More The Secure Disclosure episodes

Are Humans the Weakest Link in Security? w/ Sean Juroviesky thumbnail

Are Humans the Weakest Link in Security? w/ Sean Juroviesky

Published 25 Mar 2026

Duration: 00:26:23

Securing organizations requires aligning human-centric workflows and communication with embedded, frictionless security practices, addressing human error through behavior monitoring and training, managing shadow IT/AI via collaboration and inventory, balancing usability with targeted access controls, and fostering proactive security culture through education and storytelling rather than enforcement.

Episode Description

In this episode of the Secure Disclosure Podcast, we dive into the human side of security with Sean Juroviesky. From why people remain the biggest cha...

Overview

The text explores the challenges of integrating security with human behavior, emphasizing that individuals are inherently complex, prone to error, and often struggle to navigate organizational workflows and access requirements. It critiques traditional security approaches that prioritize tools like IAM systems over human-centric strategies, advocating for embedding security seamlessly into daily tasks to reduce friction and prevent shadow IT. Key risks include human error, such as phishing violations or misuse of permissions, which demand tailored solutions like enhanced training, targeted tools, and contextual monitoring for anomalies. The discussion also highlights the importance of balancing strict policies with usability, ensuring security measures are perceived as collaborative rather than adversarial, and fostering a culture where employees view security teams as partners rather than enforcers.

The text further addresses emerging risks from AI and unauthorized software, noting how rapid adoption of shadow applications and AI tools introduces compliance and liability issues. It underscores the need for proactive inventory management, legal agreements with third-party vendors, and targeted access controls to mitigate risks from over-permissioning AI assistants or unvetted tools. Strategies to address these challenges include continuous monitoring through endpoint detection systems, user education, and embedding security into AI workflows without stifling innovation. The discussion also emphasizes the dual potential of AI: while it can streamline tasks and boost efficiency, its riskssuch as autonomous actions by over-privileged AI agentsrequire strict, task-specific permissions and proactive frameworks. Collaboration across departments, including finance and legal teams, is presented as essential for aligning security with compliance goals and shared accountability.

Recent Episodes of The Secure Disclosure

16 Jun 2026 Your Microphone Became a Keylogger w/ David vonThenen

Machine learning analyzes keystroke acoustic signatures to infer typed characters over remote platforms, highlighting high accuracy with known keyboards, privacy risks from surveillance, and challenges in noise and variability, while proposing defenses and noting AI's dual-use implications.

9 Jun 2026 Understand the Software Supply Chain Chaos w/ Roeland Delrue

Rapidly evolving supply chain security threats, including malicious open-source components and AI-driven malware, demand advanced AI-powered solutions like Akito Securitys self-securing software and tailored tools to address vulnerabilities in developer environments and package repositories.

28 May 2026 Prompt Injection Might Never Be Solved w/ Paul Vann

The text details AI security threats like prompt injection, jailbreak attacks, and distillation attacks, along with vulnerabilities such as AI bias and autonomous agent risks, highlighting detection challenges, emerging malware, supply chain exploits, and the industry's struggle to keep pace with rapidly evolving AI technologies.

22 May 2026 AI Broke the Security Ecosystem w/ Chris Hughes

Evolving cybersecurity challenges include supply chain threats, AI vulnerabilities, and outdated tools, highlighting the need for systemic reforms like developer incentives, regulatory clarity, and industry-government collaboration to address gaps in vulnerability management and the dual risks of AI's role in both threat detection and exploitation.

15 May 2026 PostHog is placing a wild bet on AI Coding w/ James Hawkins

Recommended: Should you go open source?

PostHog's open-source analytics platform prioritizes transparency, developer autonomy, and AI integration while critiquing corporate norms, emphasizing price clarity, building in public, and balancing automation with security governance in product development.

More The Secure Disclosure episodes