Best Josh Bressers Podcasts (2024)

1
Cybersecurity's Love Affair with Distractions - Fred Wilmot, Dani Woolf - ESW #370 2:18:08

1h ago2:18:08

2:18:08

Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized n…

1
Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, Aaran Leyland, and More... - SWN #403 31:29

1h ago31:29

31:29

Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, I try to be more succinct, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-403

1
PK Fail - John Loucaides - PSW #837 3:22:11

9h ago3:22:11

3:22:11

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking tra…

1
PK Fail - John Loucaides - PSW #837 3:22:11

21m ago3:22:11

3:22:11

John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking tra…

1
Forever mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More... - SWN #402 32:05

1h ago32:05

32:05

Forever Mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-402

1
A CISO's Perspective on AI, Appsec, and Changing Behaviors - ASW #293 45:18

21m ago45:18

45:18

Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the…

1
Identity Security Posture Management - Allan Alford, Dor Fledel - BSW #358 1:02:51

21m ago1:02:51

1:02:51

Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate…

1
Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369 1:58:49

34m ago1:58:49

1:58:49

The emergence of generative AI has caused us to rethink things on two fronts: how we consume threat detection data, as defenders how we need to shift our thinking and approaches to prepare for attackers' newfound GenAI capabilities But wait - is GenAI even useful for defenders or attackers? We'll dive deep into the state of AI as it pertains to sec…

1
Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401 31:59

5d ago31:59

31:59

Twitter Opt-In, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-401

1
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836 3:04:36

3h ago3:04:36

3:04:36

Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/ Segment description coming soon!The Crowdstrike incident: what happened and …

1
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836 3:04:36

9m ago3:04:36

3:04:36

Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/ Segment description coming soon!The Crowdstrike incident: what happened and …

1
Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400 34:11

35m ago34:11

34:11

Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-400

1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292 1:05:00

26m ago1:05:00

1:05:00

Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…

1
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357 1:11:22

8d ago1:11:22

1:11:22

Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us…

1
Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399 42:17

36m ago42:17

42:17

In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need…

1
Jump-starting SOC Analyst Careers, Addressing Cybersecurity Industry Challenges, and Historic Rumors in Enterprise Security - ESW #368 2:06:23

29m ago2:06:23

2:06:23

In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries…

1
3D Printing For Hackers - David Johnson - PSW #835 3:01:58

1h ago3:01:58

3:01:58

Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…

1
3D Printing For Hackers - David Johnson - PSW #835 3:01:58

1h ago3:01:58

3:01:58

Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…

1
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398 29:20

8d ago29:20

29:20

Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-398

1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291 1:09:02

13d ago1:09:02

1:09:02

How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…

1
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356 1:06:15

1h ago1:06:15

1:06:15

Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach …

1
Autobahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More... - SWN #397 34:19

5d ago34:19

34:19

Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-397

1
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367 1:31:28

22h ago1:31:28

1:31:28

I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and …

1
RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834 3:30:33

2d ago3:30:33

3:30:33

Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Iceman comes on the show to talk about RFID and N…

1
RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834 3:30:33

2d ago3:30:33

3:30:33

Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Iceman comes on the show to talk about RFID and N…

1
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290 1:12:41

4d ago1:12:41

1:12:41

Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous sp…

1
Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland... - SWN #396 34:06

4d ago34:06

34:06

Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland, and more, are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-396

1
Technology Rationalization in Cybersecurity - Max Shier - BSW #355 1:00:30

5d ago1:00:30

1:00:30

On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size? Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss tech…

1
Binary - SWN Vault 25:56

8d ago25:56

25:56

Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on July 20, 2017. Doug talks about how to count from zero to one! Show Notes: https://securityweekly.com/vault-swn-18

1
Hacker Heroes - Joe Grand - PSW Vault 1:43:58

10d ago1:43:58

1:43:58

Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field. …

1
Hacker Heroes - Joe Grand - PSW Vault 1:43:58

13d ago1:43:58

1:43:58

Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field. …

1
How To Avoid Being Phished - SWN Vault 46:06

11d ago46:06

46:06

Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on March 6, 2017. Have you ever wondered what phishing is? Do you know what spear phishing attacks are? Doug and Russ explain how to protect yourself from phishing scams in the inaugural episode of Secure Digit…

1
CISOs 2023 Planning Guide: Forecast The Recession's Impact On Your Program - Jeff Pollard - BSW Vault 33:21

12d ago33:21

33:21

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022. As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of …

1
MoveIT, Entrust, Fed Reserve, ISPs, Volt Typhoon & More - Chris Wolski - SWN #395 29:10

15d ago29:10

29:10

Healthcare and malware, MoveIT, Chrome won't trust Entrust, the discovery of Volt Typhoon, & more on this episode of the Security Weekly News! Segment Resources: https://therecord.media/volt-typhoon-targets-underestimated-cisa-says Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-395…

1
The risks and best practices of deploying AI to an enterprise - Martin Roesch, Anurag Lal - ESW #366 2:16:26

15d ago2:16:26

2:16:26

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their…

1
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833 2:51:52

1M ago2:51:52

2:51:52

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the ex…

1
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833 2:51:52

16d ago2:51:52

2:51:52

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the ex…

1
Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet - SWN #394 30:07

1M ago30:07

30:07

Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-394

1
Building a Successful API Security Strategy - Luke Babarinde, Bhawna Singh - BSW #354 1:04:51

18d ago1:04:51

1:04:51

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment …

1
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289 1:01:09

19d ago1:01:09

1:01:09

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.n…

1
Access vs Actions, Beyond Traditional IGA, Remote Identity Verification, & Fraud - Tim Prendergast, Damon Tompkins, Andrew Bud, Chris Meyer - ESW Vault 58:32

22d ago58:32

58:32

Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor. Tim will describe the importance of implementing a Zero Trus…

1
Cybersecurity In College - SWN Vault 38:26

22d ago38:26

38:26

Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on June 19, 2018. This week, Doug and Russ interview Matthew Silva, President and Founder of the Cybersecurity and Intel Club at Roger Williams University! They talk about majoring in Cybersecurity vs. Computer…

1
iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault 44:48

22d ago44:48

44:48

FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market. Segment Resources: Video "Swissbit iShi…

1
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault 32:22

1M ago32:22

32:22

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven’t solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the app…

Podcasts Worth a Listen

Josh Bressers Podcasts

Podcasts Worth a Listen

Quick Reference Guide