In Episode 114 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss nation state cyber attacks, specifically in light of current events in the Middle East ...
DevSecOps
June 25, 2025
Firewalls were built for a different world — static networks, predictable traffic, and clear perimeters ... The firewall has finally evolved, but only out of necessity. The newest generation isn't an appliance or virtual machine; it's cloud-native, AI-driven, and always-on. It doesn't guard a border; it lives where your workloads live. And if it's not doing that, it's irrelevant. But an evolved firewall by itself isn't enough, and you can't secure what you can't see — that's where most organizations are still exposed ...
June 18, 2025
Disconnect between the promise of engineering excellence and the day-to-day realities inside most software teams is growing, according to The State of Software Engineering Excellence 2025 from Harness ...
June 17, 2025
As hybrid, multi-cloud, and edge architectures expand, many organizations are relying on outdated security models that can't keep up, according to the 2025 Cloud Security Report from Check Point Software Technologies ...
June 13, 2025
In Episode 112 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss Penetration Testing as a Service ...
June 12, 2025
Once, the castle-and-moat model of traditional firewalls offered a sense of safety, but the rules of network security have been rewritten. Static, perimeter-focused defenses are no longer sufficient in our cloud-first reality. Let's be clear: firewalls aren't going away; they're undergoing a metamorphosis to be more dynamic and integrated with application-level security, hand-in-hand with zero trust ...
June 11, 2025
A new survey from Lineaje revealed that nearly a third of security professionals (32%) believe they can deliver zero-vulnerability software despite the myriad threats and increasing compliance regulations. While 68% are more realistic, the initial number highlights some critical blind spots in organizations’ software supply chain defenses. Here are the other top findings from the research ...
June 06, 2025
In Episode 111 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Cybersecurity 101: Cybersecurity Maturity ...
June 04, 2025
DevOps teams are readily embracing modern tools that utilize large language models (LLMs), generative AI (GenAI), and the very buzzy agentic AI to accelerate their continuous integration/continuous delivery (CI/CD) pipelines ... But AI's tremendous potential business value is currently outshining some very real risks to mobile applications and the broader software supply chain ...
May 29, 2025
Over the past two years, code assistants based on generative AI have transformed software coding, accelerating the generation of code on an unprecedented level. Developers are deploying more code than ever, but at a cost: exponential growth in security vulnerabilities. New research points to a 3X increase in repositories containing Personally Identifiable Information (PII) and payment data, a 10X increase in APIs without authorization and input validation, and more sensitive API endpoints exposed, all threats proliferated by AI-generated code. Though AI code assistants boost productivity, they possess no understanding of organizational risk, compliance policies, or security best practices, leaving companies more exposed ...
May 28, 2025
CISA's Product Security Bad Practices paper is one that every company should review as it details the "exceptionally risky software development activities" that are all too common in the industry ... While CISA's efforts can help companies navigate the "need for speed" in a fast-moving DevOps environment, IT and security leaders across the private sector must do their part to prepare their companies for the necessary changes ...
May 23, 2025
In Episode 110 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the recent news about extra devices installed on foreign made products that have no purpose other than to be exploited by a bad actor ...
May 21, 2025
As AI reshapes industries, it has also erased the lines between truth and deception in the digital world. The AI Security Report 2025 from Check Point® Software Technologies Ltd. uncovers four core areas where this erosion of trust is most visible ...
May 19, 2025
Almost half (49%) of CISOs say buyers now factor application security (AppSec) into purchasing decisions, according to A CISO's Guide to Steering AppSec in the Age of DevSecOps, a report from Checkmarx. In fact, in nearly half of software-based product companies, security oversight has moved outside the CISO's office entirely. As application complexity and scale grow — driven by AI, microservices and hybrid application architectures — engineering teams are increasingly accountable for ensuring secure, scalable delivery ...
May 16, 2025
In Episode 109 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss how the bad guys are using AI for cyberattacks ...
May 15, 2025
Developers are leveraging AI to accelerate the software development lifecycle, enabling them to automate repetitive coding tasks and generate substantial amounts of code in a fraction of the usual time. However, despite the numerous production advantages that AI has brought to organizations, it has simultaneously made it easier for less skilled hackers to infiltrate company systems with AI malicious code ...
May 13, 2025
You might not hear about Artifactory tokens in mainstream security discussions, but here's a troubling reality: these tokens are corporate security's hidden Achilles' heel. Unlike many leaked credentials that turn out to be harmless personal access tokens or defunct keys, Artifactory tokens almost always lead directly to critical corporate assets ...
May 09, 2025
In Episode 108 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA recap the RSA Conference ...
May 08, 2025
Security tools left running with weak configurations are a daily occurrence, as common as your morning brew. Breaches don't always start with flashy zero-days or clever phishing campaigns. They often begin with tools you trust; weak access controls, outdated configurations, and carelessness in setup make them prime targets for malicious actors ...
May 05, 2025
Proof is in the data from Akamai's new research State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. Overall, we see traditional web attacks targeting web applications and APIs continue to rise, as shown by a 65% increase between Q1 2023 and Q4 2024. This shows that the capabilities that are being developed are under increasing levels of attack ...
May 01, 2025
As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale ...
April 29, 2025
Only a fraction of critical vulnerabilities are truly worth prioritizing, according to the State of DevSecOps 2025 from Datadog ... The report found that security engineers are wasting a lot of time on vulnerabilities that aren't necessarily all that severe ...
April 25, 2025
In Episode 107 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present a preview of the RSA Conference and discuss the EMA Vendor Vision report ...
April 24, 2025
Imagine spending countless hours crafting a unique algorithm, only to have it stolen and used by someone else. Attackers use various strategies to pilfer source code, from social engineering tactics to malware; thankfully, these malicious tactics have viable and effective defense best practices ...
April 18, 2025
In Episode 106 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the buzzwords generated by marketing to sell cybersecurity products ...
