Security Weekly Podcast Network (Audio)

What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec folks alike -- in crafting code that's secure by design rather than just secure from sca...

Interview with Ravid Circus

Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity’s 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations.

Segment Resources:

• https://seemplicity.io/papers/the-2025-remediation-operations-report/

  ...

In the security news:

• Cloudflare was down, it was not good
• Logitech breached
• The largest data breach in history?
• Fortinet Fortiweb - the saga continues
• Hacking Linux through your malware scanner, oh the irony
• I never stopped hating systemd
• The ASUS exploit that never existed
• If iRobot fails, can we deploy our own hacker bot army?
• Firmware encryption is a bitch
• Threat actors deply Claude Code
• Remembering the Viasat hack and why...

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it?

Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and...

Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for helping developers get beyond the superficial advice of, "Think like an attacker."

Vis...

Segment 1: Interview with Rob Allen

It’s the Year of the (Clandestine) Linux Desktop!

As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.

In this segment, we’ll discuss strat...

This week:

• Minecraft on your lightbulb
• Sonicwall breached, who's next?
• Ditch Android, install Linux
• Hacking your face
• Thermostat freedom
• Pen test fails
• HackRF hacking times 2
• Going around EDR
• Hackers in your printer
• Chinese data breach
• NFC relays and PCI
• Constructive construction hacks
• FlipperZero firmware update
• ICS, PLCs, and attacks
• Bayesian Swiss Cheese, taste good?
• Do you want to hack back?
• Keeping secrets
• Enforcing CMMC
• ...

As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP?

Rahul Parwani, Head of Product, Security Solutions at Airia, joins Business Security Weekly to discuss the challenges of MCP and how to...

Miles Davis, Jimmy Buffet, 10/8 time, Lost Phones, Phishing, Whisper Leak, Quantum Route Redirect, AI Galore, Rob Allen, and more on the Security Weekly News.

Segment Resources: https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Visit https://www.securityweekly.c...

Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting.

Segment resources

• https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
• https://ww...

Segment 1: OT Security Doesn’t Have to be a Struggle

OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don’t care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals’ plans nicely.

In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto S...

This week:

• Reversing keyboard firmware
• Ghost networks
• Invasion of the face changers
• Ghost tapping and whole lot of FUD
• AI doesn't code securely, but Aardvark can secure code
• De-Googling Thermostats
• Dodgy Android TV boxes can run Debian
• HackRF vs. Honda
• Cyberslop AI paper
• Turning to the darkside
• Poisoning the watering hole
• Nagios vulnerabilities
• VPNs are a target

Visit https://www.securityweekly.com/psw for all the latest...

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems?

Rob Allen, Chief Product Of...