A

All right, what's up, everybody? Welcome. Welcome to the party. If you want to stay current on the top cyber news stories of the day while listening to this Jack Daniels gargling razor blade sucking podcast host. I'm joking. I. I'm going through a bit of an illness right now and my throat sounds extra scratchy. Please disregard that because it's worth it. The Value train is leaving the station. If you want to stay current on the top cyber news stories while engaging in an amazing community of like minded cyber professionals who are all interested in supporting you, including you, and empowering you to have the best cyber career that you can possibly have, well then you're in the right place. Because this, all of this is simply Cyber's daily Cyber threat brief podcast. I'm your host, Dr. Gerald Doer, coming to you live from the Buffer Oer Flow studio. And we are off and running on this glorious Wednesday morning. Let's cook. Oh, my God. When I play the. When I play the Threat Locker ad read, I might run into my house and grab a fistful of ricolas. Holy jeep, guys. Welcome. Welcome to the party. I see a lot of familiar faces in the chat. Ron Rummerfield. Hey, what's going on? It's been a minute. Nerman, Marcus Kazmazel. Hello to you too. What's up, tj, Space tacos, the grc, Mafioso, Ray Dubs. Guys, we got a great show for you. We're gonna go through eight stories. They are spicy. They are piping hot. They just came out of the oven. And as far as research and prep goes, I've done zero. But you know what? Ain't nobody got time for that. It's not because I don't know what I'm doing. It's because this is an authentic experience in the world of AI and a bunch of manufactured M Dash bull crap. This show is as real as it's gonna get, including production issues. So sit back, relax. We got you covered. Now, one of the things I'm very proud of about this show and I want to say that this show, in my opinion, and I would love for people to challenge me on this one, if you truly believe it. One of the things about this show that's unlike any other show in the cyber industry is, yes, we go through the stories just like every other celebration cyber news podcast, but we take time to marinate, we take time to dig down. We take time to elicit additional insights and value that you won't get from any other podcast. You won't get it from A classroom. You won't get it from a textbook. You can only get it from someone who has lived that experience and is mentoring down. And that's what we're doing. I, I do it here on camera for you. But right above me is the Simply Cyber community that you're an active participant in. You are a node in the Simply Cyber network and there are so many wonderful practitioners in there. Ms. Julian, she's. I can't say her first name because it'll activate my digital assistant, but she's a perfect example of a Simply Cyber Community member who's got a wealth of knowledge, both practitioner and management and dealing with management. Right? Jobs aren't just about hands on keyboards and doing next level hacks or things. The, the corporate America, the career journey. There's a lot of, there's a lot of aspects of it that are not cyber specific. Right. There's a lot of soft skills, there's a lot of human interaction, there's a lot of Game of Thrones type stuff. Stuff. And if you didn't know that because you're 22 and you're just getting out of college and you're like, I'm here for my job, you know, you'll have to learn the hard way. So that's, to me, one of my favorite things about this show and about the value that we bring as an entire community. What's up? Zema Ernet says Simply Cybers helped him earn both my degrees and push for a job in the past year. Heck yeah, dude. That's what I'm talking about, right? Hell yeah. All right, guys. Every single episode. As if the value train wasn't enough, every single episode of the Daily Cyber Threat Brief is worth half a cpe. So say what's up in chat, you will appear on stream right here, look, I'm behind the chat. Say what's up in chat, you'll appear there. You can grab a screenshot. This is live. We are live right now. If you're watching on replay, put it in the comments. YouTube comments, if you're listening on Spotify or Apple podcasts, I can't help you too much there. I mean, you could still say that you listen and get the CPEs. It's just a little bit harder to prove it. Say what's up in chat. Just like Almighty N8 did or Almighty Nate, what's up Nate? And then file it away. Once a year, count up those screenshots, divide by two, that's how many cps you got. We say half a cp, you show Show's an hour long, half a cpe. Why? Because we. We have some fun here. We go for around. We kick it right. Well, that's not the right graphic. Hold on one second, my guy. Dude, I have been blown out as far as work goes. There we go. Look at this. Every day of the week we do a fun thing. Wednesdays is way back. Wednesday we kick it old school because some of us are old in chat, right? We have some fun. We'll talk about tech from the 80s or 90s, see if people vibe on it. See if you youngs even know what it is. Maybe you saw it in a museum somewhere. All right, if today's your first episode, my friend, welcome to the party. It's very simple. My guy, tj. Hey, what's up? DJ B Sec driving in today up in H town. Good to see you, DJ B Sec. Always great to have you in the chat. Guys, if today's your first episode, don't be shy. I. I swear to God, it might seem intimidating. Oh, look at all these people talking to each other. Oh my God, they all know each other. I don't wanna. I don't wanna. I don't wanna say hi. I'm scared. Not scared, shy. Intimidated. Right. I know plenty of you. I met some people at Simply Cybercon a few years ago who are incredibly shy. Please take this as an opportunity to take what, one step forward in your, you know, career journey, your professional networking journey, and just say hashtag, first timer in chat. If it's your first timer in chat or if it's your first time chatting in chat. Okay, if you've never chatted in chat because you're always too shy or because you're watching on a TV and you're getting, you know, you're cooking eggs for the family and making toast, doing a little bit of that avocado toast, right? For the casually Josephs of the world and the. The gen alphas or whatever, just say what's up? In chat. We. I've got a special emote. I've got a special sound effect. I've got all the things for you and my friends, ad tech, me and others are going to make it rain John McLean from that Christmas classic, Die Hard. All right, guys, while the first timers roll in here, let me say shout out and thank you to the Stream sponsors, those who enabled me to bring this show to you every single day, starting with anti siphon training. Anti siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone Regardless of financial position. And today at noon Eastern. So four hours from now, right, you can learn the absolute truth of cyber security. This is one of those meta career job type things. If you want to work, if you want to work in industry and you are like, oh, what's it like working in industry? Right here, this is the answer. Whether you're a pen tester, grc, firewall engineer, mdm, identity and access management, you work in cloud, you work on, on prem, you're doing otics, whatever your bag is, get some absolute truths of cybersecurity. You can register for $0 right now and attend this. We got a first timer everybody. Hey, Richard. Richard Blot, 1988. My friend is in the chat. Richard Blot. Welcome to the party, pal. Welcome to the party, pal. Hey, for what it's worth, I've had avocado toast. It's actually quite good. I put everything bagel seasoning on it. It's good. And a fried egg. All right, thanks. Anti siphon training. Oh boy. Flare. Wait a minute, I've heard of flare. You've heard of flare? What is flare? What is flair? I've heard of flare, Flare, flare, flare. But yeah, that's right. Flare is that cyber threat intelligence platform that is absolutely cooking for practitioners to be able to have insights into dark web threat actor activity. Flare's team goes on the dark web under sock puppet accounts and absolutely grabs all of the goods. All of the dark web chatter, all of the breach form info, all of the nasty telegram channel communications. They get data dumps, info stealer leaks, etc. And then they package it in a really nice easy to query interface, essentially like a database. Right? Look at, look at this on screen right now. And for those listening on audio only, it's basically giving you all the insights. If you want to know if an endpoint in your organization has been compromised, if you want to know if a user in your environment's creds are out there, if you want to know if a domain name has been created that looks like yours and is serving phishing emails towards it, Dude, Flare all day long. Go to simply Cyber IO Flare. You'll go to this landing page. You just fill it out. You fill it out. They'll verify that you're a human. They'll verify that you're a good guy. And then if, and if you pass the test, you get a two week free trial. Two week free trial. Free is awesome. I'm telling you. It takes one day to figure out if you need this particular service. It is amazing. I love flair and I'm so glad they are a sponsor. Hell yeah. All right, really quick, really quickly, let's hear from Threat Locker. I'm going to boogie into my house and grab a fistful of Ricola as well. Threat Locker deny by default application security. They've moved up into the cloud. Also very proud sponsor. Let's hear from them and then I'm going to melt your face with a mouthful of Ricola. Let's go. I want to give some love to the daily Cyber Threat Brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat threatlocker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right, all right. Looks like I didn't make it in time. The Ricola bag didn't rip open as easily as I was hoping for. Okay, that's what's up. All right everybody, do me a favor. Sit back, relax and let's let the cool sounds of the hot news wash over all of us. Awesome wave. Let's cook.

