In this special episode of the Shared Security Podcast, host Tom Eston reunites with former co-host and experienced fractional CISO, Chris Clymer. They reminisce about their early podcasting days and discuss the evolving role of a Chief Information Security Officer (CISO). The conversation covers the responsibilities, challenges, and skills required to be a successful CISO, including technical and soft skills, business acumen, and people management. Chris shares his journey, the concept of a fractional CISO, and offers valuable advice for those aspiring to enter the CISO role. Tune in for a mix of nostalgia, real-world advice, and mentorship on navigating the complex landscape of information security leadership.

** Links mentioned on the show **

Connect with Chris Clymer on LinkedIn

Listen to episodes of the Security Justice Podcast (2008-2011) where Tom and Chris were both cohosts!

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post So You Want to Be a CISO? With vCISO and Security Justice Alum Chris Clymer appeared first on Shared Security Podcast.

In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as we examine the details, Anthropic’s response, and the broader impact on AI in cybersecurity.

** Links mentioned on the show **

Disrupting the first reported AI-orchestrated cyber espionage campaign

Jen Easterly’s LinkedIn post about the Anthropic disclosure

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work

** Watch this episode on YouTube **

https://youtu.be/mj41KXXZP4s

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post AI Agent Does the Hacking: First Documented AI-Orchestrated Cyber Espionage appeared first on Shared Security Podcast.

In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance.

** Links mentioned on the show **

OWASP Top 10:2025 RC1

** Watch this episode on YouTube **

https://youtu.be/L3nMwFng8ek

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post OWASP Top 10 for 2025: What’s New and Why It Matters appeared first on Shared Security Podcast.

The future of home robotics is here — and it’s a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why it’s definitely not the “Robot Rosie” we were promised.

** Links mentioned on the show **

NEO launched by 1X: What to know about the humanoid robot that will do your chores

FULL EPISODE : Rosey The Robot | The Jetsons | Cartoon Cartoons

** Watch this episode on YouTube **

https://youtu.be/DT44_tmMl3s

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Meet NEO 1X: The Robot That Does Chores and Spies on You? appeared first on Shared Security Podcast.

In this episode, we explore OpenAI’s groundbreaking release GPT Atlas, the AI-powered browser that remembers your activities and acts on your behalf. Discover its features, implications for enterprise security, and the risks it poses to privacy. Join hosts Tom Eston and Scott Wright as they discuss everything from the browser’s memory function to vulnerabilities like indirect prompt injection. Stay informed on how AI browsers could reshape web browsing and cybersecurity.

** Links mentioned on the show **

OpenAI launches ChatGPT-powered web browser. What to know before downloading.

OpenAI’s Atlas shrugs off inevitability of prompt injection, releases AI browser anyway

** Watch this episode on YouTube **

https://youtu.be/P3TUW3Qv1MY

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post OpenAI’s ChatGPT Atlas: What It Means for Cybersecurity and Privacy appeared first on Shared Security Podcast.

In episode 404 (no pun intended!) we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure’s automatic failover capabilities.

** Links mentioned on the show **

An AWS failure took down the internet Monday morning – and the aftershocks continue

What the Huge AWS Outage Reveals About the Internet

** Watch this episode on YouTube **

https://youtu.be/Y2rhmkPhe78

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post It’s Always DNS: Lessons from the AWS Outage appeared first on Shared Security Podcast.

OpenAI’s Sora 2 is here — and it’s not just another AI toy. This episode explores how Sora 2 works, how users can insert almost anything into generated content, and why that’s raising alarms about privacy, identity, and copyright. We walk you through the initial opt-out copyright controversy, the backlash from studios and creators, and how OpenAI is scrambling to offer more control. Tune in to understand what rights you might lose — or want to protect — in this new media era.

** Links mentioned on the show **

Tilly Norwood “AI Generated Actor”

Emily Blunt and Sag-Aftra join film industry condemnation of ‘AI actor’ Tilly Norwood

Sora, Not Sorry: OpenAI Backtracks on Opt-Out Copyright Policy

I tried the new Sora 2 to generate AI videos – and the results were pure sorcery

** Watch this episode on YouTube **

https://youtu.be/MPY-OmTifPI

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Is Sora 2 the Future of Video? AI, Copyright, and Privacy Issues appeared first on Shared Security Podcast.

In this episode, we discuss the surge of age verification laws spreading across the US, including the recent implementation in Ohio. These laws intend to shield children but come at a significant cost to privacy and cybersecurity. We’ll explore how third-party ID verification companies operate, the risks associated with these systems, and the broader definition of adult content beyond pornography. We also question the effectiveness and security of these measures as we share insights into the ease of bypassing verification systems. Are we protecting kids, or building a privacy nightmare?

** Links mentioned on the show **

Bluesky to verify ages under Ohio pornography ID law. Here’s when the law takes effect

How to get around age verification checks

Age verification service that Bluesky is using

** Watch this episode on YouTube **

https://youtu.be/Pc3zjOWNthY

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Age Verification Laws: A Privacy Disaster in the Making appeared first on Shared Security Podcast.

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how phishing programs might evolve — or even be replaced — in the future.

** Links mentioned on the show **

Find out more about ClickArmor!

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Are Phishing Simulations Still Worth It? appeared first on Shared Security Podcast.

Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to today’s AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. Plus, we share listener favorites, memorable moments, and predictions for the future of security and privacy. Thank you for being part of our journey!

** Links mentioned on the show **

Join us for the next 400 episodes!

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

** Watch this episode on YouTube **

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Milestone Episode 400: Reflecting on 16 Years of Shared Security appeared first on Shared Security Podcast.