Making vulnerability management and incident response actually work. Also, the News! - Ryan Fried, Beck Norris, José Toledo - ESW #442
Security Weekly Podcast Network (Audio)
Release Date: 01/19/2026
AI Grief, Fortinet, BSODs, WINRAR, Montreaux, Big Iron, Memory Prices, Josh Marpet... - SWN #551
Security Weekly Podcast Network (Audio)
The AI Grief Counselor Sketch, Fortinet, BSODs, WINRAR, Montreaux, Big Iron, Memory Prices, Josh Marpet, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline
To curmudgeon or not to curmudgeon, that is the question. - PSW #911
Security Weekly Podcast Network (Audio)
This week, we get un-curmudgeoned by Mandy, spending a bunch of time talking about regulations, compliance, and even the US federal government's commitment to cybersecurity internally and with the community at large. We even dive into some Microsoft patches, hacking defunct eScooters, and a lively discussion on ADS-B spoofing! Visit for all the latest episodes! Show Notes:
info_outline
Cloud Control As Leaders At Odds Over Cyber Priorities, But Require Strong Leadership - Rob Allen - BSW #432
Security Weekly Podcast Network (Audio)
The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on? Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their...
info_outline
Doombuds, Office, Telnetd, Chrome, Vishing, Ralph, PeckBirdy, The Boss, Aaran Leyland - SWN #550
Security Weekly Podcast Network (Audio)
Doombuds, Office 1.0, Telnetd, Chrome, Vishing, Cursed Ralph, PeckBirdy, The Boss, Aaran Leyland, and More on the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline
Building proactive defenses that reflect the true nature of modern software risk - Paul Davis - ASW #367
Security Weekly Podcast Network (Audio)
Supply chain security remains one of the biggest time sinks for appsec teams and developers, even making it onto the latest iteration of the OWASP Top 10 list. Paul Davis joins us to talk about strategies to proactively defend your environment from the different types of attacks that target supply chains and package dependencies. We also discuss how to gain some of the time back by being smarter about how to manage packages and even where the responsibility for managing the security of packages should be. Visit for all the latest episodes! Show Notes:
info_outline
The future of data control, why detection fails, and the weekly news - Thyaga Vasudevan - ESW #443
Security Weekly Podcast Network (Audio)
Segment 1: Interview with Thyaga Vasudevan Hybrid by Design: Zero Trust, AI, and the Future of Data Control AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world. In this episode, we’ll unpack why real-time visibility and control over data usage are now essential...
info_outline
AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet - SWN #549
Security Weekly Podcast Network (Audio)
AI Cage Match, Fortinet, Cisco, DVWA, Polonium, Small Town AIs, LastPass, Josh Marpet, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline
We Left It Vulnerable On Purpose - Rob Allen - PSW #910
Security Weekly Podcast Network (Audio)
In the security news: Rainbow tables for everyone Lilygo releases a new T-Display that looks awesome AI generated malware for real Detecting BadUSB when its not a dongle A telnetd vulnerability Google Fast Pair and how I took control of your headset Should we make CVE noise? Exploiting the Fortinet patch DIY data diode Bambu NFC reader for your Flipper Payloads in PNG files Don't leave the lab door open - amazing research and new tool release Fixing your breadboards Finding vulnerabilities in AI using AI Then, Rob Allen from ThreatLocker joins us to discuss default allow, and why that is...
info_outline
Internal Audit Focal Points for 2026 as AI Impacts Conventional Cybersecurity - Tim Lietz - BSW #431
Security Weekly Podcast Network (Audio)
Key emerging risks include cybersecurity (41%) and Generative AI (Gen AI) (35%), both of which present challenges in skill development and retention. The growing reliance on external providers reflects these gaps. In two years, strategic risk has fallen 10% as technological advancements have shifted auditors’ attention away from strategy. So what are the top concerns? Tim Lietz, National Practice Leader Internal Audit Risk & Compliance at Jefferson Wells, joins Business Security Weekly to discuss the shifting priorities for internal audit leaders, with technology, business transformation...
info_outline
Carla the Ogre, extensions, Crashfix, Gemini, ChatGPT, Dark AI, MCP, Joshua Marpet - SWN #548
Security Weekly Podcast Network (Audio)
Carla the Ogre, extensions, Crashfix, Gemini, ChatGPT Health, Dark AI, MCP, Joshua Marpet, and More on the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outlineSegment 1 with Beck Norris - Making vulnerability management actually work
Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity.
Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure.
Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work
Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What’s going on here, why does this happen???
Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again!
Segment Resources:
- [Mandiant - Best practices for incident response planning]
Segment 3 - Weekly Enterprise News
Finally, in the enterprise security news,
- Almost no funding…
- Oops, all acquisitions!
- Changes in how the US handles financial crimes and international hacking
- Mass scans looking for exposed LLMs
- The state of Prompt injection
- be careful with Chrome extensions
- and home electronics from unknown brands
- Is China done with the West?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-442