Cybersecurity Today
Episode: A Former Black Hat Hacker Advises Us On Security Weaknesses
Date: November 8, 2025
Host: Jim Love
Guest: Brian Black (Head of Security Engineering, Deep Instinct; former black hat hacker)
Episode Overview
In this riveting episode, host Jim Love interviews Brian Black, a seasoned security leader and former black hat hacker, now working on the “good guy” side. The conversation explores Brian’s roots in hacking, his journey to corporate security, the state of cyber threats—especially AI-driven ones—and actionable advice for businesses and security leaders. Together, they delve into the rise of AI in both attacks and defenses, practical basics for resilience, modern threat tactics, and what the industry needs to do next.
Key Discussion Points & Insights
1. Brian Black’s Hacking Origins and Ethics
[01:09 – 05:44]
- Brian’s curiosity and “told no, try anyway” mentality drove him to hacking from age 7.
“Anytime I’m told you can’t go somewhere, I really want to.” – Brian Black [01:37]
- Specialized in reconnaissance and weaponization; targeted high-profile companies but had rules—never banks or government.
- Shifted away from black hat hacking as corporate cybersecurity roles became available and more challenging.
- He likens leaving hacker groups to outgrowing a high school clique: “Once you stop running with that group … you realize how little you had in common besides code.” – Brian Black [07:55]
2. The Social Side of Hacking & Leaving the Scene
[06:10 – 08:48]
- Today’s hacker recruitment often hooks young people for economic necessity or a sense of belonging, making it hard to leave.
- Parents need to be aware: hacking groups exploit both need and social ties, sometimes peer pressure but often “ideological belonging.”
“They find validation that they may be struggling to find elsewhere in their lives.” – Brian Black [06:41]
3. Advice to Parents of Tech-Curious Children
[08:48 – 11:00]
- Brian urges parents to “encourage it—responsibly.”
- Modern legitimate paths for hacking skill development (hackathons, gamified coding platforms, courses) are abundant.
“My advice would be, encourage it… there are very legitimate ways today… to foster that skill and then guide people into a legitimate career.” – Brian Black [09:17]
4. Transition to Corporate Security: Red, Blue, and Purple Teams
[11:02 – 13:06]
- Brian’s path from Lucent to banks, Sunguard, HP FireEye, and finally Deep Instinct.
- Red-teaming (offensive) was a natural fit, but blue-teaming (defensive) is never boring: “If 99% secure, then 100% vulnerable.” – Brian Black [12:44]
- Modern roles often blend offensive/defensive (purple team).
5. Back to Basics—Why Fundamentals Matter
[13:06 – 14:42]
- Jim and Brian agree: most breaches result from neglecting basics, not sophisticated attacks.
- Rise of “script kiddies”—with AI, low-skill actors can run potent code packages.
- Modern AI lowers the bar for threat actors; the basics (“blocking and tackling”) matter more than ever.
6. Passwords, Phishing, and Practical Hygiene
[16:54 – 18:42]
- Strong, long passphrases trump “fancy” complex ones.
“If you can create a sentence you can type very quickly… it’s about the lengths.” – Brian Black [17:19]
- Know who you communicate with—phishing remains the top threat vector due to sheer volume and probability.
7. People and Data Governance as Weak Points
[20:03 – 21:37]
-
“Humans are always the biggest point of failure.”
-
Most organizations lack inventory of their own critical data—don’t know what/where their “crown jewels” are.
“They don’t know what data they have and they don’t know where it is.” – Brian Black [20:25]
8. Multi-factor Authentication: Is It All It’s Cracked Up To Be?
[22:03 – 23:53]
- Some MFA methods have become more vulnerable due to attack techniques like SMS interception; everything is hackable, though MFA is “better than nothing.”
- Biometrics strong technically, but legal landscape is complex: “Your face is public domain…”
9. Testing Vendors: AI, Dark AI, and Security Weaknesses
[24:44 – 27:51]
- Brian ethically tested ~70 security vendors’ products with AI-generated malware; detection rates were abysmally low (“batting average of just 109”).
- Simply changing the language or compiler can evade detection by security tools:
“The vendors that catch it change—because the functionality’s the same, only the compiling methodology did.” – Brian Black [26:45]
- Attackers win through fast mutation—defenses are too “human-speed.”
10. Threat Evolution: AI & Attack Democratization
[28:06 – 35:10]
- Today, anyone with basic knowledge can launch complex attacks using easily accessible “dark AI” tools.
- Attack creation, zero-days, and exploits can now be generated and mutated by AI in minutes.
“Threat actors are moving at AI speed and the defenders are still moving at human speed.” – Brian Black [28:26]
- Security teams must adapt quickly to paradigm shifts—old signature-based models won’t keep pace.
11. Defensive Mindset Shift: Preemptive, Not Reactive
[35:45 – 36:54]
- Industry must move toward “preemptive” security (proactively blocking threats, not just detecting/responding).
