Jerry

All right, good morning, everybody. If you are looking to stay current on the top cyber security news stories of the day while being entertained, educated, and connecting with supportive, inclusive, amazing professionals, well, then you're in the right place. This is simply Cyber's daily cyber Threat brief. Over the next hour, we're going to go through the top eight stories of the day. I'm going to go beyond the headlines using my 20 plus years of cyber security industry experience and give you additional insights that you are not going to be able to find anywhere else. No classroom, no textbook, no social media post. We're giving you pure value, straight, simple, easy to get, and it's all about good times. Let's go.

All right, good morning, everybody. Back at the Buffer Oer Flow studio after a hellacious day of travel yesterday. First time ever been up in a plane when the plane has a mechanical failure and we have to turn around and fly back to the airport. So that was. That's not on my bingo kart for 2025, guys. For those who I got to spend time with the last couple days out in Austin, great to see you. For all of those that you who were here, guys, I hope Daniel Lowry crushed it. I did tune in yesterday for a hot minute and Daniel was in rare form. I loved it. I know the show went great. Definitely back and super pumped. Now, listen, if today is your first episode, first of all, drop a hashtag, first timer. Hashtag first timer, if you will, in chat. And if it's Brad Osborne out there in the Internet, someone who's been a long timer but never, ever, ever, ever chatted. Just kind of wanted to chill in the background. Take the first step, Brad. Hashtag first timer. We'd love to have you guys every episode of the Daily Cyber Threat Brief. Thanks, Kyle. Every episode of the Daily Cyber Threat Brief is worth half a cpe. So what's up? In chat? Grab a screenshot.

Sarah Lane

Right.

Jerry

That's why chat is above my head. Not only to show you guys how awesome this community is, but also so you can be part of the show and have a forensically sound piece of evidence. I only suggest you take a screenshot because that way you don't have to go back and scrub.

My video is not freezing. You don't have to go back and scrub. Looking for your name. Just. Yeah, there. BW5542 knows what's going on. Good morning.

All right, I do want you to know about the show's format. So we are going to go through eight stories, but guess what? I don't know any of. I have no clue what they're going to be. Sometimes this blows people's minds because they think I prepare for the show jokes on you. I have no idea what stories are coming because in reality, as a practitioner, you don't get to see the stories in advance and then think through them and then be like, oh, I'm gonna just act like I've seen these. Ain't nobody got time for that.

Daniel Lowry

Ain't nobody got time for that.

Jerry

This is like legit how I, like, literally do my job. Okay? So, like, for those who don't know the origin story of this, what I do with the daily cyber threat brief I was actually doing for years, just I wasn't on camera.

And I thought, oh, you know what, this could be valuable to other people. Let's give it a shot. And lo and behold, wouldn't you know it, six years later, one Sanskrit Podcast of the year award in an amazing community. People did like it. Now, before I get into the news, before I melt your face, before.

Excuse me, before I reveal the meme of the week, which happens every Thursday at 8:30am Eastern Time. So just 26 minutes from now, compliments of one Dan Reardon. Before I do all that, let me say shout out thank you to the stream sponsors, those who enabled me to bring this show to you in its glory. Whether I'm on the road or I'm here at Buffer Ozer Flow Studio Central Flare Academy. Guys, go to Simply Cyber IO Flare.

Simply Cyber IO Flare panel. This is today State of The Dark Web 2025. I have to run to the airport at 10am to get my luggage. Yet another piece of the amazing experience that I had yesterday where my luggage didn't make it. So I gotta go to the airport and get my luggage. But I'll be back. We're doing that at 10am so at 11am you can expect to find me. And if you want to level yourself up too, check out Flare Academy State of the dark web panel 2025, a retrospective look, some from some very seasoned senior threat intelligence professionals on what has been happening in the Dark Web. Guys, this is the kind of insights you just can't really get because the Dark Web is this living, you know, swarmy ecosystem of criminal threat actors. And flare is all up in it. So they're going to help us understand what's going on. I would encourage you to check out this free webinar. It's only an hour, it's going to be lit. I also want to say shout out to Anti Siphon training. Definitely appreciate them. Zach, Jason, Deb, the crew over there offering for the month of December this crazy Black Friday deal. 1500 bucks, one time fee gives you a full year of access to 50 plus on demand courses. So whether you're into red, blue, IR, cloud forensics, threat intelligence, fundamentals, whatever it is, they have courses from some amazing practitioners in there. And on top of it, you get a ticket to Mile High Wild West Mile High, which is in February. A virtual ticket to the conference and all of the activities associated with that conference. So go to AntiSiphone Training.com Black Friday2025 Drop a link in the description below for you all. Again, I've been telling you, don't wait guys. If you have training dollars at your company or at your business or your employer and it's going to expire at the end of the year, burn them. This is one good way to do it. Take advantage of all those compensations, right? It's like not taking your pto.

Oh yeah, the what the F is GRC video that, that is coming. Yes, it's. It's funny. All right guys, let's hear from Threat Locker. And then Face Melting news comes your way. And then meme of the week. Oh, Thursdays are good. I love them. I want to give some love to the daily Cyber Threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber.

All right guys, really quick. Dream Logic. Hello to you. I see you Dream Logic and I see all of you guys. Shout out to James McQuiggin at 35000ft. We just become best friends. Who dropped 10 gifted subs. So if you're one of the gifted sub recipients, you can thank James McQuiggin. You'll know if you are one because your name will be green. You'll have a little badge, you have access to the emo tray which includes the Oprah. All right guys, do me a favor. It's time to get to work. Sit back, relax and let's Let the cool sounds of the hot news wash over us in an awesome wave. See you guys at the mid roll computer. Give me my Chirons, please.

Sarah Lane

From the CISO series, it's cyber security headlines.

These are the cyber security headlines for Thursday, December 11, 2025. I'm Sarah Lane.

CEO of retail giant Coupang Resigns. South Korea's Coupang CEO Park Dae Jun stepped down after a breach exposed data from around 34 million customers. The company said he resigned out of responsibility for the incident discovered on November 18. Coupang named chief administrative officer Harold Rogers and interim CEO with a focus on stabilizing operations and reassuring users. South Korean authorities are investigating, including a raid on Coupang's headquarters and a probe involving a former employee from China.

Jerry

All right, all right, so a couple things here. One, this retail giant had a major Data breach of 34 million users, okay? And the guy quits out of respect or whatever. Now, listen, I am by no means an expert in.

South Korean culture, okay? I do know that in different cultures, okay, like Japan, like, this seems like it would happen in the Japanese culture, but, you know, American culture is way different than Japanese, way different than Chinese, Russian, whatever. So for this to happen, it does very much feel like a, you know, kind of an Asian ideal of taking accountability and, you know, all these things. I. I'm surprised. I didn't really think South Korea operated this way. But not. Not to have a hot take or anything. But, guys, companies get breached literally all the time. It's like. It's like a staple. There's at least one story every day of this. So if I had to guess, I hate to be a cynical prick, but having been around for a minute, having gray in my face and my. My hair.

This guy either wanted to quit and this was like a great excuse, this guy's board wanted to fire him, and they didn't have a good reason until now. You know? You know what I mean? Like, to me, there. There is most likely something else going on behind the scenes. And if a board fires their CEO, that's not good fire for, you know, consumer confidence, right? Just think of any of these TV shows, like succession or billion billions or whatever. Like, you want stability, you want customer confidence. You don't want to make it look like all the adults at the adult table are infighting with each other and being bratty like it's Game of Thrones, right? So to me, 34 million data breach, perfect. Line one up. I mean, you could even. If you really wanted to be a psychopath, you could even go as far as to say it was an inside job. You know what I mean? Oh, like let's, you know, dude, you know what we could do? We could hack ourselves and then this would be our perfect explanation. Again, I have no evidence to support that. I'm just telling you that companies get breached all the time and almost never does the CEO quit, right, or get fired. Like, maybe in the mid 2000 teens. That was like a thing, right? But. But not. Not really. Okay.

So, I mean, let me. I'm actually just. Okay, okay, really quick. South Korea.

