Best SecurityWeek Podcasts (2026)

1
No FlipperZeros Allowed - PSW #908 2:05:29

32m ago2:05:29

2:05:29

This week in the security news: Supply chain attacks and XSS PS5 leaked keys Claude tips for security pros No Flipper Zeros allowed, or Raspberry PIs for that matter Kimwolf and your local network Linux is good now Removing unremovable apps without root Detecting lag catches infiltrators Defending your KVM Fixing some of the oldest code Deleting we…

1
CISO Lessons from a Children's Novel as Cybersecurity Outgrows IT and Building Talent - Tom Arnold - BSW #429 1:03:10

2d ago1:03:10

1:03:10

Cyber threats and cyber criminals indiscriminately target the old as well as young regardless of race, creed or origin. Teens and young adults must realize that on the Internet nobody knows you're a rat. How do we keep kids and young adults safe in an era of AI-driven attacks? Tom Arnold, Adjunct Professor, Digital Evidence & Forensics, Cybersecuri…

1
Pornhub Redux, Enki, Grok, BSODs, NORDVPN, Kimwolf, Privacy , Aaran Leyland, and More - SWN #544 32:09

1h ago32:09

32:09

Pornhub Redux, Enki, Grok, BSODs, NORDVPN, Kimwolf, Privacy in Rhode Island, Aaran Leyland, and More, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-544

1
The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364 1:10:12

2h ago1:10:12

1:10:12

Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec needs to adapt to dealing with more code at a faster pace. Resources https://www.veracode.com/blog/genai-code-security-report/ https://www.veracode.com/…

1
Why are cybersecurity predictions so bad? - ESW #440 1:29:41

23h ago1:29:41

1:29:41

For our first episode of the new year, we thought it would be appropriate to dig into some cybersecurity predictions. First, we cover the very nature of predictions and why they're often so bad. To understand this, we get into logical fallacies and cognitive biases. In the next segment, we cover some 2025 predictions we found on the Internet. In th…

1
Defending the Boundaryless Cloud: Understanding Threats That Matter - Cameron Sipes, Steve Stone - SWN #543 36:39

7d ago36:39

36:39

Cloud breaches don't always start in the cloud, but they do end there. To defeat an attacker you need to understand their mission target along with the access points available to them, regardless of whether they reside within or beyond the cloud. SentinelOne is purpose-built to stop attacks wherever they originate - from within and beyond the cloud…

1
Breaking Into Cybersecurity - PSW #907 1:05:11

4d ago1:05:11

1:05:11

Our field is booming! Cybersecurity jobs are projected to grow 33 percent through 2033, far outpacing the average 4 percent growth across all jobs. (And yes, those stats could be made up, but they sound nice, eh?) Yet newcomers often feel paralyzed by where to start. The truth? There's no single "right path," but there are proven strategies that wo…

1
Say Easy, Do Hard - Preventing Burnout, Focusing on CISO Health and Wellness - BSW #428 52:24

9d ago52:24

52:24

CISO pressures are on the rise - board expectations, executive alignment, AI, and personal liability - and that's all on top of your normal security pressures. With all these pressures, CISO burnout is on the rise. How do we detect it and help prevent it? Easier said than done. In this Say Easy, Do Hard segment, we tackle the health and wellness of…

1
SentinelOne and AWS Shape the Future of AI Security with Purple AI - Brian Mendenhall, Rachel Park - SWN #542 37:41

10d ago37:41

37:41

SentinelOne announced a series of new innovative designations and integrations with Amazon Web Services (AWS), designed to bring the full benefits of AI security to AWS customers today. From securing GenAI usage in the workplace, to protecting AI infrastructure to leveraging agentic AI and automation to speed investigations and incident response, S…

1
AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363 1:06:43

10d ago1:06:43

1:06:43

In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely d…

1
Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439 1:13:43

11d ago1:13:43

1:13:43

For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went. Also, apologies, for any audio quality issues, as the meal I promised to make for dinner this day required a lot of p…

1
Holiday Special Part 2: You're Gonna Click the Link - Rob Allen - SWN #541 34:25

14d ago34:25

34:25

You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad decisions for you. The conversation spans ransomware economics, why payin…

1
Building a Hacking Lab in 2025 - PSW #906 1:03:21

12d ago1:03:21

1:03:21

The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Show…

1
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427 49:27

14d ago49:27

49:27

Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Show Notes: https://securityweekly.com/bsw-427…

1
Holiday Special Part 1: You're Gonna Click the Link - Rob Allen - SWN #540 35:34

17d ago35:34

35:34

It's the holidays, your defenses are down, your inbox is lying to you, and yes—you're gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won't save you, and why the real job is surviving after the click. From phishing and sm…

