Enterprise Security Weekly (Audio) Podcast Por Security Weekly Productions arte de portada

Enterprise Security Weekly (Audio)

Enterprise Security Weekly (Audio)

De: Security Weekly Productions
Escúchala gratis

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.© 2024 CyberRisk Alliance
Episodios
  • Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439

    Holiday Chat: Local AI datacenter activism, AI can't substitute good taste, and more - ESW #439
    Dec 29 2025

    For this week's episode of Enterprise Security Weekly, there wasn't a lot of time to prepare. I had to do 5 podcasts in about 8 days leading up to the holiday break, so I decided to just roll with a general chat and see how it went.

    Also, apologies, for any audio quality issues, as the meal I promised to make for dinner this day required a lot of prep, so I was in the kitchen for the whole episode! For reference, I made the recipe for morisqueta michoacana from Rick Martinez's cookbook, Mi Cocina. I used the wrong peppers (availability issue), so it came out green instead of red, but was VERY delicious.

    As for the episode, we discuss what we've been up to, with Jackie sharing her experiences fighting against Meta (allegedly, through some shell companies) building an AI datacenter in her town.

    We then get into discussing the limitations of AI, the potential of the AI bubble popping, and general limitations of AI that are becoming obvious. One of the key limitations is AI's inability to apply personal experience, have strong opinions, or any sense of 'taste'. I think I shared my observation that AI is becoming a sort of 'digital junk food'. "NO AI" has become a common phrase used by creators - a source of pride that media consumers seem to be celebrating and seeking out.

    Segment Resources:

    • Kagi absolutely did NOT sponsor this episode. I have become a big fan of paying for search so that I am not the product. There are other players in this market, but I've settled on Kagi.
    • We mention Ira Glass's bit on taste, which is a small bit of a longer talk he did on storytelling. The shorter bit is here, and is less than 2 minutes long.
    • The full talk is split into 4 parts and posted on a YouTube channel called "War Photography" for some reason.
    • Part 1: https://youtu.be/5pFI9UuC_fc
    • Part 2: https://youtu.be/dx2cI-2FJRs
    • Part 3: https://youtu.be/X2wLP0izeJE
    • Part 4: https://youtu.be/sp8pwkgR8
    • Finally, we also bring up a talk we also discussed on episode 437, Benedict Evans' AI Eats the World

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-439
    Más Menos
    1 h y 14 m
  • Internal threats are the hole in Cybersecurity's donut - Frank Vukovits - ESW #438

    Internal threats are the hole in Cybersecurity's donut - Frank Vukovits - ESW #438
    Dec 22 2025
    Interview with Frank Vukovits: Focusing inward: there lie threats also External threats get discussed more than internal threats. There's a bit of a streetlight effect here: external threats are more visible, easier to track, and sharing external threat intelligence doesn't infringe on any individual organization's privacy. That's why we hear the industry discuss external threats more, though internally-triggered incidents far outnumber external ones. Internal threats, on the other hand, can get personal. Accidental leaks are embarassing. Malicious insiders are a sensitive topic that internal counsel would erase from company memory if they could. Even when disclosure is required, the lawyers are going to minimize the amount of detail that gets out. I was chief incident handler for 5 years of my enterprise career, and never once had to deal with an external threat. I managed dozens of internal cases over those 5 years though. In this interview, we discuss the need for strong internal controls with Frank Vukovits from Delinea. As systems and users inside and outside organizations become increasingly connected, maintaining strong security controls is essential to protect data and systems from both internal and external threats. In this episode, we will explore the importance of strong internal controls around business application security and how they can best be integrated into a broader security program to ensure true enterprise security. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinea to learn more about them! Topic Segment: Personal Disaster Recovery Many of us depend on service providers for our personal email, file storage, and photo storage. The line between personal accounts and work accounts often blur, particularly when it comes to Apple devices. We're way more dependent on our Microsoft, Apple, Meta, and Google accounts than we used to be. They're necessary to use home voice assistants, to log into other SaaS applications (Log in with Google/Apple/FB), and even manage our wireless plans (e.g. Google Fi). Getting locked out of any of these accounts can bring someone's personal and/or work life to a halt, and there are many cases of this happening. I'm not sure if we make it past sharing stories about what can and has happened. Getting into solutions might have to be a separate discussion (also, we may not have any solutions…) Friend of the show and sometimes emergency co-host Guillaume posted about this recentlyA romance author got locked out of her booksA 79 year old got locked out of her iPad with all her family photos. Sadly, this is one of the most common scenarios. Someone either forgets their pin and locks out the device permanently, or a family member dies and didn't tell anyone their passwords or pins, so the surviving family can't access data, pay the bills, etc.Google example: Claims of CSAM material after father documents toddler at doctor's request https://www.theguardian.com/technology/2022/aug/22/google-csam-account-blockedDec 2025 Apple example: she tried to redeem a gift card that had been tampered with: https://hey.paris/posts/appleid/Google example: developer lost all his work, because he was working on preventing revenge porn and other sensitive cases, and was building a better model to detect NSFW images: https://medium.com/@russoatlarge_93541/i-built-a-privacy-app-google-banned-me-over-a-dataset-used-in-ai-research-66bc0dfb2310My partner's mom's Instagram account got hacked. Meta locked out all of it (Whatsapp, Instagram, Facebook) and she couldn't get it reinstated. They wouldn't even let her open a NEW account. Weekly Enterprise News Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-438
    Más Menos
    1 h y 57 m
  • Illuminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437

    Illuminating Data Blind Spots, Topic, Enterprise News - Tony Kelly - ESW #437
    Dec 15 2025
    Interview Segment: Tony Kelly

    Illuminating Data Blind Spots

    As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets.

    Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare.

    Segment Resources:

    https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf

    This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!

    Topic Segment: We've got passkeys, now what?

    Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked.

    After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced:

    1. DBSC (Device Bound Session Credentials) for browsers
    2. DPoP (Demonstrating Proof of Possession) for OAuth applications

    We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted?

    Segment Resources:

    • FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication
    News Segment

    Visit https://www.securityweekly.com/esw for all the latest episodes!

    Show Notes: https://securityweekly.com/esw-437
    Más Menos
    1 h y 50 m
Todavía no hay opiniones