Best SecurityWeek Podcasts (2025)

1
Beating the AI Game, Ripple, Numerology, Darcula, Special Guests from Hidden Layer... - Malcolm Harkins, Kasimir Schulz - SWN #471 34:02

4d ago34:02

34:02

Beating the AI Game, Ripple (not that one), Numerology, Darcula, Special Guests, and More, on this edition of the Security Weekly News. Special Guests from Hidden Layer to talk about this article: https://www.forbes.com/sites/tonybradley/2025/04/24/one-prompt-can-bypass-every-major-llms-safeguards/ Show Notes: https://securityweekly.com/swn-471…

1
Hacking Crosswalks and Attacking Boilers - PSW #871 2:04:15

5d ago2:04:15

2:04:15

The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patchin…

1
ISO 42001 Certification, CIOs Struggle to Align Strategies, and CISOs Rethink Hiring - Martin Tschammer - BSW #392 1:03:55

6d ago1:03:55

1:03:55

AI Governance, the next frontier for AI Security. But what framework should you use? ISO/IEC 42001 is an international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations. It is designed for entities providing or utilizin…

1
Brains, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet - SWN #470 31:59

7d ago31:59

31:59

Brains, Scams, Elusive Comet, AI Scams, Microsoft Dog Food, Deleting Yourself, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-470

1
Managing Secrets - Vlad Matsiiako - ASW #327 1:03:03

7d ago1:03:03

1:03:03

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user…

1
Tailscale rakes it in, CVE dead to us, cool Chrome extensions, dog saves toddler - ESW #403 57:56

8d ago57:56

57:56

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story abou…

1
The past, present, and future of enterprise AI - Pravi Devineni - ESW #403 39:13

8d ago39:13

39:13

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane. Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterp…

1
Patch It Like You Stole It: Vulnerability Management Lifestyle Choices - Matthew Toussain - ESW #403 34:44

8d ago34:44

34:44

What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions tha…

1
HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet... - SWN #469 36:06

11d ago36:06

36:06

HR Chatbots, MITRE, 4chan, Oracle, Identity, Port 53, NTLM, Zambia, Josh Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-469

1
Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA... - PSW #870 2:06:35

12d ago2:06:35

2:06:35

Govt Unravelling, AI Hijinx, Bot Chaos, Recall, Oracle, Slopesquatting, Tycoon 2FA, College, who knows, a lot more... On Paul's Security Weekly. Show Notes: https://securityweekly.com/psw-870

1
Deny By Default as CISOs Battle Platform Fatigue and Show Value to the Board - Danny Jenkins - BSW #391 1:05:34

13d ago1:05:34

1:05:34

Zero Trust isn't a new concept, but not one easily implemented. How do organizations transform cybersecurity from a "default allow" model, where everything is permitted unless blocked, to a "default deny" model? Danny Jenkins, Co-founder and CEO at ThreatLocker, joins Business Security Weekly to discuss this approach. Deny by default means all acti…

1
QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland - SWN #468 35:45

14d ago35:45

35:45

QUBIT AI, Recall This, Defender, Tycoon, Slopsquatting, Feng Mengleng, Aaran Leyland, and more, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-468

1
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326 1:14:45

14d ago1:14:45

1:14:45

The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025, and where secure by design fits into all this. WAFs are delivering value in a way that orgs are relying on them more for bot management and fraud detection. But adopting phishing-resistant authentic…

1
The rise of MSSPs, CVE drama, Detection Engineering How-To & Doggie Survival Skills - ESW #402 51:20

15d ago51:20

51:20

In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn’t want to be found All that and more, on this episode of Enterprise Security Weekly. Show No…

1
What is old is new again: default deny on the endpoint - Danny Jenkins - ESW #402 36:20

15d ago36:20

36:20

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred fir…

1
I SIEM, you SIEM, we all SIEM for a Data Security Strategy - Colby DeRodeff - ESW #402 35:43

15d ago35:43

35:43

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensi…

1
Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More... - SWN #467 35:45

18d ago35:45

35:45

Win95, Shuckworm, Ottokit, DCs, EC2, IAB, OSS, Recall, Josh Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-467