B

From the CISO Series It's Cybersecurity Headlines April is Trust Month at the CISO series. Join us this Friday for our Super Cyber Friday livestream about hacking vendor Trust.

A

I swear to God. CISO Series Putting these ads in the front, knowing that we weren't playing them on the back end. Not a huge fan of that.

B

More details at the end of the episode. These are the cybersecurity headlines for Wednesday, April 8, 2025. I'm Sarah Lane. Anthropic announces Project Glasswing Anthropic says its unreleased AI model Claude Mythos Preview is powerful enough to autonomously discover and even exploit software vulnerabilities, prompting the company to to restrict access and instead share it with more than 40 partners through Project Glasswing. The model has reportedly identified thousands of bugs, including long missed flaws in major systems, raising concerns that AI could dramatically accelerate cyber attacks by lowering the skill barrier. Anthropic and participating researchers warned this marked a turning point for cybersecurity where defenders have to adapt as similar capabilities spread and expose weaknesses across critical infrastructure.

A

Yeah. Okay. This is a big deal. Okay, this is a big deal. There's a lot to point out about this. So, number one, there is a model called Mythos. M Y T H O S Mythos that anthropic has that they had a PR message about that accidentally leaked. They are under the belief that Mythos is so powerful from a cyber security perspective that it can analyze source code and web pages and web apps and find all the flaws and then immediately write exploits. So that's super powerful. Right. But it's great for good guys, people like us. Oh, yeah. You know, I can take this and scan my web apps and harden all the things. Yeah. The problem is threat actors can do it too. Now, remember, I want to point this out. Let's just pretend for a second. Let's just pretend, okay, that we give this tool to only good people, okay? Just pretend. Just work with me on this, because the hyperbolic example is going to bring something in, and I want. I want. I'm doing this as a thought exercise because I want people to think about this, okay? If we gave this power to only good people, okay? And only good people immediately used it. They. They. They canceled all their meetings and they said, I'm only gonna do Mythos work today. And they found all the flaws. Okay? Remember. God damn it. Remember, remember. I'm gonna have to do a text to speech, right? Shall we play a game like, use that method Stephen Hawking used to talk. I. I can't. I don't know if I can do this. So imagine, if you will, that you find all the flaws, right? When you go to your software developers and you say, hey, here is 1000 flaws. Mythos can write exploits for all of them. Mythos doesn't fix the bugs. It doesn't rewrite your code. It could, but that's not what they're talking about. Thank you, Zaga. So the problem is, even if we use this tool and even if we find all the bugs, all of them, and even if we tell the developers all of the problems from the second we tell the developers to. To the second that those flaws are corrected, there is a window of time there, and some of those flaws will never be fixed. Right? Open source project, abandoned project. You know, it considers it compromises some function or feature in order to close the bug. Okay? So it's not a silver bullet. Like a lot of people think, oh, like, this is great. Just give it to the good guys. And we're. We're hard. You know, we're hard as a Rock. Well, no, because in reality, developers don't instantly clap their hands and all their code is cleared. Okay? Now, as far as finding bugs and then writing exploits, dude, I'm telling you right now, the US Federal government, the Department of Defense, was so sweaty for like, thirst trap style. For anthropic to sign that deal and basically push their morals aside in the world of national security and military engagements, okay, Having zero day weapons is very, very desirable. We're talking. Oh, baby. Juicy. Give me some. Give me some. Okay, check this out. Simply Cyber IO Books. This is a my book collection managed by the librarian, AKA Christina. Best friends. Yep. Derek Welsky, who I got to see at rsa. Good to see you, Derek, with the super chat. Feeling simply congested today. Supporting the cough drop fun. Great seeing you at rsa. Yeah, buddy. Thank you, Derek. Always good to see you. Hopefully we'll run into each other at Blackout or something. So Simply Cyber IO Books is a website that is my reading list that I would recommend people do a lot of good ones. Call your attention to this one. This book is phenomenal. Phenomenal. Okay, look at. You can see I bought it October 3, 2022. So I'm not full of crap. Just hawking books here, bro. All right. I don't know why this looks like trash. All right, look it. This is How They Tell Me the World Ends by Nicole Pelroth. There's an entire section of this book talking about, effectively, the black market. Arms. Like cyber arms. Black market for zero days, right? Listen, if I'm a. If I'm a security researcher, right, And I develop a zero day and I can tell micro. Like, I find a vulnerability and develop a zero day and I could tell Microsoft about it, and maybe I get a thousand dollars. Ooh. Or I turn around and sell it to the US Federal government for half a million dollars. Or I sell it to, you know, in North Korea for $2 million, right? Like, just pick up polarizing threat actor. There's real money in these weapons, which means two things. One, if we can use Mythos to make weapons, we can make a boatload of money. But realistically, the US Government and every government would just cut out the middleman and make their own weapons. So this goes from like a cute LLM that can do fun things and help you write LinkedIn posts to like, making weapons. All right? And I'm not being hyperbolic. I'm not overselling this. This is what's up. Okay? Also, I said this the other day. Final thing. I'll say if you want A CVE associated with you. You better get cooking, man, because Claude is going to be sweeping up like, like, hold on to me. This is the equivalent of like raking leaves in New England, right? There's tons of leaves to rake. Everybody can rake some leaves. This Claude right here is like one of those, like high power, you know, blower vacuums that just like, is used for industrial leaf raking. You better, you better get your rake and get some leaves quick because otherwise you're not getting any CVEs. All right? Also final thing, we'll see where this goes there. Anthropic is working with industry giants like Google, Cisco, Broadcom in order to, like, move forward with this. By the way, Can I just say one other thing? I guess it's my show. I will listen. Thank you, Anthropic, for being the adult in the room. Thank you. Okay, we have been going. We have been going breakneck speed. We've been driving in the high speed lane in a McLaren F1 with no seat belt on top down, throwing money out the roof, screaming, money ain't a thing with AI the last three years, okay? And it was like, guys, can we have an adult in the room? Anthropics decided to be the adult. We're actually taking a moment and thinking about what is, like, just because we can doesn't mean we should. Just because we can. Maybe we should pause and put some guardrails around these things, okay? The US politicians and the, you know, legal system or whatever you want to call it, like the, the regulatory system, it does not move fast enough to deal with AI, period, full stop. I don't care. And it's not even the fact that, like, a lot of the senators are like 70 years old and older. It is just a fact that AI is moving way faster than legislation can keep up. Not to mention in the U.S. like, just in the U.S. there's a lot of other things going on. There's a lot of, you know, infighting and other. There's other things going on like, you know, threatening genocide that, like, we don't have time to think about AI. So thank you, big tech. Thank you, tech oligarchs. Thank you, Anthropic. Thank you for being the, the adults in the room and, and putting some structure around this because this is too powerful to just let it go.

