loader from loading.io

Security Weekly Podcast Network (Video)

Pipes, Thorium, Excel, ATM Hillbilly Cannibal Attack, Lambdas, AIs, Aaran Leyland - SWN #499 show art Pipes, Thorium, Excel, ATM Hillbilly Cannibal Attack, Lambdas, AIs, Aaran Leyland - SWN #499

Security Weekly Podcast Network (Video)

Pipes, Thorium, Excel, Weird Ports, ATM Hillbilly Cannibal Attack, Lambdas, National Guard, AIs, Aaran Leyland, and More on this episode of the Security Weekly News. Show Notes:

info_outline Hacking Washing Machines - PSW #885 show art Hacking Washing Machines - PSW #885

Security Weekly Podcast Network (Video)

In the security news: Hacking washing machines, good clean fun! Hacking cars via Bluetooth More Bluetooth hacking with Breaktooth Making old vulnerabilities great again: exploiting abandoned hardware Clorox and Cognizant point fingers AI generated Linux malware Attacking Russian airports When user verification data leaks Turns out you CAN steal cars with a Flipper Zero, so we're told The UEFI vulnerabilities - the hits keep coming Hijacking Discord invites The Raspberry PI laptop The new Hack RF One Pro Security appliances still fail to be secure Person Re-Identification via Wi-Fi Show...

info_outline Aligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406 show art Aligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406

Security Weekly Podcast Network (Video)

In the leadership and communications section, The CISO code of conduct: Ditch the ego, lead for real, The books shaping today’s cybersecurity leaders, How to Succeed in Your Career When Change Is a Constant, and more! Show Notes: 

info_outline Popup Porn, LoveSense, Tea, Fire Ant, Scatterede Spider, AI Pricing, Josh Marpet... - SWN #498 show art Popup Porn, LoveSense, Tea, Fire Ant, Scatterede Spider, AI Pricing, Josh Marpet... - SWN #498

Security Weekly Podcast Network (Video)

Popup Porn, LoveSense, Tea, Fire Ant, Scatterede Spider, AI Pricing, Josh Marpet, and more on the Security Weekly News. Show Notes:

info_outline How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341 show art How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341

Security Weekly Podcast Network (Video)

A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embrace. Julia Knecht shares her experience in building platforms with an attention to developer needs, developer experience, and security requirements. She brings attention to the product management skills and feedback loops that make paved roads successful -- as well as the areas where developers may still need or choose...

info_outline tj-actions Lessons Learned, US Cyber Offense, this week's enterprise security news - Dimitri Stiliadis - ESW #417 show art tj-actions Lessons Learned, US Cyber Offense, this week's enterprise security news - Dimitri Stiliadis - ESW #417

Security Weekly Podcast Network (Video)

Interview Segment - Lessons Learned from the tj-actions GitHub Action Supply Chain Attack with Dimitri Stiliadis Breach analysis is one of my favorite topics to dive into and I’m thrilled Dimitri is joining us today to reveal some of the insights . It isn’t an overstatement to say that some of the lessons to be learned from this incident represent fundamental changes to how we architect development environments. Why are we talking about it now, 4 months after it occurred? In the case of the Equifax breach, the most useful details about the breach didn’t get released to the public until...

info_outline Total Recall, Steam, Storm-2063, Unmarker, Altair, Josh Marpet, and More... - SWN #497 show art Total Recall, Steam, Storm-2063, Unmarker, Altair, Josh Marpet, and More... - SWN #497

Security Weekly Podcast Network (Video)

Total Recall, Steam, Storm-2063, Unmarker, Altair, Josh Marpet, and More on this episode of the Security Weekly News. Show Notes:

info_outline Protecting G-Suite/MS365 and Security News - Abhishek Agrawal - PSW #884 show art Protecting G-Suite/MS365 and Security News - Abhishek Agrawal - PSW #884

Security Weekly Podcast Network (Video)

