Securing the future of DevOps and AI: real talk with industry leaders.
…
continue reading
OWASP Podcasts
Podcasts from the MiSec, OWASP Detroit, and BSides Detroit communities.
…
continue reading
The OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.
…
continue reading
This podcast contains security topics discussed by the Secure Ideas LLC. team.
…
continue reading
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
…
continue reading
Exploring the bonds shared between people and technology
…
continue reading
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Coffee, Chaos & ProdSec is where cybersecurity meets caffeine-fueled chaos. Hosts Kurt (security architect and chaos tamer) and Cameron (ProdSec wrangler and DevSecOps junkie) dive into hacking, AppSec, supply chain failures, AI surprises, and the everyday madness of defending modern systems. With humor, sharp insight, real breach breakdowns, bad password confessions, and a few questionable impressions, they explore the messy reality of security and how teams survive it. New episodes Every W ...
…
continue reading
Shared Security is your premier cybersecurity and privacy podcast where we explore the bonds shared between people and technology. Join industry experts Tom Eston, Scott Wright, and Kevin Johnson as they deliver the latest news, actionable tips, expert guidance, and insightful interviews with top cybersecurity and privacy specialists. Stay informed and take control of your online security and privacy in today's interconnected world. Tune in every week to discover invaluable insights, strateg ...
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Your anything goes security podcast presented to you by Black Lantern Security
…
continue reading
Security teams have their hands full. Building relationships across the entire organization is vital for success. In Champions of Security, I interview passionate individuals with unique stories. Each guest shares their honest opinions about what’s working (and what isn’t) in the security world. Tune in to learn valuable insights about keeping your customers safe.
…
continue reading
Welcome to the Women in Security Podcast! This podcast is devoted to the world of information & cyber security and the great women who make it turn. In each episode, I sit down with a guest speaker to discuss their experiences and touch on some of the lesser known aspects of the industry. We'll shed light on the routes to the various technical and non-technical roles in this space, as well as exploring the skillsets required to be successful.
…
continue reading
Welcome to The Craft of Open Source, hosted by Ben Rometsch, Co-Founder and CEO of Flagsmith. This bi-weekly show is focused on the ins and outs of the Open Source Software Community. Join Ben as he speaks with the brightest minds that have brought us some of the most adopted technologies on earth. Each episode is an interview with creators, maintainers, entrepreneurs, and key contributors to the open source community. We will cover critical topics for open source developers, contributors an ...
…
continue reading
1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362
1:07:52
1:07:52
Play later
Play later
Lists
Like
Liked
1:07:52
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…
…
continue reading
1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362
1:07:52
1:07:52
Play later
Play later
Lists
Like
Liked
1:07:52
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…
…
continue reading
1
Microsoft Bug Bounty, CISA hiring surge, US goes offensive in cyber ops, OWASP Top 10
42:22
42:22
Play later
Play later
Lists
Like
Liked
42:22
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss significant updates in cybersecurity, including Microsoft's overhaul of its bug bounty program, CISA's hiring strategy amidst workforce challenges, the US's shift towards a more aggressive cyber strategy, and insights from the updated OWASP Top 10 vulnerabilities. The…
…
continue reading
1
SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
5:50
5:50
Play later
Play later
Lists
Like
Liked
5:50
MongoDB Unauthenticated Attacker Sensitive Memory Leak CVE-2025-14847 Over the Christmas holiday, MongoDB patched a sensitive memory leak vulnerability that is now actively being exploited https://www.mongodb.com/community/forums/t/important-mongodb-patch-available/332977 https://github.com/mongodb/mongo/commit/505b660a14698bd2b5233bd94da3917b585c5…
…
continue reading
1
Holiday Special Part 2: You're Gonna Click the Link - Rob Allen - SWN #541
34:25
34:25
Play later
Play later
Lists
Like
Liked
34:25
You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad decisions for you. The conversation spans ransomware economics, why payin…
…
continue reading
1
Holiday Special Part 2: You're Gonna Click the Link - Rob Allen - SWN #541
34:25
34:25
Play later
Play later
Lists
Like
Liked
34:25
You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad decisions for you. The conversation spans ransomware economics, why payin…
…
continue reading
1
Holiday Special Part 2: You’re Gonna Click the Link - Rob Allen - SWN #541
34:25
34:25
Play later
Play later
Lists
Like
Liked
34:25
You survived the click—but now the click has evolved. In Part 2, the crew follows phishing and ransomware down the rabbit hole into double extortion, initial access brokers, cyber insurance drama, and the unsettling rise of agentic AI that can click, run scripts, and make bad decisions for you. The conversation spans ransomware economics, why payin…
