Best Karl Ots Podcasts (2025)

1
Protecting G-Suite/MS365 and Security News - Abhishek Agrawal - PSW #884 2:11:14

Play Pause

16h ago2:11:14

2:11:14

We chat with Material Security about protecting G Suite and MS365. How else are you monitoring the most commonly used cloud environments and applications? In the security news: Google Sues Badbox operators Authenticated or Unauthenticated, big difference and my struggle to get LLMs to create exploits for me Ring cameras that were not hacked Malicou…

1
Getting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team - Khaja Ahmed - BSW #405 1:03:11

5h ago1:03:11

1:03:11

How do we get security right? The answer varies by many factors, including industry, what you're trying to protect, and what the C Suite and Board care about. Khaja Ahmed, Advisor at CISO Forum, joins Business Security Weekly to discuss how to get consensus on your security program. CISOs, executives, and the Board need to be aligned on the risks a…

1
Donatello, SharePoint, CrushFTP, WordPress, Replit, AllaKore, Rob Allen, and more... - Rob Allen - SWN #496 41:57

17h ago41:57

41:57

Donatello, SharePoint, CrushFTP, WordPress, Replit, AllaKore, Rob Allen, and more on the Security Weekly News. Segment Resources: https://www.darkreading.com/threat-intelligence/matanbuchus-loader-ransomware-infections This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://ww…

1
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340 1:06:35

1d ago1:06:35

1:06:35

AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is always going to be how to evaluate the security of software or a system. In some cases, it doesn't matter if a human or an LLM generated code -- the code needs to be reviewed for common flaws and design p…

1
The Cyber Canon, ditching the SOC 2, and the weekly enterprise news - Helen Patton - ESW #416 1:49:28

3d ago1:49:28

1:49:28

Segment 1 - Interview with Helen Patton: Introducing the Cybersecurity Canon Did you know that there’s a hall-of-fame for cybersecurity books? Over the past decade, the Cybersecurity Canon has published reviews on dozens of cybersecurity books and established a hall of fame. Hall of fame books are defined as titles that all cybersecurity profession…

1
Existential Dread, MCP, Cloudflare, ESXI, QR Codes, Salt Typhoon, Aaran Leyland... - SWN #495 33:42

5d ago33:42

33:42

Existential Dread and Seawater, MCP, Cloudflare, ESxi, QR Codes, Salt Typhoon, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-495

1
Hackers On A Train - PSW #883 2:02:07

6d ago2:02:07

2:02:07

In the security news: The train is leaving the station, or is it? The hypervisor will protect you, maybe The best thing about Flippers are the clones Also, the Flipper Zero as an interrogation tool Threats are commercial and open-source Who is still down with FTP? AI bug hunters Firmware for Russian drones Merging Android and ChromOS Protecting you…

1
Minimize SAP Migration Challenges, Cybersecurity Maturity, and Radical Transparency - Christopher Carter - BSW #404 58:31

8d ago58:31

58:31

Are you running SAP? The clock is ticking... Standard maintenance end-of-life is set for the end of 2027. Migration to S/4HANA must be completed by then (or 2030 if you buy into SAP’s special three-year reprieve). While that may appear to be enough time, companies currently working toward an S/4HANA transition are finding the journey challenging, a…

1
AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet... - SWN #494 30:02

8d ago30:02

30:02

AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-494

1
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339 1:07:50

10d ago1:07:50

1:07:50

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discus…

1
Monzy Merza, How Much AI is Too Much, and the Weekly News - Monzy Merza - ESW #415 1:43:41

10d ago1:43:41

1:43:41

Segment 1: Interview with Monzy Merza - There is a Right and Wrong Way to use AI in the SOC In the rush to score AI funding dollars, a lot of startups build a basic wrapper around existing generative AI services like those offered by OpenAI and Anthropic. As a result, these services are expensive, and don't satisfy many security operations teams' p…

1
Tapjacking, ZuChe, PerfektBlue, McHacking, OT in the IT, Add Ons, Josh Marpet... - SWN #493 33:42

12d ago33:42

33:42

Tapjacking, ZuChe, PerfektBlue, McHacking, OT in the IT, Add Ons, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-493

1
Citrixbleed 2, Hardware Hacking, and Failed Bans - PSW #882 2:06:05

13d ago2:06:05

2:06:05

This week in the security news: Citrixbleed 2 and so many failures Ruckus leads the way on how not to handle vulnerabilities When you have no egress Applocker bypass So you bought earbuds from TikTok More gadgets and the crazy radio Cheap drones and android apps Best Mario Kart controller ever VSCode: You're forked Bluetooth earbuds and vulnerabili…

1
SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy - BSW #403 51:58

15d ago51:58

51:58

SEC settles with SolarWinds. We react! In the leadership and communications section, The Skills and Habits Aspiring CEOs Need to Build, Why People Really Quit — And How Great Managers Make Them Want to Stay, The Small Actions That Become Your Legacy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https:/…

