From BOLA to Bots: Building a Layered API Defense Against the Modern Top 10
APIs are the "nervous system" of modern applications, making them the number one attack vector, with flaws like Broken Object Level Authorization (BOLA), Broken Object Property Level Authorization (BOPLA), and Broken Function Level Authorization (BFLA) accounting for a high percentage of breaches. This episode delves into the multi-layered "defense-in-depth" strategies required to mitigate these threats, focusing on input validation, rate limiting, and centralized enforcement via API Gateways We explore how integrating security testing into the CI/CD pipeline and maintaining a proper inventory helps organizations eliminate "shadow" or "zombie" APIs and build a true culture of digital resilience.
Sponsors:
https://cloudassess.vibehack.dev
https://vibehack.dev
https://airiskassess.com
https://compliance.airiskassess.com
https://devsecops.vibehack.dev
--------
40:03
--------
40:03
Orchestrating Security: The DevSecOps Blueprint for 2025
Driven by a market anticipated to exceed USD 40.6 billion by 2030, DevSecOps Engineers are crucial experts who bridge the gaps between software development, security protocols, and operational efficiency. Successful implementation relies on a socio-technical work system that emphasizes cultural transformation, shared security responsibility, and procedural excellence by embedding security ("shifting left") into the Software Development Lifecycle. This episode delves into the key requirements for professionals in 2025, from mastering automation tools like Terraform and ensuring robust container security (Kubernetes/Docker) to leveraging application scanning with tools like SonarQube and Trivy.
Sponsors:
https://cloudassess.vibehack.dev
https://vibehack.dev
https://airiskassess.com
https://compliance.airiskassess.com
https://devsecops.vibehack.dev
--------
36:08
--------
36:08
The Algorithmic Adversary: Tracking the Shift to Novel AI-Enabled Malware
The Google Threat Intelligence Group (GTIG) has identified a significant shift where adversaries are now deploying novel AI-enabled malware in active operations, moving beyond simple productivity gains observed in 2024. This new operational phase includes "Just-in-Time" AI malware, such as PROMPTFLUX and PROMPTSTEAL, that utilize Large Language Models (LLMs) during execution to dynamically obfuscate code, regenerate themselves, or generate malicious commands, representing a significant step toward more autonomous and adaptive malware. Furthermore, state-sponsored actors are using social engineering pretexts—like posing as students or "capture-the-flag" participants—to persuade AI systems like Gemini to bypass safety guardrails, even as Google disrupts accounts and strengthens its models and the Secure AI Framework (SAIF).
https://breached.company/the-ai-productivity-paradox-in-cybersecurity-why-threat-actors-havent-changed-the-game-yet
https://www.hackernoob.tips/five-novel-ai-powered-malware-families-that-are-redefining-cyber-threats-in-2025
Sponsors:
www.breached.company
www.cisomarketplace.com
--------
15:36
--------
15:36
The Scorched Earth CISO: Extinguishing Burnout with AI and Executive Support
Cybersecurity leaders, including CISOs, face overwhelming job demands and chronic stress, with up to 80% classifying themselves as “highly stressed” due to resource limitations and the ceaseless evolution of threats. This pressure is compounded by alert fatigue—where the relentless influx of noisy, often false-positive alerts causes mental and operational exhaustion—and a lack of formal support, leading to high attrition and cognitive symptoms like difficulty concentrating. We explore how Agentic AI automation transforms operations by handling routine triage and "grunt work", and why proactive executive backing, including fostering work-life balance and a no-blame culture, is essential to retaining talent and preserving organizational security.
Sponsor:
www.cisomarketplace.com
https://cyberboard.cisomarketplace.com
https://peersight.cisomarketplace.com
https://vrm.cisomarketplace.services
--------
43:17
--------
43:17
Hybrid Resilience: Mastering Digital Tech and Collaboration for Supply Chain Recovery
The COVID-19 pandemic introduced unprecedented volatility and uncertainty (VUCA) to global supply chains, forcing retailers to rapidly pivot their operational strategies to manage severe disruption. This episode explores interview findings revealing how supply chain professionals effectively utilized a blend of proactive strategies, such as digital technology adoption and supplier collaboration, with reactive contingency planning to maintain business continuity. We detail the critical importance of enhanced supply chain visibility, organizational agility, and strategic knowledge management in enabling organizations to recover quickly and achieve sustainable long-term resilience.
Sponsors:
https://vrm.cisomarketplace.services
https://vendorscope.cisomarketplace.com
CISO Insights: The Cybersecurity Leadership PodcastWhere Security Leaders Shape Tomorrow’s DefensesJoin us for CISO Insights, the definitive podcast for cybersecurity executives navigating today’s evolving threat landscape. Each episode delivers exclusive conversations with industry pioneers and practical frameworks from security leaders.CISO Insights provides actionable intelligence for executives building resilient security programs. We cover everything from board-level risk communication to threat detection, compliance, and talent development.Whether you’re a CISO, aspiring security leader, or technology executive, we equip you with the tools to thrive in a complex digital environment.Connect with us:Shop: cisomarketplace.comNews: threatwatch.newsPodcast: cisoinsights.showTools: microsec.toolsAI Resources: cybersecuritygpt.storeFollow us:TikTok @cisomarketplace - Quick insights and security tipsYouTube @cisomarketplace - In-depth discussions and CISO interviewsTiktok & Youtube: @ScamwatchHQPowered by grit, fueled by caffeine. Thanks for keeping us going!coff.ee/cisomarketplacecoindrop.to/cisomarketplace
España