Security Weekly Podcast Network (Video)

At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks. In this special Enterprise Security Weekly episode, we bring together insights from top experts: Dor Fledel (Okta) explains how teams can gain visibility into AI agents, uncover risks, and enforce appropriate access controls. Alexander Makarov (Adyen) shares how a global fintech unified and streamlined identity with Okta, improving both security and employee experience across 200+ countries. Aaron Parecki (Okta) highlights the importance of open standards—like IPSIE, MCP, and A2A—for building secure, interoperable AI ecosystems and centralized control over AI-driven interactions. Heather Ceylan (Box) discusses how Box embeds AI into workflows to enhance data protection, even for highly regulated industries. Matt Immler (Okta) offers lessons from the field on strengthening defenses with behavioral monitoring, automation, and a security-first culture to counter attackers who now “log in” instead of hacking in. Nitin Raina (Thoughtworks) warns about AI-driven social engineering—from deepfakes to multi-channel phishing—and shares practical strategies like phishing-resistant MFA, zero-trust architecture, and better employee training. From open standards to privileged access management and AI-powered defense, these Oktane 2025 conversations explore how identity-driven strategies are shaping the future of enterprise security. Segment Resources: https://www.okta.com/newsroom/articles/old-security-challenges--new-ai-risks--managing-authorization-in https://www.okta.com/newsroom/press-releases/okta-introduces-cross-app-access-to-help-secure-ai-agents-in-the/ https://www.okta.com/blog/ai/securing-the-ai-agent-ecosystem/ https://www.okta.com/customers/adyen/ https://www.okta.com/newsroom/?sort=featured&filters=okta%3Acategories%2Fidentity-security https://www.okta.com/customers/thoughtworks/ This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them! Show Notes: https://securityweekly.com/esw-427

Ratboi, Clop, Oracle, svgs, Impact Solutions, The Pentagon, Open AI, Josh Marpet, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-517

In addition to some fun news, we get a Mary Ann Davidson as a surprise guest. We even get a great quote from her of "You're never going to have enough cybersecurity people to defend what was never built to be defensible.". Show Notes: https://securityweekly.com/psw-894

More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabilities (67%). According to the new Future Forward: CIO 2025 Outlook report released by Experis, a global leader in IT workforce solutions and part of the ManpowerGroup (NYSE: MAN) family of brands, modern technology leaders are walking a tightrope between protecting their organizations and driving innovation in an era of relentless cyber threats and rapid digital transformation. Amanda Jack, CTO at Manpower Group, joins Business Security Weekly to share the finding, including: 77% of organizations plan to increase cybersecurity budgets in 2025, followed by cloud infrastructure (68%) and AI (67%) 76% of IT employers worldwide report difficulty finding skilled tech talent 52% of tech leaders are embedding AI skills into existing roles rather than creating new positions Relationship with the Chief Operating Officer (COO) is identified as the most important C-suite partnership outside IT 56% of IT leaders say senior leadership lacks sufficient knowledge about the CIO role and its responsibilities Segment Resources: https://www.experis.com/en/cio-outlook In the leadership and communications segment, Is Your Board Too Collegial?, Cybersecurity, AI, and Economic Uncertainty: How Internal Audit Teams Are Managing 2025's Top Risks, Burnout in the corporate middle: when leadership becomes an issue, and more! Show Notes: https://securityweekly.com/bsw-415

Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-516

Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs into this process without losing your focus or losing your budget. In the news, supply chain security in Ruby and Rust, protecting package repositories, refining CodeQL queries for security, refactoring and Rust, an OWASP survey, and more! Show Notes: https://securityweekly.com/asw-350

How identity security can keep pace with the evolving threat landscape, with Brett Winterford Today’s threat landscape has never been more complex. Malicious actors are leveraging tools like generative AI to develop more creative social engineering attacks that can have serious ramifications for businesses. Brett Winterford, VP of Okta Threat Intelligence, shares findings from his team’s most recent investigations, as well as recommendations for organizations looking to strengthen their defenses. Segment Resources https://www.okta.com/newsroom/articles/okta-threat-intelligence-exposes-genai-s-role-in-dprk-it-scams/ https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/ https://sec.okta.com/articles/uncloakingvoidproxy/ How to navigate app development in the AI era with Shiv Ramji As AI reshapes how applications are built and consumed, developers and engineering leaders face a new set of challenges: enabling innovation while maintaining security. In this interview, Auth0 President Shiv Ramji will discuss the shifting landscape of application development in the AI era. He’ll discuss the shift toward developing AI agents that are secure by design and standards-first so they can thrive within an interconnected web of applications and systems. How AI agents are reshaping cybersecurity from the inside out with Damon McDougald AI is being harnessed to transform cybersecurity operations—from automating routine tasks to closing skills gaps and accelerating incident response. Damon McDougald, Global Security Services Lead at Accenture, shares how agents can cut through alert fatigue and proactively defend against threats at scale. Damon also outlines the identity risks these agents introduce—and what cybersecurity leaders must do now to secure their access and maintain control in an increasingly autonomous environment. All three segments are sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more! Show Notes: https://securityweekly.com/esw-426

