions. AI is the hot topic, with funding shifting towards security driven by artificial intelligence. The panel debates the risks of prioritizing short-term profits and highlights the need for AI specialists on boards. They stress that AI should assist rather than replace human decision-making, and provide practical tips on crafting effective prompts.

In this engaging conversation, Dr. Shakour Abuzneid, Director of Computer Science and Cybersecurity at Roger Williams University, shares insights on AI's transformative impact on education. He discusses vulnerable jobs and the ethical implications of AI in the workforce, including its dual role in cybersecurity. Shakour emphasizes the importance of human oversight in the face of AI's limitations and advocates for AI literacy across disciplines. He also highlights the need for regulation, addressing privacy concerns and bias in AI technologies.

Explore the world of secure coding with insights on the OWASP Top 10 and security program strategies. Co-hosts compare the importance of secure by design versus merely passing scanner results. They debate the use of fuzzing and the dangers of homegrown cryptography. Learn about integrating security practices into developer workflows and making security context relevant to user stories. Delve into threat modeling and best practices for embedding security in software development while balancing business needs.

Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources: https://seemplicity.io/papers/the-2025-remediation-operations-report/ https://seemplicity.io/news/seemplicity-releases-2025-remediation-operations-report-91-of-organizations-experience-delays-in-vulnerability-remediation/ https://seemplicity.io/blog/2025-remediation-operations-report-organizations-still-struggle/   Topic Segment: Thoughts on Anthropic's latest security report Ex-SC Media journalist Derek Johnson did a great job writing this one up over at Cyberscoop: China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work There are a number of interesting questions that have been raised here. Some want more technical details and question the report's conclusions. How automated was it, really? I found it odd that Anthropic's CEO was on 60 minutes the same week, talking about how dangerous AI is (which is his company's primary and only product). I think one of the more interesting things to discuss is how Anthropic has based its identity and brand on AI safety. While so many other SaaS companies appear to be doing the bare minimum to stop attacks against their customers, Anthropic is putting significant resources into testing for future threats and discovering active attacks.   News Segment Finally, in the enterprise security news, vendor layoffs have started again the sins of security vendor research the pillars of the Internet are burning selling out to North Korea isn’t worth what they’re paying you ransom payments, in 24 easy installments? a breach handled the right way we probably shouldn’t be putting LLMs into kids toys ordering coffee from the terminal All that and more, on this episode of Enterprise Security Weekly.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-434

Join security professional Josh Marpet as he dives into the intriguing world of voice-activated AI, highlighting the risks of voice prompt injection and its potential exploitation. He also tackles the implications of ransomware groups shifting to cloud tools. Other hot topics include the alarming vulnerabilities of SonicWall and WhatsApp’s profile data leak, revealing critical privacy risks. Plus, discover how Roblox plans to use AI for chat safety amidst growing concerns over child protection. A discussion full of timely insights awaits!

Dive into the chaos of recent tech security news, from a Cloudflare outage to Logitech's alarming breach. Discover the irony of hacking Linux through malware scanners and explore the potential of robotic vacuums as hacking platforms. High school junior Bryce Owen shares his journey in creating a unique DEF CON Space Badge that features mesh networking and gameplay mechanics. Learn about the challenges of badge production, and the exciting future of Linux desktops. It's a wild ride through tech, security, and innovation!

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422