Paul's Security Weekly (Audio)
Episodes
Pen Testing As A Service - Seemant Sehgal - PSW #830
23 May 2024
Contributed by Lukas
The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it...
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
16 May 2024
Contributed by Lukas
Has cryptocurrency done more harm than good? Our guest for this segment has some interesting views on its impacts! Vulnrichment (I just like saying th...
Corporate Ransomware Deep Dive - Jeremiah Grossman, Mikko Hypponen - PSW #828
08 May 2024
Contributed by Lukas
In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, li...
Kicking Off With Crypto - PSW #827
02 May 2024
Contributed by Lukas
The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race ...
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
25 Apr 2024
Contributed by Lukas
On February 27, 2024, PCAST (President's Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster...
PCI 4.0 - Winn Schwartau - PSW #825
17 Apr 2024
Contributed by Lukas
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of ...
Digging Into Supply Chain Security - James McMurry - PSW #824
11 Apr 2024
Contributed by Lukas
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especiall...
XZ - Backdoors and The Fragile Supply Chain - PSW #823
04 Apr 2024
Contributed by Lukas
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly...
Are we winning? - Jason Healey - PSW #822
28 Mar 2024
Contributed by Lukas
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker F...
Securing All The Things - Josh Corman - PSW #821
21 Mar 2024
Contributed by Lukas
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make...
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
14 Mar 2024
Contributed by Lukas
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-wr...
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
07 Mar 2024
Contributed by Lukas
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CV...
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
01 Mar 2024
Contributed by Lukas
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he...
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
21 Feb 2024
Contributed by Lukas
Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has le...
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
15 Feb 2024
Contributed by Lukas
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementin...
You Can't Defend What You Can't Define - Sergey Bratus - PSW #816
08 Feb 2024
Contributed by Lukas
As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research communi...
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
01 Feb 2024
Contributed by Lukas
When an RCE really isn't, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public explo...
What Smart CISOs and Mature Orgs Get That Others Don't About Cyber Compliance - Matt Coose - PSW #814
25 Jan 2024
Contributed by Lukas
Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber ...
K-12 Cybersecurity - Brian Stephens - PSW #813
18 Jan 2024
Contributed by Lukas
With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face...
The Evolution of Purple Teaming - Jared Atkinson - PSW #812
11 Jan 2024
Contributed by Lukas
Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don't test enough variations ...
Hacker Heroes - Casey Ellis - PSW Vault
03 Jan 2024
Contributed by Lukas
Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entreprene...
Interview with Dr. Whitfield Diffie - PSW Vault
27 Dec 2023
Contributed by Lukas
Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line:...
Supply Chain & Firmware Security - Xeno Kovah - PSW #811
20 Dec 2023
Contributed by Lukas
AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under the...
Embracing AI - Alex Sharpe - PSW #810
14 Dec 2023
Contributed by Lukas
Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe ...
Holiday Extravaganza - Supply Chain, Hardware Hacking, Vulnerabilities, News - PSW #809
06 Dec 2023
Contributed by Lukas
Join the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room ...
AI & LLMs - Josh More, Matthew Carpenter - PSW #808
30 Nov 2023
Contributed by Lukas
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss...
Interview with Brian Snow - PSW Vault
22 Nov 2023
Contributed by Lukas
Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic...
3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807
16 Nov 2023
Contributed by Lukas
Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl throug...
Testing AI Before It Comes To Get You - Austin Carson - PSW #806
09 Nov 2023
Contributed by Lukas
Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly uni...
Trustworthy AI for National Security - Kathleen Fisher - PSW #805
02 Nov 2023
Contributed by Lukas
AI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DA...
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804
26 Oct 2023
Contributed by Lukas
For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNA...
Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803
20 Oct 2023
Contributed by Lukas
Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizat...
Getting Started With Reverse Engineering Hardware - PSW #802
12 Oct 2023
Contributed by Lukas
In our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware! Resources we mentioned: ...
Malware Trends - Anuj Soni - PSW #801
05 Oct 2023
Contributed by Lukas
Anuj joins us to discuss recent trends in malware. What are the malware authors up to lately? What are the latest techniques for reverse engineering m...
The Right Skills For The Job - Kayla Williams - PSW #800
28 Sep 2023
Contributed by Lukas
This week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Googl...
AI Attacks and LLM Security Matters - Nathan Hamiel - PSW #799
21 Sep 2023
Contributed by Lukas
Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreak...
