A

All right. Good morning, everybody. Welcome to Austin, Texas. Today is Monday, December 8, 2025. This is episode 1019 of your Simply Cyber Daily Cyber Threat Brief podcast. Listen if you're listening. Looking to stay informed and current on the top cyber news stories of the day while going beyond those headlines and getting value from myself and from other practitioners in the community. To go beyond those headlines and basically get insights, learn more than just what the headline is telling us, get macro level views and share, succeed, win at Life and Cyber. Then you're at the right place because that's what we're doing here every single weekday morning. Been doing it for one 18 days weekdays in a row. Today's no different. We're off and running on a beautiful Monday in Austin.

All right, good morning, everybody. I hope everyone had a lovely weekend. I had an absolute horrible, horrible day of travel yesterday. A lot, apparently. When a fog bank rolls into Atlanta, it screws everything up. But we're here. We're ready to crush it, guys.

Every single episode of the Daily Cyber Threat Brief is worth half a cpe. Let me know if my audio is off too, because I got the mixing war going. You should hear music right now as well as me speaking.

Every episode is worth half a cp. So say what's up in chat right above me here. Say hello. Grab a screenshot of it, right? The episode number, the unique identifier. Hey, what's up, Rob Cooper?

This. Guys, I don't even have team Sippy cup. I've got team largest cup of coffee they sell within walking distance of me. Oh, my gosh. I'm. I'm sorry, guys. I'm kind of a mess this morning. I. I really, really had a rough day yesterday and this morning came too quickly. I got to bed at like 2am local time. It's like 3am freaking East coast, guys. Every episode's worth half a CP. Grab a screenshot, file it away. Once a year, count those screenshots up, divide by two, and you know what you got?

B

Boom, boom, boom.

A

You've got up to 120cpes. So it's amazing. It's awesome. It's the easiest way. I just had to fill out my CPEs for my CISSP for 2024 and 2025. Oops. Oopsie. Ain't nobody got time for that. Guys, we are going to go through eight stories. They are over from the weekend. Right? So lot to pick from there. There better be something in there about react to shell because we talked about that a lot last week and how important it Is how am I awake? Jose Alfredo, buddy, the show must go on. You know what I mean? A 40 of me is. Is 40. You know what I mean? We gotta. We gotta do what we gotta do.

What was I saying?

Cpes. Oh, hey, if today's your first time, drop a hashtag first timer in chat. Hashtag first timer in chat. Let us know you're here for the first time. And. And I do apologize in advance if today's your first time. Usually I'm not looking like a train wreck and not doing this from.

A hotel room, but it is what it is. All right, guys, I can't wait to rip through these stories. Before we get into it, let me say shout out and love to this cup of coffee.

Oh, yes. All right. If you are in the Austin area, let's high five. Do quick shout out to the stream sponsors, those who enabled me to bring this show to you from Texas. Starting with.

Excuse me. Starting with flair. Guys, flair is killing it. If you go to simply cyber. Hold on, I gotta type with one hand. Simply cyber. I should have done this beforehand, but you know, I'm not Perfect. Simply cyber./.IO/, flare.

And hit return.

You will get.

Flares academies once a month. At least once a month. Flare academy is putting on these free webinars that are just unbelievably dripping with value and insight. And I'm a huge fan of end of the year stuff because you get retrospectives. And if you don't know what a retrospective is when you become an absolute grc type a dork. One of the best ways to level up is to learn from your mistakes. So you look back and figure out what happened in aggregate over a period of time. So a year is always a nice one and you can get insights ready.

Marcus Kyler. So check it out. On December 11th, 11am to noon.

Only one hour, which is stunning because state of the 2025, you think that they could do a full four days on that or four hours. Go to simply cyber IO flare. Register for this. It costs nothing to register.

And you will be understanding the shifting dynamics of the dark web. In 2025. You're going to get perspective on the dark web structure, the threat actors, the marketplaces, how it's transforming, and what security leaders need to know to stay ahead of emerging threats. Guys, if you want to be an absolute b O S boss at work, I'm telling you, attend this absor all the information and then spin it around and utilize it yourself, you're going to be an absolute boss. I promise you, Elijah, 60, 50 first timers. Ladies and gentlemen, can we welcome a first timer into chat?

You should be hearing the sound effects as well. Let me know if you're not hearing those sound effects.

Get some John McLean action on you. There we go. Lovely. Thank you, Elijah. And like I said, Elijah, this is, this is not normal. This is a hotel room. Let me, let me bump my. Skyler.

Like Blair Witch, like. All right, guys, we got a good one for you. Please, please.

Please bear with us.

But simply Cyber IO flare, go check it out. Also, anti siphon training guys, whether it's, you know, the end of the year or it's, you know, a Tuesday in May, anti siphon training is delivering massive value for practitioners to skill up, learn new skills. Whether it's digital forensics, SOC analyst, red team, blue team, you know, oint, they got it all. And right now they're running a very special special for fifteen hundred dollars, which is a big ticket item, but in the grand scheme of things, very reasonably priced. Fifteen hundred dollars, you get a full year of access to all of their course material, all of it. I mean, if you put the time in, you could get more in one year than you'd get from a undergraduate program, which would cost significantly higher than 1500. So I've been telling people, I've been telling people if you're, if your workplace has training dollars, burn them. A lot of times they reset at the end of the year. Go ahead and burn those training dollars on this. You get it now use it throughout the year. Level yourself up like an absolute boss. I love it. All right, let's hear from Threat Locker really quickly and then we're going to slide into the news. I also want to remind everybody that I don't research.

I don't research or prep for any of these stories. So I have no freaking clue what's going to happen. I can barely see my screen because I'm on these tiny monitors right now. But we're going to figure it out. Ain't nobody got time for that. That's right. Ain't nobody got time to research stories in advance. We ain't faking it up here with real. All right, let's hear from Threat Locker. I want to give some love to the daily cyber threat brief sponsor, Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to Cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threat locker.com Daily Cyber.

All right, awesome. Thank you, Threat Locker. It looks like my lighting's going to get jacked up. As the sun comes up here in Austin, I want to say what's up? To Mark King who said, what's up? Simply Cyber Fam. Heck yeah. And then Leon Elliott says, is jawjacking still a thing? Yeah, I mean I. I don't know if you took a break or something, Elliot or Leon, but yeah, we do jawjacking. We've done them. We've done jawjacking, which is an AMA and help everybody for. For years. Ain't gonna change today. All right, y' all do me a favor. Yeah, seriously, tech run. You damn right. All right, guys, do me a favor. For real, for real, for real. I wish you could see my screen right now. I am like, it looks like a toddler threw my apps onto my display. And oddly enough, this is the best situation that I can have. Sit back, relax, Leon Elliott. Relax. Mark King. Grab that recliner lever, pull it up and let's let the cool sounds of.

B

Spicy.

A

Wow wash over us all in an awesome wave. I will see you all at the mid roll. Let's cook.

All right.

Lines.

B

These are the cyber security headlines for Monday, December 8, 2025. I'm Steve Prentiss.

A

Alright, Steve.

