Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
Checked 3d ago
Додано five роки тому
Looks like the publisher may have taken this series offline or changed its URL. Please contact support if you believe it should be working, the feed URL is invalid, or you have any other concerns about it.
Вміст надано Security Weekly Productions. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Security Weekly Productions або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Схожі до Security Weekly Podcast Network (Audio)
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k343
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Join us for a special hang stream!
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
Подкасти, які варто послухати
РЕКЛАМА
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/series-3594218">The Innovators & Investors Podcast</a></span>
The Innovators & Investors Podcast: Connecting the Startup Ecosystem. We are on a mission to bridge the gap between founders, investors, and industry leaders across the early-stage ecosystem. By bringing together visionaries from cutting-edge startups, venture capitalists, family offices, angel investors, accelerators, and studios, we offer a platform for sharing invaluable insights, market trends, and first-hand experiences. Whether you’re an entrepreneur navigating the challenges of building a business or an investor seeking opportunities in emerging technologies, our podcast provides a front-row seat to the dynamic world of innovation and investment. Tune in to gain a comprehensive understanding of the startup landscape, stay ahead of the curve, and benefit from the collective wisdom of those shaping the future. Think you'd be a great guest on the show? Apply at https://finstratmgmt.com/innovators-investors-podcast/
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313
Fetch error
Hmmm there seems to be a problem fetching this series right now.
Last successful fetch was on May 31, 2025 10:22 (
What now? This series will be checked again in the next hour. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 461089358 series 2591184
Вміст надано Security Weekly Productions. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Security Weekly Productions або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambiguous requirements. Ixchel Ruiz shares her experience is discussing software designs, the challenges in prioritizing dev efforts, and how to help open source project maintainers with their issue backlog.
Segment resources:
Design lessons from PyPI's Quarantine capability, effective ways for appsec to approach phishing, why fishshell is moving to Rust component by component (and why that's a good thing!), what behaviors the Cyber Trust Mark might influence, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-313
3225 епізодів
Поширити
Fetch error
Hmmm there seems to be a problem fetching this series right now.
Last successful fetch was on May 31, 2025 10:22 (
What now? This series will be checked again in the next hour. If you believe it should be working, please verify the publisher's feed link below is valid and includes actual episode links. You can contact support to request the feed be immediately fetched.
Manage episode 461089358 series 2591184
Вміст надано Security Weekly Productions. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Security Weekly Productions або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambiguous requirements. Ixchel Ruiz shares her experience is discussing software designs, the challenges in prioritizing dev efforts, and how to help open source project maintainers with their issue backlog.
Segment resources:
Design lessons from PyPI's Quarantine capability, effective ways for appsec to approach phishing, why fishshell is moving to Rust component by component (and why that's a good thing!), what behaviors the Cyber Trust Mark might influence, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-313
3225 епізодів
Усі епізоди
×
S
Security Weekly Podcast Network (Audio)
1 Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland... - SWN #481 33:15
Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-481
S
Security Weekly Podcast Network (Audio)
1 It's A Trap! - PSW #876 2:02:39
2:02:39 
Відтворити Пізніше 
Відтворити Пізніше 
Списки 
Подобається 
Подобається2:02:39
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяIn the security news: Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM swapping is still happening LoRa for C2 Russian drones use Telegram Flipper Zero mod for the LOLZ Signal blocks Recall CISA loses more people Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-876…
S
Security Weekly Podcast Network (Audio)
1 Quantum Readiness & Zero Trust: Strategies to Strengthen Digital Resilience - Jordan Avnaim, Chris Hickman, Amit Sinha, Albert Estevez Polo - BSW #397 1:07:59
1:07:59 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:07:59