…
continue reading
1
Building a Hacking Lab in 2025 - PSW #906
1:03:21
1:03:21
Play later
Play later
Lists
Like
Liked
1:03:21
The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Show…
…
continue reading
1
Building a Hacking Lab in 2025 - PSW #906
1:03:21
1:03:21
Play later
Play later
Lists
Like
Liked
1:03:21
The crew makes suggestions for building a hacking lab today! We will tackle: What is recommended today to build a lab, given the latest advancements in tech Hardware hacking devices and gadgets that are a must-have Which operating systems should you learn Virtualization technology that works well for a lab build Using AI to help build your lab Visi…
…
continue reading
1
Ep 17 - Breaking Into Product Security, AppSec, DevSecOps, and Cloud Security Without a Degree
1:11:35
1:11:35
Play later
Play later
Lists
Like
Liked
1:11:35
🎙️ Coffee, Chaos and ProdSec, Ep 17 Breaking into cybersecurity without a degree feels impossible, yet people do it every single day. So this week, Cameron and Kurt grab their mugs and get real about how career changers actually break into Product Security, Application Security, DevSecOps, and Cloud Security when their background looks nothing like…
…
continue reading
1
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
49:27
49:27
Play later
Play later
Lists
Like
Liked
49:27
Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes…
…
continue reading
1
The CISO Holiday Party 2025: Leadership Lessons from the Year That Was - BSW #427
49:27
49:27
Play later
Play later
Lists
Like
Liked
49:27
Join Business Security Weekly for a roundtable-style year-in-review. The BSW hosts share the most surprising, inspiring, and humbling moments of 2025 in business security, culture, and personal growth. And a few of us might be dressed for the upcoming holiday season... Show Notes: https://securityweekly.com/bsw-427…
…
continue reading
1
Holiday Special Part 1: You're Gonna Click the Link - Rob Allen - SWN #540
35:34
35:34
Play later
Play later
Lists
Like
Liked
35:34
It's the holidays, your defenses are down, your inbox is lying to you, and yes—you're gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won't save you, and why the real job is surviving after the click. From phishing and sm…
…
continue reading
1
Holiday Special Part 1: You're Gonna Click the Link - Rob Allen - SWN #540
35:34
35:34
Play later
Play later
Lists
Like
Liked
35:34
It's the holidays, your defenses are down, your inbox is lying to you, and yes—you're gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won't save you, and why the real job is surviving after the click. From phishing and sm…
…
continue reading
1
Holiday Special Part 1: You’re Gonna Click the Link - Rob Allen - SWN #540
35:34
35:34
Play later
Play later
Lists
Like
Liked
35:34
It’s the holidays, your defenses are down, your inbox is lying to you, and yes—you’re gonna click the link. In Part 1 of our holiday special, Doug White and a panel of very smart people explain why social engineering still works decades later, why training alone won’t save you, and why the real job is surviving after the click. From phishing and sm…
…
continue reading
In episode 307 of Absolute AppSec, hosts Ken and Seth conduct a retrospective on the application security landscape of 2025. They conclude that their previous predictions were largely accurate, particularly regarding the rise of prompt injection, AI-backed attacks, and the industry-wide shift toward per-token billing models. A major theme of the ye…
…
continue reading
1
Introducing the BSP Maturity Model for Identity
40:46
40:46
Play later
Play later
Lists
Like
Liked
40:46
Summary In this episode of the Blue Security Podcast, hosts Andy and Adam discuss the Security Maturity Model, focusing on identity security. They explore the current state of security practices, identifying areas where organizations may be behind the curve, on track, or ahead of the curve in their security measures. Key topics include the importan…
…
continue reading
1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362
1:07:52
1:07:52
Play later
Play later
Lists
Like
Liked
1:07:52
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…
…
continue reading
1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362
1:07:52
1:07:52
Play later
Play later
Lists
Like
Liked
1:07:52
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…
…
continue reading
1
Internal threats are the hole in Cybersecurity's donut - Frank Vukovits - ESW #438
1:57:05
1:57:05
Play later
Play later
Lists
Like
Liked
1:57:05
Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the i…
…
continue reading
1
Internal threats are the hole in Cybersecurity’s donut - Frank Vukovits - ESW #438
1:57:05
1:57:05
Play later
Play later
Lists
Like
Liked
1:57:05
Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There’s a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn’t infringe on any individual organization’s privacy. That’s why we hear the i…
…
continue reading
1
Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting
12:42
12:42
Play later
Play later
Lists
Like
Liked
12:42
In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions ab…
…
continue reading
1
Why Networking Is Your Secret Weapon in Cybersecurity Job Hunting
12:42
12:42
Play later
Play later
Lists
Like
Liked
12:42
In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions ab…
…
continue reading
1
SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues
6:00
6:00
Play later
Play later
Lists
Like
