Security Weekly Podcast Network (Audio)

The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awareness training and phishing campaigns worked?
Robert Siciliano, Architect of of The Strategic Human Firewall™ at ProtectNow, joins Business Security Weekly to explore why humans, not hackers, are the ultimate deciding factor in organizational security. The industry needs to shift from security awareness to security appreciation. Robert will discuss:
How you can build a culture that actually protects your people, your data, and your operations in an era of AI deception.
Why most companies are still performing 'Security Theater'—checking boxes and hoping for the best—instead of driving genuine behavior change.
How Trust and Denial quietly fuel most disasters, why interactive training is the only way to make the lessons stick, and how leaders can scale this entire framework without needing a Hollywood budget.
Segment Resources:
https://protectnowllc.com/ai-cyber-security-keynote-speaker/
In the leadership and communications segment, Should CEOs Be Held Personally Accountable for Cyber Attacks?, Placing communication at the center of every leadership transition, AI isn’t solving cybersecurity workforce woes, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-453

Turing's Entscheidungsproblem, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-592

Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus on actions can be more effective than roles. One of the biggest challenges in securing agents along with all of the other identities that organizations manage is how fragmented that management has become. But a unified engineering view of identities is just a start. Once you're able to shift to a practice where access is granted based on attributes and limited durations, then your environment becomes more resilient to mistakes and unexpected actions, not to mention the security concerns that come with agents acting on their own.
Who Is Responsible for an AI Agent's Actions? As AI agents gain the ability to access systems, invoke tools, and take action on behalf of users, organizations need clear frameworks that define responsibility for machine-driven decisions and outcomes. This segment examines how accountability, delegation, and attribution can be established across users, developers, security teams, and business stakeholders. Neha will explore how governance models support transparent, auditable agent-driven workflows while helping organizations manage risk and maintain trust.
This segment is sponsored by P0 Security. Visit https://securityweekly.com/p0idv to learn more about them!
The rapid rise of agentic AI and non-human identities is fundamentally reshaping the future of identity security, challenging traditional IAM and PAM models built around predictable human behavior. In this executive interview at Identiverse 2026, Amit Masand discusses how autonomous systems, AI agents, and machine identities are creating new operational and governance challenges for modern enterprises. Drawing from more than two decades of industry experience, the conversation explores the growing complexity of continuous governance in a world where identities increasingly operate at machine speed.
Segment Resources: https://www.idmexpress.com/post/preventing-cybersecurity-incidents-through-managed-services https://www.idmexpress.com/post/cyberark-securing-aws https://www.idmexpress.com/post/turning-roadblocks-into-breakthroughs-a-custom-oracle-pam-integration-story
Contact IDMEXPRESS! Secure Your Tomorrow, Today: https://securityweekly.com/idmidv
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-388

Interview with Ankita Gupta, CEO of Akto
How to Navigate Shadow AI Risk in the enterprise
This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options?
Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace.
Segment Resources:
Website: https://www.akto.io
Book a Free Demo: https://www.akto.io/agentic-security-demo
LinkedIn: https://www.linkedin.com/company/akto-io
YouTube: https://www.youtube.com/@aktodotio
This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do.
Topic Segment: Verizon's Breach Impact Study
The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims!
Some of my favorite insights:
Cost of breaches, broken out by SMB, mid-sized enterprise, and large
The claim amount as a percentage of the company's revenue
Losses broken down by loss TYPE
This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc.
With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled.
Security failures aren't getting any cheaper.
Weekly Enterprise News
Finally, in the enterprise security news,
A $100M seed round!
Accenture acquires 3 security vendors
Some thoughts on the government takedown of Fable and Mythos
One of the craziest security mistakes I’ve ever seen, in the software FIFA uses to manage World Cup streams!
A Critical Copilot vulnerability
75,000 Fortinet Firewalls get compromised
Remediation is broken
Using guardrails to evade detection
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-464

Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more.
Segment Resources:
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-591