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяThis segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional firewalls. From cutting-edge innovations to expert insights, discover what security leaders should prioritize to stay ahead of evolving threats. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerorsac to learn more about them! In this segment, Keyfactor CSO Chris Hickman takes stock of industry progress towards quantum-resistant cryptography. Using recent guidance from NIST and his company’s data on which certificates and keys pose the largest threats to organization now, Chris unpacks what it means to be risk intelligent and quantum safe. Segment Resources: • Command Risk Intelligence press release: https://www.keyfactor.com/press-releases/keyfactor-unveils-worlds-first-certificate-risk-management-solution/ • Recent blog post on the transition to PQC: https://www.keyfactor.com/blog/getting-quantum-ready-why-2030-matters-for-post-quantum-cryptography/ To learn more about the road to being quantum ready, stop by Keyfactor’s booth at the conference, number #748, or visit: https://securityweekly.com/keyfactorrsac As cyber threats become increasingly difficult to detect and the technology to combat them continues to evolve, organizations must be prepared to move faster than ever. Looking ahead, the rise of post-quantum computing will bring both new opportunities and challenges, further reshaping the cybersecurity landscape. With the launch of Entrust’s Cryptographic Security Platform (announcement coming April 16th) as a backdrop, Jordan can discuss why all organizations – large and small – must prioritize post-quantum preparedness before it’s too late. He can also address emerging fraud technologies (e.g., deepfakes, GenAI) and fraud attacks (account takeovers, synthetic identities, impersonation), which are drawing more attention to the need for cyber-resilient methods, such as post-quantum cryptography, to protect against new fraud risks in the digital future. This segment is sponsored by Entrust. Visit https://securityweekly.com/entrustrsac to learn more about them! As quantum computing advances, the security foundations of our digital world face unprecedented challenges. This session explores how integrating Public Key Infrastructure (PKI) and Domain Name System (DNS) technologies can fortify digital trust in the quantum era. We'll delve into strategies for transitioning to post-quantum cryptography, ensuring interoperability, and maintaining the integrity of digital communications. Join us to understand the roadmap for achieving quantum resilience and safeguarding the future of digital trust. Segment Resources: https://www.digicert.com/what-is-pki https://www.digicert.com/faq/dns https://www.digicert.com/faq/dns/what-is-dns https://www.linkedin.com/posts/amitsinha digitaltrust-trustsummit-pki-activity-7315749270505037824-lUBf?utm source=share&utm medium=member desktop&rcm=ACoAAAC22mYBCeB_s0YvGTVQsGiChh7wRXa4jRg https://www.digicert.com/blog/compliance-the-foundation-of-digital-trust https://www.digicert.com/blog/digital-trust-as-an-it-imperative This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-397…
S
Security Weekly Podcast Network (Audio)
1 AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more... - SWN #480 35:14
AP Tests, Hyper-V, Notepad, Google, Nova Scotia, NHI, Bond, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-480
S
Security Weekly Podcast Network (Audio)
1 AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332 1:04:35
1:04:35 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:04:35
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap. Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.com/armorcodersac to request a demo! As 'vibe coding", the practice of using AI tools with specialized coding LLMs to develop software, is making waves, what are the implications for security teams? How can this new way of developing applications be made secure? Or have the horses already left the stable? Segment Resources: https://www.backslash.security/press-releases/backslash-security-reveals-in-new-research-that-gpt-4-1-other-popular-llms-generate-insecure-code-unless-explicitly-prompted https://www.backslash.security/blog/vibe-securing-4-1-pillars-of-appsec-for-vibe-coding This segment is sponsored by Backslash. Visit https://securityweekly.com/backslashrsac to learn more about them! The rise of AI has largely mirrored the early days of open source software. With rapid adoption amongst developers who are trying to do more with less time, unmanaged open source AI presents serious risks to organizations. Brian Fox, CTO & Co-founder of Sonatype, will dive into the risks associated with open source AI and best practices to secure it. Segment Resources: https://www.sonatype.com/solutions/open-source-ai https://www.sonatype.com/blog/beyond-open-vs.-closed-understanding-the-spectrum-of-ai-transparency https://www.sonatype.com/resources/whitepapers/modern-development-in-ai-era This segment is sponsored by Sonatype. Visit https://securityweekly.com/sonatypersac to learn more about Sonatype's AI SCA solutions! The surge in AI agents is creating a vast new cyber attack surface with Non-Human Identities (NHIs) becoming a prime target. This segment will explore how SandboxAQ's AQtive Guard Discover platform addresses this challenge by providing real-time vulnerability detection and mitigation for NHIs and cryptographic assets. We'll discuss the platform's AI-driven approach to inventory, threat detection, and automated remediation, and its crucial role in helping enterprises secure their AI-driven future. To take control of your NHI security and proactively address the escalating threats posed by AI agents, visit https://securityweekly.com/sandboxaqrsac to schedule an early deployment and risk assessment. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-332…