B

Ham US seeks to slash CESA funding. The US administration is proposing a $707 million cut to CESA's fiscal year 2027 budget, reducing it to about $2 billion with the goal of Refocusing the agency on protecting federal systems and. And again, that critical infrastructure. The plan would eliminate programs seen as redundant or outside its core mission, including misinformation efforts, international engagement, and some school safety initiatives. The move follows earlier attempted cuts and major staff reductions, even as CISA looks to hire for key roles amid ongoing cybersecurity threats. Russia linked.

A

Okay, okay, okay. So you know I'm a big fan of cesa. All right? So let, let's just get that out of the way. I've got biases, okay? They're talking about cutting $700 million from CESA. Man, if you cut $700 million from my, my home budget, I'd be negative $77 million in the hole. All right, so listen, a lot of these, we talked about this the other day. A lot of ceases programs have already been shuttered, and they're just on the books as far as a budget line item. So the impact to CISA has already been realized. Right? I guess that's the TLDR here. So, like taking $700 million away? Sure, why not? You've already taken the 700 million. To me, this is just like cleaning up the books. All right? Now one thing that I'm like, whoa, whoa, whoa. The new budget proposal says CESA was more focused on censorship than on protecting the nation's critical systems and put them at risk due to poor management inefficiency. So just basically like straight up kicking CESA leadership. This sounds like, this sounds like a performance review for employment. Your, like your employer is giving you a performance review, like fully ready that they're wanting to fire you and they're setting it up. They say there also was focused on self promotion. Huh. I don't know if I thought of sisa's self promotion. Now, Jenny Easterly was quite the celebrity, right? Jen Easterly was quite the face of sisa. But honestly, I thought she did great for sisa, right? By putting a face to a name, by being out there, by being accessible at conferences, I feel like Jen helped move CISA forward. Guys, as a GRC dork, I have told you this a thousand times, all right? And for people who don't know, GRC is governance risk compliance. It's the interface between the business and information security. You have to be the face of information security or cyber security. You have to talk to people. You have to get in there. Because if someone falls for a fish or someone installs something stupid or someone gets a phone call and from a threat actor, right? If they have no idea who you Are they will, like, if they have no idea who cyber is or infosec or anything like that, they're one, going to be afraid to, like, admit that they made a mistake, two, they're not going to know who to tell if they did want to tell. And three, it could lead to a festering larger issue. So by being out front, being engaging, being the face, you break down those barriers. So when bad does happen, you get alerted quicker. Your detection through a human intelligence vehicle is faster. And that's what SISA did. So, I mean, I, I don't know, I feel like this is just like, rhetoric around, like, trashing Cease on the way out. All right. But anyways, I don't think this is going to have a big deal. We'll see. Catch Me in November. Cease is responsible for election security. And we've seen a lot of new policy coming out around elections and who's allowed to vote, which still is, like, out of control.

B

Hackers hijack routers for passwords. The UK's National Cybersecurity center warned that Russia linked hackers from APT28 are compromising widely used Internet routers to steal login credentials for email and other online services. The group, which is tied to Russia's military intelligence agency gru, is said to be using router access to harvest passwords and potentially expand access to additional accounts and networks. US warns.

A

Yeah, I mean, I'm calling an executive order policy. I'm basically calling anything that's coming out of the government as policy. Yeah. Okay, so Russia hacked routers steal Microsoft Office tokens. I don't know if this is the same story. The story that was in the news here is from Bloomberg, but Bloomberg has a pretty fat paywall looking thing here, so let's see what they do. Russian military intelligence unit is hacking routers to harvest auth tokens from Microsoft Office users. That's weird. I immediately wouldn't think of this attack sequence. Let's see what, what it is. All right. Hey, Adrian Santa Bria is in the chat. Welcome to the party, pal. Welcome to the party, pal. Adrian's going to be coming on to simply cyber firesides in the next couple months with the title of the episode, AI is not coming for your job. So stay tuned for that. Adrian's a great guy. All right. All right, so Russia was able to siphon 18,000, well, authentication tokens from 18,000 networks. So they at least 18,000, maybe more. All right, let's look at this. Okay, I'm going to allow this. My throat hurts today and I Feel like this infograph is making me feel good. So let's do this. And if you're new here and you don't know what this is, I have a thing. Unhealthy thing for infographics. Oh, yeah. All right, all right, enough of that. Thank you. Thank you for allowing me that moment. Okay, so Forest Blizzard. Forest Blizzard. That's interesting. So Blizzard is the Microsoft naming convention for any Russian based threat actor. So it'll be like forest Blizzard, you know, Pikachu Blizzard, Squirtle Blizzard. Like anything, Blizzard is a Russian threat actor. I guess the forest one is their GRU guy. I guess Tarkov Blizzard wasn't available somewhere. Casually Joseph just twitched. All right, so you could see here, using the infographic process flow, they attack the router and modify DNS settings, which, you know. Basically DNS is domain naming service. It allows you to type in google.com and then it gives you an IPT. An IPT. Sorry. Casually Joseph just wrote apt in chat and like buffer overflowed my brain. Google.com translates to an IPV. An IP address. Jesus, man. An IP address. That's what DNS is. Okay? A lot of routers, home routers, etcetera will just have your ISP or your Internet service provider, your AT&T, your Verizon, whatever, Azure, DNS. You can update this DNS. So all the endpoints in your network use a different DNS resolver. I personally use Cloud Flare. If you want. If you want what I use for my DNS, it's free, by the way. And oh my God, I want to share this with you because this is great. Oh, here it is. Cloudflare for families. Okay, this is. This is cool. Like this is, you know, bonus, right? I don't. They're not a sponsor or anything. This is what I do at my home. Okay. You can change your DNS resolver to 1111. That's an IP address. A legit IP address. It's very special, right? And it will prevent you from resolving IP addresses for adult websites. Like, you know, prawn type websites. There's also, I think a 1.1.3. Yeah. So 11.2 and 1.1.3 is no malware or no malware, no adult content. Here at the buffer Ojiflow Studio, we're running the 1113 IP address for DNS servers because we don't need malware or adult content. There's no adults here. You know what I'm saying? Okay, so let's look at this workflow here really quickly. So they modify the DNS settings, which means an end user types in google.com and they get sent to google.com but because the IP address is different, they're sent to a. Essentially a malicious controlled lookalike web page and then they put in their credentials and force Blizzard steals it. So the way that they made the story sound was that they were hacking the routers and then getting creds from there. But in reality all they're doing is changing your DNS server. That's it. Like spoiler alert, they're changing DNS. Okay, some people in chat are saying ZMEF is saying that he likes Next DNS. If you are using a DNS server that is not your isp, drop it in chat with your thoughts. I like Cloudflare. I know Google DNS is good. I've never heard of Next DNS. Whoops, sorry.