B

New wave of VPN login attempts on Palo Alto portals. This new campaign started on December 2 and originated from more than 7,000 IP addresses from infrastructure operated by the German IT company 3xk, which operates as a hosting provider. The target is Palo Alto Global Protect portals and the activity has taken the form of brute force and login attempts to pivoting to scanning Sonicwall API endpoints. According to threat intelligence company Gray Noise. Notably, the Global Protect VPN and remote access component of Palo Alto Network's firewall platform is used by large enterprises, government agencies and service providers.

A

All right, so a couple things here. Obviously, maybe not obviously, but if you're running.

Palo Alto's Global Protect, which is VPN portal. So like if you're VPN into your organization's network or clients networks and they're running this Palo Alto Global Protect, there is potential that you could be at risk. Now I just want to point out really quickly, the threat actors are using brute Force attempts. Right? So like this is not a technical issue, all right? This is not like, oh, like this isn't the, like the react to shell problem where you've got to patch it, you've got to fix it, you've got to figure it out. This is much more.

Like, you know, threat actors are just brute force attacking it. You could like literally it. The fact that it's Palo Alto's global protect is irrelevant. Threat actors could be brute forcing Microsoft365 right now or AWS Portal or like Citrix Gateways. Like, like anybody can do brute force attacks, right? Like it's just trying to log in. So I don't know why threat actor like this wave of threat actors are attempting. They, they're. I'm assuming somebody got some creds.

But this is an opportunity to remind people why multi factor authentication is vitally important to have not a guarantee. Unfortunately someone messaged me yesterday that their Gmail account got compromised and they had multi factor implemented. But if you have multi factor authentication, when threat actors do brute force attacks on your systems, they're less likely to be successful to authenticate even if they do get your password correctly. Okay, so that's number one. This is not a change your pants because now, now you're carrying an extra couple pounds of weight downstairs. This is make sure that you've already done the best practices of.

You know, good credential hygiene, good, you know, basically best practices for authenticators. Right. Don't reuse passwords. Educate your end users on using password vaults if you can. That's a bit of, a, bit of a hurdle for some know less technical end users. My aunt Dorothea is the token end user. Right. Or Carl.

So. But if you can't do that, just have them. Dude. I'm a huge fan of passphrases. I'm a huge fan of passphrases. I understand the word password dominates the, you know, the vernacular for tech users or whatever you want to call it. But passphrases, they're easier to remember, they're longer, they have all the special characters and complexity and it, it's not a pain in the A. Right. So get up on that now again, if you are running PA global protect portals.

You might want to check your environment, make sure that you don't have bizarre logins if you can. I'm sure that there are.

Okay, so threat intelligence company Gray Noise is reporting it. So I bet you anything that there's like IP addresses or at least.

Indicators of where this is coming from. Okay, so unique IP addresses observed. Okay.

All right, there's a. Here. I'm just gonna. Jesus. I'm just gonna link to the story itself because I'm not gonna, like, watch. Have you guys watch me go through it, but go in there, check it out. There's probably an opportunity to, like, look through your sim and just see. Did I see. Eric Capuano's in chat? I. I show up in Austin, and Eric Capuano appears. I love it. What's up, Eric? All right, let's keep cooking.

By the way, I've just embraced my inner bane like. No, man, I expect you to read the stories.

All right, let's keep going here. Come on. Where's my music, dude?

B

Holds its largest ever cyber defense exercise, according to the record. NATO this week challenged around 1300 participants in a cyber defense exercise to guard against major attacks on critical infrastructure, including.

A

All right, hold on one second. Eric Capuano. Which, by the way, Blue Badge Eric Capuano. Thanks, Eric. Thanks for the support, bro. Eric says for VPN devices, use enterprise device certificates as well. So definitely a great practice. And if anyone is unfamiliar with Eric Capuano and you're like, who the hell. Why is he talking about this guy Eric? Eric not only is a friend of mine, but he's also an incredible. An incredible blue team defender, Air Force guy. So if you don't know about Eric Cap, you want to. Well, welcome to the party, pal. That's what I would say.

All right, let's keep going here.

B

Our plants, fuel depots, commercial satellites, and military networks. This was part of its annual cyber Coalition exercise and involved 29 allies and seven partner nations seeking to coordinate their responses. Seven major storylines. This was NATO's large ever cyber defense exercise, with most of the participants logging in from their own desks rather than traveling to a central location. It was directed by U.S. navy Commander Brian Kaplan.

A

All right, cool. All right. So cool. So, hey, even, you know, nations, right? This is. Guys, this is basically a tabletop exercise. Oh, my God. This is. I'm gonna have to close the blinds, dude. Let me light myself up for you guys. This is essentially a tabletop exercise. Like, literally, this is a wicket. Large tabletop exercise. So if you think tabletop exercises are boring and lame and not, they don't add value. NATO is online, too, and would like to talk to you.

So basically, they went through 29 different exercises, which is pretty stout, right? Like, I recommend, if you're going to do a tabletop exercise, do. Do one, right? One scenario and kind of like, you know, eat the Sandwich one bite at a time instead of overwhelming your staff. However, when you have 1300 participants logging in from probably every time zone, you know, you might as well take advantage of it while you have everybody so running through 29 different scenarios. One thing that they said that absolutely stuns me.

Is that they said everybody logged in from their desk instead of traveling to the location. Dude, it's 2025. Like, if there was like a, if there was like a massive issue that happened like today, right? Like, like whatever, one of these scenarios that they practice actually was realized. Is everyone gonna fly into like Belgium, like, hey, like, let's convene in Antwerp and get this sorted out? Hell no, dude, it's 2025. You're going to do, you're going to do your job from where you are. So whatever. I definitely love this. I do find it interesting that they would do these exercises, even though there's like an actual. Hey, thanks for the squad sub, Leon Elliott. Be sure secure.

There's like, you know, there's active like state on nation on nation conflicts going on right now. Russia, Ukraine, notably. So, you know, running these scenarios, I guess it's, it's still considered best practice even if you have an active incident that you're responding to. I guess. I don't know. To me it's just bizarre, right? Like if, if you were in the middle of an active incident, would you stop, would you stop responding to it? So you could go run a tabletop exercise? I guess that's one of the things about more complicated systems. But I literally can't just hold this light to my face.

For practitioners, there's nothing really here for you to do, Elliot Matthias. I mean, this is like about as cyber political as you can get, basically. It's not polarizingly political, but.

Let'S see what they did. By the way, multi day event need not only produce technical intelligence, but also engage with injects from the exercise administrators. Okay. Hey guys. So they said that they actually did some injects too. If you're, if you're new here, right, I think Elijah was a first timer, right? If you're new here, like one of the things that I promise you as part of this show, in addition to chat being amazing, one of the things I promise you is like, listen, you could read this story on your own time, you could listen to this podcast. Not me, but the CISO series, you could listen to it on your own time, right? So what, what's the, what's the value of, of being here? And that's that's what I want to tell you. Like, I, I promise you, we go beyond the headlines in order to give you additional value that you wouldn't normally get on your own or just by reading the stories. This is a perfect example of how to really run a tabletop exercise. They did injects. You should absolutely do that, right? Start walking. Let me just tell you what that is really quick and we'll go on to the next story. When you're doing your, your scenarios, right? Like, hey, like we've detected, you know, whatever ransomware on the file server, right? Well then, you know, Kevin's like, oh, we just restore from backups like next, right? You get some kind of like pouty IT administrator. Well then you can inject by saying, yep, you have, you have restored from backups. Kevin, great job. The threat actor also excel data and is posting samples on Pastebin right now. So there's really nothing for you to do at this point, Kevin, but leadership. What would you like to do now that the data is out there on Pastebin or like a reporter is calling for comment like, you know, don't be shy to inject and basically control the narrative? Black Hills Information Security does a great job with this with their backdoors and breaches. Essentially be a dungeon master for a D and D game. I know D and D has become like mainstream, socially acceptable. You control the narrative. You're trying to help everybody realize what could happen and then level up. All right, I go back into the shadows.

