Security Weekly Podcast Network (Audio)

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include:
Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent)
ZMap | Host discovery — find live hosts with open ports | L4 (TCP SYN, UDP, ICMP) | Millions of packets/sec
ZGrab2 | Application-layer handshakes — grab banners, certs, headers | L7 (30+ protocol modules) | Thousands of hosts/sec
Nerva | Service fingerprinting — identify 140+ protocols with metadata, CPEs, technology stacks | L7 (TCP, UDP, SCTP) | Fast, concurrent
Nuclei | Template-based vulnerability scanning — default creds, exposed panels, known CVEs | L7 (HTTP, network) | Hundreds of targets/min
Shannon | Vulnerability exploitation — AI-powered whitebox pentesting of web apps | Application | ~1-1.5 hrs per target
edgescan.py | Automated pipeline — orchestrates all tools above into a single command | Orchestration | End-to-end
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-919

With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Say Easy, Do Hard segment, we discuss the quantum-safe journey using a framework for crypto-agility.
In part 1, we define cryptographic agility, or crypto-agility for short, and why it's important. Crypto-agility is not just about transitioning to quantum-safe cryptography in the nimblest way possible, and it’s not something that can be achieved merely by updating encryption algorithms and protocols. Instead, you need to adapt your organization’s cryptographic architecture, automation, and governance to allow for greater control and flexibility.
In part 2, we discuss a framework for discovery, prioritization, and remediation while keeping crypto-agility in mind. A quantum-safe journey requires:
Inventory of Systems With Non-Quantum-Safe Algorithms And Protocols
System Prioritization, Leading To A Migration Roadmap
Remediation, Including Vendors And Partners
Once a distant possibility, Q-Day is quickly approaching. Are you ready for 2030?
Segment Resources:
https://pqcc.org/wp-content/uploads/2025/05/PQC-Migration-Roadmap-PQCC-2.pdf
https://pqcc.org/wp-content/uploads/2025/06/PQCC-Inventory-Workbook.xlsx
https://qramm.org/learn/cryptoscan-guide.html
https://research.ibm.com/blog/quantum-safe-cbomkit
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-440

Rinoa Poison joins Security Weekly News to break down the world of scam baiting, how modern scams are evolving, and why AI is making fraud harder to spot. In this two-part conversation, she shares how scam baiters operate, the risks involved, and what everyday people should know.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-566

So much of appsec’s efforts can be consumed by vuln management and a race to patch security flaws. But that’s more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the concept sounds familiar to secure by design, and why organizations still struggle with creating effective practices for visibility.
Resources
https://www.forrester.com/blogs/proactive-security-platforms-will-cumulate-visibility-prioritization-and-remediation/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-375

Interview with Kara Sprague - The AI Fix for Infrastructure’s Oldest Security Risks.
Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where critical infrastructure is vulnerable and how AI could potentially help strengthen defenses.
Interview with Mike Privette - The State of the Cybersecurity Market
Here at ESW, we use Mike Privette's Security, Funded newsletter to prepare for every news segment. His newsletter covers the latest fundings, acquisitions, public market performance, layoffs, and other pertinent market details every week. We particularly enjoy the weekly Vibe Check.
In this interview, he joins us for the third year in a row, to discuss the most interesting insights from his annual State of Market Report.
Post recording Adrian here: Whooooo, so this conversation was SO good, I decided to punt the news segment in favor of a part 2 with Mike, so enjoy!
Also, though I punted the news segment, I did collect these stories and annotated them, so I think there's still some value in leaving them in the show notes. Scroll down for the links and my comments on each of these!
Weekly Enterprise News
Finally, in the enterprise security news,
funding announcements seem to be ramping up before RSA
Should security architects be shifting right?
How McKinsley’s AI platform got hacked… by AI
Amazon is having a bad time with AI lately
Europe announces a Google Workspace/Microsoft 365 replacement
Robot dogs are apparently guarding datacenters now
Some much needed security humor in our squirrel stories before we all fly to San Francisco and lose our minds for a week
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-451