S
Security Weekly Podcast Network (Audio)
1 Reality check on SOC AI; Enterprise News; runZero and Imprivata RSAC interviews - Erik Bloch, HD Moore, Joel Burleson-Davis - ESW #408 1:49:38
1:49:38 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:49:38
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяSegment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn’t unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what’s required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac . After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata’s partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408…
S
Security Weekly Podcast Network (Audio)
1 Keyboards, 3am, TikTok, LummaC2, Cityworks, Honeypots, Fancy Bear, Aaran Leyland... - SWN #479 33:37
Keyboards, 3 am, TikTok, LummaC2, Cityworks, Honeypots, Fancy Bear, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-479
S
Security Weekly Podcast Network (Audio)
1 Malware Laced Printer Drivers - PSW #875 2:01:59
2:01:59 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається2:01:59
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяThis week in the security news: Malware-laced printer drivers Unicode steganography Rhode Island may sue Deloitte for breach. They may even win. Japan's active cyber defense law Stop with the ping LLMs replace Stack Overflow - ya don't say? Aggravated identity theft is aggravating Ivanti DSM and why you shouldn't use it EDR is still playing cat and mouse with malware There's a cellular modem in your solar gear Don't slack on securing Slack XSS in your mail SIM swapping and the SEC Ivanti and libraries Supercomputers in space! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-875…
S
Security Weekly Podcast Network (Audio)
1 CISO Cheat Sheet, as Role Evolves and vCISO is Viable, Cobalt Strike and Resilience - Theresa Lanowitz, Rohit Dhamankar - BSW #396 1:17:08
1:17:08 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:17:08
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяIn the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra’s collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide. Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them! Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-396…
S
Security Weekly Podcast Network (Audio)
1 WSL, Defendnot, Clippy, Crawlomatic, Take It Down, Pwn2Own, Aaran Leyland, and More.. - SWN #478 34:55
WSL, Defendnot, Clippy, Crawlomatic, Take It Down, Pwn2Own, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-478
S
Security Weekly Podcast Network (Audio)
1 Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331 1:01:48
1:01:48 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:01:48
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяIn the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io’s solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization’s entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331…
S
Security Weekly Podcast Network (Audio)
1 The State of Cybersecurity Readiness for the Next Big Emergency - David Aviv, Bri Frost, Marshall Erwin - ESW #407 2:12:42
2:12:42 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається2:12:42
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяSegment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407…
S
Security Weekly Podcast Network (Audio)
1 Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More... - SWN #477 33:54
Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-477
S
Security Weekly Podcast Network (Audio)
1 Ransomware in your CPU - PSW #874 1:58:19
1:58:19 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:58:19
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяThis week in the security news: Android catches up to iOS with its own lockdown mode Just in case, there is a new CVE foundation Branch privilege injection attacks My screen is vulnerable The return of embedded devices to take over the world - 15 years later Attackers are going after MagicINFO Hacking Starlink Mitel SIP phones can be hacked Reversing with Hopper Supercharge your Ghidra with AI Pretending to be an anti-virus to bypass anti-virus macOS RCE - perfect colors End of life routers are a hackers dream, and how info sharing sucks Ransomware in your CPU Disable ASUS DriverHub Age verification and privacy concerns Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-874…
S
Security Weekly Podcast Network (Audio)
1 CISO Communication and Hiring, as they Combat Threat and Penetration Testing Trends - Gunter Ollmann, Derek Manky - BSW #395 1:06:28
1:06:28 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:06:28