Company data breach. Okay, just. Just. Just to fact check these things. And I'm going to hit minus coupang because that's obviously like dominating the search results right now. All right, let's see. Chillin ransomware.

Turn South Korean MSP breach into 28 victim Korean leaked data heist. Okay.

All right, so.

I'm looking for the words fired, resigned, quit. Nope. Surprise. There. There's, you know, just one example. Okay, here we go. South Korean agency finds this telecom company $97 million over major data leak. Okay. Quit. No. Resign. No. Fired. No. Exactly. Okay, guys, again, I don't know these stories that are coming up. I'm just telling you, I've. I'm old. I've seen this a thousand times. There's no question. I would bet money that matters to me that this is. There's something inside going on, and this is just a convenient excuse to fire this guy or give him the opportunity to quit. Right? Probably if they fired him, they would have had to give him more money. So they give him, you know, the ability to quit and get a. A golden parachute or something like that. Or the company's like, hemorrhaging money and they need to bring in somebody for whatever. It's all pr. All right, thanks so much, guys. Oh, by the way.

When you do tabletop exercises, this is definitely not. Don't bring this as an inject, like, just real talk for a second. I. I'm telling you, run tabletop exercises all the time. Do all the things. Do not use an inject that the CEO gets pushed out. That is not going to win you. That's not going to win you any political capital. If you're like, you, you're fired. My boss's boss's boss, you're fired. All right, let's keep the tabletop going. Dude. I don't know what YouTube did, but they. They introduced something weird to where the chat is. Let me fix this really quickly. You get to watch really quick how the sausage is made here It's a little disorienting seeing it moving around like that. All right, let's keep cooking. Yeah.

Sarah Lane

Hacktivists target US Infrastructure, US Officials say pro Russia hacktivist groups.

Jerry

Really quick, El Cyber Penguino says. But usually someone gets fired. No, no one. Not. Not today. Not today. Someone doesn't get fired nowadays just because, like, it happens so often. Like, and again, like, I. I hate to be. It's a good question. Okay. Businesses are getting hit all the time. Like, I. I've been brought into businesses before because they just suffered their third business email compromise in four months. And they're like, can you please help fix us? Because at this point, we've lost more money in business email compromise than we want to pay you. So can you help us with this? Right, so, like, no one's getting fired on all these things, right? It's just, I would say that leadership, the businesses, they're smart enough now to realize that this is like a constant threat and basically kind of a cost of doing business. So, no, unless you're absolutely negligent or there's Game of Thrones things going on and it's convenient.

Sarah Lane

Or breaking into poorly secured VNC connections tied to US critical infrastructure, mainly water, food and energy Systems. The groups Car Z Pen Test, no Name 05716 and Sector 16 are using brute force VNC access to reach HMI devices, capture screens, alter settings, disable alarms, and cause limited physical disruption. CISA warns the activity is unsophisticated but could become more dangerous and as tactics evolve. And the DOJ has charged a Ukrainian national linked to CAR and no name 05716 Israeli Cy.

Jerry

All right, so we take our attention across the pond here to Ukraine.

And.

Pro Russia activists hitting it. Okay, so remember a couple things here. Oh, she's High Iron Wolf. Pass Comptia sec plus yesterday. Heck yeah, boy. Nicely done. Congratulations. Super pumped for you. Keep crushing High Iron Wolf. Well done, dude. Super awesome. All right, guys, you got to remember for. For many of us, okay, we work in it, right? And I. I feel like the term it has become so ubiquitous that it's just like, it's just what we think of when we think of technology. Oh, yeah, it, it, it. Well, in manufacturing and energy and other places, there's OT operational technology or industrial control systems and it's its own animal as far as securing. Now, I'm not going to give you a lecture on the differences and why it's difficult, but just know that a lot of operational technology.

Is old, not replaced very often. Wasn't designed to be secure and, and there's a lot of integration between it like networks and endpoints and you know, modern computers and ot so you can remotely manage them and remotely view them and, and all, you know, get visibility on health. So having said all that, when you have OT infrastructure that manages very important things like water energy, like those things, you don't want them tampered with. But because they're not very secure, when a cyber threat actor can discover interfaces into those environments, they can manipulate and mess with them. And that's basically what's happening here. So they mentioned vnc. Now it says virtual network connection. VNC is actually a specific business and technology, real VNC developed VNC technology. But it's essentially allowing you a remote connection so it looks like you're sitting at the desktop if a V and this is another one of those examples where it is getting integrated into ot so you don't have to get in your car at midnight and drive 25 miles to a power station to flip a switch. You just hop on your laptop wearing your pajamas and you remote in, flip the switch digitally close the laptop and you're back in bed before you even really kind of fully wake up. That's the value of it. And hell, why they do it, right? But here's the point. If you're not properly securing those VNC connections, anyone can remote in. Now they said brute force attacks on the vnc. That means there's no multi factor authentication, which low key makes me want to flip my desk because that is the stupidest thing and I hate being negative. That's if you know me for a minute, I am not a negative person. But no, if, if you're not going to put MFA on remote, fully remote access connections that are Internet facing to sensitive systems that don't have security, what are you doing? Like that is gross negligence. And that my friend, is something that you'd want to resign on if you got punched in the mouth. If I had to guess, you know, these fringe activist groups are probably being empowered not as proxies but as like hey, like if you'd like to, you know, do some things, here's, here's a good way to do it. Here's some tooling from, you know, basically nation state threat actors.

So the tldr, it's good to know this Russia on Ukraine action continues to happen. Activists are going to happen or hacktivists. And if you run or are responsible for any type of operational technology or industrial control systems and you might not even know it right because they try to keep that stuff away from the IT people. Just make sure that it's at least reasonably secured. All right, here's how you do it, practically. Okay. By the way, scan your network, look for remote listening services. Scan your Internet facing edge, look for remote access services and then see if they're properly secured. And don't sleep on this one.

A lot of power users, okay, will install a local agent on their own machine if they have permissions to install software on their own machines to remote, like basically setting up their own remote access connection because. And I. I've had to deal with this myself in. In real life. We just become best friends. Yep. Oh, yeah. Supporting the cause, man. Heck, yeah. Thank you. Hold on. Who is that?

Wait a minute. What are we doing here?

All right, I think that's Bearded Ruckus. I can't see the name. Oh, my God, bro. Sometimes. Sometimes. Well, thank you very much. I think it's. I think it's. Is that Dakota or Bearded Ruckus? Oh, the bearded it, dad. Yes, sir. Thank you very much. Super chat coming in hot. Thanks for the support. The TLDR here is. Guys, I had an issue. It wasn't malicious. It wasn't negligent. It wasn't anything. It was literally an engineer, right, who worked 80 hours a week, and he wanted to work on Saturdays and Sunday. So he installed some. Yeah, it is. Dakota. Thanks. Dakota it is.

He wanted to work Saturday and Sunday for 10 hours a day, but he didn't want to come to the office. So he installed a remote access solution on his own machine, and he would remote into his machine from home all weekend. Now, here's the thing. Not okay, but he's basically working for free for an extra 20 hours a week. Do you think management's going to tell me, like, shut it down? No. They're like, what's your problem? Like, why aren't you working 20 hours on the weekend? And I'm like, ah. So what we ended up doing was actually coming up with an enterprise solution that I got to roll out to serve. Basically, they wanted Everybody to work 20 hours a weekend. But anyways, my point is, you got to. You got to be careful with these remote access solutions. Secure them.

Sarah Lane

Security funding hits records Israeli cybersecurity startups pulled in a record $4.4 billion this year. That is, according to YL Ventures, that's a 9% jump from 2024 with 130 total rounds, up from 89. AI security and endpoint Security saw the strongest momentum. And major players like Armis, Cato Networks, Sierra Dream and Island announced big raises. YL Ventures says the ecosystem has expanded more than 500% over the past decade. Arrow fly.

