Say Easy, Do Hard - Preventing Burnout, Focusing on CISO Health and Wellness - BSW #428
Security Weekly Podcast Network (Video)
CISO pressures are on the rise - board expectations, executive alignment, AI, and personal liability - and that's all on top of your normal security pressures. With all these pressures, CISO burnout is on the rise. How do we detect it and help prevent it? Easier said than done. In this Say Easy, Do Hard segment, we tackle the health and wellness of the CISO. In part 1, we discuss the increased pressures CISOs face. We all know them, but how are they impacting our daily lives, both at work and at home. In part 2, we discuss detection and prevention techniques to help avoid burnout, including: ...
info_outline
SentinelOne and AWS Shape the Future of AI Security with Purple AI - Brian Mendenhall, Rachel Park - SWN #542
Security Weekly Podcast Network (Video)
SentinelOne announced a series of new innovative designations and integrations with Amazon Web Services (AWS), designed to bring the full benefits of AI security to AWS customers today. From securing GenAI usage in the workplace, to protecting AI infrastructure to leveraging agentic AI and automation to speed investigations and incident response, SentinelOne is empowering organizations to confidently build, operate, and secure the future of AI on AWS. SentinelOne shares its vision for the future of AI-driven cybersecurity, defining two interlinked domains: Security for AI—protecting models,...
info_outline
AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363
Security Weekly Podcast Network (Video)
In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely deployed WAF rule sets, trusted by organizations globally to protect their web applications. Felipe explains why WAFs remain a critical layer in modern defense-in-depth strategies. We'll explore what makes OWASP CRS the go-to choice for security...
info_outline
Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439
Security Weekly Podcast Network (Video)
For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went. Also, apologies, for any audio quality issues, as the meal I promised to make for dinner this day required a lot of prep, so I was in the kitchen for the whole episode! For reference, I made the recipe for from Rick Martinez's cookbook, Mi Cocina. I used the wrong peppers (availability issue), so it came out green instead of red, but was VERY delicious. As for the...
info_outline
Holiday Special Part 2: You’re Gonna Click the Link - Rob Allen - SWN #541
Security Weekly Podcast Network (Video)
You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad decisions for you. The conversation spans ransomware economics, why paying criminals is a terrible plan with no guarantees, and how AI is turning social engineering into a whole new wild west. Show Notes:
info_outline
Building a Hacking Lab in 2025 - PSW #906
Security Weekly Podcast Network (Video)
The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Show Notes:
info_outline
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
Security Weekly Podcast Network (Video)
Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Show Notes:
info_outline
Holiday Special Part 1: You’re Gonna Click the Link - Rob Allen - SWN #540
Security Weekly Podcast Network (Video)
It’s the holidays, your defenses are down, your inbox is lying to you, and yes—you’re gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won’t save you, and why the real job is surviving after the click. From phishing and smishing to click-fix attacks, access control disasters, and stories that prove humans remain the weakest—and most entertaining—link in security, this episode sets the stage for the attack we all know is coming. Show Notes:
info_outline
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362
Security Weekly Podcast Network (Video)
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: As genAI becomes a more popular tool in software engineering, the definition of “secure coding” is changing. This session explores how artificial intelligence is reshaping the way developers learn, apply, and scale secure coding practices — and how new risks emerge when machines start generating the code themselves. We’ll dive into the...
info_outline
Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539
Security Weekly Podcast Network (Video)
Auld Lang Syne, Ghostpairing, Centerstack, OneView, WAFS, React2Shell Redux, Crypto, Josh Marpet, and More, on the Security Weekly News. Show Notes:
info_outlineIn an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely deployed WAF rule sets, trusted by organizations globally to protect their web applications.
Felipe explains why WAFs remain a critical layer in modern defense-in-depth strategies. We'll explore what makes OWASP CRS the go-to choice for security teams, dive into the project's current innovations, and discuss how traditional rule-based security is evolving to work alongside — not against — AI.
Segment Resources:
-
github.com/coreruleset/coreruleset
-
coreruleset.org
The future of CycloneDX is defined by modularity, API-first design, and deeper contextual insight, enabling transparency that is not just comprehensive, but actionable. At its heart is the Transparency Exchange API, which delivers a normalized, format-agnostic model for sharing SBOMs, attestations, risks, and more across the software supply chain.
As genAI transforms every sector of modern business, the security community faces a question: how do we protect systems we can't fully see or understand? In this fireside chat, Aruneesh Salhotra, Project Lead for OWASP AIBOM and Co-Lead of OWASP AI Exchange, discusses two groundbreaking initiatives that are reshaping how organizations approach AI security and supply chain transparency.
OWASP AI Exchange has emerged as the go-to single resource for AI security and privacy, providing over 200 pages of practical advice on protecting AI and data-centric systems from threats. Through its official liaison partnership with CEN/CENELEC, the project has contributed 70 pages to ISO/IEC 27090 and 40 pages to the EU AI Act security standard OWASP, achieving OWASP Flagship project status in March 2025.
Meanwhile, the OWASP AIBOM Project is establishing a comprehensive framework to provide transparency into how AI models are built, trained, and deployed, extending OWASP's mission of making security visible to the rapidly evolving AI ecosystem.
This conversation explores how these complementary initiatives are addressing real-world challenges—from prompt injection and data poisoning to model provenance and supply chain risks—while actively shaping international standards and regulatory frameworks. We'll discuss concrete achievements, lessons learned from global collaboration, and the ambitious roadmap ahead as these projects continue to mature and expand their impact across the AI security landscape.
Segment Resources:
Agentic AI introduces unique and complex security challenges that render traditional risk management frameworks insufficient. In this keynote, Ken Huang, CEO of Distributedapps.ai and a key contributor to AI security standards, outlines a new approach to manage these emerging threats. The session will present a practical strategy that integrates the NIST AI Risk Management Framework with specialized tools to address the full lifecycle of Agentic AI.
Segment Resources:
-
aivss.owasp.org
-
https://kenhuangus.substack.com/p/owasp-aivss-the-new-framework-for
-
https://cloudsecurityalliance.org/blog/2025/02/06/agentic-ai-threat-modeling-framework-maestro
This interview is sponsored by the OWASP GenAI Security Project. Visit https://securityweekly.com/owaspappsec to watch all of CyberRisk TV's interviews from the OWASP 2025 Global AppSec Conference!
Show Notes: https://securityweekly.com/asw-363