1
You Should Just Patch - PSW #869 2:05:21

19d ago2:05:21

2:05:21

In the security news this week: You should really just patch things, the NVD backlog, Android phones with malware pre-installed, so convenient, keyloggers and a creepy pharmacist, snooping on federal workers, someone stole your browser history, NSA director fired, deputy director of NSA also fired, CrushFTP the saga continues, only steal the valid …

1
Balancing AI Opportunities vs. Risks to Drive Better Business Outcomes - Summer Fowler, Matt Muller - BSW #390 1:02:39

20d ago1:02:39

1:02:39

This week, it's double AI interview Monday! In our first interview, we discuss how to balance AI opportunities vs. risk. Artificial Intelligence (AI) has the potential to revolutionize how businesses operate. But with this exciting advancement comes new challenges that cannot be ignored. For proactive security and IT leaders, how do you balance the…

1
DOS, Web Cams, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Josh Marpet... - SWN #466 33:48

21d ago33:48

33:48

DOS Lives, Web Cams Gone Wild, VSCODE, Coinblack, Oracle, P&G, Satan, Sec Gemini, Shopify, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-466

1
In Search of Secure Design - ASW #325 1:07:36

21d ago1:07:36

1:07:36

We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories of flaws. But what does it mean to have a secure design and how do we get there? There are plenty of secure practices that orgs should implement are supply chains, authentication, and the SDLC. Those p…

1
Best of Cyber April Fools, Tons of Free Tools, runZero positioned to disrupt? - ESW #401 49:54

22d ago49:54

49:54

This week, in the enterprise security news, we check the vibes we check the funding we check runZero’s latest release notes tons of free tools! the latest TTPs supply chain threats certs won’t save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securitywe…

1
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401 43:15

22d ago43:15

43:15

You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the thr…

1
Soft skills for engineers - Evgeniy Kharam - ESW #401 30:15

23d ago30:15

30:15

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skil…

1
AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland... - SWN #465 30:51

25d ago30:51

30:51

AI Doomsday, Hot Robots, Google, palo Alto, Ivanti, CrushFTP, AI, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-465

1
Not-So-Secure Boot - Rob Allen - PSW #868 2:12:35

26d ago2:12:35

2:12:35

Rob Allen, Chief Product Officer at Threatlocker joins us for an interview segment on using AI in security products: What works and what's not fully baked! Then in the security news, There are more holes in your boot...loader according to Microsoft, related: Secure Boot is in danger and no one is really talking about it (still), Dear Microsoft: I d…

1
Vulnerability Prioritization Can Produce Better Business Outcomes - Greg Fitzgerald, Steve Lodin - BSW #389 33:34

27d ago33:34

33:34

Vulnerability prioritization, the final frontier. Many say they do it, but do they really? It takes way more than vulnerability data to truly prioritize vulnerabilities. Greg Fitzgerald, Co-Founder and CXO at Sevco Security, and Steve Lodin , Vice President, Information Security at Sallie Mae, join Business Security Weekly to dig in. We'll discuss …

1
Schrodinger, Lucid, Crocodilus, Wordpress, Ivanti, Oracle, Android, Josh Marpet... - SWN #464 29:24

28d ago29:24

29:24

Schrodinger's Television, Lucid, Crocodilus, Wordpress, Ivanti, Oracle, Android, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-464

1
Avoiding Appsec's Worst Practices - ASW #324 1:11:19

28d ago1:11:19

1:11:19

We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a status quo of chasing CVEs or discussing which direction to shift security. But scrutinizing decimal points in CVSS scores or rearranging tools misses the opportunity for more strategic thinking. We s…

1
The toughest decisions CISOs have to make, MCP servers, Napster's comeback - ESW #400 55:15

29d ago55:15

55:15

In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we’ve got 50% less AI and 50% more co-…

Podcasts Worth a Listen

SecurityWeek Podcasts

Podcasts Worth a Listen

Quick Reference Guide