Security Weekly Podcast Network (Audio)

In the Security News: Claude leaks source code and new models Two really smart people say AI is finding vulnerabilities better than ever Windows is using your internet to send updates to strangers BIG-IP APM vulnerability - all you need to know Linux KVM for the win The bus factor and open source Axios supply chain breach Trimming Grub Depotting and hacking e-Motorcycles Trivy and Cisco source code leaks The FCC ban and What is a router? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-920

Most organizations don’t fail because of technology. They fail because decision authority is unclear in the first critical minutes. “Being careful” is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What “Being Careful” Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don’t Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We’ll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-441

In the AI era, cybersecurity is undergoing a fundamental shift as AI agents transform both the speed and scale of attacks. In this interview, Gibb Witham, President and Chief Financial Officer of Hack The Box, explains why organizations must move beyond assumed AI capability toward measurable, validated cyber readiness for both humans and AI systems. Drawing on real-world benchmarks, agentic AI testing, and hands-on training, Witham outlines how security teams can safely adopt AI by proving performance under pressure. The discussion highlights why the future of cybersecurity depends on training, testing, and reinforcing human and AI operators together before they are trusted in critical environments. This segment is sponsored by Hack The Box. Visit https://securityweekly.com/hacktheboxrsac to learn more about them! As credential-based attacks continue to dominate headlines, many organizations are realizing that identity alone is no longer a sufficient control. This conversation explores the shift toward device-based access enforcement and why tying access to both user and device is becoming critical. We’ll discuss how this evolution is reshaping Zero Trust strategies across modern environments. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-568

Sashwat Segal, CEO focused on agentic AI and authorization. Ron Rasin, identity-security strategist for runtime controls. Keith Hoodlett, security researcher leader who builds vulnerability teams. They discuss skills for modern software security, how AI agents change identity and access, hiring and research practices, agent guardrails, and why core software fundamentals still matter.

Interview with Helen Patton about her new book, Switching to Cyber Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career. Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career: on Amazon on Barnes & Noble and on the publisher's website Interview with Lenny Zeltzer: Reflections on Being a CISO After a cybersecurity career in various roles, doing everything from product management to malware analysis training, Lenny spent 6 years in the CISO seat at Axonius, from near the inception of the company through its growth from its modest Series A stage in 2019 to the present, with nearly a billion in funding today. Lenny's CISO Essays: What Being a CISO Taught Me About Security Leadership As a CISO, Are You a Builder, Fixer, or Scale Operator? The Chief Insecurity Officer Interview with Alexandre Sieira: The state of TPCRM is shifting The gold standard for third party cyber risk management has long been the humble questionnaire. While we've seen security rating services companies generate scores by scanning a company's external resources. Both approaches are widely considered inaccurate for either creating trust relationships or determining the true risk of doing business with a third party. Every analysis of this problem comes to the same conclusion: without internal data about the state of systems and the security program, TPCRM can't improve substantially. Most this believe this to be an impossible problem: third parties would never share data this sensitive with a customer and first parties assume the same. What if they did? That's exactly the premise behind Tenchi Security, and Alexandre joins us to talk about how they've accomplished the 'impossible' in Brazil and aim to expand their success to the US. Resources: Thoughts from a panel discussion at a recent FS-ISAC event, shared on LinkedIn Predicts 2026: Third-Party Cybersecurity Risk Management Evolves for the AI Era (Gartner Subscribers only, sorry) Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-452

Rinoa Poison, a scam-baiting creator who exposes and wastes scammers' time, walks through modern cons. Conversations cover AI-powered scams, tech support and click-fix tricks, and how recovery and fake-site services operate. Practical props, safety setups, red flags, and using AI personas to tie up scammers are highlighted.

They walk through high-speed internet scanning tools and how to chain them into an automated pipeline. Topics include passive recon with Shodan, mass host discovery with ZMap, and application-layer grabs with ZGrab2. They cover service fingerprinting, template-based vulnerability checks, AI-assisted whitebox testing, and orchestrating everything with a Python EdgeScan workflow.

A deep dive into crypto-agility and why swapping algorithms is only the start. They cover inventorying cryptography across systems, prioritizing migrations with C‑BOMs, and practical roadmaps like the PQCC guides. Conversations focus on tooling, automation, vendor coordination, timelines toward 2030, and strategies for mitigating harvest-now, decrypt-later risks.

Rinoa Poison, a scam-baiting creator and podcaster who exposes and disrupts fraud, shares how she started and built a community around elaborate cons. She explains technical setups, staged personas, long-running stings, and the rising role of AI and data aggregation in modern scams. Safety, OPSEC, and when to stop are also discussed.

Erik Nost, a Forrester senior analyst focused on proactive security and exposure management. He breaks down proactive security into visibility, prioritization, and remediation. Discussions cover asset visibility, shrinking zero-day windows, using LLMs responsibly, making business impact machine-readable, and practical tradeoffs in secure code generation.