B

Warns of Iranian hackers targeting industrial controllers. US agencies including the FBI, CISA and NSA say Iranian linked hackers are targeting Internet exposed industrial controllers used in critical infrastructure, particularly Rockwell Allen Bradley PLCs. The attacks have reportedly been active since last month and involve manipulating operational data and extracting system.

A

We've got a. We've got a small issue here at the buffer Osier flow. All right, hold on. I just like punched my coffee cup and. Hold on, hold on. Standby. Standby to stand by. Okay, hold on one second. Thank God. That was like less of a problem than it. It could have been. Oh my God, Roseph. Wow. Oh my hands. Good thing I don't drink sugar in my coffee or whatever. Put sweeteners in my coffee because my hand would be a sticky icky sticky icky woo. All right, hold on a second. Sorry guys. It's one of those days.

B

Files causing disruption across sectors like energy and water. Officials say the activity is escalating due to geopolitical tensions and urge organizations to secure or disconnect exposed systems, patch vulnerabilities and monitor for suspicious activity.

A

All right, really quick cash. Jesse Johnson, AKA the Cosmic Cowboy and mod chat said simply spilled. All right, so Iranian hackers targeting critical critical infrastructure for sure. Dude, if I was Iran, okay, like, just be real. Like again, I'm an American and I, you know, want to protect my family and all these things. But like, I do like to think objectively, academically. I love thought exercises. I think I have some version of autism or add, ADHD or whatever. I love going deep into thinking exercises. That's the reason I love Magic the Gathering. I don't even play the game. I just build decks and like Analyze the crap out of what cards to use. It's very satisfying. So let's pretend for a second we're Iran, dude. Iran is facing existential threat. Or, or they were like, the world has not kind of come to the call for America, but Iran is facing existential threat. So they have been spending all of their resources. They're not holding anything back into the, in the, in the hopper, right? They're not, they're, they're releasing this. All the, all the stores in the warehouse, like let it fly. So why wouldn't they target critical infrastructure, right? I mean, think about it. We, or we. The United States is bombing the crap out of some of their critical infrastructure. Tensions are escalating. Iran has attacked that striker Medical and wiped all their devices recently. Iran is a first world power with first world cyber capabilities, right? Despite how they might be portrayed. So. Oh my God, bro, casually Joseph is being mean to me. Leave Britney alone. All right, so listen, critical infrastructure, if you don't know what that is, it's like cyber physical systems, like opening a vent to air gas channel, choosing how much chemicals to put in water to sanitize it, et cetera. This is big in the energy sector. It says critical infrastructure. When I think critical, I think of ot, ICS stuff. But let's be real, critical infrastructure is actually much, much bigger than that critical infrastructure. There's 16 different sectors. Health care is one, communications is one. You can see them all right here. Chemical commercial facilities, like you know, sports stadiums. Critical manufacturing dams is one. Defense industrial base, emergency services. So when we say critical infrastructure, my thought immediately goes to ICS and ot. But, but it is much bigger than that. And I mean, all I would say is like, dude, if, if, like, if we're throwing up the fear, uncertainty and doubt flags on Iran cyber attacking the United States, let's be real for a second. Healthcare and manufacturing are two critical infrastructure sectors, right? Like period. That's not negotiable. They are two of the 16. They are the top two targeted industries by for profit cyber, criminal, specifically ransomware threat actors, okay? And it has been that way for years. So like you could easily, you could easily change this title of this story. US warns of cyber criminals, financially motivated ransomware threat actors targeting critical infrastructure. And it would be 100% true. Okay? Now if you do support critical infrastructure sectors, if you work in a hospital, if you work in a, in an energy plant or whatever, you should be mindful of this increased likelihood, right? Move from DEFCON 4 to DEFCON 3, right? Like, shall we play A game like in war games, increase your detections, you know, like go threat hunting, do all the things. Okay.

B

Huge thanks to our sponsor, Vanta. Risk and regulation are ramping up and customers expect proof of security just to do business. Vanta's automation brings compliance, risk and customer trust together on one AI powered platform. So whether you're prepping for a SoC2 or running an enterprise GRC program, Vanta keeps you secure and keeps your deals moving. Learn more@vanta.com C All right, let's do this.

A

All right. Hey guys, I want to say thank you for being here. Whether I'm. My throat feels like I'm gargling sandpaper or I'm punching my coffee cup, which by the way, this is officially my favorite coffee cup. I have a simply cyber coffee cup and this is my favorite one. This was a gift from my sister in law. She was in the air force here in Charleston. It's got my name on the bottom. This thing is like a weapon, dude. And it fits in my truck's coffee cup holder when I drive my son to school and it holds two cups of coffee. Winning, winning, winning, winning. All right guys, thanks. Threat locker anti siphon flare for the support. Definitely, definitely appreciate it guys. Shout out to all you all. Thank you so much for being here. Love it. All right, every single day of the week has a special segment and Wednesdays is way back Wednesday where we kick it old school. I am in my mid-40s and there's so much tech that like people, it's just forgot, forgot to, you know, time or whatever. I want to share this one with you. This is hilarious. So like I make content, right? Many of us in chat make content. All right, hold on one second. And dude, it's literally just like, where are we? Hold on one second. I wanna, I just want to share this with you because I feel like a lot of people don't think about this. Like, dude, in 2026 you can just pick up your cell phone and record a video, right? They even have these like little gimbal looking things from dji, right? People are making content all over the place. People are making content in their car. I want to throw it back. Dude, in the 80s this was like, not only was this like $1,000, but also ridiculous. Dude, way back Wednesday, do you remember this? Like you would put an entire VCR on your shoulder and then film, you'd have this crappy microphone shout out to the VHS cam quarters from 1980s. What's up Jacques? Club 12, first timer. I just want to say shout out, dude. Shout out to. To the camcorders of the world. I even had like a kid version of a camcorder. 1980s kid camcorder. It wrote to like cassette tapes. Quality was awful. Let's see if I can find it. Hey, I can't find it. I don't know. Did anyone have one of these camcorders? Any. Any memories? Michael Fink's dad had one. Phil Stafford had one. Radio Shack used to sell them. Yeah, the RCA jacks. Dude, this was like ridiculous. Like you would run this at like a school sporting event. You get that like the, the distortion lines on the VHS1. Yeah, the case for this thing was like a piece of luggage. Ridiculous. All right, guys, we got the la la la. Let's go. You know the words. Adrian, lead us off. Alpha Sierra, if you're in chat, we miss you. All right, let's finish strong, everybody. Hope you enjoyed that. Way back Wednesday.

B

Attack hits Northern Ireland's centralized school network. A cyber attack on Northern Ireland's centralized C2K school network forced the education authority to shut down systems, disrupting access for potentially more than 300,000 students and 20,000 teachers. Officials say the reach was contained early and there isn't evidence so far of data theft or corruption, though investigations with capita and incident responders are ongoing. Schools are gradually being brought back online as authorities prioritize secure restoration and exam related access.

