Security Weekly Podcast Network (Video)

Episódios

• Enterprise Browers in the Age of AI as CISO Role Changes and Leaders Harness Stress - Arunesh Chandra - BSW #452 17.06.2026 46min

  The browser has become the primary gateway to work, data, and AI. In this episode, Arunesh Chandra, Head of Product, Microsoft Edge for Business at Microsoft Edges for Business, will discuss why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. Arunesh cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft Edge for Business. Visit https://securityweekly.com/edgeforbusiness to learn more about them! In the leadership and communications segment, CISO role changes as cyber-risk appetites in the C-suite grow, AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!, 6 Ways Leaders Harness Stress, and more! Show Notes: https://securityweekly.com/bsw-452
• TSME, ARCH, Maine, Fable, PANOS, Doug's Grandma, Vienna Sausages, Aaran Leyland - SWN #590 16.06.2026 34min

  TSME, ARCH, Maine, Fable, PANOS, Doug's Grandma, Vienna Sausages, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-590
• Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387 16.06.2026 1h 6min

  Agents and LLMs are creating and reviewing code. They're a new tool to help developers write software and they're a new abstraction layer for expressing what code should do. But if we're focused on determining whether code is secure, where do we focus our attention on ensuring a secure outcome? Matias Madou talks about the challenges of finding metrics to help answer these questions. We walk through many of the questions we'd like to see answered and our desire to see appsec (finally?) shift out of a find-and-fix mode into a future of secure design. Show Notes: https://securityweekly.com/asw-387
• Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463 15.06.2026 1h 31min

  Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-463
• Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, Bitlocker, Peoplesoft, and More - SWN #589 12.06.2026 31min

  Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-589
• Trolling Microsoft With Vulnerabilities - PSW #930 11.06.2026 2h 2min

  In the security news: Trolling Microsoft With Vulnerabilities Fable 5 loves guardrails Binwalk vulnerability EMBA and local models EDRChoker AI worms Interesting Arista vulnerability added to KEV BOD 26-04 and stakeholder specific vulnerability categorization Bring your own execution environment Homelab tips MikroTik routers as interceptors Ivanti Sentry and irony Smart TV botnets Privacy laws Solarwinds Serv-U lives on More Cisco SD-WAN fun! Russia can jam GPS No nudes for you says UK Government "Why would someone want to learn code when AI does it better and faster?" Show Notes: https://securityweekly.com/psw-930
• Innovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - Tony Kelly - BSW #451 10.06.2026 1h 1min

  AI is reshaping innovation as businesses embed it into core operations and move more processes online. This transformation is often seen as a tradeoff between innovation and data risk, but that assumption is wrong. Businesses can innovate and scale in the AI era while maintaining strong data security, ensuring protection, compliance, and control remain intact. Segment Resources: Check out these assets from Fortra for more information around Data Security for AI. Learn more about our Data Security suite: https://www.fortra.com/solutions/data-protection Get the ungated guide: Secure AI Innovation > https://www.fortra.com/resources/guides/secure-ai-innovation Read the blog: Staying Compliant While Using AI: What CISOs Need to Know https://www.fortra.com/blog/staying-compliant-while-using-ai-what-cisos-need-know This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! In the leadership and communications segment, Lost in translation: Cybersecurity board reporting for CISOs, AI may finally unlock the cyber budgets CISOs have wanted for years, How People Actually Get to the C-Suite in S&P 500 Companies, and more! Show Notes: https://securityweekly.com/bsw-451
• Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland... - SWN #588 09.06.2026 28min

  Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-588
• Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386 09.06.2026 1h 16min

  Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testing often stops short of the hardest part of the job: proving what is real. We dig into how business logic flaws and authorization vulnerabilities get missed by tools that scan without reasoning, what exploit validation looks like at runtime, and how security engineers are shifting toward findings that developers will actually act on. The segment is sponsored by XBOW. Visit https://securityweekly.com/xbow to see how autonomous AI pentesting delivers expert-quality findings in hours with real exploit validation your team can actually act on. Show Notes: https://securityweekly.com/asw-386
• The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462 08.06.2026 1h 37min

  Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462
• Local AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587 05.06.2026 42min

  Local AI, Salesforce, Fluttershell, Aspose, http/2 bomb, Passwords, Cisco, Used Tech, Josh Marpet, and More on this episode of the Security Weekly News Show Notes: https://securityweekly.com/swn-587
• Security Researchers Are Threat Actors - PSW #929 04.06.2026 2h 1min

  This week in the security news: Security Researchers Are Threat Actors according to Microsoft Hands-free malicious firmware If you've ever typed "ls" in Windows, this is for you Cisco makes more patches, wants you to pay Ambiguous Secure Boot bypass Threat actors love network edge devices, and I have the chat logs and leaks to prove it The downside of chip sanctions Your VoIP phone is hacked Vulnerability disclosure and incentives Claude reccovers Bitcoin wallet an Instagram "Exploit" Turn the plane around The worms will continue PAN-OS global protect vulnerability The 1-Click Github token stealer Data-nuking prompt injection Turning Buses into spies SymJack NIST NVD mistakes, and how CNAs need to up their game Show Notes: https://securityweekly.com/psw-929
• Scaling to $100M as the Security Weekly Index Hits an All Time High - Joshua Gould - BSW #450 03.06.2026 53min

  The ultimate goal, scale a company to $100M and go IPO. Easier said than done. We've seen some make it and others that get stuck. What's he difference? Joshua Gould, CEO at thebigword, joins Business Security Weekly to discuss how to scale to $100M. From startup to platform, Joshua helps us understand the challenges and how to address them. If you're a founder looking to scale, this is an interview you can't miss. Segment Resources: https://en-gb.thebigword.com/ http://www.youtube.com/@Exec_Craft https://www.linkedin.com/in/joshuadgould/ In the Security Money segment, the Security Weekly Index and NASDAQ set new records. After CyberArk's acquisition, the Security Weekly Index is now comprised of the following 24 companies: SAIL Sailpoint Inc PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies Inc FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc NTSK Netskope Inc TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems Inc VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc Show Notes: https://securityweekly.com/bsw-450
• Heraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland... - SWN #586 02.06.2026 34min

  Heraclitus Unbound, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-586
• BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR - ASW #385 02.06.2026 45min

  We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Show Notes: https://securityweekly.com/asw-385
• Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461 01.06.2026 1h 37min

  Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-461
• Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet - SWN #585 29.05.2026 32min

  Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Belief Systems, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-585
• Linux Supply Chain How-To - PSW #928 28.05.2026 2h 4min

  This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script is in his Git repo: https://github.com/pasadoorian/Linux_Hacks. In the security news: The CVE chase The new security basics Enterprises are lacking more than AI Detections are falling behind Why DOOM!?! Chromium vulnerability The ambitious Flipper One I'm still curious who was behind these leaks Mitre moves Caldera to Apache foundation Wind cybersecurity PQC updates YellowKey Bitlocker Bypass updates The software supply chain is in deep trouble Show Notes: https://securityweekly.com/psw-928
• What Security Leaders Should Expect from RSAC - Joseph Blankenship - BSW #449 27.05.2026 43min

  RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449
• Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland - SWN #584 26.05.2026 30min

  They're Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-584