Security Weekly Podcast Network (Audio)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!

Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439 12/29/2025

Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439 For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went. Also, apologies, for any audio quality issues, as the meal I promised to make for dinner this day required a lot of prep, so I was in the kitchen for the whole episode! For reference, I made the recipe for from Rick Martinez's cookbook, Mi Cocina. I used the wrong peppers (availability issue), so it came out green instead of red, but was VERY delicious. As for the episode, we discuss what we've been up to, with Jackie sharing her experiences fighting against Meta (allegedly, through some shell companies) building an AI datacenter in her town. We then get into discussing the limitations of AI, the potential of the AI bubble popping, and general limitations of AI that are becoming obvious. One of the key limitations is AI's inability to apply personal experience, have strong opinions, or any sense of 'taste'. I think I shared my observation that AI is becoming a sort of 'digital junk food'. "NO AI" has become a common phrase used by creators - a source of pride that media consumers seem to be celebrating and seeking out. Segment Resources: Kagi absolutely did NOT sponsor this episode. I have become a big fan of paying for search so that I am not the product. There are other players in this market, but I've settled on . We mention Ira Glass's bit on taste, which is a small bit of a longer talk he did on storytelling. The shorter bit is , and is less than 2 minutes long. The full talk is split into 4 parts and posted on a YouTube channel called "War Photography" for some reason. Part 1: Part 2: Part 3: Part 4: Finally, we also bring up a talk we also discussed on episode 437, Benedict Evans' Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/39446105

Holiday Special Part 2: You’re Gonna Click the Link - Rob Allen - SWN #541 12/26/2025

Building a Hacking Lab in 2025 - PSW #906 12/25/2025

The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427 12/24/2025

Holiday Special Part 1: You’re Gonna Click the Link - Rob Allen - SWN #540 12/23/2025

Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362 12/23/2025

Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362 Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: As genAI becomes a more popular tool in software engineering, the definition of “secure coding” is changing. This session explores how artificial intelligence is reshaping the way developers learn, apply, and scale secure coding practices — and how new risks emerge when machines start generating the code themselves. We’ll dive into the dual challenge of securing both human-written and AI-assisted code, discuss how enterprises can validate AI outputs against existing security standards, and highlight practical steps teams can take to build resilience into the entire development pipeline. Join us as we look ahead to the convergence of secure software engineering and AI security — where trust, transparency, and tooling will define the future of code safety. Segment Resources: Understand the history of threat modeling with Adam Shostack. Learn how threat modeling has evolved with the Four Question Framework and can work in your organizations in the wake of the AI revolution. Whether you're launching a formal Security Champions program or still figuring out where to start, there's one truth every security leader needs to hear: You already have allies in your org -- they're just waiting to be activated. In this session, we’ll explore how identifying and empowering your internal advocates is the fastest, most sustainable way to drive security culture change. These are your early adopters: the developers, engineers, and team leads who already “get it,” even if their title doesn’t say “security.” We’ll unpack: Why you need help from people outside the security org to actually be effective Where to find your natural allies (hint: it starts with listening, not preaching) How to support and energize those allies so they influence the majority What behavioral science tells us about spreading change across an organization Segment Resources: Security Champion Success Guide: Related interviews/podcasts: How to measure success and impact of culture change and champions: Global Community of Champions sign up: This interview is sponsored by the OWASP GenAI Security Project. Visit to watch all of CyberRisk TV's interviews from the OWASP 2025 Global AppSec Conference! Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/39457805

Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438 12/22/2025

Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438 Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There’s a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn’t infringe on any individual organization’s privacy. That’s why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out. I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though. In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea. As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security. This segment is sponsored by Delinea. Visit to learn more about them! Topic Segment: Personal Disaster Recovery Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to Apple devices. We’re way more dependent on our Microsoft, Apple, Meta, and Google accounts than we used to be. They’re necessary to use home voice assistants, to log into other SaaS applications (Log in with Google/Apple/FB), and even manage our wireless plans (e.g. Google Fi). Getting locked out of any of these accounts can bring someone’s personal and/or work life to a halt, and there are many cases of this happening. I’m not sure if we make it past sharing stories about what can and has happened. Getting into solutions might have to be a separate discussion (also, we may not have any solutions…) Friend of the show and sometimes emergency co-host Guillaume recently A romance author got of her books A 79 year old of her iPad with all her family photos. Sadly, this is one of the most common scenarios. Someone either forgets their pin and locks out the device permanently, or a family member dies and didn’t tell anyone their passwords or pins, so the surviving family can’t access data, pay the bills, etc. Google example: Claims of CSAM material after father documents toddler at doctor’s request Dec 2025 Apple example: she tried to redeem a gift card that had been tampered with: Google example: developer lost all his work, because he was working on preventing revenge porn and other sensitive cases, and was building a better model to detect NSFW images: My partner’s mom’s Instagram account got hacked. Meta locked out all of it (Whatsapp, Instagram, Facebook) and she couldn’t get it reinstated. They wouldn’t even let her open a NEW account. Weekly Enterprise News Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/39475840

Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539 12/19/2025

With AI Nothing Is Safe - PSW #905 12/18/2025

Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426 12/17/2025

Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland. - SWN #538 12/16/2025

Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361 12/16/2025

Illuminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437 12/15/2025

Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet... - SWN #537 12/12/2025

Tech Segment: MITM Automation + Security News - Josh Bressers - PSW #904 12/11/2025

Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425 12/10/2025

Hypnotoad, AI Galore, Storm-0249, DocuSign, Broadside, Goldblade, Aaran Leyland... - SWN #536 12/09/2025

Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360 12/09/2025

Fix your dumb misconfigurations, AI isn't people, and the weekly news - Wendy Nather, Danny Jenkins - ESW #436 12/08/2025

Toilet Cams, N. Korea, Brickstorm, MCP, React2Shell, Proxmox, Metaverse, Josh Marpet - SWN #535 12/05/2025

Holiday Hack Challenge, AI, Internet of Trash - Ed Skoudis - PSW #903 12/04/2025

Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424 12/03/2025

AI semantics, Calendly, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland... - SWN #534 12/02/2025

Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359 12/02/2025

From Misconfigurations to Mission Control: Lessons from InfoSec World 2025 - Marene Allison, Dr. Ron Ross, Ryan Heritage, Patricia Titus, Perry Schumacher, Rob Allen - ESW #435 12/01/2025

From Misconfigurations to Mission Control: Lessons from InfoSec World 2025 - Marene Allison, Dr. Ron Ross, Ryan Heritage, Patricia Titus, Perry Schumacher, Rob Allen - ESW #435 Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, this special edition captures the most influential conversations from this year’s conference. In this episode: -You Don’t Need a Hacker When You Have Misconfigurations — Rob Allen, Chief Product Officer at ThreatLocker®, discusses how overlooked settings and weak controls continue to be one of the most common causes of breaches. He explains how Defense Against Configurations (DAC) helps organizations identify, map, and remediate configuration risks before attackers can exploit them. -Security Challenges for Mid-Sized Companies — Perry Schumacher, Chief Strategy Officer & Partner at Ridge IT Cyber, explores the evolving security challenges facing mid-sized organizations. He discusses how AI is becoming a competitive advantage, how mobility and third-party reliance complicate defenses, and what steps these organizations can take to improve resilience and efficiency. -The Rise of Security Control Management: Secure by Design, Not by Chance — Marene Allison, former CISO of Johnson & Johnson, introduces Security Control Management (SCM), a new software category that unifies control selection, mapping, validation, and enforcement. She explains how SCM transforms fragmented compliance programs into proactive, embedded defense. -Engineered for Protection: The Rise of Security Control Management — Ryan Heritage, Advisor at Sicura, continues the discussion on SCM, explaining how organizations can operationalize this approach to move from reactive reporting to proactive, data-driven defense. He highlights how automation and integration enable security decisions to be made at “the speed of relevance.” -The AI Threat: Protecting Your Email from AI-Generated Attacks — Patricia Titus, Field CISO at Abnormal Security, explores how cybercriminals are weaponizing generative AI to create sophisticated phishing and social engineering attacks. She shares practical strategies for defending against AI-generated threats and emphasizes why AI-based protections are now essential for modern enterprises. -Igniting Change: A Conversation with Dr. Ron Ross — Dr. Ron Ross, CEO at RONROSSECURE, LLC, shares insights from decades of pioneering work in cybersecurity, including the Risk Management Framework and Systems Security Engineering Guidelines. He discusses how leaders can apply these principles to strengthen resilience, foster innovation, and drive meaningful change across the cybersecurity landscape. Segment Resources ThreatLocker® Defense Against Configurations (DAC): Book a demo to see DAC in action. Visit to learn more! This segment is sponsored by Ridge IT Cyber. Visit to learn more about them! Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/39169675

Dealing with loss, phone loss with Aaran, Doug, and Josh. - SWN #533 11/28/2025

Vibe Coding For Success and Failure - PSW #902 11/27/2025

Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423 11/26/2025

AI with Dr. Shakour Abuzneid - Shakour Abuzneid - SWN #532 11/25/2025

Figuring Out Where to Start with Secure Code - ASW #358 11/25/2025

Security Weekly Podcast Network (Audio)

TOPICS