Jerry

All right. Yes, yes, yes, yes, yes, yes. Okay, I got a lot of talk about this one. Okay, listen, this is not something that you're gonna do anything with today, okay? Like, you're not at work. Roswell, UK, and you're like. Israeli cyber funding hits $4.4 billion. Oh, my gosh. Let me log into the. You know, let me log into the Cisco appliance and make some updates based on this. This is just industry macro news, but it is something that you should be mindful of. Guys, it took me a long time in my life to figure out why the business matters. We hear it all the time. Oh, make sure you understand what the b. How the business makes money at work. Make sure you understand the mission. And I'm like, why? Like, securing it at a manufacturing company, securing it at a hospital. It's all the same, dude, get out of my way. I'm trying to secure this thing. And that's. That's just not the case. It. It is part of the picture, but understanding the business, understanding where the money is, understanding what the levers are, understanding motivations of individuals, it will take you so much further in your career. And if you ever have aspirations of becoming a ciso, you have to do this. Spoiler alert. Being a CISO is not what you think it is. Or at least in my experience. I dreamed of it. And then once you sit in the seat, it's much less cyber, and it's much more business and freaking politics and stupid. So anyways, what do we do with this one? Guys, the. The market was scared, okay? The market was scared with.

Tariffs and what? And all that stuff, right? And now money is surging in. I know this says over the past decade in the story, but it. The last quarter has been insane. So two things that everybody needs to know. Number one, if you did not know, did we just become best friends?

Daniel Lowry

Yep.

Jerry

Oh. Robert Hendricks, atx, scoring a job. Thank you for the support. Super chat. Space tacos. And then, Robert, is this news today or is this news?

I don't know. All right, so I'm not sure if Robert Hendrickson's. I thought we announced his job the other day just to be safe, because, you know, space tacos is a long time. Let's do this. Robert Hendrickson.

Just to be sure. All right. Definitely appreciate that, Zach. Yeah, I made it home. Was a long, long day of travel, guys. Two Things that you must know as a practitioner in our industry. Okay? Number one, Israel is a powerhouse for cyber now because of, you know, some of obviously news and hate crimes and rel. Religious, you know, all that stuff. Some companies that are Israeli based will actually not like, market that they're Israeli based. They'll, you know what I mean? Like, they'll be like, oh, we're from, you know.

Oh, my God, the Valley, like San Francisco, Silicon Valley or Austin. Right. But. But it doesn't change the fact that they are dope. Okay, Palo Alto is an example, right.

So anything that comes out of there is definitely good. The other thing I want to point out, and this is like a quick shout out, this is like a. This is a one off story. But if you want to like, actually dig into this one, check this out. This guy right here is Mike Prevet. He's a friend of mine. He's a friend of mine and he runs a newsletter, which I know you guys are like, dude, newsletter? What? But it's called Return on Security.

Right? And it basically is all about the market and finances of.

Of cyber business. Right? And just to give you an example, he posted this yesterday, which is why this Israeli story isn't surprising to me. Look at this. Cyber security funding trends. The final week, the final couple weeks. There was an unbelievable $2.7 billion issued in funding last week. Guys, I'm trying to like, rub two nickels together to make my mortgage payment. People are just dumping $2.7 billion. Holy Jesus. Right? Series A funding, Series D funding. If you don't know what the series fundings are, that's something that you should learn as you get older in your career. Don't, don't freak out about it right now. If, like, you just passed Sec plus and you're like, what's Series A? Just, just. It's actually, I'm having Bryson board on the show in a couple in January to talk about some of these terms and stuff like that, but there is a stupid amount of money going into cyber security right now, and it's mostly AI. Okay, Obviously, if you're interested in checking this guy's.

Newsletter out.

Check it out. He's a great guy. This is definitely not like clickbait bull crap. It's awesome. All right, so anyways, like, whatever. Israel getting wicked good funding. Way to go.

Sarah Lane

Israel got hacked through tech vendor Russia's flagship airline, Aeroflot had a difficult summer after pro Ukrainian hackers Silent Crow and the Belarusian cyber partisans breached it through a small contractor called Bakasoft. According to a new investigation from the Bell, the groups allegedly maintained long term access, moved into Aeroflot's Active directory, grabbed high privilege accounts and deployed dozens of malware tools. The outage grounded more than 100 flights and, and caused tens of millions of dollars in damages. Investigators say that aeroflowed lacked two factor authentication key servers and let the vendor keep remote access.

Jerry

Buddy, how, how, how, how, how, how, how are you allowing this? How, how, how, how are you the largest airline in Russia? How are you Delta Airlines of Russia? And how are you not using MFA on your Internet facing resources? Allowing vendors remote access come and go? Which I'm not entirely upset about because that is a real common use case. But you that there are very, very wellestablished best practice controls to implement to control.

Dude, I swear to God, if I had a freaking dollar for every time a company got breached because they didn't have mfa, the Buffer Osier Flow Studio would have a gold toilet back there. I'm telling you right now. Jesus, man. All right, so this is your throwback to yesteryear. Welcome to the party, pal. This is a dude company, has horrible cyber security hygiene and threat actors. Get in, they pivot to Active Directory, they take over Active Directory, then they create a bunch of accounts and use all of this God mode level access they have to deploy malware everywhere. Yes, dude, this. Okay, you know, the last of us. This is a completely ridiculous analogy, but you know the premise of the last of us. And if you don't know it yet, I'm sorry, spoiler alert, but it's been around really long time. And I'm talking about the video game more than whatever that offshoot video whatever. But basically like the idea is that people become zombies, but it's not because of like this weird like infection or like Resident Evil type thing. It's because like mushrooms and spores get in your body and then just like take you over. All right, it's actually a well established scientific fact, it happens to ants. But this type of attack, that's the deal. Like they get in, they take over everything and now they're the captain now. And they can just come, go deploy things, delete logs, put in fake logs, create accounts, disable accounts, full visibility, right? They could, they could trash email, they could do anything. Literally, they're the captain now. They could drive the boat into a, into a, into a pier. No big deal. This is terrible. So the fact that they didn't have MFA would lead me to believe that they probably didn't have great logging or, or sim or anything. Else. So whatever. This is a huge, like. Yeah, tons of flights canceled. You're like, you're lucky that that's like the limit of your impact.

Man. I mean, you could have ruined this company if you knew what you were doing, right? Just wipe everything like they did Saudi aramco back in 2011 or whatever it was. Look, go look up Shamoon. That's. That. That was devastating. Okay, so canceling dozens of flights. I mean, the crowd strike debacle resulted in more flights than a few dozen getting canceled. Although, just as a quick aside, I'm. I'm surprised, like, I wasn't on a Russian airplane yesterday because of the amount of problems I was having traveling. This would have been, like, totally on brand for me. All right, let's go.

Sarah Lane

Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive, the first cybersecurity company backed by OpenAI. In deepfake scams, the tells aren't just glitchy video anymore. It's behavior. Do this right now or keep it secret. If you hear urgency and secrecy together, stop and verify through a second channel. Call a known number, start a chat thread, or ask something only the real person would know. Adaptive trains teams against exactly these tactics. Learn more@adaptivesecurity.com.

Hold on. Fortunate fixes.

Jerry

Hold on. I'm like arguing with Justin Gold and chat about Resident Evil lore. All right, we're at the mid roll. Let's do this.

I know it's not as awesome. Still working through the don't you forget about me.

All right, guys. Hey. Holla, holla, holla. Thank you so much.

Okay, so hey, if you're Gen X, if you're Gen X or a millennial, then the Resident. Oh, wait, hold on. Whoops, wrong button. The Resident Evil storyline. I was right. I guess the new Resident Evil, your Gen Z Resident Evils, is much more like last of us. Thank you all for being here. We're at the bottom of the hour. Like I promised you, we're going to be doing Dan Reardon's meme of the week, which, by the way, is an absolute banger. Dan has gone above and beyond. If you saw the Battlefield six squad up emote or. Or meme last week, you know how good it was. But first, let me tell you I want about the sponsors again. Thank you, sponsors. Thanks Threat Locker. Thanks Flare. Thanks Anti Siphon. We're in talks for Threat Locker and Anti Siphon right now and. And potentially Flare coming back. So definitely super pumped because I do enjoy. I really enjoyed all the sponsors but let me tell you about Barricade Cyber, yet another wonderful sponsor who's been with us for a very long time. You guys all know Eric Taylor. They are bringing the Fortify365 webinar series which is a free learning opportunity around the technical details of a Microsoft 365 instance. So if you are looking to learn how the compliance settings work, hello GRC Mafia, you could look pretty good in the GRC Analyst interview. Come spend an hour with Eric Taylor on December 17th. So one week from yesterday at 1:00pm Eastern. Link is in the description below. Webinars.barricadecyber.com Guys, you're going to be talking about how to enable the Unified Audit Log to activate advanced classification on endpoint protection DLP settings. Basically audit and verify all compliance related settings. This is a full service webinar, so go check it out. Webinars Barricade Cyber.com. all right guys, it's that time for what's your Meme Thursday? Dan Reard and the Haircut Fish. Now if you guys have known for a minute, I am an absolute.

