In Episode 129 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss data security and software updates for Cybersecurity Awareness Month ...
DevSecOps
October 10, 2025
October 06, 2025
A new Enterprise Strategy Group (ESG) report found that 93% of respondents think their mobile app security protections are sufficient. However, these same respondents report that they face an average of 9 mobile app security incidents per year, with a staggering 62% having suffered a mobile app breach in the last year alone. What this implies is that there is a gap between what developers believe is good security and what proper security measures actually are ...
October 03, 2025
In Episode 128 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss MFA and password managers for Cybersecurity Awareness Month ...
October 02, 2025
Organizations across the globe face unprecedented cybersecurity challenges as their digital footprints expand across cloud, on-premises, and remote environments. Ransomware continues to surge as one of the top global cyber threats, with attacks increasing by 33% globally in 2024 and organizations experiencing an average of 1,200 weekly attacks — the highest in three years ...
September 26, 2025
In Episode 127 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the government's investment in developing the cybersecurity workforce ...
September 22, 2025
Not long ago, "security" meant building walls — firewalls, intrusion detection, access control lists. While those tools aren't dead, they're not enough. Cloud-native systems don't care about your perimeter, and one misconfigured API or overly generous IAM role is all it takes. The rules have changed, and if your security game hasn't, you're already behind ...
September 19, 2025
In Episode 126 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the increase in nation state attacks on small- and medium-sized businesses ...
September 18, 2025
While modern cybercriminals can deploy AI-powered attacks that breach systems in seconds, most organizations still require 258 days to detect these intrusions. This dramatic mismatch in speed creates more than just tactical challenges. It can threaten organizations' survival ...
September 15, 2025
Most people don't realize just how much of the world still relies on software written decades ago. Banks, hospitals and government agencies rely on systems that were built long before cloud, mobile or AI even existed. That reliance is costing organizations billions each year, not to move forward, but to keep the old code alive ...
September 12, 2025
In Episode 125 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present Cybersecurity 101: Ransomware ...
September 11, 2025
DevOps and security teams have long understood the challenge of insider threats. These threats typically involve employees, contractors, or partners with legitimate access whose actions compromise system integrity. It's time to expand this definition now that a new insider has appeared ...
September 10, 2025
When was the last time you actually looked at the API calls in your codebase? Not the ones you wrote yourself, but the ones quietly generated by your AI assistant. Do you know where they point? Are they hitting a test server? Did they skip authentication? Are they leaking something in error responses? You start asking these questions after something goes wrong (and no one knows why) ... The thing is, generative AI (GenAI) is excellent at speeding up how we write code, but it could become a major concern if not thoroughly checked ...
September 08, 2025
Formerly lower-priority issues are now significant and pressing security challenges. Some of the most urgent issues are the related realities of rapid sprawl of non-human identities (NHIs), the secrets that enable them, and the very vaults that were adopted to address those concerns ...
September 05, 2025
In Episode 124 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss the largest ever recorded DDoS attack, and the efforts to stop it ...
August 28, 2025
In Episode 123 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss cybersecurity's role at the start the new school year ...
August 22, 2025
In Episode 122 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss proactive vs. reactive cybersecurity ...
August 15, 2025
In Episode 121 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present a Black Hat 2025 Wrap-Up and discuss AI security ...
August 08, 2025
In Episode 120 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA discuss data governance for agentic AI ...
August 07, 2025
Modern applications are no longer monoliths. They are an array of services, each with its own API endpoints. Five years ago, many of these interfaces would have been internal function calls safely tucked inside your application. Now, they're exposed endpoints, accessible from the outside world. Traditional web application firewalls (WAFs) are increasingly insufficient to meet this security challenge ...
August 06, 2025
As your SOC monitors for network intrusions and your AppSec team secures code repositories, a new capability is required to secure the AI tools your employees use daily, before threats emerge ... As security teams grapple with how to adopt AI responsibly, prompt engineering is emerging as a strategic capability that enables teams to build enterprise-grade security into AI systems from the ground up while scaling protection efforts without proportional resource increases ...
August 01, 2025
In Episode 119 of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler from EMA present a preview of Black Hat 2025 ...
July 31, 2025
AI-assisted development — often referred to as "vibe coding" — is transforming the way we write software. New tools are being widely adopted by established developers and newcomers alike, opening up code development to a larger audience, while reducing barriers like time and cost. While this technology promises to usher in a new era of innovation, it introduces a range of new security concerns that security leaders are struggling to mitigate ...
July 28, 2025
Mobile apps are everywhere. They handle payments, authentication, messaging, and health data — often all in the same session. But most organizations still approach mobile security like it's an extension of the web. It's not. Attacks on mobile apps jumped 80% last year ...
July 24, 2025
Traditional firewalls are paradoxically contributing to a new security crisis: alert overload. Security teams are drowning in a sea of notifications, and it's impossible to differentiate between genuine threats and false positives. On a basic level, it's simply annoying. But digging deeper reveals critical threats caused by the sheer tidal wave of alerts that obscure genuine risks and delay response times. The question is, how do modern firewalls overcome issues like outdated rules and a lack of contextual awareness? ...
July 21, 2025
Applications have become the foundation of today's enterprise, powering customer experiences, operational workflows, and core business services. But as application footprints grow, fueled by open-source components, third-party APIs, and AI-generated code, their risk surface expands just as fast. Traditional approaches to securing code late in the pipeline can no longer keep up ...
