SAP Cybersecurity by NO MONKEY

By Waseem Ajrab

Welcome to SAP Cybersecurity by NO MONKEY – where we make SAP security real, relevant, and actionable.

Hosted by Waseem Ajrab, this podcast breaks down the complexities of SAP cybersecurity into conv... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about SAP Cybersecurity by NO MONKEY:

How many episodes does SAP Cybersecurity by NO MONKEY have?

The podcast currently has 7 episodes available.

SAP Cybersecurity by NO MONKEY episodes:

June 09, 2026The Death of Traditional SAP Security
20 Years of Vulnerabilities That Refuse to Die
In this episode, Frederik Weidemann (Orgaverse) sits down with Waseem to discuss why traditional SAP security approaches are fundamentally broken. From OS command execution that still works in 2026 to cloud architectures that nobody understands, Frederik walks through two decades of SAP vulnerabilities that organizations keep repeating. Discover why patches aren't the answer, how AI is changing offensive security forever, and what organizations actually need to do to mature SAP security.
TAKEAWAYS
Why SAP vulnerabilities discovered 20 years ago still compromise systems today
How OS command execution remains a critical risk across multiple attack vectors
The shared responsibility model that most cloud customers fundamentally misunderstand
Why BTP is becoming the new DMZ for SAP landscapes (and why that's dangerous)
How AI is automating vulnerability discovery faster than organizations can patch
HOST & GUEST
Host: Waseem Ajrab | NO MONKEY
Guest: Frederik Weidemann | Orgaverse
CHAPTERS
01:20 Frederik Weidemann's 20-year journey in SAP security
03:08 The evolution of SAP security awareness since 2006
05:44 Why security researchers still fear touching SAP
08:31 Recent trends in SAP vulnerabilities and patch patterns
11:41 OS command execution: Why removing one report doesn't solve the problem
14:46 The complexity of securing SAP operating systems
19:55 How BTP is changing the enterprise attack surface
25:04 API management and integration suite security risks
31:34 Zero trust in SAP: Identity management as the foundation
32:23 The challenge of navigating identity provisioning
39:10 AI's impact on offensive security and vulnerability discovery
46:05 Understanding ABAP as an offensive tool, not business logic
51:50 Integrating AI and Joule into security workflows
56:19 The mindset shift organizations need right now
New episodes drop regularly, featuring conversations with cybersecurity experts, SAP practitioners, and industry leaders who've been in the trenches. No vendor pitches. No fluff. Just actionable insights you can apply today.
Because curiosity is free – but recovery isn't.
...more
58min
April 21, 2026 AI and Responsibility: Securing SAP's Digital Core
When AI agents decide, who answers the auditor?
TAKEAWAYS
Why tracing and auditing every AI agent decision is an audit requirement, not optional
How AI makes SAP's existing attack surface more visible, not bigger
The shift from humans executing tasks to humans managing agents managing agents
Why organizations need AI to scale defenses against automated attacks
Risk management frameworks for deploying AI in SAP (NIST, OWASP Top 10, ISO 27001)
HOST & GUEST:
Waseem Ajrab – Host: Head of Security Advisory, NO MONKEY
José Marquez – Guest: Chief AI Officer, SAP Practice at PwC US
CHAPTERS
02:11 José's journey from ABAP developer to Chief AI Officer
04:00 How AI agents change SAP from execution to decision making
07:57 Why AI makes attack surfaces more visible, not expanded
09:28 Autonomous AI agents and the accountability challenge
12:47 Tracing, logging, and auditing: The audit question every organization will face
17:17 Common gaps when organizations have high AI ambition but low governance
18:46 Standards for monitoring AI agents like human employees
22:07 AI's impact on security operations and automated attacks
31:26 The new role: Humans managing agents managing agents
33:33 Risks of over-reliance on AI-driven security decisions
40:56 Protecting SAP's digital core with AI risk governance
44:53 Balancing automation, human oversight, and organizational strategy
45:22 The biggest opportunity (scale) vs. the biggest risk (forgetting how to think critically)
New episodes drop regularly, featuring conversations with cybersecurity experts, SAP practitioners, and industry leaders who've been in the trenches. No vendor pitches. No fluff. Just actionable insights you can apply today.
Because curiosity is free – but recovery isn't.
...more
41min
March 09, 2026 Why SAP Is Still a Goldmine for Attackers
Discover what 20 years of vulnerability research reveals about SAP security
TAKEAWAYS
• Discover why SAP obscurity no longer works as security
• Learn what attackers exploit in real SAP penetration tests
• Understand the business impact of SAP breaches (real cases)
• Identify common patterns that leave SAP systems vulnerable
• Adopt the "assume breach" mindset for SAP environments
HOST & GUEST:
Waseem Ajrab – Host: Head of Security Advisory, NO MONKEY
Joris Van De Vis – Guest: Director Security Research, Security Bridge
Chapters
03:06 The Journey into SAP Cybersecurity
05:54 Complexity as a Double-Edged Sword
09:01 The Business Impact of SAP Breaches
12:12 Common Vulnerabilities in SAP Systems
14:54 The Importance of Monitoring and Patching
18:03 The Challenge of Legacy Systems
20:50 The Human Factor in SAP Security
24:55 The Human Element in Technology
27:00 Understanding Compliance vs. Security