- Even industry reforms (Gartner’s preemptive security recommendations) are in catch-up mode.
12. Practical Steps: Red Teams, Vendor Vetting, and Company Culture
[42:12 – 44:51]
- Red teaming is vital—even if the truth is uncomfortable, “hearing that your baby's ugly a little bit” is necessary for real improvement.
- Internal teams & vendors should demonstrate proprietary tools and current offensive skills, not just tick-box testing.
“The good red teams will have developed their own stuff because they want to win.” – Brian Black [43:36]
- Do reference checks—even if rule-bound vendors won’t disclose clients, use industry networks and peer groups.
13. Secops Burnout: The Human Factor
[47:11 – 48:47]
- Security teams overwhelmed by volume, unable to feel “caught up” or make visible progress; 60%+ thinking of leaving their blue team roles.
“There’s no rest—they can never get their head above water.” – Brian Black [47:41]
- AI will be both a bane and a savior—automating low-level detection lets humans focus on bigger issues.
14. Advice for CISOs: Staying Current, Empowering Teams
[49:03 – 50:10]
- Don’t blindly rush AI adoption—identify your biggest challenges, then acquire the right tools to empower and support your team.
“Finding out where your humans are struggling… and then taking the time to discover what types of AI can help protect that or empower that.” – Brian Black [49:34]
15. The Double-Edged Sword of AI
[51:42 – 52:28]
- AI is the biggest cybersecurity risk in decades—but also the greatest potential tool for defense, productivity, and human progress.
“It is truly the definition of the double-edged sword.” – Brian Black [51:47]
Notable Quotes & Memorable Moments
-
On hacking origins:
“I realized I could make a computer do what I wanted it to do, regardless of the intent of the designer… It unleashed that incessant and persistent curiosity.” – Brian Black [01:24]
-
On script kiddies’ resurgence:
“With the rise of different… AI tools, they’re back. They can destroy your data and get in the news for it. It’s not a financial drive, it’s an egotistical drive.” – Brian Black [14:25]
-
On the myth of sophisticated attackers:
“People spend far too much time worrying about people like you doing the extreme stuff and they don’t spend enough time on the basics.” – Jim Love [13:09]
-
On the importance of passphrases:
“My password was ‘Jack and Jill went up the hill.’ That’s an insanely long password.” – Brian Black [17:32]
-
On MFA vulnerabilities:
“I lived and died by [cell phone] MFA… Then I learned just how vulnerable our trunk lines are… Now, anyone can learn off a YouTube video.” – Brian Black [22:27]
-
On AI-driven defense:
“As the good guys employ AI tools running at speed, at scale… this may be the first time in cybersecurity’s history that it was possible [to prevent zero-days].” – Brian Black [41:03]
Timestamps for Key Segments
- Brian’s hacking origin story: 01:09–05:44
- How hacker groups operate and why people stay: 06:10–08:48
- Advice for parents of cyber-curious kids: 08:48–11:00
- Corporate career trajectory and team “colors”: 11:02–13:06
- The critical importance of basics: 13:06–14:42
- Password and phishing fundamentals: 16:54–18:42
- Weaknesses in data governance and human error: 20:03–21:37
- Multi-factor authentication pros and cons: 22:03–23:53
- AI, dark AI, and vendor weaknesses: 24:44–28:06
- Defense lagging behind attack innovation: 28:06–35:10
- Transition to proactive security (preemptive): 35:45–36:54
- Red teaming and vendor evaluation advice: 42:12–44:51
- The burnout epidemic in blue teams: 47:11–48:47
- How CISOs can stay ahead: 49:03–50:10
- AI as both the threat and the solution: 51:42–52:28
- What Deep Instinct actually does: 52:43–53:19
Actionable Takeaways
-
Security leaders & CISOs:
- Rigorously inventory your data—know your “crown jewels.”
- Prioritize basics: strong passphrases, phishing training, network segmentation.
- Don’t rely solely on detection/response—look for preemptive AI tools and regularly red-team your organization.
- Vet your vendors/red teamers deeply; seek those with up-to-date, proprietary tactics.
- Recognize and address blue team burnout by automating easy wins and supporting employees.
-
For all listeners:
- Trust but verify communication: double-check any requests, even if “from family.”
- Stay alert to the latest AI-driven attack techniques—assume attackers move faster than you do.
- Embrace curiosity about AI but do so in controlled, secure ways.
Closing Thoughts
This episode underscores the urgent need for adaptive cybersecurity in an evolving landscape dominated by AI. The threat level has escalated—democratizing hacking yet offering new defenses. Those who move fastest, understand their risks, and invest wisely in both people and tools will be best positioned to survive.
For more information on Brian Black’s work:
- Deep Instinct focuses on deep learning AI for preemptive zero-day security across large enterprises.
Contact & Feedback:
- Jim Love invites feedback via technewsday.ca/.com or LinkedIn.
A must-listen for CISOs, IT leaders, and anyone wanting to understand the new realities of cyber risk and AI.
