Security Weekly Podcast Network (Audio)

DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, the back seat of a Buick Electra, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-569

In the Security News: Claude leaks source code and new models Two really smart people say AI is finding vulnerabilities better than ever Windows is using your internet to send updates to strangers BIG-IP APM vulnerability - all you need to know Linux KVM for the win The bus factor and open source Axios supply chain breach Trimming Grub Depotting and hacking e-Motorcycles Trivy and Cisco source code leaks The FCC ban and What is a router? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-920

Most organizations don’t fail because of technology. They fail because decision authority is unclear in the first critical minutes. “Being careful” is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure? Ann Marie van den Hurk, Founder at Mind The Gap Advisory, joins Business Security Weekly to discuss how executive paralysis leads to business damage. Ann Marie will discuss: Where Paralysis Actually Comes From What “Being Careful” Looks Like in Practice Why the First 20 Minutes Matter How Paralysis Becomes Business Damage Why Existing Plans Don’t Hold What Actually Fixes It Then, we rebroadcast two interviews from RSAC 2026. Autonomous Intelligence and the Future of Digital Trust AI agents are no longer experimental tools — they are becoming autonomous participants in enterprise infrastructure. Acting independently, making decisions at machine speed, and interacting directly with sensitive systems, these agents fundamentally reshape the trust model that underpins modern organizations. As AI becomes embedded across operations, security must evolve from perimeter defense to continuous, identity-driven trust. This conversation explores what it means to build a resilient trust architecture for autonomous systems — one that ensures verifiable identity, constrained authority, accountability, and governance at scale. We’ll examine how enterprises can balance innovation with control, prevent misuse or spoofed agents, and prepare for a future defined by machine-to-machine interactions. At stake is not just cybersecurity, but the integrity of digital trust itself. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Know Your AI Agents Through Visibility, Control, and Accountability AI agents are rapidly embedding into core enterprise workflows with broad access to sensitive systems and the ability to act autonomously, creating new challenges for security leaders tasked with enabling innovation while maintaining control. In this interview, Matt Immler will discuss why organizations must know about every agent operating in their environment and how to bring those agents under governance. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-441

In the AI era, cybersecurity is undergoing a fundamental shift as AI agents transform both the speed and scale of attacks. In this interview, Gibb Witham, President and Chief Financial Officer of Hack The Box, explains why organizations must move beyond assumed AI capability toward measurable, validated cyber readiness for both humans and AI systems. Drawing on real-world benchmarks, agentic AI testing, and hands-on training, Witham outlines how security teams can safely adopt AI by proving performance under pressure. The discussion highlights why the future of cybersecurity depends on training, testing, and reinforcing human and AI operators together before they are trusted in critical environments. This segment is sponsored by Hack The Box. Visit https://securityweekly.com/hacktheboxrsac to learn more about them! As credential-based attacks continue to dominate headlines, many organizations are realizing that identity alone is no longer a sufficient control. This conversation explores the shift toward device-based access enforcement and why tying access to both user and device is becoming critical. We’ll discuss how this evolution is reshaping Zero Trust strategies across modern environments. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-568