1
Spying on your kids, Bank Robberies, Qantas, LOTL, sudo, Hunters, Aaran Leyland... - SWN #492 33:26

15d ago33:26

33:26

Spying on your kids, Bank Robberies, Qantas, LOTL, sudo, Hunters, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-492

1
Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338 1:07:15

16d ago1:07:15

1:07:15

Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthington join us once again to discuss what all this new code means for appsec practices. On a positive note, the prevalence of those ancient vulns seems to be diminishing, but the rising use of LLMs is e…

1
Identity, AI & Access: Highlights from Identiverse 2025 - Sagi Rodin, Ajay Amlani, Treb Ryan, Ajay Gupta, Artyom Poghosyan, Amir Ofek - ESW #414 1:49:38

17d ago1:49:38

1:49:38

Single Sign On (SSO) and Multi Factor Authentication (MFA) is critical to secure operations for companies of all sizes. Why is the foundation of cybersecurity still locked behind enterprise licensing? Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are essential—not optional—for protecting modern businesses. But today, these critical too…

1
North Korea, ransomware, social engineering, AI, Apple, Drugs & Iran - SWN #491 28:50

19d ago28:50

28:50

North Korea, ransomware, social engineering, AI, Apple, Drugs & Iran on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-491

1
Exploring Meshtastic and LoRa Mesh Networks - Rob Allen - PSW #881 1:08:14

22d ago1:08:14

1:08:14

This week, we dive into the world of Meshtastic and LoRa—two technologies empowering secure, long-range, and infrastructure-free communication. We'll talk about the origins of Meshtastic, how LoRa radio works, and why mesh networking is revolutionizing off-grid messaging for adventurers, hackers, emergency responders, and privacy advocates alike. W…

1
The Value of Zero Trust - Rob Allen - BSW #402 32:29

23d ago32:29

32:29

New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected …

1
Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet.. - SWN #490 31:11

24d ago31:11

31:11

Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-490

1
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26

24d ago38:26

38:26

Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from a…

1
The Illusion of Control: Shadow IT, SSO Shortcomings, and the True Path to Security - Dave Lewis - ESW #413 1:52:05

25d ago1:52:05

1:52:05

Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organ…

1
Broadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489 31:28

28d ago31:28

31:28

Broadcom is coming for you, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-489

1
Is Vuln Management Dead? - HD Moore - PSW #880 2:16:08

29d ago2:16:08

2:16:08

This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integrati…

1
Thriving Through Volatility: Insights for CISOs - Jeff Pollard, Pejman (Pej) Roshan, Deepen Desai - BSW #401 1:05:24

1M ago1:05:24

1:05:24

In this episode, Mandy Logan, Summer Craze Fowler, Jason Albuquerque, and Jeff Pollard of Forrester discuss the challenges and strategies for CISOs in navigating volatility in the security landscape. They emphasize the importance of building relationships within the organization, particularly with the CFO, to manage budgets effectively. The convers…

1
The Rise of Malware: Salt Typhoon and Spark Kitty - SWN #488 35:37

1M ago35:37

35:37

In this episode of Security Weekly News, Doug White discusses various cybersecurity threats, including the Salt Typhoon and Spark Kitty malware, the implications of Microsoft's decision to drop support for old hardware drivers, and the potential increase in cyber threats from Iran. The conversation also covers the alarming 16 billion password leak …

1
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

1M ago1:01:18

1:01:18

Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests…

1
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - David Lee, Amit Masand, Chip Hughes, Ashley Stevenson, John Pritchard, Matt Caulfield - ESW #412 1:38:23

1M ago1:38:23

1:38:23

In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine comp…

1
Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. - SWN #487 33:37

1M ago33:37

33:37

Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-487

1
Hacking Drivers - PSW #879 2:03:17

1M ago2:03:17

2:03:17

This week: * The true details around Salt Typhoon are still unknown * The search for a portable pen testing device * Directories named "hacker2" are suspicious * Can a $24 cable compete with a $180 cable? * Hacking Tesla wall chargers * Old Zyxel exploits are new again * Hacking Asus drivers * Stealing KIAs - but not like you may think * Fake artic…

1
CISO Cyber Insurance Empowerment - Morey Haber, Peter Hedberg, Stephan Jou - BSW #400 1:03:41

1M ago1:03:41

1:03:41

In this episode of Business Security Weekly, Mandy Logan, along with guests Peter Hedberg, Summer Craze Fowler, and Ben Carr, delve into the complexities of cyber insurance and the empowerment of Chief Information Security Officers (CISOs). The discussion covers the evolving landscape of cyber insurance, the critical role of underwriting, and the i…

1
AI Zombie Lawyer, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet - SWN #486 36:26

1M ago36:26

36:26

AI Zombie Lawyers, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-486

1
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335 1:08:00

1M ago1:08:00

1:08:00

What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that …

1
Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Rob Allen, Matthew Warner, Yotam Segev - ESW #411 1:19:04