I, I, I do not condone, I do not promote cyber crime at all. However, having said that, I, I am, I am, you know, I live cyber security. It's my life. I love cyber security. Okay, So I can't be serious all the time. So, you know, if we look at the entire ecosystem of threat actors, in my opinion as an objective observer, I think clop ransomware is doing it the best. Like if I was going to go evil or turn dark side or whatever you want to call it. And I, I had job interviews with every single cybercrime threat actor. You know, I feel like Klopp Ransomware would be my, my dream school, if you will. Now having said all that, Dan Reardon took inspiration from what we talked about earlier last week and took it to the next level. Ladies and gentlemen, I give you your meme of the week. The Klopp Ransomware hockey jersey bruise and hacks has got his eye on this one. And if you don't, if you're not familiar with hockey, there's marketing all over it. He's got me in the locker room. Klopp is on here. I love it. He's also gone. He's gone so far as to put some of Klopp Ransomware's most well known victims right there on the jersey. Another common thing, double extortion. Zero day. He's got me with the assistant Captain letter logo in here. It's just, this is phenomenal. Guys, this is phenomenal. Like, this is, this is amazing. Frankly. This is amazing. So I gotta tell you, Dan, you continue to outdo yourself. Yes, it does. It looks uber legit. So I, I, I look forward to sharing this on social media, potentially. I also don't want to, in all reality, call down clop ransomware down. I don't want them to even know who I am or care about me. So. But, but yeah, I mean, amazing. This is like the alternate jersey for, like, the Carolina hurricanes. All right, guys, let's get back to.

Sarah Lane

News so good Net fixes authentication bypass vulnerabilities. Fortinet released patches for 18 vulnerabilities.

Jerry

Yes, they do.

Sarah Lane

To critical authentication bypass bugs in 40s for the web, for the proxy and and fortiswitch manager. When forticloud SSO is enabled, the issues let an attacker bypass forta cloud SSO using a crafted SAML message. Because of improper signature verification, forticloud SSO is off by default, but is automatically enabled during forticare registration unless manually disabled. Fortinet recommends turning off forticloud SSO until systems are updated. No evidence yet of exploitation.

Jerry

All right, if someone in the back can please get some duct tape and lash real Bilbo down to his chair, because he's gonna get stand up and start marching around and yelling about this story. He's, he loves himself some Fortinet. Okay.

All right, so check it out.

If you're running Fortinet, you gotta patch it. Ah, you gotta, Patrick. But honestly, guys, if you're running Fortinet, you probably have a, a recurring calendar reminder on your calendar that says patch Fortinet. Right? So you don't need a news story to alert you. It's. It's Thursday. Patcher Fortinet.

You know, it makes me think of Goodfellas. Joe Pesci's doing the voiceover again. Drink. By the way, if you're new here.

If you're new here, I'm old. And anytime I make an 80s or early 90s reference, we, we collectively drink, but don't really drink, or else you'll be absolutely pissed drunk by the by the end of the show. But just drink your coffee if you will. But check it out. 18 volumes come out. CVSS score of 9.1. Let's actually look at what the real score is of this one. I'm going to jump to epsslookup.com the copy paste did not work, which is infuriate. Oh, my God. And then the tab closed. You're about to see me Rage quit on my. My Chrome here. All right, Here we go. CVE 2025 5719. Right click. Copy, bro.

I'm losing my mind here, okay? Like the Pixies, losing my mind. Okay. EPSS score.

You got 1/10 of 1% to be exploited in the next 30 days. It is a pretty gnarly vulnerability. This particular one, there are 18 vulnerabilities, but the one that they called out in the story, 27% tile of how bad this is in the database of all the vulnerabilities in there. So not good, but you definitely want to patch it. But this particular one is 1/10 of 1% that it'll affect you. I would say that since there's 18 vulnerabilities, this is likely, you know, you're gonna apply one patch and knock all of them out. Oh, Justin Gold knows the Pixies. Wow. I know. Justin Gold is like. Like a Gen Z alternate. He's. He's less Gen Z, more millennial, but still. Nice. Nice pull on the Pixies.

Anybody else remember the Pixies? All right. In this one, you have one. Basically, it's about the same nine hundredths of 1%, so close to 1/10 of 1%. So as far as I'm concerned, patch your fortinet systems within your regular patch cycle.

Because it is authentication bypass, which basically means you don't need to, like, log in. You can just bypass that whole thing, which means you don't have to do brute. Brute force or, you know, steal credentials or anything. You just go through it.

So this is pretty interesting. So part of the problem is that Forta Cloud single sign on is disabled by default, but activates automatically during for To Care registration, unless the admin disables the Allow admin login using forticloud sso. So there it's. Your environment may not even be vulnerable to this, but there's a lot of toggling of the admin access on and off as you're kind of doing things. So I would. Yeah. Here. The vendor recommends disabling the For Cloud login feature until upgrading. So here's what the vendor says. Here's what your, you know, your neighborhood cyber spidey man says, I would go disable Forta Cloud login feature or confirm it's disabled and. And figure out if it, like, disable it, right? And then figure out why does it need to be enabled. This is like one of those, like, a service or a feature that, like, just because it's there, don't turn it on. Like there should be a business reason. And if you're new here, it's like this is a.

Hardening your attack surface, right? If you don't need it, don't enable it. Right? This is, this is system hardening. All right. All right. If this is a duplicate story, I wasn't here yesterday, so, and I didn't. I had to get on a plane so I could fly for an hour and then turn around and fly back for an hour and land in the same place I left.

Sarah Lane

0249 abuses EDR processes Storm 0249, a ransomware access broker, is increasingly exploiting legitimate EDR software and Windows tools to move within networks, gather data and maintain persistence. Its click fix campaigns trick users into running commands that install malware disguised as Microsoft Support files or sentinel1DLLs letting attackers execute code without triggering alerts. The group also uses built in utilities like Cross Curl EE and fileless PowerShell scripts to blend in with normal operations. ReliaQuest warns these tactics highlight gaps in signature based defenses and urge behavioral monitoring. EDR baselining and strict law bin restrictions Gits.

Jerry

Interesting.

This is interesting. So normally when I think of initial access brokers, I think of getting credentials, selling credentials, maybe having a compromise and then you know, establishing some type of persistence mechanism and selling that access. This threat actor kind of goes a little bit further. I mean they're, they're essentially doing a full compromise with full post exploitation deployment. I would imagine that they're quite popular with the ransomware threat actors. The Storm 0249 Storm is the Microsoft naming convention for threat actors. They use weather systems. Microsoft.

Threat actor naming convention. I think Storm might be like an unknown. I think it might be an unknown one like Blizzard is China or Russia. Yeah, you can see here. I know it's difficult to see in the, in the freaking screen. I've pulled it up. If you're listening on audio, audio only. I went to Microsoft threat actor naming conventions and you can see they have them up here like dust is Turkey, sleet is North Korea, sandstorms are on Typhoon and Blizzard. You hear quite a bit about Russia and China.

But they have tons of them. Right. Germany is Gail. Oh, I I also want to point out for everybody, don't think that just because at least in the United States that like oh, our allies aren't threat actors. Right. Advanced persistent threat must be our adversaries. Russia, China, you know, brics countries. Nope. Israel is Heat wave. Literally never heard that before. New Zealand, you Aussies down there, you got your own thing Too. Let's see what they say. But you can see here, the bottom one, this is what I want to call your attention to Storm is groups in development. So basically like a backstop catchall. We don't know who it is.

