Security Weekly Podcast Network (Audio)

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think.
Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers.
Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET’s global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats.
This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them!
Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business.
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-443

Amish Conversion, Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, Outlook Lite, Air Traffic Control, Kieran Human, and More on the Security Weekly News.
Segment Resources: https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data-wiping-attack/
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-572

It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off, how it complements other supply chain security efforts like SLSA, and why they updated it with explicit coverage for AI.
They show what goes into making a project relevant and -- most importantly -- successful at defending how supply chains are attacked. They're also looking for more feedback and participation! If you build software packages, consume software packages, or have an interest in helping organizations stay secure, check it out!
Resources
https://owasp.org/www-project-spvs/
https://github.com/OWASP/www-project-spvs/blob/main/1.5/ReleaseNotesOWASPSPVS1.5-AI-Pipeline-Security.md
https://youtu.be/-WoqGDdivGw?si=kK5-csbnTw8Y4g2J -- The Story Behind OWASP SPVS
https://slsa.dev
Zero Trust That Actually Ships: Moving From Strategy Decks to Real Security
Most enterprise organizations have been working at Zero Trust for years and fail to deliver truly secure environments. Rohan Ravindranath shares insights that Zappsec has gained from guiding the global teams that are succeeding at protecting their orgs. Discover the common pitfalls so you can deploy a solution that works.
This segment is sponsored by Zappsec. Visit https://securityweekly.com/zappsecrsac to learn more about them!
Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential
Enterprises ship code continuously, but most security validation still happens in snapshots. Novee CEO and co-founder Ido Geffen explains what “AI penetration testing” means, why it’s different from automated scanning, and why it’s becoming essential as attackers adopt AI to move faster. He breaks down what separates best-in-class AI pentesting: operator-like reasoning across real environments, validated exploitability, and the ability to uncover business logic flaws and multi-step attack chains. Ido covers the technology behind Novee’s AI penetration tester: a proprietary LLM model, built independently of “frontier” LLMs (like Claude, ChatGPT, Cursor, etc.), and consistently outperforming them at browser exploitation tests. Finally, he shares what buyers should demand in a live evaluation and how continuous retesting closes the loop after fixes ship.
This segment is sponsored by Novee Security. See what your attackers already know at https://securityweekly.com/noveersac.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-378

Segment 1: We cover the weekly enterprise news!
Segment 2: RSAC interviews from ArmorCode and Filigran
ArmorCode: AI Exposure Management and Governing Shadow AI
AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer workflows, agents and MCP servers, security leaders must enable innovation without losing control over risk, accountability and oversight. In this segment, ArmorCode will discuss its new AI Exposure Management (AIEM) solution, as part of the ArmorCode Agentic AI Platform. ArmorCode will highlight how AIEM gives enterprises clearer visibility into where AI is being used, who owns it and the potential risks it introduces across heterogeneous environments. By turning AI usage and signals from existing security and IT systems into governed, auditable outcomes, AIEM helps organizations reduce shadow AI risk, assign accountability and accelerate AI adoption with stronger control and board-ready governance. ArmorCode will also share findings from its new 2026 State of AI Risk Management report, developed in partnership with The Purple Book Community and based on responses from more than 650 enterprise security leaders. The discussion will connect ArmorCode’s latest product innovation to the broader industry need for scalable, enterprise-ready AI risk governance.
ArmorCode AI Exposure Management is available now as a solution deployed on the ArmorCode Agentic AI Platform. To learn more, visit https://securityweekly.com/armorcodersac.
Beyond IOCs: A Framework for High-Impact Cyber Threat Intelligence
In a time where the ability to turn intelligence into decisive action is a true competitive advantage, organizations must move beyond reactive alert triage to a proactive, threat-informed defense. This segment explores how unifying threat intelligence with adversarial attack simulation enables a Continuous Threat Exposure Management (CTEM) framework that replaces hype with measurable outcomes. We will discuss why these are no longer just technical security conversations, but critical business strategies that provide the board and C-suite with the clarity and confidence to reduce risk and focus resources where they matter most.
This segment is sponsored by Filigran. Visit https://securityweekly.com/filigranrsac to learn more about them!
Segment 3: RSAC interviews with Sekioa and Fortra
Agentic AI: Don't Make Your SOC Faster at Being Wrong
Adding AI agents to an unprepared SOC doesn't make it smarter; it just makes it "faster at being wrong." Georges Bossert challenges the industry hype to explain why true autonomy relies on reliable context and structured runbooks, not just prompts. He will discuss how to build the necessary foundations to automate rapidly without losing control.
This segment is sponsored by Sekoia.io. Visit https://securityweekly.com/sekoiarsac to discover their AI SOC Platform!
Scripted Sparrow: A Prolific BEC Group
In December, Fortra Intelligence and Research Experts (FIRE) released a major report exposing Scripted Sparrow, one of the most active Business Email Compromise (BEC) collectives operating today. The group sends an estimated 6 million highly targeted scam emails each month, impersonating executive coaching firms and leveraging spoofed reply chains, missing attachment lures, and evolving multilingual campaigns. FIRE’s investigation links the collective to 119 domains, 245 webmail accounts, and 256 bank accounts, with members operating across three continents and continually refining their fraud techniques at scale.
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-454

Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-571