B

Hackers exploiting React to Shell bug.

A

Yeah. Oh, here.

B

According to a report from Amazon Integrated Security, state backed hackers in China are exploiting a vulnerability referred to colloquially as React to Shell, a popular open source tool built into thousands of widely used digital products. The vulnerability carries a critical severity score of 10 out of 10 and has been added to CISA's kev catalog. Amazon says exploitation attempts came from IP addresses and infrastructure linked to known China state nexus threat actors, but noted that attribution is challenging due to anonymization infrastructure among Chinese threat groups. Adding the speed at which the Chinese groups were able to operationalize public proof of concept exploits underscores a critical reality of how quickly sophisticated threat actors can weaponize them. End quote.

A

All right, this is UK Bart's Health and if anyone in chat, any defenders in chat have anything that they can share publicly about this situation, please do it in chat to help your fellow people. Guys, we talked about this last week when this went public, okay? I don't do it very often, but once in A while I'm like, listen, you gotta stop the show, stop the podcast. You've got to go look into this and figure out if you're at risk and then get it sorted out because this is going to be bad. We said it last Tuesday, I believe, and here it is, you know, a week later. And you know hackers, it doesn't even matter if they're Chinese based or not, it's irrelevant. Hackers are exploiting it. This server, REACT server components is a very critical piece of technology. It's in 50 million websites and based on what I just read in the story here, it essentially is like kind of a key, you know, like infrastructure piece of websites and it holds, it holds access or it enables access of secrets, which is like obviously not something you want threat actors getting access to. Okay? There are POC exploits that are publicly available.

And obviously they're being weaponized. The story goes in to explain what React does. Justin Moore, who's a senior manager of Threat Intel Research at Palo Alto's unit 42, which is super dope, said that React server components are used for the heavy lifting and secret keeping of websites and dashboards.

So guys.

This is not good, okay? I don't have the technical details on how to discover if you have this vulnerability in your environment, but you can see here as an example, one threat actor tried to exploit the bug 116 times in an hour. So every 30 seconds, basically with different exploit payloads. So they probably had some proof of concept but they weren't able to successfully get, you know, a malicious payload to push through. So I mean it's not trivial to exploit. But certainly threat actors, some threat actors have figured it out and are getting after it. So I'm telling you guys this, this is going to be, unfortunately this is going to be worse before it gets better. You yourself at work, the environments that you're responsible for, you should absolutely make sure that you are as secure as you can be. And then I would go even a little further if you feeling it.

Is.

Any, any like critical, any, any like tech where your data is. And again this, this is like a much more mature, difficult problem. This is third party risk. This is like, you know, you have like a bundle of sensitive data stored up in some, some area. You could, if it's easy enough to publicly tell if this vulnerability exists or not, you could technically look at some of your event supply chain partners and see if they are vulnerable. Just be careful. Don't, don't, don't, don't do anything illegal, right you're not allowed to, like, exploit your supply chain partners to see if they're vulnerable. That's not a good practice. I know. Hey, guys, you know what? Listen, I do what I gotta do, all right? I do what I gotta do for this show. And right now it's either close the blinds and lose this beautiful Austin Vista, or it's hold this light on my face. And this is what we're doing here. This is what we're doing. This is. This is simply cyber. All right, let's go.

No, Batman. I do like that Bane is my alter identity.

B

Today, National Health Service discloses Oracle related data breach. The organization, based in London, has disclosed that Klopp ransomware actors stole invoice data from a database by exploiting a zero day flaw in Oracle E business suite. The breach exposed names and addresses of people who paid for treatments as well as some former staff and supplier information. Data relating to accounting services for a neighbouring trust was also taken and later leaked on Klopp's dark web portal. Although the theft occurred in August, Barts only became aware in November. The trust says clinical systems were unaffected and has notified UK authorities. Affected patients are advised to review invoices and watch for suspicious communications.

A

All right.

Yeah, I mean, whatever. Klopp ransomware. Like I. Like I said, guys, I've said it multiple times, it's the most ridiculous thing. But like, if I was going to get a hockey jersey of a. Of a cyber threat actor, I mean, obviously I'd have flaming donkey. But if I was going to get like an alternate jersey, I'm signing up for clop ransomware. I don't condone or promote any of cybercrime activity, but I do appreciate co op ransomware's approach to cybercrime. They select their victims deliberately and then they get like a good foothold on an exploitable piece of tech and then they just maximize value on it. They did it with Progress's MoveIt software. They did it with Clio. Not to be confused with Madam Cleo Call now Madam Cleo drink. But. And now they're doing it with this Oracle EBS issue.

Multiple Ivy League schools had implemented it and it looks like this National Health system got it. All they did was steal invoices, it sounds like. So that's not really as bad as other.

What is going on?

It's not really as bad as, you know, stealing your sensitive information. I mean, you, you, you technically don't want people to get your invoices stolen, but if I had to, it could be weaponized for Business email compromise. A lot of people don't. A lot of people don't.

I, I guess, realize or think about it. But ransomware reigns supreme. Is like the, like the threat that we need to worry about. But business email compromise is like a sleepy juggernaut number two, right? So just be, you know, be aware. I mean, here's the deal. I bet you if we look at this story, I bet you this breach happened in, like, August or September, and Bart's Health Hospital is just figuring it out. Speaking of Bart.

Let'S see.

Let's see. Yeah, you can see. Here's all some of the victims. Logitech, Washington post, Harvard, Dartmouth, UPenn.

It doesn't say when it happened, though.

I guarantee you it happened in August or September. If this happened in December, then whoever's in charge of information security and it at Bart's Health needs to be evaluated for their performance because this has been like a huge, well known story for months. So it's kind of gross if this did get hit. All right, let me. Let me just do a quick little for fun. For funsies.

All right, there we go.

All right, if you know. If you know, you know. Okay, let's keep going.

B

Huge thanks to our sponsor, Adaptive Security.

This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Deep fakes aren't science fiction anymore. They are a daily threat. So here's a quick tip. If your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI powered social engineering attacks. And you can learn more at adaptive security. That is adaptive security. All1Word.com.

A

All right, all right, hold on one second.

B

Virtual kidnapping.

A

All right, let's go ahead and blow out the copyright. I feel like it's a good time to do it.

All right.

Zoom in. Can you, like, hold on? There we go. Listen, I'm gonna. I gotta close the blinds, guys. Like, it's not. It's ridiculous that I'm in the dark. I look like I'm. I look like I'm, like doing like a. A ransom. Like I'm holding somebody kidnapped. And I'm like telling you that my ransom demands in the dark. Give me a second. And love.

B

Strange, surreal and dark.