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяIn the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet’s FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac . This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025? gl=1*zwbjgz* gcl aw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.* gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395…
S
Security Weekly Podcast Network (Audio)
1 Deepfake, South Korea, Moonlander, ChineseAI, FBI, AI damages professional reputation - SWN #476 29:03
Deepfake porn, South Korea, Operation Moonlander, Chinese AI, FBI, AI use damages professional reputation, Joshua Marpet and More Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-476
S
Security Weekly Podcast Network (Audio)
1 Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330 1:09:38
1:09:38 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:09:38
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяDevelopers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't really change based on who write the code, whether human or AI. But more code means more reasons for appsec to scale its practices and figure out how to establish trust in code, packages, and designs. Rey Bango shares his experience with secure code reviews and where developer education fits in among the adoption of LLMs. As businesses rapidly embrace SaaS and AI-powered applications at an unprecedented rate, many small-to-medium sized businesses (SMBs) struggle to keep up due to complex tech stacks and limited visibility into the skyrocketing app sprawl. These modern challenges demand a smarter, more streamlined approach to identity and access management. Learn how LastPass is reimagining access control through “Secure Access Experiences” - starting with the introduction of SaaS Monitoring capabilities designed to bring clarity to even the most chaotic environments. Secure Access Experiences - https://www.lastpass.com/solutions/secure-access This segment is sponsored by LastPass. Visit https://securityweekly.com/lastpassrsac to learn more about them! Cloud Application Detection and Response (CADR) has burst onto the scene as one of the hottest categories in security, with numerous vendors touting a variety of capabilities and making promises on how bringing detection and response to the application-level will be a game changer. In this segment, Gal Elbaz, co-founder and CTO of Oligo Security, will dive into what CADR is, who it helps, and what the future will look like for this game changing technology. Segment Resources - https://www.oligo.security/company/whyoligo To see Oligo in action, please visit https://securityweekly.com/oligorsac Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-330…
S
Security Weekly Podcast Network (Audio)
1 Secrets and their role in infrastructure security - Jawahar Sivasankaran, Chas Clawson, Sergey Gorbaty, Fernando Medrano - ESW #406 2:14:05
2:14:05 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається2:14:05
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяSegment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2 - Weekly Enterprise News In this week's enterprise security news, we have: Funding, mostly focused on identity security and ‘secure-by-design’ Palo Alto acquires one of the more mature AI security startups, Protect AI LimaCharlie is first with a cybersecurity-focused MCP offering Meta releases a ton of open source AI security tooling, including LlamaFirewall Exploring the state of AI in the SOC The first research on whether AI is replacing jobs is out Some CEOs are requiring employees to be more productive with AI Are prompts the new IOCs? Are puppies the new booth babes? We get closure on two previous stories we covered: one about an ex-Disney employee, and one about a tiny dog Segment 3 - Executive Interviews from RSAC CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges. CERT Water Management Case Study Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report 2025 TIP Buyer’s Guide This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo! SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps. Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations Blog: RSAC 2025 Intelligent Security Operations Brief: Sumo Logic Threat Intelligence Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world LinkedIn Live: Implications of AI in a modern defense strategy This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-406…
S
Security Weekly Podcast Network (Audio)
1 Sudo watch, AI Dreams, Kickidler, Powershool, Old Man Router, PSMU, Aaran Leyland... - SWN #475 33:52
Sudo watch this show, Hallucinations, Kickidler, Powershool redux, Old Man Router, PSMU, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-475
S
Security Weekly Podcast Network (Audio)
1 Are You Down With RDP? - PSW #873 2:04:49
2:04:49 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається2:04:49
