Security Weekly Podcast Network (Audio)

First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot.

Then in the security news:

• Your vulnerability scanner is your weakest link
• Scams that almost got me
• The state of EDR is not good
• You don't need to do that on a phone or Raspberry PI
• Hash cracking and exploits
• Revisiting LG WebOS
• Hardening Docker images
• Hacking Moxa NPort
• Shoddy academ...

Still managing compliance in a spreadsheet? Don't have enough time or resources to verify your control or risk posture? And you wonder why you can't get the budget to move your compliance and risk programs forward. Maybe it's time for a different approach.

Trevor Horwitz, Founder and CISO at TrustNet joins Business Security Weekly to discuss how the evolution of Agentic AI can automate compliance and risk programs. Move beyond spre...

Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. Whether apps are created by genAI or directly use genAI, the future of securing softwa...

Segment 1 - Interview with Dr. Anand Singh

We're always thrilled to have authors join us to discuss their new book releases, and this week, it is Dr. Anand Singh. He seriously hustled to get his new book, Data Security in the Age of AI, out as soon as possible so that it could help folks dealing with securing AI rollouts right now! We'll discuss why he wrote it, how he got it done so quickly, and who needs to read it.

Segm...

This week we kick things off with a special interview: Kieran Human from Threat Locker talks about EDR bypasses and other special projects. In the security news:

• Hacking TVs
• Flushable wipes are not the only problem
• People just want to spy on their pets, except the devices can be hacked
• Linux EDR is for the birds
• What does my hat say
• we love exploits and hashes
• ESP32s in your router
• RF signal generator on a PI Zero
• Mic-E-Mouse ...

Global spending on cybersecurity products and services will see a strong 14.4% CAGR from 2024 through 2029 and will hit $302.5 billion in 2029, driven by continued concerns around cyberattacks across all verticals and geographies. But where is the spending occuring and how do you prepare?

Merritt Maxim, VP & Research Director at Forrester, joins Business Security Weekly to discuss the Global Cybersecurity Market Forecast, 2024 To 2...

Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, how it uses feedback loops for better pentests, and how they handle (and even welcome!) hallucinations.

In the news, using LLMs to find flaws, directory trav...

At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks.

In this special Enterprise Security Weekly episode, we bri...

More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabilities (67%). According to the new Future Forward: CIO 2025 Outlook report released by Experis, a global leader in IT workforce solutions and part of the Manpo...

Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs into this process without losing your focus or losing your budget.

In the news, suppl...

How identity security can keep pace with the evolving threat landscape, with Brett Winterford

Today’s threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team’s most recent investigations, as well as recom...