A

Think of the tender things that we were working on. Slow change may pull us apart Wanna get in your heart, baby don't you.

Forget about me.

Okay.

We got some harsh shadows here, but we're all right. Yes, okay guys. Hey, what's up? I want to say thank you very much all of you. I know the, I know the, the, the, the mobile shows are always, you know, a grab bag and interesting. So hopefully you guys are enjoying it. I certainly am. I want to say shout out and thank you to the stream sponsors again. We had Threat Locker flare in anti siphon but don't sleep on. Barricade Cyber Solutions. Barricade Cyber Solutions with their 4 to 55 webinar series is bringing value to the masses. If you would like to learn how to properly secure and harden your Microsoft 365 environment.

Come check it out because on December 17th Eric Taylor and the team at Barricade Cyber are getting their compliance on joining the GRC mafia. You'll be able to learn how to enable the unified audit log for full environment visibility, discuss use cases and demo label applications across apps and workloads. What you're going to be able to activate advanced classification and endpoint protection and DLP settings. Guys, you're basically going to be able to learn how to properly secure for compliance purposes in M365 instance. Go to webinars.barricade cyber.com today to check it out. Guys, every single day of the week has a special segment and Mondays is Simply Cybers Community member of the Week sponsored by Threat Locker. Threat Locker takes the deny by default approach to cyber security, which is phenomenal. And they also sponsor this segment, which means not only do I get to bring light to one of our community members, but I also get to give them a prize. 100Amazon gift card or about 100 bucks worth of Simply Cyber merch. Their choice. And we got a banger today. I'm gonna give it right here, guys. Ladies and gentlemen, he popped in chat. But let's say Eric Capuano is our Simply Cyber Community Member of the Week. I mentioned it a little while ago. This guy right here, yes, he's a very, very seasoned practitioner, but he does so much more than that. He is the guy who wrote the blog post. So you want to be a sock analyst. Him and Whitney Champion together.

Run the blue team village at defcon's ctf where they have in the past, he, he like has come on the show and mentored and answered people's questions. He's one of. Dude, he's one of the real ones. Okay? He is just an absolute stud and we have collaborated on multiple projects over the years. So Eric, thank you. Thank you for being awesome. I'll connect to you. Everybody else that's Eric, let's get our LA. LA's on. Let's go, let's go, let's go.

B

LA.

A

All right, all right.

So good, so good. All right guys, let's get back to work. Finish strong. Yeah.

B

Scams gaining popularity. A new and rather heinous twist on cyber extortion is the virtual kidnapping scam in which criminals alter social media photographs of people as proof of life as they contact family members of the individual with a ransom demand. According to an alert from the FBI, this campaign can.

A

Travis is asking for the link to the SoC analyst post. Yeah, just Travis asked me. At the end of the show, we are going to do a 30 minute jawjacking and then we can holler at.

B

That also include scraping images from legitimate missing person alerts as well as choosing regular non missing people as part of what the FBI calls emergency scams. Naturally, some of the threat actors use AI to alter the photos into short videos, threatening violence if payment is not forthcoming, and. And using timed messages that disappear quickly to avoid victims scrutinizing them too closely. Pharma firm innotive.

A

Yep. So this is a real thing, guys. And you know, listen, like talking about, talking about people, like, here's the thing, when you talk about really kind of dark, serious topics with people, it's always awkward, right? So like say you're, you're, you've got like an elderly, a family member and you're like, hey, let's talk about what happens when you die, right? Like, how do you want to, what do you want us to do with your house? What do you want us to do with your car? Like, you know what I mean? And like people don't want to talk about it. Here's another one. Like, listen, I don't want my kids to get kidnapped, obviously, but scumbags are doing this thing right now where they're using deepfakes and social media.

You know, content to simulate it. We had Perry Carpenter. Unfortunately, you can't go back and watch it. We had Perry Carpenter on the show showing how he can make AI and deep fakes run in real time. And if you caught that show, I had to delete it because it was just too, it was too hot to handle. It was like, I don't know, like.

It just, he had like Santa, you know, he had Santa Claus saying some horrific things about, you know, your child that he had, that had been kidnapped. So like.

If you went to B sides, Charleston, the keynote speaker, she talked about being a victim of this particular attack and she's like a senior you know, threat intelligence person at CrowdStrike. So anyone can be victimized. So don't think that, don't think that you're like, you know, too, too good for it or too smart for it. This is a very, very intense thing and it's only going to increase because honestly.

It'S very low stakes for these threat actors to, once they get the infrastructure to scale up and get the, and just do this at scale, right? So when you talk about like, oh, you know, what's the big deal? Like they only got like X amount of data, right? You guys know, remember power school attack? 85% of the K through 12 schools in the United States use Power School. They got hacked last year or this year and a bunch of data got out, right? And you're like, oh, what's the big deal, right? Well, here's the big deal. That's a ton of information on like, what's your kid's name, how old they are, right? This information that can be utilized as recon into a crime like this. So getting back to the point of having these tough conversations, I mean, at a minimum, you know, if you can like have, have a code word, you know what I mean, with your kids or with your family members.

And remember, it can sound, it can sound like your kids, it can sound like, dude, there's a million hours of footage of me talking, right? So like my voice can easily be cloned, right? That's why you got to protect your kids, man.

I don't know, I gotta tell you, like on a personal note, my, my, my oldest kid wants like an Instagram account and just me and, me and Mrs. Ozer are like, absolutely not, dude. He's like, what's the problem? It's like, you have no idea. You have no idea. And like, there's like many, many reasons why we're not allowing it, but this is one of them. So anyways, educate your end users, educate your family. I know it's the holidays and you're all cutting, you know, a honey baked ham up, but you got to have this conversation.

B

Man Discloses data BREACH FOLLOWING August ATTACK following up on a story we covered in August, this particular pharmaceutical firm's inotiv now notifying its current and former employees, their family members, as well as certain other people who have interacted with the company or with the companies it has acquired that the ransomware attack that occurred in August has resulted in the theft of data. The company has not yet shared publicly which types of data were stolen during the incident, nor has it attributed the attack to a specific cybercrime operation.

A

Well, I have a. I have a very good friend who works. He's in charge of cyber for a pharmaceutical company.

I would absolutely send this to him right afterwards. Here's the deal.

Again, I hate to be so flippant about this, but here's a pharmaceutical company that got hacked, but it's our data that got stolen, right? So it doesn't sound like this is super impactful for the business. Right. I'm sure they told shareholders that everything's fine.

It did interrupt business operations. Okay.

And see, the reason that they're having to do is because as. As I guess they're a publicly traded company, which means they have to disclose these things to shareholders. I bet you anything.

Usually they'll come out and be like. Like, we didn't. It didn't impact, you know, like, we're still making money here, so don't worry about it. The Chillin or killing ransomware Gang. You tell me how you guys say it in chat. I say, I guess. What would I say? The thing is, I say Chillin in my head when I read it, but I think Chillin is way too cool a ransomware threat actor name. So I don't want to give them that. So I'll put it as killin. All right?

160,000 files, 170 gigs, whatever.

Here's my thing.

The Chillin Ransomware gang is definitely.

Highly effective. You can see here. I've never heard of this pharmaceutical company, right? But they. Their victims include.