30:04 Cloud Migration Myths and Realities
34:15 Identifying Patterns in Vulnerabilities
41:51 Mindset Shift: Assume Breach
43:09 Innovations in SAP Security Tools
New episodes drop regularly, featuring conversations with cybersecurity experts, SAP practitioners, and industry leaders who've been in the trenches. No vendor pitches. No fluff. Just actionable insights you can apply today.
Because curiosity is free – but recovery isn't.
...more
41min
February 16, 2026Navigating C‑Level Executives Through SAP Cybersecurity
How to get SAP security on the board agenda, when ransom attacks are louder but SAP is more critical.
TAKEAWAYS
SAP security has evolved significantly since 2012.
Continuous security is essential for effective SAP risk management.
Organizations often rely too heavily on audits for security.
There is a gap in communication between technical teams and C-level executives.
Proactive measures can prevent significant security incidents.
AI can enhance both security measures and threat detection.
Transparency in security practices is crucial for effective management.
Organizations need to start addressing glaring security issues immediately.
The complexity of SAP systems requires specialized security approaches.
Security is a continuous process, not a one-time project.
CHAPTERS
03:00 The Evolution of SAP Security
06:05 Challenges in SAP Cybersecurity
09:06 The Role of C-Level in Cybersecurity
11:58 Understanding SAP Cyber Risk
15:12 Bridging the Gap in Cybersecurity Communication
24:00 Understanding SAP Security Risks
29:59 The Role of Audits in Cybersecurity
35:55 Continuous Security: A Proactive Approach
41:56 Bridging the Gap Between Cybersecurity and SAP
48:04 Future Trends in SAP Security
HOST & GUEST:
Waseem Ajrab – Host, NO MONKEY
Christoph Nagy – Guest, Security Bridge
CONNECT WITH US:
Website: https://www.no-monkey.com/
LinkedIn: https://www.linkedin.com/company/no-monkey/
Subscribe to stay updated on SAP security!
...more
44min
January 19, 2026Building Modern SAP SOC
The Role of Offensive Mindset in Cyber Defense
TIMESTAMPS:
03:00 - Maxim's Journey into Cyber Defense
05:44 - The Evolving Mindset of SOC Operations
08:28 - The Role of Education in Cybersecurity
11:02 - Understanding SAP's Unique Challenges in SOC
13:42 - Effective Detection Strategies for SAP Systems
16:27 - Building a Threat Hunting Framework
18:46 - The Future of Threat Hunting and SOC Operations
21:07 - Understanding Threat Hunting in SAP Environments
24:30 - Compliance vs. Security: A Critical Distinction
28:11 - Reactive vs. Proactive SOC Teams
32:08 - Bridging the Gap: SOC Analysts and SAP Experts
35:45 - Implementing SAP Security in SOC Operations
HOST & GUEST:
Waseem Ajrab – Host, NO MONKEY
Maxim Deweerdt – Guest, NVISO
KEY TAKEAWAYS:
Understanding the adversary's goals is crucial for SOC operations
Proactive SOC teams assume compromise and focus on detection
SAP is often treated as a black box in SOCs due to complexity
Effective detection requires collaboration between SAP and SOC teams
Quality of detection rules is more important than quantity
Compliance and security should be clearly differentiated
CONNECT WITH US:
Website: https://www.no-monkey.com/
LinkedIn: https://www.linkedin.com/company/no-monkey/
Subscribe to stay updated on SAP security!
...more
41min
January 12, 2026Uncovering SAP BTP Attack Vectors
Navigating the Complexities of SAP Cybersecurity
TIMESTAMPS:
03:45 - Transitioning to Cloud: Impact on Security
07:26 - Understanding SAP BTP: Basics and Structure
11:02 - Exploring BTP Environments
14:30 - The Role of ABAP in BTP
16:53 - Shared Responsibility in Cloud Security
22:27 - The Attackers Playbook and Pentesting
23:54 - Understanding SSH and Security in Cloud Foundry
27:35 - Service Keys and Their Risks
30:38 - Best Practices for Application Security
34:14 - Exploring Kyma and Cloud Connector Security
40:55 - Top Recommendations for Reducing BTP Risk
HOST & GUEST:
Waseem Ajrab – Host, NO MONKEY
Julian Petersohn – Guest, Fortinet
KEY TAKEAWAYS:
BTP is essential for modern SAP security
Misconfigurations are a leading cause of vulnerabilities
Shared responsibility is crucial in cloud environments
Monitor your applications continuously
Develop applications with security in mind
Regularly update and patch systems
CONNECT WITH US:
Website: https://www.no-monkey.com/
LinkedIn: https://www.linkedin.com/company/no-monkey/
Subscribe for more SAP security insights!
...more
47min
January 09, 2026Introduction to SAP Cybersecurity
Tackling SAP Security Together: A New Podcast Journey
TIMESTAMPS:
00:00 - Introduction: Why This Podcast Exists
03:09 - The Importance of SAP Security
05:55 - Understanding the SAP Ecosystem
08:46 - The Three Lines of Defense in SAP Security
11:50 - NO MONKEY's Approach to SAP Security
14:38 - Future of the Podcast and Key Takeaways
HOST & GUEST:
Waseem Ajrab – Host, NO MONKEY
Jochen Fischer – Guest
KEY TAKEAWAYS:
SAP cybersecurity needs to be more human and actionable
The SAP ecosystem includes 500,000+ customers and 300 million users
Security must be a collaborative effort between IT and business leaders
NO MONKEY's approach: People → Process → Technology
Curiosity is free – recovery isn't
CONNECT WITH US:
Website: https://www.no-monkey.com/
LinkedIn: https://www.linkedin.com/company/no-monkey/
Subscribe to never miss an episode!
...more
22min

FAQs about SAP Cybersecurity by NO MONKEY:

How many episodes does SAP Cybersecurity by NO MONKEY have?

The podcast currently has 7 episodes available.