Making vulnerability management and incident response actually work. Also, the News! - Beck Norris, Ryan Fried, José Toledo - ESW #442

Author: Security Weekly Productions January 19, 2026 Duration: 1:43:26

Segment 1 with Beck Norris - Making vulnerability management actually work

Vulnerability management is often treated as a tooling or patching problem, yet many organizations struggle to reduce real cyber risk despite heavy investment. In this episode, Beck Norris explains why effective vulnerability management starts with governance and risk context, depends on multiple interconnected security disciplines, and ultimately succeeds or fails based on accountability, metrics, and operational maturity.

Drawing from the aviation industry—one of the most regulated and safety-critical environments—Beck translates lessons that apply broadly across regulated and large-scale enterprises, including healthcare, financial services, and critical infrastructure.

Segment 2 with Ryan Fried and Jose Toledo - Making incident response actually work

Organizations statistically have decent to excellent spending on cybersecurity: they have what should be sufficient staff and some good tools. When they get hit with an attack, however, the response is often an unorganized, poorly communicated mess! What's going on here, why does this happen???

Not to worry. Ryan and José join us in this segment to offer some insight into why this happens and how to ensure it never happens again!

Segment Resources:

[Mandiant - Best practices for incident response planning]

(https://services.google.com/fh/files/misc/mandiantincidentresponsebestpractices_2025.pdf?linkId=19287933)

Beyond Cyberattacks: Evolution of Incident Response in 2026

Segment 3 - Weekly Enterprise News

Finally, in the enterprise security news,

Almost no funding…
Oops, all acquisitions!
Changes in how the US handles financial crimes and international hacking
Mass scans looking for exposed LLMs
The state of Prompt injection
be careful with Chrome extensions
and home electronics from unknown brands
Is China done with the West?

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-442

Security Weekly Podcast Network (Video)

Dive into the ever-evolving world of digital defense with the Security Weekly Podcast Network (Video). Produced by Security Weekly Productions, this network isn't a single perspective but a comprehensive hub where different facets of cybersecurity come into focus through distinct, dedicated shows. You'll find episodes from series like Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News, all curated in one feed. This structure means that whether you're analyzing code, shaping corporate policy, or managing infrastructure, there's relevant content for you. The discussions move beyond headlines, offering practical analysis and expert insights that help make sense of complex threats and solutions. By blending technology deep dives with timely news commentary, this video podcast provides a multi-dimensional view of the field, suitable for professionals who need to stay informed and enthusiasts curious about how security shapes our digital lives. It’s a consistent resource for anyone looking to understand not just what is happening in cybersecurity, but why it matters and how to respond.

Author: Security Weekly Productions Language: English Episodes: 100

Official website RSS

Podcast Episodes

[not-audio_url]

[/not-audio_url]

Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - Ann Marie van den Hurk, Amit Sinha, Matt Immler - BSW #441

01.04.2026

Duration: 1:01:56

Most organizations don't fail because of technology. They fail because decision authority is unclear in the first critical minutes. "Being careful" is often interpreted as waiting for certainty, but that delay creates ex…

[not-audio_url]

[/not-audio_url]

Beyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation - Rob Allen, Gibb Witham - SWN #568

01.04.2026

Duration: 37:54

In the AI era, cybersecurity is undergoing a fundamental shift as AI agents transform both the speed and scale of attacks. In this interview, Gibb Witham, President and Chief Financial Officer of Hack The Box, explains w…

[not-audio_url]

[/not-audio_url]

Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Ron Rasin, Shashwat Sehgal - ASW #376

31.03.2026

Duration: 1:15:40

The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Ke…

[not-audio_url]

[/not-audio_url]

Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - Lenny Zeltser, Helen Patton, Alexandre Sieira - ESW #452

30.03.2026

Duration: 1:49:51

Interview with Helen Patton about her new book, Switching to Cyber Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity car…

[not-audio_url]

[/not-audio_url]

Scam Baiting, AI, and the New Grift Economy, Part 2 - Rinoa Poison - SWN #567

28.03.2026

Duration: 34:16

In this two-part interview, Rinoa Poison explores the mechanics of modern scams, the role of AI in making them more convincing, and the growing world of scam baiting. She also discusses the tactics, technical setups, and…

[not-audio_url]

[/not-audio_url]

Scanning The Internet with Linux Tools - PSW #919

27.03.2026

Duration: 1:03:26

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include: Sho…

[not-audio_url]

[/not-audio_url]

Say Easy, Do Hard - Crypto-Agility - BSW #440

25.03.2026

Duration: 52:28

With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum…

[not-audio_url]

[/not-audio_url]

Scam Baiting, AI, and the New Grift Economy, Part 1 - Rinoa Poison - SWN #566

25.03.2026

Duration: 35:09

Rinoa Poison joins Security Weekly News to break down the world of scam baiting, how modern scams are evolving, and why AI is making fraud harder to spot. In this two-part conversation, she shares how scam baiters operat…

[not-audio_url]

[/not-audio_url]

Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375

24.03.2026

Duration: 38:04

So much of appsec's efforts can be consumed by vuln management and a race to patch security flaws. But that's more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind p…

[not-audio_url]

[/not-audio_url]

Can AI help critical infrastructure, the state of the cyber market, and weekly news - Kara Sprague, Mike Privette - ESW #451

23.03.2026

Duration: 1:42:52

Interview with Kara Sprague - The AI Fix for Infrastructure's Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and ene…