1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362 1:07:52

17d ago1:07:52

1:07:52

Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…

1
Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539 32:10

20d ago32:10

32:10

Auld Lang Syne, Ghostpairing, Centerstack, OneView, WAFS, React2Shell Redux, Crypto, Josh Marpet, and More, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-539

1
With AI Nothing Is Safe - PSW #905 2:13:54

19d ago2:13:54

2:13:54

This week in the security news: Linux process injection Threat actors need training too A Linux device "capable of practically anything" The Internet of webcams Hacking cheap devices Automating exploitation with local AI models Lame C2 Smallest SSH backdoor Your RDP is on the Internet These are not the high severity bugs you were looking for Low ha…

1
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426 54:36

23d ago54:36

54:36

Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends. Jim McCoy, CEO at Atlas, joins Business Secur…

1
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland. - SWN #538 34:36

21d ago34:36

34:36

Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's Pix, Aaran Leyland, and More, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-538

1
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361 1:03:55

24d ago1:03:55

1:03:55

Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different ways people can make meaningful contributions to it. One of the underlying themes is that code is written for other people. That means PRs need to be understandable, discussions need to be enlightening…

1
Illuminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437 1:49:42

23d ago1:49:42

1:49:42

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over th…

1
Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet... - SWN #537 30:38

25d ago30:38

30:38

Disney Gone Wild, Docker, AIs, Passkeys, Gogs, React2Shell, Notepad++, Josh Marpet, and More Show Notes: https://securityweekly.com/swn-537

1
Tech Segment: MITM Automation + Security News - Josh Bressers - PSW #904 2:07:47

29d ago2:07:47

2:07:47

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Com…

1
Salesforce Security Risks, Boards Duty of Care, and Managing CISO Risks - Justin Hazard - BSW #425 52:57

1M ago52:57

52:57

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins …

1
Hypnotoad, AI Galore, Storm-0249, DocuSign, Broadside, Goldblade, Aaran Leyland... - SWN #536 34:50

28d ago34:50

34:50

We've got: Hypnotoad, AI Galore, Storm-0249, DocuSign, Broadside, Goldblade, Ships at Sea, Sora, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-536

1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360 1:07:43

29d ago1:07:43

1:07:43

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…

1
Agents at the Door: Vetting Non-Human Identities in External IAM - Rakesh Soni - CSP #219 29:28

1M ago29:28

29:28

This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs and practitioners to consider. Segment …

1
Fix your dumb misconfigurations, AI isn't people, and the weekly news - Danny Jenkins, Wendy Nather - ESW #436 1:34:58

1M ago1:34:58

1:34:58

Interview with Danny Jenkins: How badly configured are your endpoints? Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits. Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and a…

1
Toilet Cams, N. Korea, Brickstorm, MCP, React2Shell, Proxmox, Metaverse, Josh Marpet - SWN #535 33:08

1M ago33:08

33:08

Toilet Cams, North Korea, Brickstorm, MCP, India, React2Shell, Proxmox, Metaverse, Josh Marpet, and More, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-535

1
Holiday Hack Challenge, AI, Internet of Trash - Ed Skoudis - PSW #903 2:10:41

1M ago2:10:41

2:10:41

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: Oh Asus Dashcam botnets Weird CVEs being issued CodeRED, but not the worm Free IP checking Internet space junk and IoT Decade old Linux kernel vulnerabilities Breaking out of Claude code Malicious LLMs Hacker on a plan gets…

1
Shadow Risks in SaaS, Cybersecurity Market Has Lost Its Mind, and Rise of the CTrO - Mike Puglia - BSW #424 1:06:01

1M ago1:06:01

1:06:01

While many businesses rely on Microsoft 365, Salesforce and Google Workspace security features, critical blind spots remain—the recent series of high profile SaaS breaches demonstrate this. So what should you do? Mike Puglia, General Manager of Kaseya Labs, joins Business Security Weekly to discuss the risks in SaaS applications. In this segment, M…

1
AI semantics, Calendly, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland... - SWN #534 36:15

1M ago36:15

36:15

AI semantics, Calendly, GreyNoise, Teams, Schmaltz, India, Antigravity, Scada, Aaran Leyland, and More... Show Notes: https://securityweekly.com/swn-534

1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359 59:02

1M ago59:02

59:02

For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…

1
From Misconfigurations to Mission Control: Lessons from InfoSec World 2025 - Rob Allen, Perry Schumacher, Marene Allison, Ryan Heritage, Patricia Titus, Dr. Ron Ross - ESW #435 1:43:23

1M ago1:43:23

1:43:23

Live from InfoSec World 2025, this episode of Enterprise Security Weekly features six in-depth conversations with leading voices in cybersecurity, exploring the tools, strategies, and leadership approaches driving the future of enterprise defense. From configuration management and AI-generated threats to emerging frameworks and national standards, …