Liked
6:00
DLLs & TLS Callbacks As a follow-up to last week's diary about DLL Entrypoints, Didier is looking at TLS ( Thread Local Storage ) and how it can be abused. https://isc.sans.edu/diary/DLLs%20%26%20TLS%20Callbacks/32580 FreeBSD Remote code execution via ND6 Router Advertisements A critical vulnerability in FreeBSD allows for remote code execution. Bu…
…
continue reading
1
Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539
32:10
32:10
Play later
Play later
Lists
Like
Liked
32:10
Auld Lang Syne, Ghostpairing, Centerstack, OneView, WAFS, React2Shell Redux, Crypto, Josh Marpet, and More, on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-539
…
continue reading
1
Auld Lang Syne, Ghostpairing, Centerstack, WAFS, React2Shell, Crypto, Josh Marpet... - SWN #539
32:10
32:10
Play later
Play later
Lists
Like
Liked
32:10
Auld Lang Syne, Ghostpairing, Centerstack, OneView, WAFS, React2Shell Redux, Crypto, Josh Marpet, and More, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-539
…
continue reading
1
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog finds JWTs
4:37
4:37
Play later
Play later
Lists
Like
Liked
4:37
Positive trends related to public IP range from the year 2025 Fewer ICS systems, as well as fewer systems with outdated SSL versions, are exposed to the internet than before. The trend isn t quite clean for ISC, but SSL2 and SSL3 systems have been cut down by about half. https://isc.sans.edu/diary/Positive%20trends%20related%20to%20public%20IP%20ra…
…
continue reading
This week in the security news: Linux process injection Threat actors need training too A Linux device "capable of practically anything" The Internet of webcams Hacking cheap devices Automating exploitation with local AI models Lame C2 Smallest SSH backdoor Your RDP is on the Internet These are not the high severity bugs you were looking for Low ha…
…
continue reading
This week in the security news: Linux process injection Threat actors need training too A Linux device "capable of practically anything" The Internet of webcams Hacking cheap devices Automating exploitation with local AI models Lame C2 Smallest SSH backdoor Your RDP is on the Internet These are not the high severity bugs you were looking for Low ha…
…
continue reading
1
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
6:10
6:10
Play later
Play later
Lists
Like
Liked
6:10
Maybe a Little Bit More Interesting React2Shell Exploit Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed. https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Intere…
…
continue reading
1
Ep 16 - Part 2 - Get Comfortable Being Vulnerable: When AI, Risk, and Reality Collide in AppSec
1:06:54
1:06:54
Play later
Play later
Lists
Like
Liked
1:06:54
🎙️ Coffee, Chaos and ProdSec - Ep 16 Last week we mapped the problem — now we break the system. Kurt and Cameron return with part two of our vulnerability deep dive, tackling CVSS chaos, broken tooling, exploding CVE volume, and how AI is about to overwhelm traditional prioritization models. From exposure validation turning 15,000 findings into 300…
…
continue reading
1
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
54:36
54:36
Play later
Play later
Lists
Like
Liked
54:36
Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends. Jim McCoy, CEO at Atlas, joins Business Secur…
…
continue reading
1
Cybersecurity Hiring Trends as Boards Bridge Confidence Gap and Build Strategic Lever - Jim McCoy - BSW #426
54:36
54:36
Play later
Play later
Lists
Like
Liked
54:36
Business Security Weekly is well aware of the cybersecurity hiring challenges. From hiring CISOs to finding the right skills to developing your employees, we cover it weekly in the leadership and communications segment. But this week, our guest interview digs into the global cybersecurity hiring trends. Jim McCoy, CEO at Atlas, joins Business Secur…
…
continue reading
1
SANS Stormcast Wednesday, December 17th, 2025: Beyond RC4; Forticloud SSO Vuln Exploited; FortiGate SSO Exploited;
6:38
6:38
Play later
Play later
Lists
Like
Liked
6:38
Beyond RC4 for Windows authentication Microsoft outlined its transition plan to move away from RC4 for authentication and published guidance and tools to facilitate this change. https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication FortiCloud SSO Login Vuln Exploited Arctic Wolf observed exploit attemp…
…
continue reading
1
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland. - SWN #538
34:36
34:36
Play later
Play later
Lists
Like
Liked
34:36
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's Pix, Aaran Leyland, and More, on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-538
…
continue reading
1
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's pix, Aaran Leyland. - SWN #538
34:36
34:36
Play later
Play later
Lists
Like
Liked
34:36
Pornhub, WSL, Santastealer, Geoserver, Webkit, Fortiyomama, Dad's Pix, Aaran Leyland, and More, on the Security Weekly News. Show Notes: https://securityweekly.com/swn-538
…
continue reading
1
A Vision For The Future Of Enterprise AI Security With Sanjay Poonen
27:30
27:30
Play later
Play later
Lists
Like
Liked
27:30
Episode Summary The future of cyber resilience lies at the intersection of data protection, security, and AI. In this conversation, Cohesity CEO Sanjay Poonen joins Danny Allan to explore how organisations can unlock new value by unifying these domains. Sanjay outlines Cohesity’s evolution from data protection to security in the ransomware era, to …
…
continue reading