So just know these naming conventions because when you see like Volt Typhoon and Flax Typhoon attack Internet service providers, you can immediately say that is China. And it's Microsoft's level of confidence to give the attribution. That's another thing that you should be aware of. Like, okay, yes, like really quick. The story is about storm 0249 being initial access broker, doing post exploitation compromise. Listen, fine, this is standard practice. This is what we get paid for. To protect, they're using EDR systems which have, you know, high level of access obviously to be able to do all sorts of stealthy things, fileless malware. So you got to use behavioral based detection looking for.

You know, like.

Windows executable, like a Microsoft Word executable, launching command exe, reaching out and running PowerShell or bringing down something to detonate in memory. Like that's what you're looking for. Fine, it that's the standard. That's like, that's the more advanced stuff that we're paid to protect against. What I want you to know, whether you're new here or not, is.

When Microsoft says this is Volt Typhoon, they're not recklessly calling China a threat actor. They have enough information based on ttps.

Right. And if you're not familiar with ttps, let's do that really quickly. David Bianco's Pyramid of Pain, you should know this as well. David Bianco's Pyramid of Pain. The ttps are at the top. It's tough for threat actors to change those. Oh my God, get my search history out of here. I don't need, I don't need people seeing that I'm net decking magic decks. Listen, TTPs are difficult to change, which is why when Microsoft, which has a huge footprint and tons of telemetry says oh it is China or Russia or South Korea or Syria or even the United States, they can say it with confidence because they know the ttps. So just be aware of that. And by the way, the U.S. yeah, like you know, Team America, all the things, just be aware that like yeah, we have a designation too. If you hear about tornado, guess what? That's us. We did it. And Microsoft has high confidence. Now. Just as a quick aside, I'm sure that there's all sorts of like brokered backdoor deals where like you know the NSA is doing something. Microsoft, which is a US based company, sees it and the CIA is like hey bro, can you not report this? Thanks so much. All right.

Sarah Lane

Battered in zero day attacks A zero day vulnerability in Gogs, a self hosted git service is actively being exploited with more than 700 of roughly 1400 Internet exposed instances already compromised. It lets authenticated users overwrite files outside repositories via symbolic links leading to remote code execution. Attackers have used the Super Shell C2 framework to deploy payloads though post compromise activity. The largely unknown at this time. Wiz researchers advise disabling open registration, limiting Internet exposure and monitoring for suspicious repositories or put contents API use while Gogs works on a fix. Click fix.

Jerry

All right, so here's the deal. If you run Gogs, which is an open source self hosted git service, then you got to patch it. You gotta patch it. But guess what, they don't have a fix yet. So you're not going to be able to patch it. You're just exposed. So are there IOCs? No, they're recommendations.

All right, so whenever you have a problem, that's your problem in the environment. The first thing, at least my first thing that I do is I look for IOCs and I look for recommendations if there's no patch available. If there's a patch available, the recommendation is ah, you got a Patrick. Right, Obviously. But.

So in this instance whiz by the way, if you don't know who whiz is, Google just acquired them for like a bajillion dollars. So that should be some indication of how good they are. They're, they're cloud security related.

Disable open registration and limit Internet exposure by placing it behind a vpn. All right, so what they're saying is if you run a self host to get service, you don't really, unless you want the Internet to be able to contribute to your project, put it on an internal network. Right. If this is a business you should have had it on a VPN anyways. You're insane if you're running it Internet facing and then disable open registration, right? I don't know why you would. I mean I guess you could do open registration to make it easier on it to help people self serve their own accounts. But threat actors are going to get in there and they're going to exploit all your things for an ioc. Now remember guys, you first want to figure out how to fix the problem. But if you assume breach or you assume that you've maybe potentially already been a victim of this attack. How do you look? Well, you look for indicators of compromise. Our IOCs as they're commonly called in the industry by the way, get comfortable with not knowing fully. You'll Never be able to 100 know whether or not you got compromised or not. You can only have levels of confidence because IOCs can be deleted, they can be changed. They could not be fully comp. Fully comprehensive of all the ways you could have been compromised. But here is an example of an ioc. Be on the lookout for newly created repositories with a random 8 character name or unexpected usage of the Put Contents API. So if you see random 8 character name repositories, highly likely you have got a threat actor calling from the upstairs bedroom downstairs. Okay, the call is coming from inside the house, so you don't want to do that. Also.

What you know, please, please please don't deploy.

A self hosted open source software repository git service recklessly. This is not something you just like double click and be like like okay.

There'S only 700 of them though. So to me this is more of a lesson in best practices, less like you're. You're at fault here.

Sarah Lane

I'll Attack Uses Grok Chat GPT for malware A new click fix style attack is using SEO poisoning and legitimate AI platforms like ChatGPT and Grok to deliver Mac infostealer malware. Users searching for common troubleshooting tasks are directed to AI chat links that provide instructions which secretly install malware harvest credentials and maintain persistence. Huntress warns this method exploits trust in AI and bypasses traditional protections, potentially becoming a major initial access vector for stealers over the next six to 18 months. Defenses include monitoring behavioral anomalies, restricting terminal command use, and practicing strong password hygiene.

Jerry

If you have thoughts all right.

Yes, all the things she just said are good practices. Let me tell you what the best practice is. Educate your end users on what click fix looks like. Okay? Instead of trying to like.

I mean I'm trying to. I'm trying to think of like, you know, like to me she's like oh, like.

Hold on, I don't even have a good metaphor or an analogy for this one. Like, like putting all the guards, guns, gates, everything in place, etc, like when you could just lock the front door. You know, like tell your end users what click fix is. Make them aware. If you're like copy pasting into a command line or into the, you know, start run box, a powershell command. Probably not a good thing. Now the only thing that is novel about this is that it says using AI for malware delivery. Now don't over analyze this one. They're not using Chat GPT and grok. What they're doing is for years threat actors would use SEO poisoning. So like when you Google, you know, Daniel Lowry's pen test plus complete course at Simply Cyber Academy, threat actors would invest large amounts of money into Google Ads and their result would be at the top. And you would be like, oh my God, I'm gonna get myself some Daniel Lowry. Click on it. And then it's like, oh, here, here's the, the thing. But before you go there, why don't you install this or download this or give me your credentials or whatever. All they're doing now is the same thing that marketing teams are frothing over. They're getting into the AI return results. So if you've googled anything in the last, whatever, six months, the very first result is an AI answer. And then you get the sponsored links, right? By the way, spoiler alert. It's just a matter of time until businesses are allowed to pay to be in the AI response. I guarantee you that's going to be a thing where like Chat GPT prefers this company or suggests this company over another because straight cash, homie. Straight cash homie. So AI overlords are not deploying malware. It's literally just search results with the AI one being the top one. Now obviously educate your end users because people are putting in a load of trust in the AI and the results of the AI and that's why threat actors know it. Yeah, I'll tell you what, I mean, if I was, I wish I could, I wish I was this good at AI poisoning because I would put daily cyber threat brief in all of it. I'd poison all the things for daily cyber threat brief. So when people Google like threat, you know, cyber threat news or cyber security news or breaking news for cyber and like daily cyber threat brief came up, that'd be sick. But I, I suck at these things and so do many marketing teams. So like, to me, it cracks me up, dude. Like if threat actors just didn't commit crime, they'd probably be really high paying marketing executives because of their ability to get like, get people to click on stuff and do dumb stuff. All right, let's do this.

Like Clop ransomware. Clop ransomware probably would make great, great marketing. I'm just like glazing the Clop ransomware gang. Love this hockey jersey, by the way. Again, this was the meme of the week by Dan Reardon. I like low key. Said if I ever went to the dark side, I. I'd probably contact Clop to see if they needed a GRC or a CISO to help them run their operation. All right, I'm just. I'm just joking. I'm not going to become a criminal.

Oh, hold on.

Actually, you know what? Just really quickly, for this hockey jersey.

For this hockey jersey, we will do this.

All right, all right. I digress. I digress. Come on, play the music. Computer, play the music.

All right, y', all. Holla, holla, holla. We are at 8:58. Someone called Nick Barker. We're nailing these things.

Guys, I'm Jerry.