An Australian court system, Lee Enterprises, which I think is, like, a big publisher that was, like. That was like a year and a half ago. Synovus, which many of you have heard of. So they can get in there and do pretty impactful stuff. I am kind of curious how this. Here's another, like, little technique that I like to use, right? I like to take the company and then say stock price again. You got to remember, guys, like, we're business enablers. So, like, how impactful is this to the business? Their stocks trade at under a dollar.

All right, so you could see here over the six months they suffered the breach in August.

This is interesting, man. They have had a 73% stock in drop in value in the past six months. So the joke's on. The joke's on. Chilling. Ransomware gang. This company was floundering before they got popped because they got popped in August. And you could see here they were actually slightly.

On the come. And then now they're just, like, listing into nothingness. So.

Looks like InnoTiv has a bigger problems than just a data breach.

B

Porsche outage in Russia locks down cars According to owners and dealers in the country, hundreds of Porsche vehicles became undrivable after their factory installed satellite security system malfunctioned. The outage included sudden engine shutdowns and fuel delivery blocks after their cars lost satellite alarm module connectivity, leaving all models at the risk of self locking. The problem appears to be caused by the vehicle tracking system vts which is an onboard module and can affect every model of the brand. Some users have been able to implement a workaround by disabling or rebooting the VTS system while others succeeded after disconnecting the battery for a few hours.

A

Bro, if I spent like 80 grand, 90 grand, 100,000, whatever, whatever these Porsches cost, right? If I, if I, if I spent an ass load of money, sorry, if I spent a ton of money on a Porsche and then I had to get out and disconnect the battery, I'd be ultra pissed, dude. Hey, here's the thing. You know, get, get a complicated system and you know, the more complexity you introduce into something, the more potential is for faults. The fact that this failed closed is interesting. So the story itself is that this security system on these cars ended up causing them to basically do a denial of service attack because they, they bricked them by not allowing fuel to flow or locking the doors so the owners of the vehicles could not get in. Okay, I mean here's the reality. Any security system can be utilized in a way that.

That prevents you, the rightful person from being able to access it. This has been like a plot line in multiple movies over the years. Like think of like.

Friggin like Jurassic park, right? Newman there, you didn't say the magic word, right? Like Newman had control and then he like released all the locks and stuff so the dinosaurs got out and all that, right? So like these things can happen. Here's what I would tell you just to go beyond the headlines and give you guys value. When you develop a system or when you implement controls, or when you're evaluating purchasing a solution of any sort, you should confirm what happens if it fails. And I'll give you a perfect example, okay? If you have an Internet facing firewall, if that firewall fails, right? Like it fails hardware failure, whatever, does traffic continue to pass through? Good firewalls will have two, two plugs, right? One is going through the firewall and all the decision making trees and stuff. The other one is just a direct path, just, it's just straight line, nothing to do with the firewall. And what happens is in the rare event that the firewall fails, it fails over to this direct straight line of, of data flow and just allows it to cook. This way you don't have a denial of service attack on your company's infrastructure of anyone going out to the Internet. Okay, like that's a perfect example. Now if you have a crappy firewall and it fails you just all of a sudden you're, you're bricked and you're like, oh, what's going on? This is interesting also, if you're into car hacking, I know that there is a sub culture of or sub faction of people in simply cyber community and at the larger CY security community that have gotten into car hacking. This is a great one. Now this sounds like it's more around the corporate IT infrastructure that provides access to remote in and you know, see your car on a map and stuff like that. So, you know, I don't know if necessarily attacking the infotainment hub on the Porsche would result in any value for this, but it's all in the same kind of ecosystem.

Yeah, it is interesting. I mean, just to play it forward, I mean, you could weaponize this in a situation where you get someone and then lock their car, shut it off and lock it so they can't get out or find where they are, unlock it, steal their car, right? There's a couple different scenarios where you could do this. I mean, if you really wanted to get really nefarious.

You could wait until they were in like a. More sense like you know, on the highway doing like 90, and then shut their car off.

So.

Let'S go.

B

Organizations warned to choose their next CISO wisely. According to an article posted in Dark Reading by David Schwed, COO of Sovereign AI, we are enjoying a global CISO hiring. This is due to an increase in the number of AI labs, cryptocurrency exchanges and financial institutions who all need one. The article, however, warns that companies and organizations must choose between two very different archetypes of ciso. This means that choosing an engineering focused CISO over a holistic CISO can be risky. In short, he says an engineering focused CISO treats security as solely a technical problem, which can build clean architecture and preventative controls. But this approach often just moves the risk with attackers exploiting weaknesses elsewhere, such as human workflow gaps.

A

Buddy.

B

A holistic ciso, by contrast, understands security as a broader system involving people, process and technology and designs for resilience, not just prevention. A link to.

A

Okay.

I, I think.

I'm not gonna, I'm not, I'm not gonna fight this guy. All right, David Schwed COO at Sovereign AI. You know, good take, good take. Basically this has been an, this has been a reality for, for years. Okay, so what, what they're saying here is that a CISO can either be tech focused or business focused. Okay. I've never heard the term holistic ciso, but typically it's usually a business person or it's someone who came up in the ranks of IT or cyber and they just have been there long enough and have a little bit of polish to them, so they stick a CISO title on them. Or, you know, like the, your, your insurance carrier was like, or, you know, your insurance carrier, you're trying to comply with Fisma or whatever or Fedramp or. And they're like, someone has to be the ciso. Like, you have to have someone own that role. And they're like, jerry, you've been here a while, right? You're the CISO now. Good on you. Right? So the CISOs can be, can be either of these two types. What I would argue is I disagree that you have to pick one or the other. I disagree that there is not some business savvy, engineering background, business person who can handle the role of ciso. Right? Like Joseph Sullivan was the CISO at Uber. I'm pretty sure he's got some technical chops and he was able to navigate, you know, a very political landscape. Right. Even, you know, well, maybe, maybe not super effectively since he was the one left holding the bag after the.

After that debacle where they got hacked. But.

Misty, I going to fight. Thank you. So anyways, the reality is, I guess if you, if you want, according to this story, if you're ready to take the next step and become a ciso, I guess there's a ton of CISO jobs out there right now. I mean, AI is. Here's the reality, okay? This is what I think is happening right now. AI is exploding. And venture capitalists and angel investors, people with money have been sitting. Their money has just been sitting, right? With all these tariffs and all these other things, people have been sitting on their money and they want to make like, dude, when you have a lot of money, so I've been told, certainly not first person experience here, but when you have a lot of money, you want to invest it in, in businesses and in startups and stuff like that, because you can make money with it, right? So with AI, explosion has caused all sorts of these businesses to crop up. And now because they're touching tech and everything, the, the investors are like demanding that someone be responsible for information security because it's 20, 25 and we figured out that it's important. So there's a ton of jobs out there. So what I would say is if you're, if you're looking so job, now could be the time to get one. But also, I don't know, I just, I, I patently push back on this concept that you have these two archetype of CISOs and that's it. I feel like there's, there are other ones out there that could be a blend of this. Right. Also because I came up on the tech side personally, I think that the, the business focused like lawyer that is ciso, or the business focused like risk officer that's responsible for cyber isn't necessarily the best equipped for, for, for running the information security office because I, I just think that they can't reconcile what, what is possible and what's not possible. Although I will say if you have a great, great technical lead like an architect, they can certainly help you out. All right, let's go.

