Security Weekly Podcast Network (Audio)

Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable?
Ben Wilcox, CTO & CISO at ProArch, joins Business Security Weekly to help us speak the language of the board. Ben will cover how to develop measurable, strategic, and AI-ready security metrics.
In the leadership and communications segment, Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short, When the Team Gets the Recognition, Your Leadership Is Working, The communication lesson that changed my career, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-439

AI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-564

What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups.
One of the themes of this conversation is how important documentation is, whether it's intended for humans or for prompts to LLMs. Importantly, LLMs don't innovate on their own -- they rely on the data they're trained on. And that means there should be good authoritative sources for what secure code looks like. It also means that instructions to LLMs need to be clear and precise enough to produce something useful. Watch what happens when Mark prompts his agents to run a live demo for us!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-374

Interview with Jeremy Snyder from FireTail about AI Governance
Death by a thousand cuts: the AI shadow IT problem
I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going.
Segment 1 Resources:
https://www.firetail.ai/ai-breach-tracker
Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield
We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran.
Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out!
Pick up the book!
from Wiley
from Barnes & Noble
from Amazon
Allie's personal website
The Weekly Enterprise News
Finally, in the enterprise security news,
Vibes and funding!
Starting to see some disruption in the vuln mgmt space (finally!)
Tons of new free tools
lots of essays
lots of reports
logs of breaches
the talks our hosts are giving at RSAC conference
and someone is selling an actual cone of silence???
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-450

This episode is all about trust getting abused at scale.
We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft.
Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’s transactions in-app, a straight confidentiality failure, not “someone hacked my phone”.
From there it’s the Middle East conflict exposing what “cloud resilience” really means when the problem isn’t cyber, it’s physical disruption and dependency chains. Then Meta’s takedown of 150,000 scam-linked accounts shows the fraud supply chain is still running hot, and the platforms are now part of the battleground whether they like it or not.
The Microsoft story is the one to watch: a critical Excel bug that turns Copilot Agent into a zero-click data leak path. And the AI agent theme keeps going with Context7: attackers slipping instructions into “helpful” context and getting agents to do dumb, destructive things on their behalf.
We finish with Stryker having the worst day with a major outage, disputed claims, and a reminder that if your management plane gets hit, you can lose the whole estate fast. Look at Intune.
No hype. Just the stuff that actually breaks systems, me talking too fast, which to be honest 'slow' is why I turn most podcasts off.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-563