I hope they do not put that picture on their website. Guys, I'm Jerry from Simply Cyber. This was December 11, 2025. Only 14. Well, 13 shopping days left. So if you're kicking the can down the road, you're gonna hit a wall pretty soon. And if. And that's for, you know, Christmas celebrating people. I'm not really well up on Hanukkah, so I. I think that that definitely starts earlier. I don't know if the Hanukkah season has kicked off gift giving or not, but whatever it is, this was Daily Cyber Threat Brief. I wish you all the very best. Don't go too far because you guys are going to be treated to jawjacking with. Oh, my God. I. I'm gonna. You're gonna be treated to jawjacking with Daniel Lowry. The same Daniel Lowry that some of you are thirsting for and his pen test plus course over at Simply Cyber Academy. The same Daniel Lowry who guest hosted Daily Cyber Threat Brief yesterday while I was dealing with planes, trains and automobiles. All that's coming up and more. Don't go too far either. Get your stuff done today because I would love for you to come back at 4:30pm today. Sean Kilborn. You. You guys may remember him. He's come on panel jawjacking a few times. A veteran who's huge on mentoring. He was a professional offensive security pro before be going to the before getting lit and clear and realizing GRC is the way. Now he's a deputy ciso, Cyber security director, practitioner all around good guy. We're gonna have a chill cyber firesides chat. That's the title of it if you want to come hang out. High five. And have a good time. That's what's going down at 4:30pm today Eastern Time. Don't sleep. I'm Jerry from Simply Cyber. All of you, don't forget About Festivus for the rest of us. Exactly. Guys, I'm Jerry, your chat. Till next time. Stay secure. See you, and enjoy. Daniel.

Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.

Daniel Lowry

Good morning, everyone. I forgot to turn my lights on. Oh, man, what a. What a fail. What a fail. At least I got a green one going on. Good morning, everyone. It's Jawjacking time. Talk amongst yourselves. I. I can't. I can't not do it. I got two. Turn the light on. There we go. Man, I am. I am having fun this morning. Hopefully you are as well. Everybody's having a great day. Jerry says, noob. I didn't even realize I got. I got to playing guitar this morning and totally forgot about the light situation. Yeah, you know, these things happen. But hopefully everybody's having a great day.

Jerry's stumble bumbles are rolling over onto me now. Thanks a lot, Jerry.

What's everybody up to today? Well, this is Jawjacking. For those of you that might be new to the show, what we do here is you ask a little question, I give a little answer. Or if you got something cool you want to bring up and talk about, we can do that as well, AMA style. Ask me anything. We prefer it to be about cybersecurity, but, you know, people get wild. People get wild out there. It is fun.

Jerry says it's the gift giving season. My gift to you is production issues. And I'm like, yes. And I receive it with tidings of great joy. Thank you so much, Jer Bear. I appreciate you, man.

Let's see who's in the chat today. I saw some. I saw Sierra Montgomery. There's Roswell uk.

Let's do this, because that makes it easier for us to all hang out and see what's going on. Just in case you're not following the chat here on the YouTubes, I got the restream chat going on there. Faced oil says sick shirt, my man. I. I don't remember where I got this. Do I get this at simply Cybercon? I don't remember.

Jerry

Don't remember.

Daniel Lowry

Honestly, I. You go to enough of these things, you're like, where did I get that? Where did that come from? I don't recall. They're all blending together as one big con, which is kind of true. That is. That is not completely unfounded at this point in time. But who else is there? Oh, Nightbot's in the chat. Good to see Nightbot as always. Dream logic. Hello, Dream logic. Good to see you. Who else is there? Who else is there? Find the true face. Doyle, kitchen infosec. Heck yeah. Lots of good folks in here today.

A kill George. Okay, I like it.

Tech grunt. There's my boy right there. Tech grunt. Amish runaway. He says Daniel Lowry says Daniel Aries entered the chat. Get your monster energy ready. Man, I wish I had one this morning. This is an empty can. Oh, I wish there was some sweet, sweet nectar in there. Maybe I can get a contact, you know. Oh, there we go. Yeah, a little, little bit of the effervescence left in the can to get me going this morning.

All right, let's see here. Yeah, so if you got a question, by the way, just put a Q, like a. A capital Q. Or maybe three, maybe five, Whatever you feel so inclined, you know, you do you. And that helps me kind of pick it out from the rest of just the chatter that's going on. And I can say, oh, so and so's got a question because they put the big Q in front of it, letting me know that they think that they're in a Star Trek episode. For those of you that get that reference. Oh. Oh my goodness. That grand says Daniel Lowry. Have you seen today's latest on the Daniel Lowry facts? I have not. But I cannot, I cannot wait. I've been. I've been in some secret negotiations today. So more news on that later. Let's see here. Threat Locker, for sure. Yeah, why not, right? Sponsor sponsors, right?

You got to support the people that support you, man. That's how it goes. And Simply Cyber is supported by Threat Locker. So we give them a shout out where they're wear their swag. And it's not a bad piece of swag. Gotta be honest with you, right? I mean, that's a pretty sweet shirt. I like that. I. I rock this. There are, there are shirts by well known people that I have that I will not wear.

Because they are not. They're not upset. Well, they're just not my style. Let me put it that way. It's just not my style. Nothing against them. It's just not my style, you know? Right. That's, that's the great thing about being an individual out there. Hey, man, is that the bearded I T dad in here today? Is that Dakota? What up, Dakota? Thanks for joining me last night, Dakota. It was good to have you in my chat. We Had a little, we had a little sit down with a one Mr. Ronnie Wong and Cybercast After Dark last night. So much fun. He was so great. Talked a lot about how we can more effectively train and get skilled up on things that we need to get skilled up on. And yeah, we, we went down a little bit down memory lane as Jerry. As Jerry, not Jerry. Ronnie and I used to work together for many years. Many, many, many years. And he was always a good dude. What's funny is I have probably had more like red faced, finger wagging arguments with Ronnie Wong than anybody. And then we're like, okay, well that's over. Anyway. That's what I love about it, right? Is like he can argue with the best of them and hold his own and then go, well, that was fun. Now let's move on. And yeah, I can, I can ride with that. All right, here we go. We got one from Keith Sloan. Q, you hit me with some great advice.

A few weeks ago and management loved the video I made. That's awesome. I love this. It was a spearfishing demo. What would be a cool next move, man? Well, I guess it would just depend on what you're trying to do. Maybe build a tool. You know that that's always a fun thing to do, even if it's already built, right? Or build like, like a proof of concept exploit of something. That's art. That's well known, right? Just build, build something. Show them that you're not just someone that can make a cool video, but you can also build things. It shows you have like a multifaceted set of passions, that it's not just your super hard niching down into one thing. Oh yeah, I'm this. I showed you my best of my best with my spearfishing video. Now let me really dazzle you because I'm going to build a tool that, you know, exploits some known vulnerability that has rce. Right? It's a lot of fun. It's good practice for us as cyber practitioners to be like, okay. Because through building that tool, you'll understand that specific attack very, very well. Yeah, it's all well and good to spin up a metasploit module and go booyah. Point and click, hackity time. That's, that's good times had by all. Don't get me wrong. Love it. Chef's kiss. But.

You'Ll learn a ton about a that specific.

Vulnerability because you're gonna, you're gonna be digging into the cve. You're gonna be digging into the CVSS score. Why it's that CVSS score. You're gonna understand that specific piece of vulnerability a whole very, very well. And then you're going to build something that exploits it. So you're getting handy keeping your code skills sharp, as we like to do. So that's my advice. Give that a whirl.

Roswell, UK. What number am I thinking of? It's 42. Hello? Like, I don't know. Come on, man, that's push league. You know better than that.

Let's see here. I just think this is funny. Thomas. Runaway says I would totally shop T shirts from your closet. Daniel. I know that doesn't sound creepy at all. I'm gonna come home one day and be like, I'll be good. Put this. What the hell are you doing here? Amish Runaway. You got, like, shirts in hand. He's trying stuff on. He's looking in the mirror. He's like, that looks. I like. I like this. This is nice.

Jerry

All right.

