Security Weekly Podcast Network (Video)

In the leadership and communications segment, Smart cybersecurity spending and how CISOs can invest where it matters, Grading CISOs: Effective Metrics and Personal Growth Strategies, The Pandemic Proved that Remote Leadership Works, and more! Show Notes: https://securityweekly.com/bsw-387

Organizations continue to suffer from security breaches, too many of which contain a human element. But there’s no consistent definition of the risk posed by human-related breaches, and recommendations are often limited to security awareness and training (SA&T). Understanding the depth and breadth of human-related breaches is critical to implementing adequate security controls within organizations. Jinan Budge, Research Director at Forrester, joins Business Security Weekly to discuss their Best Practice Report on Deconstructing Human-Element Breaches. Jinan will cover the breadth of human-related breaches, including: Social Engineering Human Error Loss/Theft of Physical Assets Social Media Compromise Insider Risk Deep Fake Scams Gen AI Misuse Narrative Attacks and why Security and Awareness Training is not the sole answer to solving human-related breaches. Join us, this discuss may get a little dicey. Segment Resources: https://www.forrester.com/blogs/breaking-down-human-element-breaches-to-improve-cybersecurity/ Show Notes: https://securityweekly.com/bsw-387

Angry Iguana, Squid Bot 9000, Bruted, 0Auth, Dragon Medical One, Clippy 2.0, CISA, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-460

The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shashank shares his research into scanning contracts for flaws, how the classes of contract flaws have changed in the last few years, and how optimistic we can be about the future of this space. Segment Resources: https://scs.owasp.org https://scs.owasp.org/sctop10/ https://solidityscan.com/web3hackhub https://www.web3isgoinggreat.com Show Notes: https://securityweekly.com/asw-322

In this week's enterprise security news, Knostic raises funding The real barriers to AI adoption for security folks What AI is really getting used for in the wild Early stage startup code bases are almost entirely AI generated Hacking your employer never seems to go well should the CISO be the chief resiliency officer? proof we still need more women in tech All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-398

It takes months to get approvals and remediate cloud issues. It can take months to fix even critical vulnerabilities! How could this be? I thought the cloud was the birthplace of agile/DevOps, and everything speedy and scalable in IT? How could cloud security be struggling so much? In this interview we chat with Marina Segal, the founder and CEO of Tamnoon - a company she founded specifically to address these problems. Segment Resources: Gartner prediction: By 2025, 75% of new CSPM purchases will be part of an integrated CNAPP offering. This highlights the growing importance of CNAPP solutions. https://www.wiz.io/academy/cnapp-vs-cspm Cloud security skills gap: Even well-intentioned teams may inadvertently leave their systems vulnerable due to the cybersecurity skills shortage. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ CNAPP market growth: The CNAPP market is expected to grow from $10.74 billion in 2025 to $59.88 billion by 2034, indicating a significant increase in demand for these solutions. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ Challenges in Kubernetes security: CSPMs and CNAPPs may have gaps in addressing Kubernetes-specific security issues, which could be relevant to the skills gap discussion. https://www.armosec.io/blog/kubernetes-security-gap-cspm-cnapp/ Addressing the skills gap: Investing in training to bridge the cybersecurity skills gap and leveraging CNAPP platforms that combine advanced tools are recommended strategies. https://www.fortinet.com/blog/business-and-technology/navigating-todays-cloud-security-challenges Tamnoon's State of Remediation 2025 report Show Notes: https://securityweekly.com/esw-398

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long? This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today. Segment resources: Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall Show Notes: https://securityweekly.com/esw-398

AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-459

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user’s need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic’s solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865

In the leadership and communications segment, CISO vs. CIO: Where security and IT leadership clash (and how to fix it), The CISO's bookshelf: 10 must-reads for security leaders, The CISO's bookshelf: 10 must-reads for security leaders, and more! Show Notes: https://securityweekly.com/bsw-386