All right, guys.

That was your daily cyber threat Brief podcast episode 1019. Live from Austin, Texas. I was your host, Dr. Gerald Ozier. I hope you got value from the show. I really do. Shout out to Kathy Chambers. Shout out to Eric Capuano, our Simply Cyber community member of the week. I'll connect with him on his prize. Don't go anywhere, guys, because we're going to be doing Jawjacking in just a minute. Jawjacking is a 30 minute AMA show where I do everything I can to help you be your best. The first thing I'm going to share is Eric's so you want to be a sock analyst? Blog. And we'll do so much more if you got to get out of here. Peace out. Thanks for, thanks for being here. And again, thanks for understanding that when I'm on the road, the show is going to be like this. All right? It's got its charms. Okay, I'm Jerry from Simply Cyber. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field. Live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.

All right, what's up, everybody? Welcome to Jawjacking. I'm your host. One thumb, one mic, two turntables and a smile. Jerry guy coming at you live. From Austin, Texas. Got in about 2am last night. I like, literally, like John Candy. Planes, trains, and automobiles yesterday. Freaking fog in Atlanta ruining everything.

I did spend some time at the blue Moon, you know, cafe or whatever it is there in Atlanta next to gate B9. Made some friends, dude. Jawjacking is an AMA show. And the first thing I want to help people with is Eric. Cap, you want to. So you want to be a sock analyst? Blog. Let me see if I can get that. I have to type with one hand.

All right, so you want to be a sockiness. All right, check it out.

Eric Capuano, sub stack. So you want to be a sock analyst now. He has updated it since March of 2025. I'm gonna drop a link to it. This is one of the projects that Eric and I, I guess, partnered on. I mean, I feel like that's disingenuous. He did this, and then I made content on top of this. So basically I'm like, eric, are your shoulders strong? And he's like, yeah, I'm pretty strong, dude. And then I, like, got on his shoulders and made a bunch of content. So I'm gonna drop a link to this. There has been a small change. I think it was somebody named Travis who wanted this. Travis B1X. There you go, Travis. There was an update, so he's updated it 2.0. The reason he's done this, okay, is because.

He'S basically put this in a course. So now it's a pay what you can course. But the whole reason that he did this is so you don't have to set up your own lab infrastructure. He is taking care of it. Him and Whitney have taken care of it over a digital defense institute. And you could see, here's everything. Now it's pay what you can. They have a suggestion value of 50 bucks. But it's pay what you can, guys. I'm telling you right now. If you want to, like, a cheat code on how to get real dope skills from a, like, a couple bosses in the space, Eric and Whitney, this is it right here. This is. This is step one. All right, Great stuff here. There we go. Eric, thanks for sharing the blog and the resources. All right. Whoops. Hold on. Let me get back to jawjacking. All right, if you have any questions, drop them in chat.

I'm looking at chat right now. Let's see.

Jesse said I want to. I would like to attend this next time I am in Atlanta.

All right, Jesse. That's cool. I'm at cyber marketing Con. I think it's the name of it. Josh Mason's here. I saw him floating around Roswell UK says, is anyone attending B sides London this weekend? Chad or anyone in chat doing B sides London? You can hang out with Roswell uk. I'm sure Roswell UK will give you a funny, funny joke. Okay, it looks like the it's pay what you can, but the minimum price is 15 bucks, which I guess makes sense. There is cloud infrastructure on the back end that costs money, right? So.

Bruise and Hack says, what is your masterclass way of how I should explain why I don't have any aspirations to become a ciso? When I'm asked, I already have anxiety, and that would just put too much pressure on me, I guess. What would I say if someone was like, oh, like, Well, I mean, if someone asks you your career aspirations, you just don't even have to say ciso, I suppose, Ryan, if they were like, you know, do you want to be a ciso?

Honestly? Listen, here's the reality. Like, I know this, and I know other people who know this as well, okay? I always wanted to be a ciso, all right? Like, that was my goal. Like, to me, that was like the finish line. I got in the seat. It's more business than it is cyber. It's like spreadsheets and people management and like, it's. It's like one. It's like one quarter cyber, okay? And it's like. Like at larger organizations, it's a lot of, like, political infighting and Game of Thrones and stuff like that. So what I would say is, like, you know, I guess if someone asked me bruising hacks, I'd be like, listen, I absolutely love cybersecurity, and I love delivering on the mission of cybersecurity for my business. Stakeholders and organizations.

Naval me cyber risk for the organization. And I just don't have aspirations to be a CISO because I understand that role is incredibly important. But I think that I can deliver the most value to you or to an organization in a more technical role with my hands in the weeds of managing the cyber risk versus managing the Office of Information Security. That's how I would say it, honestly.

Holy crap, we got a win here. Extra Dexter. Phil passing CISP. Nice job.

CODRA with the TI85 coming in hot. Drink. Let's see.

All right, I'm scrolling for chat. Let's see what's up.

Dude, Chicago. Chicago is cold.

Eric and Whitney have made it a minimum $15 simply to pay for the compute infrastructure underneath. Like, they're trust Me they're not doing it to like, like we're gonna retire on this.

Okay. Sierra Montgomery's doing a little bit of.

What was that movie called? Frozen. Yeah.

Lazaro, my man, 29 months. Appreciate all you do for the community, Dr. Ozer. Thank you. Lazaro. One of our, one of our classic cases of came to the community, put in time and absolutely continues to dominate. Well done.

All right. Continuing to look at chat.

Oh my God. Okay, so bruising hacks is saying that someone took took. The fact that he doesn't want to be a CISO is that he has no drive to succeed. That person is an absolute obtuse nitwit.

All right, here we go. Amish Runway says got my second private invite on bug. Crowd had a family emergency so I hadn't been able to do anything, but I will. Felt so good. Awesome. Super pumped for you. That's a win. I also want to say really quickly, for what it's worth, Amish Runway runaway actually contacted me. We were going to make a like a side by side video of doing like a bug bounty. Like you know, basically she would be in the seat and I would be like the, the newbie. I just don't have time for it. Which is unfortunate because it'd probably be a cool piece of content. But. All right, guys, I am super excited. Starting well, hey, really quickly, if you didn't know.

Let me see where it is. I hope you can join us on.

December 19th at.

I don't know what time. 1pm I think noon. 1pm December. Oh, noon Eastern Time. On December 19th at noon Eastern time, I will be running my quarterly meeting. It's like an all hands call, a town hall, whatever you want to call it. All hands for state of simply cyber. So if you would like to know what's going on with Simply Cyber, kind of like what can you expect in 2026? What are the goals I have? What, what can you get from the community in 2026? I do this literally. I'm going on a two week vacation right after this stream ends and I'm so excited. I haven't taken a vacation in 16 years and I can't wait. But I do want to let everybody know what they can expect. And you know what happened in 2025. We had a lot of good stuff in 25.

And then 26 is going to be an absolute banger.

26 is going to be good, guys. Simply Cybercon is going to be friggin lit.

And then just some of the things I'm Doing for the channel are going to be pretty exciting. Kathy Chambers has been helping me. Kimberly has been helping me. And just, I think you guys are going to be very pleasantly surprised. I've already got a bunch of content produced that's going to drop in January.