A

All right, I faced oil is our resident Irish citizen. I haven't seen Face Doyle in the chat in like a few months though, so. Face Doyle, we salute you. Would have been good to had you for this one. All right, so education gets hit in Ireland. All right, so teams have been working through the weekend. There's another thing if you work in it. Here's a thing that people don't talk about. If there's people in chat who are like, I'm thinking about moving from marketing to IT or marketing to cyber. Just be aware, you might have to work weekends, you might have to work nights. And if you're casually Joseph, you might have to work weekend nights. Lol. All right. Yep. Ja Cub. J A H. First timer. Welcome to the party, Jacob. Welcome to the party, pal. All right, so they're restoring systems. Whatever. They don't know who hit them. This could have been a rat eating a. A power line. This could have been a threat actor hacking him. Yeah, they say there's no evidence of data corruption or evidence leaving the system. They did as a precautionary reset all passwords, so that's fine. All right. Here's what I would say. Here's what I would say. Okay, this, this organization got hit by some type of cyber issue. It's unclear if it was a cyber attack or if it was just, you know, some type of I. T. Snafu they are executing. Best practices, resetting creds, restoring systems in order. The only thing I would say here from, you know, this is a lesson learned for everybody. Number one, you know, obviously, tabletop exercises. I talk about these all the time. Practice what, what you do and how do you res. Dude, if I told you right now you have to reset everybody's creds in the environment, what does that mean? You might be like, oh, I'll just go to active directory and reset creds. Or set everybody that the next time they log in they have to change their creds. Yeah, okay, what about applications? What about networking devices? What about, you know, anything other than creds and ad, Right. Does that map up to Azure? I. I don't know. You know what I mean? Like, so it's not as simple as, like, oh, like, like, I. Sometimes I deal with senior IT People who say. Who answer that question very flippantly, like, oh, I just reset the creds. What else you got, Jerry? It's like, hey, my friend, it's very cute that you just say reset creds, and everybody else in the room thinks that that's a sufficient answer. But in practice, how. How do you do that? What's the scope of that? Are you resetting service accounts? Are you resetting domain admin accounts? Are you going to disable domain admins? Are you going to go threat hunting? Are you going to look for logins? Are you going to look for new accounts that have been created? Are you going to look for accounts that have been abandoned? I don't know. You tell me, clown. All right, sorry, that one touched a little too close to home. All right, I've had to deal with some. I've had to deal with some interesting conversations over my career of people pushing back on giving basic, simple, you know, answers that are not sufficient. Okay, the other thing I want to point out here, and this is another one, okay, this is another one that's super important for everybody to know. And I want to say is that killing the chat at. At it career questions? No. Zach. Taking it easy today? No days off? Zach, Listen, this is another thing that you will never learn unless you have been absolutely burnt by this. And I have scars. And there's plenty of people in chat with scars, okay? When you are restoring systems, right? If it's just your. If it's just like your home network and you're. You're like, you have a laptop that gets cooked. Yeah, okay, restore the laptop. Big fd. Okay, but if you actually work in like a corporate environment, an enterprise environment, you have active directory, you have ERP solutions, you have domain controllers in multiple facilities, you have Citrix gateways, you have NET scalers, you have load balancers, you have processing servers, kubernetes instances, you have hybrid environments, cloud. Right, now we're talking. Okay, let's just pretend everything goes nipples up, okay? Everything's screwed. Here's the reality. The order in which you turn things back on matters because a lot of times there are dependencies that you can't stand up the Kubernetes unless you've stood up. Like, I don't know, the. Or you can't stand up the processing server unless you stand up the Kubernetes instance first. You can't stand up the ERP solution until you've stood up the domain controller. You can't stand up the domain controller in the Puerto Rican facility or the Puerto Rico facility because the primary is in the Nashville facility or whatever. Or like, oh, we're running, you know, doming 2008 R2 down here. It's a special one. Sometimes you'll restore a system and then you'll discover that it has a dependency, and then you'll have to wind it back down and you'll be wasting time. Okay? So my point is you need to understand the order in which things get restored for the most optimal path to get back to a known good state. And the only way to do that is to practice, talk through it, work with your IT people and potentially simulate it. Right? Or do it in practice. All right?

B

Acts Severity. Flow wise RCE vulnerability exploited. Attackers are actively exploiting a critical remote code execution flaw in the flow wise platform by injecting malicious JavaScript through improperly validated configuration inputs. Researchers at Vulnchek observed early exploitation activity with thousands of Internet exposed instances potentially at risk. Alongside additional flowwise vulnerabilities also under attack. Users are urged to patch to version 3.0.6 or later and restrict public exposure to prevent compromise. You.

A

All right, all right, here's. Here's another, like, reality, okay? And I. I feel like this is something that senior practitioners don't talk about. Okay? Flow wise remote code execution vulnerability. RCE is bad. RCE is bad. Okay? If you see rce, that's bad. You don't like that that means anyone on the Internet can exploit it, right? And it's being actively exploited, which means there's weapons out there, people are punching. Here's the thing people don't talk about. I have never heard of flow wise. Okay? That doesn't mean that it's not a popular tool and I'm just some ignorant bumpkin operating out of the low country like just waiting to put on my waiters and go march around in some pluff mud. But when I see a story like this, I'm not, I'm not like putting on my brown pants and calling it a day. I'm like, okay, some applications got a max severity meaning a 10.0 remote code execution. It's probably unauthenticated. You would want to make sure, you'd want to know if you have flow wise in your environment now. It's an open source platform for building custom LLM apps. Chances are your researchers, your developers, your power users in your environment might be dabbling with this thing. You can inject JavaScript into it without any validation. Let's see if you Upgrade to version 3.06, you're fine. Ah, you've got a patch it. Okay. It's on version 311. 311, right? Original 311. New 311 is terrible. Old 311 is good. Okay. So if you're just keeping update on your current versions, you're fine. Anyways. This is almost like deprecated. This is difficult to find in your environment. I, I would argue it'd be hard to know if people are using this in your environment. That's. This is part of the problem with the AI governance challenge you recommended. Upgrade. Sure, no big deal. Here's what I would do. Okay. Okay, here's what I would do. There's 12 to 15,000 flow wise endpoints accessible right now. So what I would do is I would use show. First of all, I would use Shodan. And if you don't know what Shodan is, Shodan's dope. Shodan is a super tool for cyber practitioners and it's a lot of fun. Okay. I would use Shodan to look at your Internet facing IP range for your business and see if you have any of these flow wise apps. Internet facing. I don't even know why you would have this thing Internet facing frankly. Secondly, because it is AI, you could probably prompt inject it with a, you know, some type of prompt injection to get the JavaScript to exploit it. Here's what I would do. Okay? You do you and People in chat. If you have Adrian, code Brown Adrian, if you have a thought on this, drop it in chat. But here's what I would do, okay? I want to point out that AI is. Dude, AI is like everywhere and every. It's very easy for anyone. Researchers, developers, power users, even like Carl and accounting, right? Two, implement some, some AI. So it's flow wise RCE today, tomorrow it's going to be, you know, llama, whatever. Here's what I would do. Instead of focusing on hey, developers, make sure that your flow wise is updated to version 31 1. What I would say is I would send this message out to, to the organization because you want to make sure that you hit like kind of people who work in accounting, but they're actually like power users or whatever and just say, hey, listen, I know open source software is really cool and I know AI is going gangbusters. Just make sure that you're always staying up to date, keep your software current. Here is an example of a piece of software that is being actively exploited. If you just kept current on the versions, you'd be fine. Same with. That Axios NPM thing, right? The Axios NPM thing. I mean, I know you can't see it because I got the screen here, but on the Axios NPM thing, if you just stayed current on versions, you, you would have been protected or at least reduced the window of exposure. So to me it's less about, hey, make sure your flow wise is good and just hey, here's a best practice. Keep your AI tooling up to date because there are a lot of threat actors doing a lot of crap out there trying to attack your stuff. All right? That's what's up. Computer. Keep going.