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяSecurity news for this week: RDP and credentials that are not really revoked, and some RDP bitmap caching fun Some magic info on MagicINFO Vulnerability Management Zombies There is a backdoor in your e-commerce Airborne: vulnerabilities in AirPlay Bring your own installer - crafty EDR bypass The Signal clone used by US government officials: shocker: has been hacked AI slop vulnerability reporting Bricking iPhones with a single line of code Hacking planet technology Vibe hacking for the win? Cybersecurity CEO arrested for deploying malware Hello my perverted friend FastCGI - fast, but vulnerable Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-873…
S
Security Weekly Podcast Network (Audio)
1 C-Suite Gaps, Cybersecurity is not Working to Solve Exposures and Supply Chain Risks - Dr. Aleksandr Yampolskiy, Lenny Zeltser - BSW #394 1:04:40
1:04:40 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:04:40
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяIn the leadership and communications section, The C-suite gap that's putting your company at risk, CISOs band together to urge world governments to harmonize cyber rules, Cybersecurity is Not Working: Time to Try Something Else, and more! Organizations are increasingly threatened by cyberattacks originating from their suppliers. Existing tools (like EDR, MDR, and XDR) effectively handle threats within an organization, but leave a gap regarding third-party risk. SecurityScorecard created the Supply Chain Detection and Response category to empower organizations to shift from being reactive and uncertain to confidently and proactively protecting their entire supply chain. What is Supply Chain Detection and Response (SCDR)?: https://securityscorecard.com/blog/what-is-supply-chain-detection-and-response/ Learn more about continuous supply chain cyber risk detection and response: https://securityscorecard.com/why-securityscorecard/supply-chain-detection-response/ Claim Your Free SCDR Assessment: https://securityscorecard.com/get-started-scdr/#form This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecardrsac for more information on how SecurityScorecard MAX and Supply Chain Detection and Response can help your organization identify and resolve supply chain risks. In this interview, Axonius CISO Lenny Zeltser shares the vision behind Axonius Exposures, the company’s latest innovation in unified risk management. Launched ahead of RSA Conference 2025, Exposures tackles one of the most persistent challenges in cybersecurity today: making sense of fragmented risk signals to drive confident, actionable decision-making. Lenny will discuss how Exposures unifies security findings, asset intelligence, and business context in a single platform — giving security teams the clarity and automation they need to prioritize what truly matters. He’ll also explore what this launch means for Axonius’ mission, the evolution of cyber asset management, and how organizations can move from reactive security postures to proactive, risk-based strategies. Want to see how Axonius Exposures gives you the clarity to take action on your most critical risks? Visit https://securityweekly.com/axoniusrsac to learn more and schedule a personalized demo. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-394…
S
Security Weekly Podcast Network (Audio)
1 Deepfake Porn Bots, Skype, dd, Venom Spider, CISA, IT Helpdesk, Rob Allen... - Rob Allen - SWN #474 36:47
Deepfake Porn Bots, Skype, dd, Venom Spider, CISA, IT Helpdesk, Rob Allen, and more on the Security Weekly News. Segment Resources: https://cybersecuritynews.com/cyber-security-company-ceo-arrested/ This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-474…
S
Security Weekly Podcast Network (Audio)
1 AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329 1:03:03
1:03:03 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:03:03
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяWe catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But perhaps more surprising (and more unfortunate) is how much the adoption of LLMs has increased the attack surface within orgs. The news is heavy on security issues from MCPs and a novel alignment bypass against LLMs. Not everything is genAI as we cover some secure design topics from the Airborne attack against Apple's AirPlay to more calls for companies to show how they're embracing secure design principles and practices. Apiiro CEO & Co-Founder, Idan Plotnik discusses the AI problem in AppSec. This segment is sponsored by Apiiro. Visit https://securityweekly.com/apiirorsac to learn more about them! Gen AI is being adopted faster than company’s policy and data security can keep up, and as LLM’s become more integrated into company systems and uses leverage more AI enabled applications, they essentially become unintentional data exfiltration points. These tools do not differentiate between what data is sensitive and proprietary and what is not. This interview will examine how the rapid adoption of Gen AI is putting sensitive company data at risk, and the data security considerations and policies organizations should implement before, if, and when their employees may seek to adopt a Gen AI tools to leverage some of their undeniable workplace benefits. Customer case studies: https://www.seclore.com/resources/customer-case-studies/ Seclore Blog: https://www.seclore.com/blog/ This segment is sponsored by Seclore. Visit https://securityweekly.com/seclorersac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-329…