Riker's Curse, River City, EDR-Freeze, MCP, WordPress, GitHub, Josh Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-515

Broadcom, LastPass, Brickstone, SEO Poisoning, QR codes, H1B visas, Distributed Computing, and More... Show Notes: https://securityweekly.com/psw-893

As AI and cloud-based services power our connected world, individuals are facing an unprecedented privacy crisis. With more than 2.3 billion people entrusting their data to the cloud and centralized servers, cyberattacks, data breaches, surveillance, identity theft, and privacy threats are now everyday risks. How do we protect against these threats? O Company founder and CEO, Guillaume Jaulerry, believes we’ve crossed a critical threshold -- cloud dependence has quietly become a strategic liability, and individuals, professionals, and enterprises alike are facing a looming privacy crisis. Guillaume joins Business Security Weekly to share his perspective on how technology should shift, putting in the center of it human privacy. In the leadership and communications segment, Fewer CISOs feel aligned with their boards on cybersecurity this year, AI agents are here, now comes the hard part for CISOs, How to Network Better, Build Leadership Skills, and Negotiate Raises Effectively, and more! Show Notes: https://securityweekly.com/bsw-414

Uhura, Collins, Nimbus Manticore, Sonic Wall, Async Rat, Solar Winds, ShadowV2, H1B, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-514

In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Show Notes: https://securityweekly.com/asw-349

Interview with Tod Beardsley This interview is sponsored by runZero. Legacy vulnerability management (VM) hasn't innovated alongside of attackers, and it shows. Let's talk about the state of VM. Check out https://securityweekly.com/runzero to learn more! Topic Segment: NPM Incidents In this week’s topic segment, we’re discussing all the NPM supply chain attacks from the past 3 weeks. I recently published a roundup of these incidents over on my Substack. Weekly Enterprise News Finally, in the enterprise security news, funding and acquisitions are going crazy an exciting new canarytoken banks have a more sedate approach to agentic MCP security the future Subprime Code crash of 2028 is security worried about the wrong risks? botnets are back in the headlines some bs research journalists getting duped by AI Animal crossing villagers are organizing against Tom Nook All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-425

In this episode of Security Weekly News, Joshua Marpet and Aaran Leyland discuss the latest trends in AI and cybersecurity, focusing on innovations from CrowdStrike, the implications of new cyber incident reporting rules, and the evolving landscape of ransomware. They explore the role of AI in enhancing security measures, the challenges posed by mandated reporting for critical infrastructure, and the cultural impact of cybercrime on youth. The conversation also touches on the advancements in AI technology, including its applications in healthcare and mainframe modernization, as well as the alarming rise in ransomware tactics and the use of AI by cybercriminals. Show Notes: https://securityweekly.com/swn-513

This week's technical segment is all about the T-Lora Pager from Lilygo, and really cool Meshtastic device that can also be used for some hacking tasks! In the security news: Your safe is not safe Cisco ASA devices are under attack VMScape HybridPetya and UEFI attacks in the wild Eveything is a Linux terminal Hackers turns 30 Hosting websites on disposable vapes NPM worms and token stealing Attackers make mistakes too AI podcasts Show Notes: https://securityweekly.com/psw-892

In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What’s happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Show Notes: https://securityweekly.com/bsw-413

AI Nuns, Steganography, You're fired, VoidProxy, C++, Carplay Apriso, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-512

This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start off discussing how Scott and other leaders have managed to keep up with the crazy rate of change in the AI world. We pivot to discussing some of the specific projects the team is working on, and finally discuss some of the biggest AI security challenges before wrapping up the conversation. If you're neck-deep in AI like we are, I highly recommend checking out this conversation, and consider joining this OWASP project, sponsoring them, or just checking out what they have to offer (which is all free, of course). Segment Resources: Get started with the OWASP GenAI Security Project Register for the GenAI Application Security & Risk Summit on October 9th, 11am - 4pm EST This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Show Notes: https://securityweekly.com/asw-348

Segment 1 - Interview with Jeff Pollard Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won’t be as simple or as straightforward as mobile and cloud — and that’s bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there’s funding and acquisitions, but we’re not going to talk about them AI’s gonna call the cops on you and everyone’s losing money on it and Anthropic agreed to pay for all the copyright infringement they did when training models and Otter.ai got sued for recording millions of conversations without consent Burger King got embarrassed and their lawyers didn’t like it NPM package mayhem certificate authority hijinks AI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island’s enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential use How presentation layer DLP prevents data leaks inside and outside apps Real-time blocking of phishing logins and unsanctioned SaaS access Plug-in risk scoring, version pinning, and selective extension control Enabling BYOD securely — even after a catastrophic laptop loss Why many users never go back to Chrome, Edge, or Safari after switching Segment Resources: https://www.island.io/blog/how-the-enterprise-browser-neutralizes-the-risks-of-compromised-credentials This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more! Show Notes: https://securityweekly.com/esw-424

Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-511