Security Weekly Podcast Network (Audio)

Segment 1: Interview with Thyaga Vasudevan

Hybrid by Design: Zero Trust, AI, and the Future of Data Control

AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it mov...

In the security news:

• Rainbow tables for everyone
• Lilygo releases a new T-Display that looks awesome
• AI generated malware for real
• Detecting BadUSB when its not a dongle
• A telnetd vulnerability
• Google Fast Pair and how I took control of your headset
• Should we make CVE noise?
• Exploiting the Fortinet patch
• DIY data diode
• Bambu NFC reader for your Flipper
• Payloads in PNG files
• Don't leave the lab door open - amazing research and ...

Key emerging risks include cybersecurity (41%) and Generative AI (Gen AI) (35%), both of which present challenges in skill development and retention. The growing reliance on external providers reflects these gaps. In two years, strategic risk has fallen 10% as technological advancements have shifted auditors’ attention away from strategy. So what are the top concerns?

Tim Lietz, National Practice Leader Internal Audit Risk & Compli...

Segment 1 with Beck Norris - Making vulnerability management actually work

Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately s...

Miss Cleo, Whisperpair, Fortisiem, REDVDS, Google, Spying, Rob Allen from Threatlocker, and More on this episode of the Security Weekly News.

Segment Resources: https://www.cybersecuritydive.com/news/telecom-ransomware-spike-cyble/809224/

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes...

In the security news:

• KVMs are a hacker's dream
• Hacking an e-scooter
• Flipper Zero alternatives
• The best authentication bypass
• Pwning Claude Code
• ForiSIEM, vulnerabilities, and exploits
• Microsoft patches and Secure Boot fun
• Making Windows great, again?
• Breaching the Breach Forum
• Congressional Emails
• unsolicited Instagram password reset requests - Is Meta doing enough to secure the platform?
• LLMs are HIPAA compliant?
• Threat acto...

The three proactive security principles of visibility, prioritization, and remediation have always been the foundation of vulnerability management teams. But these teams face continuous challenges. How do you address these challenges?

Erik Nost, Senior Analyst at Forrester, joins Business Security Weekly to break down the six questions that need to be answered for each proactive security principle: who, what, when, where, why, and ...

Not all infosec advice is helpful. Bad advice wastes time, makes people less secure, and takes focus away from making software more secure. Bob Lord talks about his efforts to tamp down hacklore -- the security myths and mistakes that crop up in news stories and advice to users. He talks about how these myths come about, why they're harmful, and how they're related to the necessity of building software that's secure by design.

Segm...

First Topic - Podcast Content Plans for 2026

Every year, I like to sit down and consider what the podcast should be focusing on. Not doing so ensures every single episode will be about AI and nobody wants that. Least of all, me. If I have one more all-AI episode, my head is going to explode.

With that said, most of what we talk about in this segment is AI (picard face palm.png). I think 2026 will be THE defining year for G...

This week in the security news:

• Supply chain attacks and XSS
• PS5 leaked keys
• Claude tips for security pros
• No Flipper Zeros allowed, or Raspberry PIs for that matter
• Kimwolf and your local network
• Linux is good now
• Removing unremovable apps without root
• Detecting lag catches infiltrators
• Defending your KVM
• Fixing some of the oldest code
• Deleting websites live on stage in costume
• It was a honeypot
• FCC is letting telecoms off ea...

Cyber threats and cyber criminals indiscriminately target the old as well as young regardless of race, creed or origin. Teens and young adults must realize that on the Internet nobody knows you’re a rat. How do we keep kids and young adults safe in an era of AI-driven attacks?

Tom Arnold, Adjunct Professor, Digital Evidence & Forensics, Cybersecurity Graduate Program at the University of Nevada Las Vegas, joins Business Security We...

Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec needs to adapt to dealing with more code at a faster pace.

Resources

• https://www.veracode.com/blog/genai-code-security-report/

• https://www.veracode.com/blog/ai-code-security-october-update/

• https://www.veracode.com/resources/a...

For our first episode of the new year, we thought it would be appropriate to dig into some cybersecurity predictions.

First, we cover the very nature of predictions and why they're often so bad. To understand this, we get into logical fallacies and cognitive biases.

In the next segment, we cover some 2025 predictions we found on the Internet.

In the final segment, we discuss 2026, drop some of our own predictions, and talk about wh...