We chat with Material Security about protecting G Suite and MS365. How else are you monitoring the most commonly used cloud environments and applications? In the security news: Google Sues Badbox operators Authenticated or Unauthenticated, big difference and my struggle to get LLMs to create exploits for me Ring cameras that were not hacked Malicous AURs Killing solar farms Weak passwords are all it takes Microsoft's UEFI keys are expiring Kali Linux and Raspberry PI Wifi updates Use lots of electricity, get a visit from law enforcement Sharepoint, vulnerabilities, nuclear weapons, and why...

info_outline Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405 show art Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405

Security Weekly Podcast Network (Video)

How do we get security right? The answer varies by many factors, including industry, what you're trying to protect, and what the C Suite and Board care about. Khaja Ahmed, Advisor at CISO Forum, joins Business Security Weekly to discuss how to get consensus on your security program. CISOs, executives, and the Board need to be aligned on the risks and how best to address them. And it's not technical risks, it's business risks measured by legal or financial impact. Khaja will help guide new and existing CISOs on how to: Work across the business to build consensus Identify and quantify risks in...

info_outline Donatello, SharePoint, CrushFTP, WordPress, Replit, AllaKore, Rob Allen, and more... - Rob Allen - SWN #496 show art Donatello, SharePoint, CrushFTP, WordPress, Replit, AllaKore, Rob Allen, and more... - Rob Allen - SWN #496

Security Weekly Podcast Network (Video)

Donatello, SharePoint, CrushFTP, WordPress, Replit, AllaKore, Rob Allen, and more on the Security Weekly News. Segment Resources: This segment is sponsored by ThreatLocker. Visit to learn more about them! Show Notes:

info_outline
 
More Episodes

Interview with Dave Lewis

Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of security failures, highlight the role of human behavior in risk, and provide actionable strategies to regain control over enterprise security.

This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them!

Topic Segment: Is AI taking our jerbs or not?

I listened to most of a debate between Marcus Hutchins and Daniel Miessler over whether generative AI will be good enough to replace a lot of jobs (Daniel's take), or so bad that it won't take any (Marcus's take). I got frustrated though, because I feel like some foundational assumptions were ignored, and not enough examples were shared or prepared.

Assumption #1: Jobs exist because work needs to be done. This is a false assumption. Check out a book called "Bullshit Jobs" to go down this particular rabbit hole.

Assumption #2: The primary task of a job is the job. This is rarely the case, unless you work in the service industry. How much of a developer's job is writing code? A lot less than you think. Employees spend a massive amount of time communicating with other employees, via meetings, emails, Slack chats - can AI replace this? Maybe all that communication is wasteful and inefficient? Could be, but for every job AI supposedly replaces, it becomes someone else's job to manage that AI agent. Does all of middle management become expert prompt engineers, or do they also disappear with no employees to manage?

Assumption #3: Jobs aren't already being replaced. They are, they're just not terribly visible jobs. That contractor your marketing team was using to build blog/SEO content? He's probably gone. The in-house or contract graphic designer? Probably gone. There's a whole swath of jobs out there, where quality isn't very important, but work needs to be produced, and those jobs are being actively replaced with generative AI. With that said, I don't see any full time jobs that require quality work and a lot of communication with other employees getting replaced. Yet? Ever? That's the question.

The Enterprise News

In this week's enterprise security news,

  1. Not much interesting funding to discuss
  2. Securonix acquires ThreatQuotient
  3. Cellebrite acquires Corellium (that sounds a lot like a rock bought a stone or a gem or something)
  4. Yet another free vulnerability database
  5. ChatGPT can now clandestinely record meetings
  6. Threat detection resources
  7. a VERY expensive Zoom call (for the victim)
  8. Should we stop using SOC2s?
  9. Should we give up on least privilege?
  10. How much did it cost to change HBO to HBO Max, then to Max, then back to HBO Max?

Show Notes: https://securityweekly.com/esw-413