Let me. Hey, let me. I'm going to continue to look for questions, but I've been sitting on this idea for a while and now that.

And hold on one second. So there is a question. Why no sippy cup yet? I forgot to pack it. Yesterday was kind of a hot mess. Express. If and if you don't know, I have a travel coffee cup that looks like it's for a toddler.

And it's Team Sippy Cup.

All right, guys, let me tell you, if I can. Let me tell you about a video series that I'm doing.

That is awesome. I've been sitting on this. I've been, I haven't said it publicly because I've been afraid someone was going to steal it. I think it's that cool an idea. But now we're so far down the road that my content's going to come out before anyone could possibly produce it. So I'm going to tell you guys. Okay, you ready? If you're stuck around, you're going to get some inside scoops here. All right, hold on. Roswell uk. Let me flag that question. All right, check it out.

I have a video series coming out where I sat down. I prepared five GRC interview questions. Okay. And then I interviewed.

Someone who is working and aspiring to become a GRC analyst. So they don't have the job yet, but they are, they are applying to junior level GRC analyst roles. I also interviewed someone who has three years of GRC. They're an active GRC analyst. Three years of experience. And I interviewed someone who has 12 years of GRC experience and I asked them the same interview questions. Each video is one question and I show you the, the aspiring analyst's response. And as she's responding, I pause the video and I critically analyze constructively, obviously not maliciously, I constructively analyze her responses and provide insights and feedback. Then we watch the three year person and I critically analyze and point out pros and cons. And then finally the 12 year GRC professional and we analyze her responses. So each video is one interview question and you get to play along and we've already, I've already got three of the five questions produced and it, they just. I, I'm excited. I'm very excited. Not only do I think it's going to help each person who watches it interview better. But you can kind of play around, play along because you get the interview question yourself at the beginning of the video. So you get to say, oh, how would I respond to this? Or whatever. And then you get real feedback. So for anyone who's ever done a job interview, and then you get no feedback from the interviewer and you're like, what the hell? Like, I didn't get the job, but like, can I get some feedback, bro? This video series is going to do that in an unbelievable way. To the point where I'm like, that's a perfect answer to this question. You should do more of that.

Or here's a problem, right? Even, even like some, some kind of meta problems, right? And all three of these people are simply Cyber Community members, which makes it even cooler.

All right, I am excited about it. If, if the series works out really well, I'm going to do it for pen testers. Except I'm not the one who's going to do the critical analysis. I've asked someone from the community who's like a 25 year red teamer to do it. And then oddly enough on this on, I want to do a sock analyst one too, and I haven't asked him yet, but Eric Capuano is the guy that I'm going to ask to critically analyze the, the interview responses for the SOC Analyst 1. That's not why I, I asked him to be Simply Cyber Community member of the week. That's completely coincidental. But yeah, so that's what's up. Get some of that. All right, let's see really quickly on the comments. Roswell UK says, Ever thought about a simply cyber rundown of 2025? Maybe like a Spotify unwrapped review of the year? No, I haven't thought of that. I mean, it's a cool idea. Roswell uk I certainly like it. When I got the Spotify, the YouTube and the Discord one, I barely had time to put together a special 1000th episode of Simply Cyber Staley Cyber Threat Brief. I, I, there's no way I could possibly put together a Simply Cyber rundown. It's a cool idea. Just I, it's beyond, it's beyond me. What would be in a Simply Cyber wrapped? I don't know. That's a good question.

All right, here we go. I'm, I'm scrolling through chat right now.

All right. People seem to think that that's a very cool idea.

Abraham Lincoln hat, Space tacos. That's very funny. Esco07.

Well, hey, S. Cole07, I hope you enjoy the video series that we're launching in January.

So I guess just to kind of keep giving you guys more, you know, insights or whatever, starting in 2026, there will be a video produced video dropped on Simply Cyber's YouTube channel every single Sunday at 4pm I think we decided. So every Sunday in 2026. Every Sunday in 2026 there will be a produced video drop. And I've already got these three videos at least produced, so they will, they will be dropping in January. In fact, I can just tell you Right now.

January 4th is when the first video is gonna go. The first of these videos that I, I'm talking about.

All right, what's the best Linux distribution to run that is similar to Red Hat?

I mean, I don't know. I mean, Linux distributions are your own. When you say like Red Hat, I mean, I'm not sure if you mean like, like the same kernel that Red Hat uses, but personally, I, I don't know. I run Ubuntu when I run Linux, which I don't do very often.

I, you know, I guess the only time I really run Linux is like I have the Kali Windows subsystem Linux installed on my boxes. Like, it's. There you go.

All right. Continuing to look at chat. All right, Bruising. AX is saying Fedora is pretty good rocky for learning enterprise sysadmin skills.

Roswell UK is saying made Patreon with early video drops. We could certainly. I'm not opposed to that. You know.

How much RAM would be ideal on a laptop for cyber needs? I mean, it, I mean, depends what you're doing, right? I mean, cyber isn't necessarily extra demanding. There's a lot of SaaS applications. I mean, I would just get as much RAM as you can, you know, 64 gigs. I'm actually kind of curious how much RAM my laptop has. I'm pulling up my. I'm pulling it up.

Bro.

I think I just bricked my machine.

All right, I, I would, I would say there's no minimum, right. Ideal would be as much as you can get.

I'm looking at my machine right now. Who asked this question? The Velvet Bandit.

So my machine has 32 gigs of RAM on it, right. And I, I haven't had any problems, so I wouldn't go below four gigs. But it's not really for cyber needs. It's like, it's more like, just for, like, using a computer. All right, thanks for the sub. Abdul.

Do you prefer a tablet no.

Okay, so Roswell UK agrees with me here, right? 16 minimum, but as much as possible. Yeah, more RAM, the better. Dude, push the slider all the way to the right.

Okay, so Kyle. Kyle says 16 ain't enough for virtualization. For a home lab 100. I mean, it just depends on what you're trying to do, right? That's not a home lab. Isn't cyber needs. I mean, it's like. That's like learning needs, right? So.

All right.

MacBook 8 gig is plenty. So Amish Runway saying that, you know, on a MacBook 8 gigs.

Justin, one mortgage worth of RAM. That's hilarious.

All right.

I'm looking at chat right now.

Oh, all right, guys, I'll be. Hey, listen, just another, like, I guess, status update for the the. For the Die hard Simply Cyber community members up in here. I'll be traveling on Wednesday. My flight's at 8:00am local time. So Daniel Lowry has agreed to host the show on Wednesday. So you'll get some Daniel Lowry in your Life this Wednesday, December 10th.

Roswell uk. Don't forget, on the Simply Cyber Discord server, there is the con channel. The con. Not to be confused with. Not to be confused with William Shatner's con. All right. Drink.

All right.

Micron is stopping making crucial. Guys, here's my thing. Crucial is a RAM manufacturer. I've never. You tell me, guys, like, I've never been like, oh, like, I better get this version of ram. Like, dude, like, to me.

RAM is commodity hardware, right? Like, it's like.

I don't even know what RAM I have in my box. You know what I mean? Or if I bought ram, I just buy like a legit one, right? Like, I mean, I'm gonna open Amazon right now and like, look at ram. I probably have bought some. Like, Let me see this Amazon.

