Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Karen Heart, Sachin Jade, Phil Calvin, Craig Sanderson, Travis Wong - ESW #456
Security Weekly Podcast Network (Audio)
Release Date: 04/27/2026
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland... - SWN #580
Security Weekly Podcast Network (Audio)
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Marketing, Shai Haluds, Giedi Prime, Aaran Leyland, and More on the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline
Why Basic Security Practices Still Work - Rob Allen - ASW #382
Security Weekly Podcast Network (Audio)
If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the mentality of "assume breach" doesn't have to be a defeatist attitude and can instead be a way to change a catastrophic breach into a more contained one. We also talk about proactive security and what an "avoid breach" attitude could look like, including how to apply the macro lessons of default deny and network isolation to writing secure code. Resources This segment is sponsored by...
info_outline
The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Chris Wallis, Deepen Desai, Erich Kron - ESW #458
Security Weekly Podcast Network (Audio)
The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don’t scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding...
info_outline
Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579
Security Weekly Podcast Network (Audio)
Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more! Visit for all the latest episodes! Show Notes:
info_outline
Getting Rid of Your VPN - Rob Allen - PSW #925
Security Weekly Podcast Network (Audio)
Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit to learn more about them! In the Security News: Less details about the FCC router ban Canary traps that work Hacking trains and getting arrested You can be an adult if you have a mustache cPanel is being exploited Pro-Iran group takes down Ubuntu Anthropic's new security solution Safe AI Agents and other lies People still use screensavers? CISA...
info_outline
Teach to Sell and Two Interviews from RSAC 2026 from Dropzone AI and Microsoft - Dan Rochon, Arunesh Chandra, Edward Wu - BSW #446
Security Weekly Podcast Network (Audio)
As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you’re closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the board, we are selling. How can influence help? Dan Rochon, Author of Teach to Sell, joins Business Security Weekly to discuss psychology of influence, personal transformation, and how to build trust that converts. Dan will cover the four pillars from his book: Believe (in Yourself) Find Business Build an Organization...
info_outline
Zino, 0auth, VSS, Mental Health Hackers, 3 Days of KEV, Copy/Fail, AI, Aaran Leyland - SWN #578
Security Weekly Podcast Network (Audio)
Zino of Citium, 0auth, VSS, Mental Health Hackers, 3 Days of the CISA, Copy/Fail, AI Gone Wild, Aaran Leyland, and More on the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline
Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381
Security Weekly Podcast Network (Audio)
Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The OWASP GenAI Project is helping organizations keep up with the speed of those changes and engaging the appsec community for sharing effective ways to keep systems secure. Scott Clinton shares the latest progress on the the project, its roadmap for the year, and how appsec practitioners can shape its future. Resources: This segment is sponsored...
info_outline
Post Quantum Migration Struggles, AI Threats, and Modern Defenses - HD Moore, Ramin Farassat, Eyal Benishti, Daniel dos Santos, Bobby Ford - ESW #457
Security Weekly Podcast Network (Audio)
Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn’t the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side...
info_outline
DOS, Seneca the Younger, Outlook, CopyFail, cPanel, QR, Ruby, Go, Talkie, Josh Marpet - SWN #577
Security Weekly Podcast Network (Audio)
DOS, 0x1A4, Seneca the Younger, Outlook, Copy/Fail, cPanel, QR, Ruby, Go, Talkie, Josh Marpet, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outlineRethinking Security from the OS Up in the Age of AI
Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures.
She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source.
The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries.
Segment Resources:
https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078
The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today’s distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction.
This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them!
Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware’s Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control.
This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them!
Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise.
See it in action. Request a demo at https://securityweekly.com/resiliencersac.
Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM.
This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-456