Daniel Lowry

Like, man, you about got shot, brother. See, I turn right into the. The central Florida redneck technic. When. When that kind of thing occurs, I. I go from like, well, hello, madam. How are you today? Like, what in the world's going on in here? Who's in my closet? Boy? Get my Y said, whoa.

Jerry

Come on.

Daniel Lowry

Let's see here. This one comes from Fred Ofori, and I'm going to stop there. Apart from the obvious, do you know why a company would ask of your previous job salary, a job application in your experience? Yeah, of course. Like you said, apart from the obvious. No, there's. There's no. There's no good reason for them to ask you that kind of information.

At best, they just go, what is. Or I guess at worst, at worst, they say, what salary are you thinking of? What would you like? What is your. What is your necessity here? Your salary requirements? And then you go, because that's always a fun spot to be put into. But hey, what is. It's the game. You got to play the game. That's fine. At best, they go, this is what we are offering for this position. And you go, cool. Or.

Right. Getting a spam call right now, no, thank you. I'll pass. But yeah, that's. I can't think of any good reason why they would want your. Your previous.

Salary, what you made before. Now, if you're wanting. If you're fine with that, then you can go ahead. Maybe they're trying to. I'm just trying to give them the benefit of the doubt on these things. Of maybe they're trying to Gauge what they're thinking about those specific roles. Are they offering enough? Are they getting the kind of.

Applicants that they were, they were gunning for? Maybe they're not seeing as high quality as you are and they're like, whoa, you know, let's, let's make sure we're paying this guy well enough. I mean, it does happen. It absolutely does happen. Where you're, you're, they don't know what the salary range is and they just may be accidentally lowballing you and they, they don't want to do that. And maybe that's, who knows, right? But I cannot imagine, other than again, trying to give them the benefit of the doubt, what they would want your salary for. That's, that's weird. Real cow. Cow. I love my job, but I don't have any senior blue team experts in house to learn from. How can I make sure I'm still leveling up enough? That's a great question. I love this question and I love that I can put a face to this name because I've actually met the real Kyle. Kyle. In real life. I met the real, the real Kyle Kyle. Let that bend your brain for a minute. Which was, he was great. I was, I enjoyed meeting you Kyle in our conversation. And how can you make sure that you're still leveling up enough so you could take on freelance work? Right?

That's one way to do it. Obviously lab building at home turn, you know, obviously this would be a financial investment and, but anything, and I love the word investment because you will be investing and hopefully you have the, the funds in which you can do this. If not, you'll have to save your pennies and, and, and then go from there, but really turn your home network into more of a business network. Right? You can build a home enclave for your, you know, wife, kids, whatever you got that doesn't really care to be on a business style network, but everything else goes on that. Or you just say, you know what, since I'm the one that makes the Internet go here, we do it my way. And my way is I, I need to be able to continue to pay for that Internet and leveling up and skilling up is how I do that. So this is, this is an investment and you all are going to help me invest by unfortunately having like EDR systems installed on your systems. And we're gonna do compliance checks and we're gonna, we're gonna, we're gonna do 27, 001 and sock two type two compliance in home.

And then they're Gonna love you. But that's a way to do it. That is a way to do it right there.

Obviously watching Jerry's show and things of that nature and just home lab as much as you can taken certifications that, I mean, I mean, is there a high level blue team? I mean, maybe with Azure Sentinel stuff, that kind of thing, maybe dip cloud, cloud side of things. Never hurts to have a good repertoire of cloud skills in the old kit bag there. So yeah, that's, that's some ways you could go about it.

But it's a great question. And I'm. The fact that you're thinking about it and you're going, man, I'm, I'm starting to see that the, the pool is running dry here as far as people I can learn from opportunity to escalate my skills. And ultimately this might be the beginning conversation of you starting to look for another company to jump to so that you can have more exciting and skilled up work to, you know, put your hand to.

But hey, but you love your job. I totally get that. I've been there where I love my job. But I still made the jump. I still jumped to a different organization because it was a good career move. And I had to sit down with my boss and be like, I hate to tell you this. I, I was sick about it, man. I was like, I love working here. I think you have made this a phenomenal work environment. This is not a personal thing. I do not hate this job at all. I, I, quite the opposite as a matter of fact. But this is going to be a good jump for me in my career. And it was.

And so I had to make the jump to another job. And that's just, that's just how it goes from time to time. And any good, any good person sitting behind the management seat is going to go, I totally understand. I wish you the best of luck. And that happened again when I moved to it Pro tv, same thing. I was like, I actually don't hate my job. I told it pro TV no initially. And then it was like, what you think about it? You know, let me think about this and think about that. And then let's just marinate on it for a hot minute and then come back and we'll have that conversation again. I was like, okay. And I did. And I was like, okay, maybe this is a good career move. And it was right. So unfortunately, we don't live in a time anymore. You know, pros and cons to everything, just about. But you know, where you, you get the pension, you Know, pensions are nice. That whole idea that I'm going to be loyal to a company, give them 20 years of my life of good hard labor, they're going to give me, you know, yearly raises, you know, that cost of living increases every year. And when I really perform, they're going to give me a nice performance bump. And we live together for 20 years and at the end of 20 years, I get the, the plaque and the gold watch and, and a check that comes every month because I earned that. I, I think that's, that's not a bad business model. And if this is just stuff I've thought about lately, I think that if companies. Listen, I'm, I am a capitalist. I believe in capitalism. There are dark sides to capitalism. I'm not a fool to think that that, that doesn't exist. And unfortunately, we've seen a lot of that lately where it's purely profit driven. I mean, they're basically Ferengi at this point, right? Like, they're just reading the Rules of Acquisition in the bathroom in the morning and, you know, looking, kissing the Grand Nagus's ring non stop. But.

It'S, and that's unfortunate. If we had people that were running large corporations that had just a modicum of like, if we invest into people, into our people, and they'll invest back into us, right? I have worked for companies like that and it was super awesome. It was super awesome where all they cared about was that you did well because they knew that when you did well, they did well.

And they didn't worry about the bottom line. The bottom line took care of itself. And we weren't purely profits driven. We were, we were a mission driven organization. We worked at a couple of them. It's always so great to be an organization that is mission driven. They don't hold anything against you. They want to see you succeed because they know your success is their success and their success is your success. It works together. That's how it should work, in my opinion. I know we don't live in a perfect world and there's going to be, you know, fluctuations on both ends of that spectrum, but man, are pensions still a thing. They are rare. They are super, super rare now because what has it done when, when, when companies start to, like, stop investing in their employees and stop giving them opportunity. Because it's all about profits. Oh, we'll just lay this off and we'll do that. We'll do that so we can increase profits. People are like, well, the only way I'm gonna level up is to jump. The only way I'm gonna get more money is to jump. If I start asking for more money at my current position, it's going to put a target on my back because they're going to see me as, oh, he wants money. He's greed. Well, yeah, you're greedy too, sucker. Right. The only reason you're thinking I'm greedy because. Because anybody can look around and say, you know.

Obviously I can't be five years into a job and be at the same price I started at and have any kind of comfort in my living, you know, so it's not about greed. It's about like, I'm. I'm providing a good value of service for you, and I think that I should be rewarded for that. Show me you want to keep me around. Invest in me as an employee. And a lot of companies don't want to do that anymore because it's expensive. First, people on the chopping block in a lot of acquisitions and mergers are the expensive people. They go, wow, they got a big salary. Just get rid of them. Right? We'll reclaim all that. We'll hire new or work with less.

And we'll retool, will we? Blah, blah, blah, blah, blah. They always got big, bigger, better ideas, right? But it's the expensive people that find themselves first in the. You don't work here anymore. Ly. Right. So, yep, yep, yep. T says I'm preaching the gospel. I'm just telling you what I've experienced and what I've seen in life, and hopefully that helps you all out in some way, shape or form. Great question. Kyle. Kyle, man, I'm gonna move on because I could do this all day. What? This comes from space tacos. What are your favorite parts of freezing cold winter holiday time? Oh, man, everything. The lights, the music, the this, the feeling, everything about it, man. I try to do my best to recreate the best parts of Christmas for my kids so that they grow up going, man, this was so much fun. I just enjoyed this.