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in building teams of security researchers and why there's still an emphasis on the ability to learn about and understand how software is built. But figuring out what skills will get you hired and what skills are valuable to invest in still feels daunting to new grads and others entering the security industry. We discuss where the role of appsec seems to be heading and a few of the security and software fundamentals that can help you follow that direction. Segment resources https://bsidessf2026.sched.com/event/2E1h4/we-pwn-the-night-growing-leading-an-31337-security-research-team?iframe=yes&w=100%&sidebar=yes&bg=no https://drive.google.com/file/d/1_zLH8vuHU1XOjEyk85WecQwSByDwxAmQ/view?pli=1 https://securing.dev/posts/if-i-were-eighteen-again/ https://research.nvidia.com/labs/lpr/slm-agents/ Then, we rebroadcast two interviews from RSAC 2026. The Identity Crisis of Agentic AI Identity security is being stretched between legacy infrastructure that was never built to be secure and rapidly emerging AI agents and non-human identities that organizations are quickly adopting. As AI accelerates, identity risk grows alongside it, making agentic security fundamentally an identity challenge—because the more access AI has, the greater both its power and potential risk. In this session, Ron Rasin explores how past gaps in areas like Active Directory and machine identities created today’s blind spots, and why identity must now act as the control plane for AI-driven enterprises, with real-time enforcement before access is granted. He also highlights new innovations and partnerships enabling embedded identity controls across human, non-human, and AI identities, emphasizing that at machine speed, reactive security is no longer enough. To learn more about Silverfort and their AI Agent product, visit https://securityweekly.com/silverfortrsac. Privileged by Design: AI Agents and the New Identity Risk to Production Systems At RSAC this year, the AI conversation is getting more practical. Less “look what agents can do” and more “who’s actually in control when an autonomous system can take real actions across business apps and infrastructure.” The Moltbook breach and the growing attention on OpenClaw-style agent vulnerabilities put real weight behind that question because they show how quickly agent ecosystems can scale past oversight. Today we’re talking with Shashwath, CEO of P0 Security, about why identity and authorization are the quiet enablers of modern AI, where teams are losing control as non-human identities explode and what security leaders can do to keep innovation moving without turning access sprawl into enterprise risk. To learn more about P0 Security, visit: https://securityweekly.com/p0rsac. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-376

Interview with Helen Patton about her new book, Switching to Cyber Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career. Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career: on Amazon on Barnes & Noble and on the publisher's website Interview with Lenny Zeltzer: Reflections on Being a CISO After a cybersecurity career in various roles, doing everything from product management to malware analysis training, Lenny spent 6 years in the CISO seat at Axonius, from near the inception of the company through its growth from its modest Series A stage in 2019 to the present, with nearly a billion in funding today. Lenny's CISO Essays: What Being a CISO Taught Me About Security Leadership As a CISO, Are You a Builder, Fixer, or Scale Operator? The Chief Insecurity Officer Interview with Alexandre Sieira: The state of TPCRM is shifting The gold standard for third party cyber risk management has long been the humble questionnaire. While we've seen security rating services companies generate scores by scanning a company's external resources. Both approaches are widely considered inaccurate for either creating trust relationships or determining the true risk of doing business with a third party. Every analysis of this problem comes to the same conclusion: without internal data about the state of systems and the security program, TPCRM can't improve substantially. Most this believe this to be an impossible problem: third parties would never share data this sensitive with a customer and first parties assume the same. What if they did? That's exactly the premise behind Tenchi Security, and Alexandre joins us to talk about how they've accomplished the 'impossible' in Brazil and aim to expand their success to the US. Resources: Thoughts from a panel discussion at a recent FS-ISAC event, shared on LinkedIn Predicts 2026: Third-Party Cybersecurity Risk Management Evolves for the AI Era (Gartner Subscribers only, sorry) Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-452

In this two-part interview, Rinoa Poison explores the mechanics of modern scams, the role of AI in making them more convincing, and the growing world of scam baiting. She also discusses the tactics, technical setups, and safety considerations behind wasting scammers’ time. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-567

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include: Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent) ZMap | Host discovery — find live hosts with open ports | L4 (TCP SYN, UDP, ICMP) | Millions of packets/sec ZGrab2 | Application-layer handshakes — grab banners, certs, headers | L7 (30+ protocol modules) | Thousands of hosts/sec Nerva | Service fingerprinting — identify 140+ protocols with metadata, CPEs, technology stacks | L7 (TCP, UDP, SCTP) | Fast, concurrent Nuclei | Template-based vulnerability scanning — default creds, exposed panels, known CVEs | L7 (HTTP, network) | Hundreds of targets/min Shannon | Vulnerability exploitation — AI-powered whitebox pentesting of web apps | Application | ~1-1.5 hrs per target edgescan.py | Automated pipeline — orchestrates all tools above into a single command | Orchestration | End-to-end Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-919