B

Cybercrime losses past 20 billion for first time the FBI reports cybercrime losses reached a record $20.87 billion in 2025, with complaints of surpassing 1 million for the first time. Driven largely by phishing, investment scams and business email compromise, AI is becoming a bigger part of these schemes with criminals using tools like voice cloning, fake profiles and deepfake content contributing to at least 893 million in those reported losses. Most losses still come from scaled up traditional scams, with fraud accounting for 85% of financial damage. National.

A

All right, we don't even need to spend more time on this story. Listen, here's the deal. This is like, this is a classic, this is how it works, okay? Anytime there's a development in technology, even something that's paradigm shifting like AI, people retrofit it to do their current processes more efficient. That's it. Right? Like, like when we get new technology in the agriculture industry, we don't reinvent how to grow crops, we just grow crops more efficiently. Right. Threat actors are using AI to execute their current frauds more efficiently, faster, and with higher efficacy. What does that mean for us? We're lucky. We're lucky. Me, you, Zmif, find the true brown coyote. Sean Sailors. We, we are super lucky, guys, Because we should be protecting from these attacks anyways. We should be detecting these attacks. We should be educating our end users on these attacks. Phishing, landing pages, click fix, all these things. So if they're using AI to do it faster, stronger, better, like the Six Million Dollar man, that's fine. But like our tooling for protection and defense and detection should still work. It's only when they go ham on a new attack, you know, vertical, would we be screwed? Okay, now, Sean Sailors, going back a minute says that the Axios was because you updated to the latest version. I don't think so. I mean, obviously with the act. Okay, so Sean Sailor said the Axios thing was because you updated the latest version, right? Here's the deal. The Axios thing, at, at some point, a version got compromised. So if you were on an old version and you updated to the compromised version, then, yes, you would be compromised. But then they released a newer version that if you updated to, you would get off of the compromised version. And the reason I want to bring that up is because you, you cannot. I know it's cute and funny to be like, oh, we weren't affected by log 4J because we never updated our stuff. We're not affected by the Windows 11 vulnerability that's hurting everybody because we're on Windows XP. Like, it's not a good reason to be protected because you're on an old deprecated version. You, you should stay current. There's a whole reason that we have, you know, patch management, vulnerability management. Okay. And I'm not saying that Sean Sailors was suggesting that. Okay.

B

Security veterans warn against FISA delays. 50 former US national security officials urged Congress to pass a clean reauthorization of Section 702 of the Foreign Intelligence Surveillance act before its April 20 export operation, warning any lapse would harm intelligence operations. The law allows the NSA to collect communications of foreign targets via US Tech infrastructure, but faces opposition from lawmakers pushing for privacy reforms or attaching unrelated legislation. The officials cautioned that political disputes could delay renewal. Be sure to register.

