loader from loading.io

Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438

Security Weekly Podcast Network (Audio)

Release Date: 12/22/2025

Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439 show art Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439

Security Weekly Podcast Network (Audio)

For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went. Also, apologies, for any audio quality issues, as the meal I promised to make for dinner this day required a lot of prep, so I was in the kitchen for the whole episode! For reference, I made the recipe for from Rick Martinez's cookbook, Mi Cocina. I used the wrong peppers (availability issue), so it came out green instead of red, but was VERY delicious. As for the...

info_outline Holiday Special Part 2: You’re Gonna Click the Link - Rob Allen - SWN #541 show art Holiday Special Part 2: You’re Gonna Click the Link - Rob Allen - SWN #541

Security Weekly Podcast Network (Audio)

You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad decisions for you. The conversation spans ransomware economics, why paying criminals is a terrible plan with no guarantees, and how AI is turning social engineering into a whole new wild west. Visit for all the latest episodes! Show Notes:

info_outline Building a Hacking Lab in 2025 - PSW #906 show art Building a Hacking Lab in 2025 - PSW #906

Security Weekly Podcast Network (Audio)

The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Visit for all the latest episodes! Show Notes:

info_outline The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427 show art The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427

Security Weekly Podcast Network (Audio)

Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Visit for all the latest episodes! Show Notes:

info_outline Holiday Special Part 1: You’re Gonna Click the Link - Rob Allen - SWN #540 show art Holiday Special Part 1: You’re Gonna Click the Link - Rob Allen - SWN #540

Security Weekly Podcast Network (Audio)

It’s the holidays, your defenses are down, your inbox is lying to you, and yes—you’re gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won’t save you, and why the real job is surviving after the click. From phishing and smishing to click-fix attacks, access control disasters, and stories that prove humans remain the weakest—and most entertaining—link in security, this episode sets the stage for the attack we all know is coming. Visit for all the latest...

info_outline Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362 show art Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362

Security Weekly Podcast Network (Audio)

Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: As genAI becomes a more popular tool in software engineering, the definition of “secure coding” is changing. This session explores how artificial intelligence is reshaping the way developers learn, apply, and scale secure coding practices — and how new risks emerge when machines start generating the code themselves. We’ll dive into the...

info_outline Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438 show art Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438

Security Weekly Podcast Network (Audio)

Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There’s a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn’t infringe on any individual organization’s privacy. That’s why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that...

info_outline Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539 show art Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539

Security Weekly Podcast Network (Audio)

Auld Lang Syne, Ghostpairing, Centerstack, OneView, WAFS, React2Shell Redux, Crypto, Josh Marpet, and More, on the Security Weekly News. Visit for all the latest episodes! Show Notes:

info_outline With AI Nothing Is Safe - PSW #905 show art With AI Nothing Is Safe - PSW #905

Security Weekly Podcast Network (Audio)

This week in the security news: Linux process injection Threat actors need training too A Linux device "capable of practically anything" The Internet of webcams Hacking cheap devices Automating exploitation with local AI models Lame C2 Smallest SSH backdoor Your RDP is on the Internet These are not the high severity bugs you were looking for Low hanging fruit Your TV is spying on you, again no such thing as "offensive security" MCPs and RCEs Browser extensions collecting your AI chats And flooding TikTok with AI influencers Visit for all the latest episodes! Show Notes:

info_outline Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426 show art Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426

Security Weekly Podcast Network (Audio)

Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends. Jim McCoy, CEO at Atlas, joins Business Security Weekly to share his expertise on the global workforce needs in the 160 countries where Atlas provides direct Employer of Record services. From CISO hiring to where to build security teams, Jim will help us navigate the cybersecurity hiring...

info_outline
 
More Episodes

Interview with Frank Vukovits: Focusing inward: there lie threats also

External threats get discussed more than internal threats. There’s a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn’t infringe on any individual organization’s privacy. That’s why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones.

Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out.

I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though.

In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea.

As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security.

This segment is sponsored by Delinea.

Visit https://securityweekly.com/delinea to learn more about them!

Topic Segment: Personal Disaster Recovery

Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to Apple devices. We’re way more dependent on our Microsoft, Apple, Meta, and Google accounts than we used to be. They’re necessary to use home voice assistants, to log into other SaaS applications (Log in with Google/Apple/FB), and even manage our wireless plans (e.g. Google Fi). Getting locked out of any of these accounts can bring someone’s personal and/or work life to a halt, and there are many cases of this happening.

I’m not sure if we make it past sharing stories about what can and has happened. Getting into solutions might have to be a separate discussion (also, we may not have any solutions…)

Weekly Enterprise News

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-438