1
Dealing with loss, phone loss with Aaran, Doug, and Josh. - SWN #533 41:44

1M ago41:44

41:44

Are you walking around with a phone in your hand? Probably, are ready for the day when it gets grabbed and disappears. Aaran, Doug, and Josh talk about phone strategies on this episode of the Security Weekly News. Show Notes: https://securityweekly.com/swn-533

1
Vibe Coding For Success and Failure - PSW #902 1:06:52

1M ago1:06:52

1:06:52

Tune in for some hands-on tips on how to use Claude code to create some amazing and not-so-amazing software. Paul will walk you through what worked and what didn't as he 100% vibe-coded a Python Flask application. The discussion continues with the crew discussing the future of vibe coding and how AI may better help in creating and securing software…

1
Security Money: The Index is Back Near Highs as AI Leads the Discussion - BSW #423 1:03:20

1M ago1:03:20

1:03:20

The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company ac…

1
AI and Cybersecurity - Shakour Abuzneid - SWN #532 32:17

1M ago32:17

32:17

Doug talks about AI with Cybersecurity Expert Dr. Shakour Abuzneid from Roger Williams University. Show Notes: https://securityweekly.com/swn-532

1
Figuring Out Where to Start with Secure Code - ASW #358 46:23

1M ago46:23

46:23

What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…

1
Aligning teams for effective remediation, Anthropic's latest report, and the news - Ravid Circus - ESW #434 1:38:57

2M ago1:38:57

1:38:57

Interview with Ravid Circus Ravid will discuss why security and engineering misalignment is the biggest barrier to fast, effective remediation, using data from Seemplicity's 2025 Remediation Operations Report. This is costing some teams days of unnecessary exposure, which can lead to major security implications for organizations. Segment Resources:…

1
Emoticons, Sonicwall, Global Protect, Pop ups, WhatsApp, 7Zip, Roblox, Josh Marpet... - SWN #531 33:57

2M ago33:57

33:57

Emoticons, Sonicwall, Global Protect, Pop-ups, WhatsApp, 7Zip, Roblox, Josh Marpet, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-531

1
Give Me Liberty or Linux, Badge Hacking Interview - Bryce Owen - PSW #901 2:09:41

2M ago2:09:41

2:09:41

In the security news: Cloudflare was down, it was not good Logitech breached The largest data breach in history? Fortinet Fortiweb - the saga continues Hacking Linux through your malware scanner, oh the irony I never stopped hating systemd The ASUS exploit that never existed If iRobot fails, can we deploy our own hacker bot army? Threat actors depl…

1
Health and Wellness of the CISO as They Crack Under Pressure and Need a BISO to Scale - Dr. Yonesy Núñez - BSW #422 56:46

2M ago56:46

56:46

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Bu…

1
Cloudflare, Gh0stRAT, npm, North Koreans, Arch, Steam, Documentaries, Aaran Leyland.. - SWN #530 35:24

2M ago35:24

35:24

Cloudflare, Gh0stRAT, npm, North Korean Employees, Arch Linux Steam Machine, Documentaries, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-530

1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357 1:03:41

2M ago1:03:41

1:03:41

Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for h…

1
Year of the (Clandestine) Linux Desktop, topic, and the news - Rob Allen - ESW #433 1:56:50

2M ago1:56:50

1:56:50

Segment 1: Interview with Rob Allen It's the Year of the (Clandestine) Linux Desktop! As if EDR evasions weren't enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a …

1
Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, More... - SWN #529 28:45

2M ago28:45

28:45

Augustus De Morgan, Doordash, Fortiweb, Typosquatting, Vista, Ransomware, AI, Josh, Rob, Aaran, Jason, Dr. Scott, Rocky, Uh., and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-529

1
Going Around EDR - PSW #900 2:06:22

2M ago2:06:22

2:06:22

This week: Minecraft on your lightbulb Sonicwall breached, who's next? Ditch Android, install Linux Hacking your face Thermostat freedom Pen test fails HackRF hacking times 2 Going around EDR Hackers in your printer Chinese data breach NFC relays and PCI Constructive construction hacks FlipperZero firmware update ICS, PLCs, and attacks Bayesian Swi…

1
Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421 58:59

2M ago58:59

58:59

As AI revolutionizes how we work, it has created a new attack surface with new technologies. One of those new technologies is Model Context Protocol (MCP). MCP has emerged as the standard for connecting AI to external tools, but its flexibility has created security challenges. How do we secure MCP? Rahul Parwani, Head of Product, Security Solutions…

Podcasts Worth a Listen

SecurityWeek Podcasts

Podcasts Worth a Listen

Quick Reference Guide