S
Security Weekly Podcast Network (Audio)
1 2025 Security Trends: Identity, Endpoint, Cloud & the Rise of Browser Threats - Jason Mical, Lori Robinson, Hed Kovetz, Rob Allen, Vivek Ramachandran, Alex Pinto - ESW #405 1:42:43
1:42:43 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:42:43
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяNow in its 18th year, the Verizon Business DBIR is one of the industry’s longest standing and leading reports on the current cybersecurity landscape. This year’s report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac . Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint’s latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint’s Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it’s now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren’t just hacking systems anymore—they’re hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today’s most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405…
S
Security Weekly Podcast Network (Audio)
Join us for a special in-person edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-473
S
Security Weekly Podcast Network (Audio)
1 AI Tips, Tricks, and Traps! - PSW #872 1:37:21
1:37:21 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається1:37:21
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяThe PSW crew discusses tips, tricks, and traps for using AI and LLMs. We discuss a wide range of AI-related topics, including how to utilize AI tools for writing, coding, data analysis, website design, and more! Some key takeaways include: AI has rapidly shifted from novelty to an essential tool in security and other fields. Paid AI versions offer significant advantages for professionals. Legal, ethical, and copyright questions around AI-generated content remain unresolved. Human skills, critical thinking, communication, and adaptability are more important than ever. AI is a powerful assistant, but not a replacement for expertise, creativity, or judgment. Fact-checking AI outputs and understanding bias are critical in the age of generative AI. This episode offers a comprehensive, practical, and philosophical look at how AI is reshaping security, education, and society, providing both optimism and caution for the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-872…
S
Security Weekly Podcast Network (Audio)
1 Say Easy, Do Hard - Defining Objectives and Key Results Aligned to Business Goals - BSW #393 49:58
In today’s ever-evolving business landscape, organizations face diverse risks, including cyber risks, that can significantly affect their operations and overall prosperity. Aligning risk management strategies with organizational objectives is crucial for effectively mitigating these potential threats and fostering sustainable growth. Easier said than done. In this Say Easy, Do Hard segment, we discuss the challenges of aligning security and risk to the business, a topic we discuss often on the show. But this time, we do the hard part, by defining Objectives and Key Results aligned to Business Goals. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-393…
S
Security Weekly Podcast Network (Audio)
Join us for a special in-person edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-472
S
Security Weekly Podcast Network (Audio)
In this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why designs should put classes of vulns into dungeons. But we can't threat model a secure design forever and we can't oversimplify guidance for a design to be "more secure". Kalyani Pawar and Jack Cable join the discussion to provide advice on evaluating secure designs through examples of strong and weak designs we've seen over the years. We highlight the importance of designing systems to serve users and consider what it means to have a secure design with a poor UX. As we talk about the strategy and tactics of secure design, we share why framing this as a challenge in preventing dangerous errors can help devs make practical engineering decisions that improve appsec for everyone. Resources https://owasp.org/Top10/A04 2021-Insecure Design/ https://dl.acm.org/doi/10.5555/1251421.1251435 https://www.threatmodelingmanifesto.org https://www.ietf.org/rfc/rfc9700.html https://www.cisa.gov/resources-tools/resources/secure-by-design Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-328…
S
Security Weekly Podcast Network (Audio)
1 The Future of Access Management - Jeff Shiner - ESW #404 2:00:22
2:00:22 Відтворити Пізніше Відтворити Пізніше Списки Подобається Подобається2:00:22
Відтворити Пізніше Відтворити Пізніше Списки Подобається ПодобаєтьсяAs organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He’ll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404…
Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.
Daily Deals
Схожі до Security Weekly Podcast Network (Audio)
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k343
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Join us for a special hang stream!
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