With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Say Easy, Do Hard segment, we discuss the quantum-safe journey using a framework for crypto-agility. In part 1, we define cryptographic agility, or crypto-agility for short, and why it's important. Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it’s not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization’s cryptographic architecture, automation, and governance to allow for greater control and flexibility. In part 2, we discuss a framework for discovery, prioritization, and remediation while keeping crypto-agility in mind. A quantum-safe journey requires: Inventory of Systems With Non-Quantum-Safe Algorithms And Protocols System Prioritization, Leading To A Migration Roadmap Remediation, Including Vendors And Partners Once a distant possibility, Q-Day is quickly approaching. Are you ready for 2030? Segment Resources: https://pqcc.org/wp-content/uploads/2025/05/PQC-Migration-Roadmap-PQCC-2.pdf https://pqcc.org/wp-content/uploads/2025/06/PQCC-Inventory-Workbook.xlsx https://qramm.org/learn/cryptoscan-guide.html https://research.ibm.com/blog/quantum-safe-cbomkit Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-440

Rinoa Poison joins Security Weekly News to break down the world of scam baiting, how modern scams are evolving, and why AI is making fraud harder to spot. In this two-part conversation, she shares how scam baiters operate, the risks involved, and what everyday people should know. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-566

So much of appsec’s efforts can be consumed by vuln management and a race to patch security flaws. But that’s more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the concept sounds familiar to secure by design, and why organizations still struggle with creating effective practices for visibility. Resources https://www.forrester.com/blogs/proactive-security-platforms-will-cumulate-visibility-prioritization-and-remediation/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-375

Interview with Kara Sprague - The AI Fix for Infrastructure’s Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses. Interview with Mike Privette - The State of the Cybersecurity Market Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check. In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report. Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy! Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these! Weekly Enterprise News Finally, in the enterprise security news, funding announcements seem to be ramping up before RSA Should security architects be shifting right? How McKinsley’s AI platform got hacked… by AI Amazon is having a bad time with AI lately Europe announces a Google Workspace/Microsoft 365 replacement Robot dogs are apparently guarding datacenters now Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-451

Macbeth, Ahab, Peewee Herman, Microsoft, Zoom, Vibe Hacking, SharePoint, Meta, AgeID, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-565

In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you’ve never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify what makes Radare unique, why thousands of engineers rely on it, and how you can step into the community. This segment is sponsored by NowSecure. Discover how AI-powered mobile app security testing finds hidden vulns and leaks at https://securityweekly.com/nowsecure. In the security news: The US national cyber strategy in the category of dumb laws and 3d printing guns Iranian threat analysis ESP32 Bus Pirate gets some amazing updates I can reset the admin password Rick-rolling yourself Chrome 0days Re-purposing those old Ubiquiti cloud keys The new TLS certificate lifecycle A Flipper Zero add-on and news on the FlipperOne glassword malware Do you care about exploits or patching? attacking nuclear research centers how we uncovered 9 vulnerabilities in IP KVMs and hacking your laundry card with Claude Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-918

Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable? Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics. In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-439

AI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-564

What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups. One of the themes of this conversation is how important documentation is, whether it's intended for humans or for prompts to LLMs. Importantly, LLMs don't innovate on their own -- they rely on the data they're trained on. And that means there should be good authoritative sources for what secure code looks like. It also means that instructions to LLMs need to be clear and precise enough to produce something useful. Watch what happens when Mark prompts his agents to run a live demo for us! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-374

Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going. Segment 1 Resources: https://www.firetail.ai/ai-breach-tracker Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran. Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out! Pick up the book! from Wiley from Barnes & Noble from Amazon Allie's personal website The Weekly Enterprise News Finally, in the enterprise security news, Vibes and funding! Starting to see some disruption in the vuln mgmt space (finally!) Tons of new free tools lots of essays lots of reports logs of breaches the talks our hosts are giving at RSAC conference and someone is selling an actual cone of silence??? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-450