Ransomware Infection Vectors - Ryan Chapman - PSW #798
14 Sep 2023
Contributed by Lukas
Ryan has his finger on the pulse of ransomware and response. We discuss how the initial infections are occurring, how they've changed over time, and w...
Interview with Dr. Gene Spafford - Eugene Spafford - PSW Vault
06 Sep 2023
Contributed by Lukas
Check out this interview from the PSW Vault, hand picked by main host Paul Asadoorian! This segment was originally published on February 4, 2013. Dr. ...
Incident Response: Clouds, SMBs, & More! - Amanda Berlin - PSW #797
31 Aug 2023
Contributed by Lukas
Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenge...
Managing Bug Bounty Programs At Scale - Dr. Jared DeMott - PSW #796
24 Aug 2023
Contributed by Lukas
Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The sca...
Defending Public Infrastructure While At War - Antranig Vartanian - PSW #795
18 Aug 2023
Contributed by Lukas
The 2020 Armenian war with Azerbaijan called into action over 100 volunteer incident responders from across the country (and the globe) into action. O...
Incident Response Readiness - Gerard Johansen - PSW #794
10 Aug 2023
Contributed by Lukas
Just how prepared are you for the next cybersecurity incident? Depending on the definition, security incidents likely happen daily at most enterprises...
Incident Response Stories - Bill Swearingen - PSW #793
03 Aug 2023
Contributed by Lukas
Our good friend Bill Swearingen joins us to talk about some of the incident response work he's been doing lately. Many people have it wrong, you don't...
Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792
01 Aug 2023
Contributed by Lukas
Once an incident has occurred and you've responded, then what? Join us for a chat with Sean Metcalf on what we can do to ensure our infrastructure rem...
Security Certification - Rohit Misuriya, Sumit Siddharth - PSW #791
20 Jul 2023
Contributed by Lukas
This week, up first is the Security News: Microsoft lost its keys, LOL drivers, If you were the CSO, try to keep employees happy but remove their acco...
Getting Control Of Your Security Data Pipeline - JP Bourget - PSW #790
13 Jul 2023
Contributed by Lukas
Getting the correct data in the right place for incident response is challenging. JP comes on the show to talk about how he is helping companies with ...
Thoughts From A Security Legend - Dan Geer - PSW Vault
05 Jul 2023
Contributed by Lukas
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview ...
Adversary Emulation w/ Carlos Perez - PSW #789
29 Jun 2023
Contributed by Lukas
In this segment we welcome Carlos Perez back to the show! Carlos will discuss the different types of penetration testing, including adversary emulatio...
Penetration Testing Stories w/ Emilie St-Pierre - PSW #788
22 Jun 2023
Contributed by Lukas
Emilie comes on the show to talk about penetration testing and share her knowledge and stories! In the Security News: There is no national cyber direc...
Interview with Bill Cheswick - PSW VAULT
14 Jun 2023
Contributed by Lukas
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on April 9, 2013. Bill...
L0pht Heavy Industries Panel - PSW Vault
07 Jun 2023
Contributed by Lukas
Check out this interview from the PSW VAULT, hand picked by main host Paul Asadoorian! This segment was originally published on October 18, 2015. L0ph...
Crazy Chronicles: Hilarious Penetration Tester Stories & Unbelievable Security News - PSW #787
02 Jun 2023
Contributed by Lukas
Penetration Tester stories, dumb and funny stuff that's crazier than movies. Segment Resources: https://www.cyberpointllc.com/index.php https://www.cy...
Generative AI Security Implications - Liam Mayron - PSW #786
25 May 2023
Contributed by Lukas
Liam Mayron from Fastly comes on the show to talk about his unique path into information security, the security implications of generative AI, advance...
PSW #785 - Kevin Johnson
18 May 2023
Contributed by Lukas
Kevin Johnson joins us to discuss pen testing, automated testing, why AI testing is not pen testing! In the security news: How AI Knows Things No O...
PSW #784 - Paula Januszkiewicz
11 May 2023
Contributed by Lukas
In this talk, Paula Januszkiewicz, renowned cybersecurity expert with years of experience in the field, shares her insights on critical tasks that mus...
PSW #783 - Rob Fuller
04 May 2023
Contributed by Lukas
Rob "Mubix" Fuller comes on the show to talk about penetration testing, what's changed over the years? He'll also discuss "Jurassic Malware" and creat...
