Cybersecurity Awesomeness Podcast

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler explore a pressing security shift: adversaries are increasingly bypassing traditional credential theft to exploit the AI systems already embedded within corporate environments. The hosts discuss how "agentic" AI solutions often operate with overprivileged non-human identities, granting bots excessive access to data and infrastructure that far exceeds their functional requirements.This resurgence of "standing access" for machine accounts—a vulnerability CISOs thought they had mitigated—is being exacerbated by the rapid, near-universal adoption of AI development tools. Using real-world examples, ranging from inadvertent AI-generated discounts to the complex liability of autonomous vehicles, Chris and Ken illustrate the risks of prompt injection and data poisoning. The episode serves as a critical call to action for security teams: to treat AI agents with the same rigorous identity management and just-in-time provisioning standards historically reserved for human users before these misconfigurations lead to massive data exfiltration.

In this episode of the Cybersecurity Awesomeness Podcast, host Chris Steffen and Simon Wijckmans, CEO of C-side, discuss the critical visibility gap in client-side security. While organizations invest heavily in infrastructure and server-side protection, the user's browser remains a largely unmonitored attack vector. Historically, solutions like Content Security Policies and JavaScript agents have proven brittle or easily bypassed by sophisticated scripts that can hide from crawlers or override security hooks.The conversation highlights a major shift driven by PCI DSS 4.0, which now mandates the monitoring and authorization of client-side scripts. Simon explains that modern browser changes regarding third-party cookies finally support more effective proxy-based approaches. This allows security teams to inspect and block malicious third-party scripts before they reach the end user, preventing data exfiltration like credit card skimming. The hosts urge security professionals to move beyond "head in the sand" tactics, emphasizing that robust browser security is now a regulatory and operational necessity for total asset protection.

In this episode, Chris Steffen and Ken Buckler are joined by Jim LaRoe, CEO of Symphion, to discuss the often-ignored threat of printer and IoT security. Jim reveals a startling set of "winning lottery numbers": printers account for 20% of network endpoints, yet 99% remain unprotected. With 67% of organizations reporting a printer-related security incident last year, these devices serve as a critical yet vulnerable vector for lateral movement and credential harvesting.Jim explains this widespread neglect through his "Five O's," citing the lack of a formal Owner and their Origin as business equipment rather than IT endpoints. Because printers process highly sensitive data and frequently lack unified management platforms, they offer a 360-degree risk landscape for cybercriminals. The conversation emphasizes that "locking the front door" by declaring a dedicated security owner and integrating print fleets into a unified security strategy is essential. Symphion provides a turnkey solution to bridge this visibility gap, ensuring these "graveyard endpoints" are hardened, monitored, and securely managed.

Chris Steffen and Ken Buckler from EMA discuss privacy concerns around generative AI.

Chris Steffen and Ken Buckler from EMA discuss API security.