Segment 1 - Interview with Helen Patton: Introducing the Cybersecurity Canon Did you know that there’s a hall-of-fame for cybersecurity books? Over the past decade, the Cybersecurity Canon has published reviews on dozens of cybersecurity books and established a hall of fame. Hall of fame books are defined as titles that all cybersecurity professionals should read - a great short list for those new to the field and overwhelmed by choices. Helen Patton, co-founder and Chief of Staff for the Cybers...
Jul 21, 2025•1 hr 49 min
Segment 1: Interview with Monzy Merza - There is a Right and Wrong Way to use AI in the SOC In the rush to score AI funding dollars, a lot of startups build a basic wrapper around existing generative AI services like those offered by OpenAI and Anthropic. As a result, these services are expensive, and don't satisfy many security operations teams' privacy requirements. This is just the tip of the iceberg when discussing the challenges of using AI to aid the SOC. In this interview, we'll dive into...
Jul 14, 2025•1 hr 44 min
Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical tools are overpriced, overcomplicated, and reserved for companies that can afford to overpay and have full-time security teams. That’s broken. Cubeless i...
Jul 07, 2025•1 hr 50 min
Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises con...
Jun 30, 2025•1 hr 52 min
In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We’ll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap...
Jun 23, 2025•1 hr 38 min
Segment 1 - Interview with Rob Allen from ThreatLocker This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry’s first AI native,unified Data S...
Jun 16, 2025•1 hr 19 min
Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. What if we didn’t store credentials anymore? We explore Badge’s innovative approach—which enables users to generate a private key on the fly instead o...
Jun 09, 2025•1 hr 38 min
Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure. Cyber Resilience in Action: A Guide for Mid-Market Firms This segment is sponsored by CTG. Visit https://securityweekl...
Jun 02, 2025•1 hr 39 min
Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn’t unique anymor...
May 26, 2025•1 hr 50 min
Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what t...
May 19, 2025•2 hr 13 min
Segment 1 - Secrets and their role in infrastructure security From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastl...
May 12, 2025•2 hr 14 min
Now in its 18th year, the Verizon Business DBIR is one of the industry’s longest standing and leading reports on the current cybersecurity landscape. This year’s report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/a...
May 05, 2025•1 hr 43 min
As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access manag...
Apr 28, 2025•2 hr
In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane . Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of A...
Apr 21, 2025•2 hr 12 min
Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and...
Apr 14, 2025•2 hr 3 min
When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything , as they impose th...
Apr 07, 2025•2 hr 3 min
A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!...
Mar 31, 2025•1 hr 58 min
What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process. In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future. It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that preventi...
Mar 24, 2025•1 hr 51 min
Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training aga...
Mar 17, 2025•1 hr 41 min
2025 brings us close to an interesting milestone - ransomware attacks, in their current, enterprise-focused form, are almost a decade old. These attacks are so common today, it's impossible to report on all of them. There are signs of hope, however - ransomware payments are significantly down. There are also signs defenders are getting more resilient, and are recovering more quickly from these attacks. Today, with Intel471's Mike Mitchell, we'll discuss what defenders need to know to protect aga...
Mar 10, 2025•1 hr 59 min
In 2011, Marc Andreessen predicted that software would eat the world. Specifically, the prediction was that software companies would take over the economy and disrupt all industries. The economic prediction has mostly come true, with 9 out of 10 of the most highly valued companies being tech companies. The industry disruption didn't materialize in some cases, and outright failed in others. Healthcare seems to be one of these 'disruption-resistant' areas. Ed joins us today to discuss why that mig...
Mar 03, 2025•2 hr 3 min
In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hun...
Feb 24, 2025•1 hr 59 min
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI . Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'l...
Feb 17, 2025•1 hr 55 min
Spoiler: it's probably in your pocket or sitting on the table in front of you, right now! Modern smartphones are conveniently well-suited for identity verification. They have microphones, cameras, depth sensors, and fingerprint readers in some cases. With face scanning quickly becoming the de facto technology used for identity verification, it was a no-brainer for Nametag to build a solution around mobile devices to address employment scams. Segment Resources: Company website Aaron's book, Loyal...
Feb 10, 2025•1 hr 50 min
Celebrating and Elevating Women in Cyber: Recently, International Women in Cyber Day (September 1) highlighted the ongoing challenges women face in the cybersecurity field, as well as the progress made in recent years. Women bring exceptional skills and knowledge to cybersecurity; however, it is estimated that they make up only 20% to 25% of the cybersecurity workforce—a percentage that has remained stagnant for years. Even more concerning, women often hit a glass ceiling just six to ten years i...
Feb 03, 2025•2 hr 12 min
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resou...
Jan 27, 2025•2 hr 7 min
Today's data landscape is undergoing a seismic shift with increasing regulatory pressures, rapid acceleration to the cloud, and AI adoption. Join BigID's CEO and Co-Founder, Dimitri Sirota, to learn how organizations can adopt a holistic approach to their data security and compliance strategy to keep up with the revolution in data, transforming their data into a competitive advantage. This segment is sponsored by BigID! Start protecting your sensitive data wherever your data lives at https://sec...
Jan 20, 2025•2 hr 4 min
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of ha...
Jan 13, 2025•2 hr 1 min
Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspect...
Dec 20, 2024•1 hr 43 min
For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months. In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in an...
Dec 13, 2024•1 hr 47 min