PSW #782 - Kaitlyn Handelman
27 Apr 2023
Contributed by Lukas
STM32 boards, soldering, decapping chips, RTOS development, lasers, multiple flippers and for what you ask? So I can be alerted about a device I alrea...
PSW #781 - Ivan Arce
20 Apr 2023
Contributed by Lukas
We will talk about Supply chain security, the TPM 2.0 vulnerabilities recently discovered by a Quarkslab researcher, bugs in reference implementations...
PSW #780 - Billy Boatright
13 Apr 2023
Contributed by Lukas
Imagine an illness that requires surgery a few times a month and restricts your mobility. What would that do to your career? In our chat with Billy Bo...
PSW #779 - Sin Ming Loo
07 Apr 2023
Contributed by Lukas
The approach of cybersecurity workforce development and how someone with such technical background come to designing a degree program with non-traditi...
PSW #778 - Philippe Laulheret
30 Mar 2023
Contributed by Lukas
How to get into reversing embedded firmware? Can the planet really be hacked? We'll go over a couple of fun exploitation examples, see what mistakes w...
PSW #777 - Nico Waisman
23 Mar 2023
Contributed by Lukas
We sit down with Nico Waisman to discuss vulnerability research and other security-related topics! In the Security News: Windows MSI tomfoolery, cu...
PSW #776 - Santiago Torres Arias
16 Mar 2023
Contributed by Lukas
Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere...
PSW #775 - Ask Our PSW Hosts Anything!
09 Mar 2023
Contributed by Lukas
Tune in to ask our PSW hosts anything you want to know! Join the live discussion in our Discord server to ask a question. Visit securityweekly.com/dis...
PSW #774 - Asaf Cidon
02 Mar 2023
Contributed by Lukas
Barracuda published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 75% of th...
Throwback Episode - PSW #480
23 Feb 2023
Contributed by Lukas
It's another holiday week, so enjoy this interview from the PSW archives! We chat with Marcus J. Ranum of Tenable, pit ODROID against Raspberry Pi,...
PSW #773 - Ron Woerner
16 Feb 2023
Contributed by Lukas
Zero Trust is the buzzword of the 2020's. Vendors are selling it, the US Federal Government is requiring it, and organizations are implementing it, bu...
PSW #772 - Hal Pomeranz
09 Feb 2023
Contributed by Lukas
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your up...
PSW #772 - Hal Pomeranz
09 Feb 2023
Contributed by Lukas
Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your up...
PSW #771 - Dan DeCloss
02 Feb 2023
Contributed by Lukas
In a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities "very important" to their sec...
PSW #770 - Brian Behlendorf
26 Jan 2023
Contributed by Lukas
This week in the Security News: GetVariable strikes again, attackers could blow up your computer remotely, escaping containers, null-dereferences and ...
Throwback Episode - Gary McGraw - PSW366
19 Jan 2023
Contributed by Lukas
We're aren't recording this holiday week, so enjoy this PSW throwback episode! Main host Paul Asadoorian selected this episode to share as it's still ...
PSW #769 - Kate Stewart
12 Jan 2023
Contributed by Lukas
Over the last few years, the trend to use Open Source has been migrating into safety-critical applications, such as automotive and medical, which intr...
PSW #768 - Robert Martin
05 Jan 2023
Contributed by Lukas
In the Security News: The Roblox prison yard, password manager problems, PyTorch gets torched with a supply chain attack, Oppenheimer cleared, Puckung...
PSW #767 - Holiday Extravaganza
16 Dec 2022
Contributed by Lukas
While we most likely do not believe that penetration testing is dead it continues to evolve over time. What do penetration tests look like today? Have...
PSW #766 - Sinan Eren, Nate Warfield
12 Dec 2022
Contributed by Lukas
Is there still a network or has it slipped away from us entirely? What about efforts for localization because people do not trust the cloud, its provi...
PSW #765 - Josh Bressers, Kurt Seifried
01 Dec 2022
Contributed by Lukas
We are joined by Josh and Kurt from the amazing Open Source Security Podcast! We're talking about supply chain risks, threats and vulnerabilities in t...
PSW #764 - Jesse Michael
17 Nov 2022
Contributed by Lukas
In the Security News: Stealing Mastodon passwords, reporting vulnerabilities in open-source privately, labeling does not solve problems, or does it? w...
PSW #763 - Dan DeCloss
10 Nov 2022
Contributed by Lukas
Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is great, but what other value can a pe...