Daniel definitely doesn't have a monster problem. No, not at all. Not at all. This comes from Punslinger. I have the option to take a web security course or computer forensics course. Which of these would my time be better spent learning? I feel like web security is pretty common outside course.

Yeah, yeah, that is pretty common. Web security is a very common thing because everything. Everybody has a web app, so there's no end to. There's a lot of work that could be done securing web applications because there's so many of them. But Then you want to think of like, well, maybe that. That's a. That's a flooded market. Could be, you know, or maybe just not that interested in that. Sounds like you might not be, but computer forensics, definitely more niche. It's a great way to get into things like law enforcement and things of that nature, like government work, that kind of stuff. Be on a C. SERT or something to that effect. Very cool stuff. Very cool work. Very interesting work. And again, not something everybody does. So you could find yourself in a good niche and satisfied with the work that you're doing. I don't know. Right. Right now, like, because I've done.

Jerry

Is.

Daniel Lowry

That's the only reason I would say for me, if I was to go right now and had to choose that, I would probably go forensics because I've done the web app security thing. You know, I. I can't not. I can't unknow that I know that stuff, so. And it's still really fun, don't get me wrong. I. I enjoy web app pen testing and things of that nature. It's. It's really cool. It's fun. It's definitely challenging. Can be. Anyway.

Let'S see here. Q. Q. Q.

It's just the bearded it. Hi. In stitch. Can I do it?

Jerry

Hello.

Daniel Lowry

Hi, I'm Stitch.

Blur Punch Buggy. Anyway, I got kids, they love Stitch. This one comes from Nick. DNA. Have any idea of the realistic entry security jobs and what it's like to try to break in? Reddit and social media has me thinking it's less than 0% chance after my bachelor's. So the. The market is tough at this moment in time. That is a true story, and that's unfortunate. I hate that. I absolutely hate that.

It's not. It's not zero, but it is a tough. It's a tough market out there right now, and everybody's probably doing exactly what you're doing, which is trying to figure out every little possible way to catch an edge and put themselves above the rest of the pack. I think right now, as far as skills go, like, it used to be that.

You know, not. Not everybody had these skills. That was. That was a nice rarity to run across someone that was like, well, not only have I, you know, taken like a CEH course or something, but I've home labbed, I've built things, I've POC'd, I've done, blah, blah, blah, I've learned to code a little bit. I'm doing this, I'm doing that. And that was like Whoa, you are, dude. You're so awesome. Love to have you. That's the kind of passion we're looking at now. Everybody does that, right? Because people like me and Jerry and everybody got on the interwebs and started going, hey, you know, if you want to really stand out, here's what most people aren't doing. And then time progressed and everybody started listening and doing that. Now everybody kind of does that. So now you got to move it up again. It's like, okay, incorporate AI. Okay, you could do that. That's going to be a good thing, right? AI is the next big thing, or it's already here, and it is the. It is the thing. So let me get into AI Security. That will help you niche in. But you know what everybody else is going to be doing, it's going to be first to market. So you got to go, and you got to go fast if you want to move into that area. Get into it, start working with it, get it on your resume. That's a good way to go. But I still think out of all this time, out of everything that you can do, the number one thing you can do is network. And yes, networking fundamentals, as far as, like, you know, packets and whatnot, is. Is great to have, but I mean, human networking, making friends, winning hearts and minds, people knowing who you are and knowing what you can do and them going, you know what? I know someone that's hiring for Blank, and you have to let them know not only that you have those skills, but you're currently looking, you are in the market for a job. And the more people that you can kind of create that network with, the more likely it is that you will find. Because at this point, the biggest hurdle that is hard, that is the most difficult to overcome, is the trust of they don't know who you are. So if you have an insider, right, Somebody that can vouch that is something that not everybody can go get, not everybody's going to be able to get that.

That connection, that hook, right? So get. Get out to your local cons, start a community, start to build the friendships with people, and then from there, you guys support each other. And you're gonna have to reach out to people that aren't on your same level. You're gonna say, hey, you know, we've got us. We've got a group of cyber security enthusiasts. We'd love to have you come and speak. So reach out to people that are prominent on the interwebs, or if you find somebody that just seems to be really smart, in YouTube or LinkedIn or wherever the case is, reach out to them and say, we would really love to have you just speak to us for like 30 minutes, whatever you want. We're cyber security enthusiast group. We got a nice little community going on, and that's a great way to make a contact. Go to cons, do the exact same thing, Listen to speakers, walk up to them. This was such a great talk and ask questions, engage in conversation, be cool and be like, oh, man, this was so great. It was really, really, you know, it's, it's.

It'S all about building that rapport with others that are out there. You get that and now all of a sudden, and then you keep it going. You're going to have to do the hard work of continually making sure that that relationship is, is, is active. Right. You have to be intentional with it, with that stuff, which is work. But that's the one kind of thing that's really going to pay dividends is knowing some people. So hopefully that helps. Got a few minutes left.

And then I think you have the Cyber security Mentors podcast after this, so I will let you go to that. What do we got here? We got zero keystrokes. What unexpected skill, knowledge you found yourself needing when becoming a cyber professional? Professional. Soft skills. Yeah, yeah, Soft skills. Have you guys seen that, that chit guy? That junk is funny. Yeah, yeah. Soft skills. Yeah. Crunching the numbers. That dude is hysterical.

It was being able to talk to people. And I, I'll go ahead and I'm gonna open my, my Daniel's Book of Secrets here. It's. Make them feel like you're on their side because. And here's. Here's how you do that. You ready? Because you are.

Right. Once I stopped seeing them as an adversary who was bugging me and started seeing them as, hey, man, they're having trouble. They are. They are in the weeds and I've got skills and knowledge to help them. So I'm a. I'm a, you know, extend the hand of friendship and say, I'm not going to give up on you until this is fixed one way or another. If I've got to ship you a new PC, then that's what's getting ready to happen here, right? If the server's down, I don't care if it's server, if it's an application, if it's whatever, it does not matter. It doesn't matter whether you're talking to the janitor or the CEO.

Everybody, that's the skill right there that will make You a really good practitioner, because when you put yourself as. When you're treating them as you would have treated yourself, the look, the old golden rule, right, is to go in. If I had this problem, I wouldn't give up until it was done, because I need this to work. That's how you need to treat with them. Like, all right, here we go. I'll put my helmet on, chin strap down, because we're about to kick this thing's butt. And I'm not giving up until we get it right. Or at least I'm gonna give it the best college try I got in me. Right? We got one minute left. That's the best skill, honestly.

Or. And it was unexpected.

Let's see here. Kind of see if I can get one more. Get one more, get one more. Come on, come on. Exactly how many monster flavors are there? Space tacos? The answer is not enough. Not enough.

Let's see here. Kind of moving through. You advise. This is from Zero keystrokes. You advise building tools? I have ideas, but I don't know coding yet. Is Vibe coding tools for yourself to learn? Super cringe. No, it's not super cringe. I'm glad you brought that up. It's. It's totally fine to Vibe code the things, but you don't want the machine to, like, don't just go, hey, build me nmap clone. What you want to do is you go, okay, hey, you know, chatgpt, I'm trying to build this, and I don't understand how to make a network connection using Python, using Go, whatever, Rust, whatever. Whatever coding language you decide to use with Bash. With PowerShell. We're at the end of the show here, but I'm going to leave you on this one.

How do I make a network connection with. With PowerShell? How do I make a network connection with Python? How do I read and write to a file? Right? That's the kind of questions you ask it. Don't just have it build the thing for you, because that kind of defeats the purpose. Once you've done it yourself, then you go back and go, hey, here's my code. Help me make it better.

And then move on. Because then you're just. Otherwise, you're just skipping the learnings phase, and that's the purpose of it.

Does that make sense? So, no, there's nothing wrong with Vibe coding. Vibe coding things. I think as long as you understand what's going on, and if you need to spin up something quick and dirty for the purposes of expedience, that's one thing. But if you're trying to show that you know something you don't know, Jack, if you had chatgpt do it for you. Okay? So there you go. We are one minute over. I'm going to call it a day. Thank you so much, everyone, for watching, and I hope you have a great day today. And, yeah, until next time, stay secure.