A

All right. National security veterans. So Fiza Isn't FISA where you like, secret, like you ask, like a secret court to tap people's phones? All right, All right, all right. I don't know, guys. This is not really cyber security. Ish. I mean, this is like. I mean, I guess this is like eavesdropping or compromising confidentiality, but, like, this is like cyber adjacent at best. Guys, there's certain things, in my opinion, there are certain things that it doesn't matter who is the President of the United States, who the administration is. There's certain things that just everybody kind of agrees, gets stamped and driven through this FISA thing. Yeah. I mean, 20 days before this, April 20th, the statute expires. I'd be stunned if this thing didn't get renewed, at least to kick the can down the road. Intelligence, information. I'll just say this and then move on. In the world. In the world, there's only four ways to assert national dominance, okay? There's only four ways to do it. If you want to be a. A country or an entity of influence and power, there's only four things you can do, okay? Spoiler alert. Number one, diplomacy, right? Look at China and their Belt and Road Initiative, building airports and building stuff. They are asserting their power and influence by. By doing diplomacy. Number two. Well, let's skip number two. This is called the dime model, by the way. Dime, like nickel, penny, dime. Number three, the M is military, right? Boots on the ground, like we're kind of seeing in multiple parts of the world. And four is economic. Right. Sanction the crap out of people, not allow them to do business. That is what's happening with North Korea, which is why they steal crypto all over the place. Number two is I. Information. Information is a very powerful asset in order to have intelligence. To make decisions, to tip your hand, to do misinformation, disinformation, to understand what your adversaries are going to be doing, to understand what their military capabilities are, etc. So that second element of national power and influence comes from intelligence gathering. The United States has one of the best intelligence gathering communities in the world. Caia, nsa, dia, FBI. Right. We haven't. We have intelligence for days, okay? So to think for a hot minute that they would somehow not authorize this is ridiculous. We would be cutting off our nose despite our face. Robert Hendrickson knows what's up with the dimension, by the way. I only know dime because one of my close friends and roommate from my undergrad is a colonel in the Air Force and he tells me these things. All right, let's go. Wow. If you can believe it, we did this show. We did the show. Guys, thanks so much for being here. This was episode1106. Huh? I guess this was episode 1106 of Simply Cyber's daily Cyber Threat Brief podcast. I was your host, Dr. Gerald Ozer, punching coffee cups and having lozenges. I hope you enjoyed the crap out of the show. Shout out to over the shoulder camcorders. Don't go anywhere because we're going to be cooking on the Cyber Career Hotline. Call in. I'm working on this whole like 90s party hotline loveline type vibe. I'm Jerry. Get ready to ask your questions. My throat hurts. Until next time, stay scared. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber cyber security field. Live, unfiltered and totally free. Let's level up together. It's time for some jawjacking. What's up, everybody? We got some vestigial jawjacking graphics going on. I want to say what's up to you. Welcome to the Cyber Career Hotline. I'm working on the naming still. I'm your host, Jerry Guy. You can tell because of the glasses. You may be coming from the Simply Cyber Daily Cyber Threat Brief hosted by that say it with me nerd, Dr. Gerald Ozier. Mara Levy knows. What's up, guys, this show is very specific. We are here to help you. I want to answer as many questions as I can. That is the deal. It's not about me. It's not about what I'm into. It's about you. And it's about helping you. So if you got questions, put them in chat with a queue. I also encourage people in chat. Right, you practitioners who are in chat, The Adrian's, the IT career questions, the Jesse's, the Roswell UK, the Brown Coyote, the Steve Young, literally, Marcus, Mara, Ms. Julian, literally. Everybody in chat. If you have an answer. If you have a thought about any of the questions, put them in chat. I'm telling you, it takes a village. And this is what makes a community rich and valuable. Here we go. Cyber Risk Witch. With the first question. Off out the gate. Come on, check them. I gotta scroll down. Cyber Risk Witch. Oh, my gosh, bruh. Here we go. Oh, wait, hold on. I'm sorry. Oh, my God. Dude, is this career question only now or can we still chit chat? Oh, no, of course. Chit chat. Cyber risk witch. No, no, please chit chat away. Have a Good time. This is all about good times. We are all about good times. Zenith wants to know if quarterly meetings are still a thing. Yes, Zemif, I haven't. I want to do quarterly meetings. I. I am. I don't know what to tell you, man. I am getting crushed right now. We have a lot going on personally here at the house. Without getting into too much detail, we may or may not move. And if anyone's ever moved, it's quite disruptive and, and dominating. I don't want to get into the details of that, but we can certainly do a quarterly meeting. I will say, just for fun, I started my anthropic training yesterday. Over the next two weeks, three weeks, I'm going to be doing GRC engineering training and anthropic training and I'm gonna make a bunch of content around it. And if there's anything in content wise you guys want, let me know. I am releasing a produced video every Sunday at 4pm for the year. So let's go. Straw hat sex. As I found out, I will be part of Flex Crew at B side South Jersey. Any po. Any poses recommendation? I don't understand the question. Straw hat sec. What does flex mean and what does poses recommendations mean? Let me know if you can clear that up. Let me know. I do want to point out something really funny though. Marcus Kyler, I think you'll get a kick out of this because Straw hat sex said flex. I want to tell you that in College at UMass Amherst in 1999, Funk Master Flex played a concert. And I, I was. You guys have no idea how poor I was when I was in college. Like, I, you know, I was taking loans out to pay for college. I worked for food. I worked at a sorority for lunch and dinner in exchange for food. And I had like 13 roommates. But I worked a, like in order to go to the Funk Master Flex conference. I mean, a concert. I worked security. I had a buddy who was like in charge of event planning or whatever and he's like, you want to go? I'll get you in a security. I'm like, all right, dude, I must have weighed like 119 pounds working security at a Funk Master Flex concert. I wasn't doing much. I did get to see the concert though, which is hilarious. All right. I've been thinking about creating my own business, doing cyber for small businesses, but I sometimes think I don't have enough experience or enough. Yeah, exactly. Enough knowledge. So what do you recommend? Okay, so taekwondong. Here's what I will say. Start the business as a side hustle, right? Dude, whatever experience or knowledge you have, you have more than the business owners have of cyber. And as someone who owns a business, right, And I'm sure other people in chat. If you own a business, if you own a business. Oh, Adrian's parents went to UMass Amherst. All right, way to go, minute man. Alum, let's go. Sorry, false alarm on the wrecking ball. Here's what I would say. Taekwondong. Start the business as a side hustle and then slowly start building it, though, remember, even. Even if. Even if you know the same amount as the business you're trying to help, the business that you're trying to help is probably focused on, like, seeing patients or doing accounting or making bread. Like, whatever the business is, you're helping. That's what they're focused on. So you. Even if, like, you don't have enough experience, like you're taking that load off them and helping them secure their assets and they don't have to think about it. So there's value there. It's not just about you bringing knowledge that they don't have. The one thing I would warn you about. So my business has multiple dimensions to it, and it started out as a consulting business. And I still do consulting for a few clients that I've been with for 10 years. But I don't take on new clients because, like, client service, consulting service for small businesses. Like, if you're doing service, it's very time consuming and it's difficult to develop new business if you're actively working on business. So I would start it as a side hustle and grow it if you want. Just a bonus tip, you can offer your services for free to the first couple people, free on cost, but they must pay you by giving an honest testimonial after the service is done. Phil Stafford says, do you think Project glasswing will actually protect the AI ecosystem or handcuff Western researchers that aren't in the project? Will this mean that the non US models win supremacy? Yeah, I mean, there is that. Like, I don't know, Phil. I'm hoping. Phil, honestly, I'm hoping that smart people and cooler heads prevail and that, you know, Western. Western countries or, you know, Western governments are able at an academic level to vibe with non Western governments, like China, for example, right? And be like, guys like, this is. I get like. Like nuclear weapons, right? I mean, AI is essentially very similar to nuclear weapons. It's just way easier to get access to it than nuclear weapons were. There's like Mutual destruction. Right. So I'm hoping that it doesn't handcuff Western researchers. I hope it establishes a standard for all researchers. All right, what does your GRC engineering path roadmap look like? So really quick anecdotes. AI, which is a vendor who I've done some work with, they actually have a GRC Engineering 101 course. I was going to start there and then once I do that, move on from there. So I'll let you know if I write any scripts or code or anything. I'll put it on my GitHub. Did anybody see. Did anybody see what straw hat sex doing at that B sides conference? In a nuclear war, they say the only thing to survive will be cockroaches. Does that mean most countries will stop? Oh, okay. Not a question. More of an editorial silence poet. Not much of a question. You ever realize the biggest threat to your personal cyber security is your wife and kids? Mine is okay. Jacob trying to find his first job Ultimate. The goal is fully remote work from anywhere in the world. Which cyber job specializations are best for fully remote work? I mean, any of them can be done fully remote. I will say pen tester, you know, oftentimes can be done remote. Although that, that specific role is in high, high supply, low demand. So it's kind of hard to break in as that. You can, you can work in a sock. I mean, we have members in the simply cyber community. Work from home in a sock. I will say if it's your first job, you may have a tough time working remotely because frankly, you don't have any job experience in that role. So they'll typically want to train you up. And if you're remote, it's a little bit more difficult to train you up. Doesn't mean it can't be done. I would say that, you know, sock is probably your best bet. Jacob, does the ISE2CC cert have any value when it comes to getting your resume? I don't know how the AI agent agents reviewing resumes are. That's a question for the job father. If anybody in chat has any visibility into how AI agents reviewing resumes go, let me know. I would say the ISC2CC cert, just like any cert zero menace is valuable if the market's asking for it, right? Are you seeing job postings asking for this cert? Yes or no. All right. 