PSW #762 - Ben Hibben
03 Nov 2022
Contributed by Lukas
Blenster comes on to talk about the Maker Movement, Hackerspaces, community and inclusive cultures, intentionality and kindness as a social cheat code...
PSW #760 - Michael Meis, Christopher Crowley
01 Nov 2022
Contributed by Lukas
This week in the Security News: A Security Maturity Model for Hardware Development, Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-O...
PSW #761 - Charles Shirer
27 Oct 2022
Contributed by Lukas
This week in the Security News: rethinking vulnerability severity, exploiting the hacker tools, Microsoft "fixes" the vulnerable driver problem, its w...
PSW #759 - Ismael Valenzuela
13 Oct 2022
Contributed by Lukas
As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Is...
PSW #758 - Ang Cui
07 Oct 2022
Contributed by Lukas
Red Balloon Security CEO Ang Cui has spent over a decade looking into the most critical devices supporting our infrastructure. He explains why the ins...
PSW #757 - Ev Kontsevoy, Casey Ellis
30 Sep 2022
Contributed by Lukas
Hackers rarely break through crypto or exploit fancy zero days. Most of the time they simply login using stolen credentials. Managing passwords, keys ...
PSW #756 - Sinan Eren
27 Sep 2022
Contributed by Lukas
Sinan Eren, the VP of Zero Trust at Barracuda joins us to discuss various aspects of MFA Fatigue & Authentication with the PSW crew! Segment Resources...
PSW #755 - Thomas Kinsella
15 Sep 2022
Contributed by Lukas
Analyst burnout and the talent shortage are creating environments where teams are stressed out, overwhelmed, and frustrated. Security Operations manag...
PSW #754 - John Hammond
01 Sep 2022
Contributed by Lukas
John Hammond joins us today as we start off the show talking about Cybersecurity education! Training and education is a constant conversation within t...
PSW #753 - Davi Ottenheimer, Daniel Niefeld, Zachary Stashis
25 Aug 2022
Contributed by Lukas
There's a lot of worry about "fakes" especially in a world rapidly adopting AI/ML, so it's time for solutions. "Solid" is the W3C open standard, exten...
PSW #752 - Greg Conti & Chris Blask
18 Aug 2022
Contributed by Lukas
This week: Greg Conti joins us to discuss InfoSec Lessons from Military Strategy, Tactics, and Operational Art. Online conflict is widespread and at t...
PSW #751 - Jesse Michael & Mickey Shkatov
11 Aug 2022
Contributed by Lukas
We start off the show this week by welcoming the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. T...
PSW #750 - Guy Bruneau
04 Aug 2022
Contributed by Lukas
Guy will go through some of his career choices that eventually led to 25 years in a long and fun career in information and cybersecurity. Infosec has ...
PSW #749 - Larry Pesce
28 Jul 2022
Contributed by Lukas
We've heard about the recent abuses for Apple's AirTags used in tracking and stalking issues in recent months. While tools exist for detection under t...
PSW #748 - Lesley Carhart
22 Jul 2022
Contributed by Lukas
This week in our first segment, we are thrilled to welcome Lesley (@hacks4pancakes) back to the show! In this segment, we'll dig into some ICS securit...
PSW #747 - Andy Robbins
15 Jul 2022
Contributed by Lukas
This week, in our first segment we are joined by Andy Robbins, the Product Architect of BloodHound Enterprise at SpecterOps! Andy will explain the ori...
PSW #746 - Joseph Menn
15 Jul 2022
Contributed by Lukas
This week, we start off the show by interviewing veteran cybersecurity journalist and author Joseph Menn. Now at the Washington Post, Joseph talks abo...
PSW #745 - Sam Bowne
13 Jul 2022
Contributed by Lukas
This week, we kick off the show with an interview featuring Sam Bowne, the Founder of Infosec Decoded, Inc. Sam joins to discuss why many people think...
PSW #744 - Ray Davidson
08 Jul 2022
Contributed by Lukas
This week, we start off the show by interviewing Ray Davidson, the Program Lead at Michigan Cyber Civilian Corps! The program is relatively mature, an...
PSW #743 - Matt McGuirk
08 Jul 2022
Contributed by Lukas
Starting off the show this week, we are joined by Matt McGuirk, Solution Architect at Source Defense, to discuss web application client-side security....
PSW #742 - John Pescatore
07 Jul 2022
Contributed by Lukas
Kicking off the show, John Pescatore joins for an interview & will go through his mostly random career choices that led to a long and fun career in in...