1M ago1:19:04

1:19:04

Segment 1 - Interview with Rob Allen from ThreatLocker This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, em…

1
$200,000 Zoom Call, Microsoft, Zero-Click, China & HD With $649 million of Bitcoin - SWN #485 28:38

1M ago28:38

28:38

This week we have, $200,000 Zoom Call, Microsoft Teams, INTERPOL, Zero-Click, Junk Food, China & Hard Drive With $649 million of Bitcoin. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-485

1
UEFI Vulnerabilities Galore - PSW #878 2:10:48

1M ago2:10:48

2:10:48

This week: You got a Bad box, again Cameras are expose to the Internet EU and connected devices Hydrophobia NVRAM variables Have you heard about IGEL Linux? SSH and more NVRAM AI skeptics are nuts, and AI doesn't make you more efficient Trump Cybersecurity orders I think I can root my Pixel 6 Decentralized Wordpres plugin manager Threat actor namin…

1
Security Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399 56:27

1M ago56:27

56:27

This week, it’s time for security money. The index is up, but the previous quarterly results were brutal. In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts Lacking, How to rethink leadership to energize disengaged employees, …

1
Vixen Panda, NPM, Roundcube, IoT, 4Chan, Josh Marpet, and more... - SWN #484 32:23

1M ago32:23

32:23

Vixen Panda, NPM, Roundcube, IoT, 4Chan, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-484

1
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334 1:09:09

2M ago1:09:09

1:09:09

CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements o…

1
The enterprise security news, more secure by removing credentials, & RSAC interviews - Marty Momdjian, Amit Saha, Dr. Tina Srivastava - ESW #410 1:38:02

2M ago1:38:02

1:38:02

Segment 1 - Enterprise Security News, Live at IDV This week, in the enterprise security news, Acquisitions potential IPOs Terminator Salvation in real life First $1B one-employee business? Mikko puts in his notice Pitch Black in real life, and more! Segment 2 - Interview with Dr. Tina Srivastava The #1 cause of data breaches is stolen credentials. …

1
Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More... - SWN #483 34:00

2M ago34:00

34:00

Elsa, Redline, ChaosRat, iMessage, Bladed Feline , Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-483

1
Updating & Protecting Linux Systems - PSW #877 1:05:23

2M ago1:05:23

1:05:23

Two parts to this episode: Tech Segment: Updating Linux Systems - Beyond apt-get upgrade * Custom scripts for ensuring your Linux systems are up-to-date * topgrade - tutorial for using topgrade to update Linux systems on various Linux distributions Discussion Topic: Anti-Malware and/or EDR on Linux Platforms * PCI calls for scanning Linux systems *…

1
Regain Control of Business Risks, Your Leadership Habits, and Being Present - Alla Valente - BSW #398 1:18:17

2M ago1:18:17

1:18:17

During times of volatility, business leaders often don’t know what they are able to change or even what they should change. At precisely these times, business leaders become risk leaders and need to quickly learn how to identify what is within their control and what isn’t — to not only survive but thrive. Alla Valente, Principal Analyst at Forreste…

1
Bovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482 37:10

2M ago37:10

37:10

Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-482

1
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333 39:06

2M ago39:06

39:06

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our sea…

1
Building Cyber Resilience: AI Threats, Mid-Market Risks & Ransomware Trends - Karl Van den Bergh, Tony Anscombe, Eyal Benishti, Nick Carroll, Chad Alessi, Chris Peluso - ESW #409 1:38:33

2M ago1:38:33

1:38:33

Segment 1 CTG Interview Middle market companies face unique challenges in the ever-evolving cyber environment. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creatin…

1
Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland... - SWN #481 33:15

2M ago33:15

33:15

Edge, Safari, CISO Pay and Loathing, Fake AI, ASUS, OneDrive, Manus, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-481

1
It's A Trap! - PSW #876 2:02:39

2M ago2:02:39

2:02:39

In the security news: Vicious Trap - The malware hiding in your router Hacking your car WSL is open-source, but why? Using AI to find vulnerabilities - a case study Why you should not build your own password manager The inside scoop behind Lumma Infostealer Hacking a smart grill Hardcoded credentials on end of life routers and "Alphanetworks" SIM s…

1
Quantum Readiness & Zero Trust: Strategies to Strengthen Digital Resilience - Jordan Avnaim, Chris Hickman, Amit Sinha, Albert Estevez Polo - BSW #397 1:07:59

2M ago1:07:59

1:07:59

This segment explores how automated microsegmentation addresses critical Zero Trust gaps overlooked by traditional access controls and legacy segmentation solutions. We'll examine the limitations of perimeter-based defenses in today's dynamic threat landscape and reveal how automated microsegmentation enhances network security beyond conventional f…