345 says I don't have a ton of hands on experience in it. I do have a degree in IT and a master's in health Informatics. Any advice for getting into healthcare? Maybe try help desk. Hey, Albright, is this Meline Albright? Is Madeline Albright the former Secretary of State? And I'm just getting confused. Here's what I would think. Having that masters in health informatics is a huge win for you. I mean, help desk for sure would be an easy in for. Getting into healthcare. I. I wouldn't even start there though, Albright. I mean, you know, having that health informatics is huge, right? You can speak clinical. You understand what the clinical care team's talking about. You understand what the priorities are in a healthcare environment. Now, you said you want to get into it, not cyber. So I mean, you can get on with the biomed team. You can be a liaison. Here's another thing that happens quite a bit anytime some new technology is being rolled out in for like, you know, a unit or a department or a hospital or whatever. Whether it's a third party app, some type of like, you know, shall we? One of these like telehealth, telemedicine, roaming robot things. Whenever there's any of that crap, there needs to be like an IT liaison. Be able to speak to the clinical team and the vendor. Typically that would be a perfect role for you. So look into that. You could do help desk, but I think you're. You could go beyond that. El Paulo Loco says there's a simply cyber GitHub. No, there's a Jerry guy311 GitHub. My. My Jerry Gerald Oer GitHub. Have you heard about the CIA weapon called Ghost Murmur? No. Let's investigate. Ghost murmur 20 hours ago. All right. All right, let's see the secret, never before used CIA tool that helped find airmen. If your heart's beating, we will find you. All right, The weapon system officer. Basically, the weapon system officer is the guy who sits in the back, right? There's one guy who flies and then there's one guy who's like basically operating the radio like Spotify, playing tunes and dropping munitions. His name was dude44 bravo. I'm just gonna let everybody know again. My buddy is a colonel in the air force. From what I've gathered, he was a B1 by pilot also, or B1 weapons nav officer. You don't get cool call signs like maverick, iceman, and dude44 bravo. You get names like Combo and you know, Boner and stuff like that. I don't know, whatever. I mean, if they have some capability to detect heartbeats, that's fine. I mean, they've had, they've had the ability to see, like, heat signatures forever. Right. All right. Continuing to look through chat, looking for questions. If you have a question, put a Q in front. This is Cyber Career hotline. Phone lines are open, and I'm trying to answer all your questions. Put a queue in front. I'm Jerry. 20 plus years of experience. I love cyber security, I love helping people, and I love this community. So let's cook. Ms. Wolverines just started university for bachelor's in cyber. Want to go into it in general first? Should I mention my studies or not? When applying for jobs? Wondering whether. Whether they would be afraid of split focus? No. I mean, no. I mean, I would personally, like. Here's the deal. If you say you got a bachelor's in IT or bachelor's in cyber, that doesn't mean anything. Wait a minute. Because, like, a Bachelor's from UMass Amherst in computer science and a bachelor's from, like, Kennesaw State, Georgia in computer Science or College of Charleston in Computer Science. They're different degrees, Right. They have different disciplines, different requirements, different everything. What I like to do is, I like to. Especially if your resume is kind of thin on job experience, I like to call out quantifiable, actionable impact from the education that you got. Right? So say you learned networking, right? I'm sure you did labs in your networking class, so explain that. Right? Oh, I, you know, I, I deployed or I built a. I built a, you know, segmented network with, you know, IPv4 ranges. Or I, you know, managed VLANs or like, whatever it is. Explain in your resume what the impact is because you have to translate what you're learning into what is practical and of value to corporate America or to an enterprise. Right? If I look at your resume and it just says bachelor's Cybersecurity, like, okay, cool. Like, did you do anything with, like, sims? Did you do any. Like, is it just an entire degree on pen testing? Right. And I'm being hyperbolic to make my point, so I don't. I think you should mention your studies. Sure. It. It helps beef it out. Remember, whenever you do a resume for a job, you should be tailoring the resume for the specific job. It's great that you were the treasurer for, like, the hang gliding club, right? At. In. At university. If that has nothing to do with the job you're applying to, don't include it. Like, you want it to be super specific. And you can use AI to tailor these things. Right. I have a video on simply Cyber. Like, take the job posting, take your Resume or your LinkedIn profile. Mush them up and have it help generate. Oh yeah, help it help generate real quick. I want to remind everybody at 9:30, Season 8 Episode 4 of Two Cyber Chicks, Erica McDuffie, Jack Scott, if you like GRC and you like great conversation, these two professionals are absolutely killing it. Two Cyber Chicks. It's great content with a GRC bend. So we'll do that at 9:30. We'll raid together. Continuing to look at chat. Which platform do you recommend to use for a PhD owner who wants to apply for teaching in cyber? Which platforms do you recommend to use for PhD owner who wants to apply for teaching in cyber? So I'm not entirely sure what the question is. Like, are you wanting to get a job at like a university and teach in the cyber department, or are you wanting to stand up your own training platform like simply Cyber Academy? And then. And then what platforms are you do I recommend? So for university? I guess I'll answer both for university. I mean, just connect with the. You can do adjunct faculty, which means like you're kind of like a contractor and get in with university. I've taught at the Citadel Military College for like five years doing that. If you want to stand up your own platform, I know some people have had great success with thinkific. I use teachable. I could, you know, love it or leave it. It's. It's all right. There's other teaching platforms that are like, holistic with like the community aspect of it, right? A lot of people like Kajabi. All right, hold on one second. God, my throat hurts so badly. Continuing to look for chat. S. Cole07 says his beer pong trophies mean nothing. LOL. That's funny. All right, continue to look at. Oh wait, are we caught up on chat? Heck yeah. Boy, we are caught up on chat. Love it, love it, love it. All right, guys, we can keep on cooking, obviously, but I. If you have questions, I have answers, put them in chat. Love it. Like I said, I'm going to be working on Claude anthropic training. I took the first class, quad 101. Lame. I mean, I'm gonna give my full breakdown of the training. I'm hoping the training gets better, frankly. But is this a question for me? Network engineer. Good. Foundation question mark. Yeah. I mean, network engineer is a great job if you understand networking. That's like half the pop, half the puzzle, right? Understanding how networking works is. Is very important. ZMF says. Where are these classes? Yeah, check it out. They're free, anthropic, skilled. Here I'll drop a link in chat. Yeah, you could see. Here's the Claude 101 I took. Okay. Introduction to Claude Co Work AI Fluency Building. My plan is to take all of them and either make a collection of videos or just one video. Like, oh, hey, I spent 30 hours taking quad training. Here's what I learned. So. Phil Stafford says it's a great resource. I. I hope so. I mean, I am going to be fair in my video. I'm going to explain where I currently am starting and then I'll break it down for everybody. Let me know by the way, if anyone has any thoughts on content you would like me to make. I'm desperately trying to make some content for people. Oh, we got a gifted subs from Straw Hat Sec. Thanks, dude. Did we just become best friends? Yep. All right, nice. Gifted subs for days. You're a recipient of those gifted subs. You can thank Straw Hat Sec. Kishan says, what would you recommend for cyber related content to stream? I mean, solving, you know, like hack the box rooms or hack smarter rooms is one way to do it. You know, like, I saw Tyler do some like work with me streams to kind of help. I mean, that's kind of a crazy stream because like you're just working and people are watching you, but allows some like community of focus or people to work together. I'm trying to think of like what else? I mean, if you wanted to stream, you could, you could break down, I mean, I guess. Keisha, I. I'm not good at like the entertainment side of streaming. I'm a big fan of education. At the end of the day, when you make a piece of content, whether you're producing it, you're live streaming it, it's a short, it's a long, it's written, it's video. No matter what, there's one of three things that you should be achieving. And if you can get more than one of the three, that's awesome. You can either entertain people, you can educate people, or you can inspire people. Like Mr. Beast. Videos are entertaining, right? This anthropic stuff is educational. You know, you know how the inspiring stuff goes. Like, so pick one of those three cyber related and go for it. I. I like to go for entertainment education and if possible, inspire people. That's why, honestly, that's why I'm just real. I make mistakes all the time. I had to run out and go get throat cough drops. I'm not perfect and by any means. All right, we're about to go live with two cyber two cyber checks. About to go live with two cyber checks. Guys. I want to thank you all for being here. Thank you, Cyber Risk, which you are so kind. Thank you very much. I appreciate that. All right, guys. Be Be. Have fun. Let's go right to. I'm gonna drop a link in chat right now. I'm Jerry from Simply Cyber. I want to say shout out to Adrian for jumping in chat today. Shout out to all the squad members for all the support you guys do. All the regulars, all the first timers. Ja Cub. Hope you come back tomorrow. Let's go ahead and raid two cyber chicks. Until next time, stay secure. Sa.