This episode is all about trust getting abused at scale. We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft. Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’s transactions in-app, a straight confidentiality failure, not “someone hacked my phone”. From there it’s the Middle East conflict exposing what “cloud resilience” really means when the problem isn’t cyber, it’s physical disruption and dependency chains. Then Meta’s takedown of 150,000 scam-linked accounts shows the fraud supply chain is still running hot, and the platforms are now part of the battleground whether they like it or not. The Microsoft story is the one to watch: a critical Excel bug that turns Copilot Agent into a zero-click data leak path. And the AI agent theme keeps going with Context7: attackers slipping instructions into “helpful” context and getting agents to do dumb, destructive things on their behalf. We finish with Stryker having the worst day with a major outage, disputed claims, and a reminder that if your management plane gets hit, you can lose the whole estate fast. Look at Intune. No hype. Just the stuff that actually breaks systems, me talking too fast, which to be honest 'slow' is why I turn most podcasts off. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-563

In the security news this week: The XZ backdoor documentary Zero days - the clock isn't ticking Vulnerability Mis-Management Reversing traffic light controllers Reversing with Claude Don't curl to bash! Reading CVEs makes my head hurt Dumping browser secrets I open-sourced a new(ish) tool D-LINK exploits There is no password I control the building When old vulnerabilities become new Tile is for stalkers Hacking AI Iran War: What cybersecurity needs to know National cyber strategy Coruna I got phished and I want a refund Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-917

AI has created a dilemma for security teams. Attackers are using AI to develop exploits to newly disclosed vulnerabilities faster than security teams can patch them. Security teams have not fully leveraged the capabilities of AI to autonomously prevent these attacks. Without a radical change in approach, organizations will be exposed to an exponentially increasing attack surface. How long can your organization tolerate being exploitable? Myke Lyons, CISO at Cribl, joins Business Security Weekly to discuss why organizations need to embrace AI to understand the behavior of attacks to effectively prevent them. For decades, we've focused on the Indicators of Compromise (IoCs) and have played whack-a-mole to try and patch them. Instead, we should focus on the Tactics, Techniques, and Procedures (TTPs) and leverage LLMs to understand the behavior of the attack. Once we understand the behaviors, we can implement preventative controls to minimize exposure. And yes, AI can also help us automate patching, when we're ready to trust it. In the leadership and communications segment, Your Risk Tolerance Has Changed. Does Your Leadership Team Know That? , The New Leadership Structures that Unblock Innovation, How CISOs can build a resilient workforce, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-438

Precious Bodily Fluids, InstallFix, CISA, Claude, Overtime, Sim Swaps, Tube Stations, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-562

Medical devices are a special segment of the IoT world where availability and patient safety are paramount. Tamil Mathi explains why many devices need to fail open -- the opposite of what traditional appsec approaches might initially think -- and what makes threat modeling these devices interesting and unique. He also covers how to get started in this space, from where to learn hardware hacking basics to reviewing firmware and moving up the stack to the application layer. Segment Resources: https://www.defconbiohackingvillage.org https://medium.com/@tamilmathimaddytamilthurai/securing-the-future-of-iot-with-trusted-execution-environments-tees-a-secure-scalable-and-1376f94e755c Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-373

Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Upon “running the scan,” the user is presented with a fake “Security issues detected” alert and instructed to manually “fix” the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people. Segment Resources: BLOG - Supply Chain Security: How accurate SBOMs can deliver proactive threat mitigation Interview with Jacob Horne CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-449

Iran vs Everyone: 2FA-Bypass Phish, APT41 Drive, iOS 0days, Josh Marpet, and More on the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-561

In the security news this week: Remembering "FX" Finding and analyzing Windows drivers Network monitoring with Gibson the backdoor in your PAM The edge is fraying - and attackers have the advantage Age verification for Linux? Banning AI TPMS tracking BLE tracking weird strings Airsnitch RESURGE in and on Ivanti Attackers using Claude Government iPhone hacking kits Cisco SD-WAN, Linux, and 2023 Leakbase leaks and Bro, upgrade your solar panel! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-916

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of “machine mistakes.” This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don’t need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-437

North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More on Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-560