All right, I'm typing in ram.

Okay, here we go. Samsung, right? I wouldn't buy some bizarre. No name one. But like.

Samsung. I feel like Samsung is what I buy. Corsair is another one.

You know what I mean? Like, I'm not. I don't know. Am I mistaken? Is there like, noticeable difference in ram? Like if you buy some weird. Weird named one. Yeah, it could be. It could fail, but for the most part.

Okay, so Code Brew is saying that it's. It's more about fair markets. Okay, I got you. Capitalism.

Okay, I guess AI is killing the RAM market. Dude. It's the same.

Do you remember when like GPUs were friggin out of control during COVID People were either baking sourdough bread or grinding on crypto.

Okay. Ray W. Is saying the mini PCs from B link are pretty good. I actually bought one of these, like, mini PCs to run security onion on my home network. It's been, it's been pretty good. Just sits there, kind of a headless unit.

I, guys, I gotta tell you, I did not have RAM dominating the conversation on my bingo card today. But this is great.

Video killed the radio star and crypto killed the gpu. Nice. Phil Stafford also drink.

Oh, my gosh. Guys.

Definitely appreciate y' all being here.

Bummed out. I had to close the blinds, but, you know, it was turning into a.

You know, a ransom demand video.

I am at cyber marketing Con here in Austin, Texas. I'll be running around. I'll probably post some stuff on social media about it a little bit later.

I'm tired. Guys, I'm so excited for this vacation. My wife doesn't believe me. She still doesn't believe me that I'm gonna take it.

I don't know. Let me, let me get, I'm curious what people think. So I, I was talking to my wife and I was like, how do you think I'm not going to take this vacation? She's like, so you're not going to check your email once? You're not going to reply.

On, on anything work related? And I, I, I mean, I guess that is truly unplugging in my mind. I was like, oh, I'm not gonna stream, I'm not gonna take business calls.

But, like, is it considered a vacation? If you check email.

I'm gonna be in the bathroom for like three hours. What are you doing in there? I'll be right out. I'll be right out. Slide your phone under the door. No.

All right. Hang in there, Jerry. Thanks. Sierra Montgomery.

Oh, Ross, the boss asks. Best conference for GRC professionals. That's a good one. I haven't been to a good conference for GRC professionals. I would think layer eight is a good one.

Is Becky Gaylord in chat? I think she spoke at layer eight this year. I think layer eight is in Boston, Mass.

Oh, wow. Okay. A lot of people are saying checking email. Yeah, see Kyle. Kyle, I'm with Kyle. Kyle, no calls.

You could take a vacation and check your email. I, I place some expectations. Yeah, I will be setting an out of office reply here.

Check email every four hours.

I don't know. The thing is, Kathy chambers and Kimberly McKnight are helping me now or helping simply Cyber so I, I can empower them to handle Things.

I'm excited, guys. I'm gonna be playing Battlefield 6 like an absolute boss.

Layer 8 is good. Went last year. Okay, so Dennis Keef is in chat. Thank you, Dennis Keefe.

So layer eight is good. I'm pretty like, I guess if I like, that's why I offered it up as an, as an opportunity for a GRC professional.

You know, it's another decent one at Black Hat. This is a super niche one, but at Black Hat, there's always a CISO summit and it's a bunch of CISOs bumping into each other, eating breakfast foods and, you know, goof, not goofing off. I mean, it's, it's, it's so stuff. But that's a pretty decent one as well. Good for networking.

How European of me. But off time is off time. Oh my God. Face Doyle is like full, full.

You know, it's like one of those ones. Like, you know what, here's my thing. And I, I do agree with this. Even though it, it's counter to what I just said. Like if I step, like I should be able to step away and Simply Cyber does not implode on itself. If Simply Cyber implodes on itself because I stepped away, then I, I've built a very brittle business, right? So if anything, this is a good stress tester. That's a double, double, double meaning, right? Because stress testing the business for resiliency and then also stressing me out. But I'm cool, I'm cool, I'm cool.

All right, what is it you need from vacation? Do that and feel connected. Amish runaway says work does not even exist. Yeah, I'm excited, guys. I'm going to like, I can't wait to spend time, my kids are off those two weeks.

Just going to spend some time with my, my family. I love my wife, I love my kids, I love my dogs.

All right, guys, this is jawjacking. It's a 30 minute AMA. We got about six minutes left. If you have any questions, conferences, resources, skills, thoughts, anything, just ask it in chat. I, I, I, I make this time. This time is for this. I can't do one on one calls. I can't reply to all the emails or dms. So this is what I do. I, I offer this 30 minute window every day.

It's the best I can do.

All right, Phil Stafford. Phil, how did that, that talk go that we talked about last week?

Thank you, Super Zoomi. I will. Super Zumi's name makes me think of Umizumi. And if you're a Parent. You know what Umizumi is.

Geo.

Bought and Tilly, I think.

All right.

Oh, that's cool. Elliot. Matice's boss took his work phone away.

Cool boss. Rich464 how do you feel about this F1 season? Did you watch the final race? I did not watch the final race. I got into F1 earlier in the year. I guess I could tell everybody this now.

For a minute there, I was in, like, I. I was almost in a Red Bull racing podcast.

It never got green lit, but I was. I was submitted as a, as a talent for a podcast with F1 Racing, Red Bull Racing. Uh, which would have been insane, but that didn't come to fruition. Dude, I'll tell you what. The F1 season, if anyone watches F1 and chat, sound off, because there is definitely an F1 people group in here. But like, it to me, it's like, it's. It's just not like McLaren is so freaking dominant that it's like, okay, like McLaren. And then Max, like, okay, like. All right, Lazaro with a super chat. Thank you.

Can't believe it's been two years. I got my offer letter already. Thank you again to you and the community. Hope you enjoy your time off. Thank you, Lazaro. Super pumped for you. I can't believe it's been two years either.

Haircut fish says. Oh, hey, you guys are dropping mad questions now. Let's go. Here we go. I'm gonna speed run these questions.

What should sock analysts know about GRC and already well rounded? Oh, that's a great question.

I guess SOC analysts should understand that it's like, less about GRC and it's more about how an information security program operates. You've got to realize that there are not infinite resources, there are not infinite money or people or time. Right? So you're always kind of managing risk. And as a SOC analyst, you're well aware that you're constantly putting out fires and stuff like that. But I think understanding, like, what controls you can afford and how they're implemented helps you appreciate dealing with, like, the infrastructure you have. Also, you know, more of a tactical thing, but, like.

How important end user awareness training is. And I know people roll their eyes. I actually sat next to a woman yesterday at the airport for about an hour and she asked what I did and I told her and she's like, oh, I know cyber security. Every time I click on an email incorrectly, I have to do like a 30 minute training. I hate cyber security. And I'm like, yeah, because the people who are doing cyber your business aren't good at what they're doing because they're, they're literally training you to just like not make them aware of problems. Right. So as a sock analyst, you know, understand that, you know, the human element. Ray Dub says, do you stream Battlefield 6 so I can watch? I can certainly try it. Honestly, Ray, I don't think anyone wants to watch me play Battlefield 6. I'm terrible at it. But I did get a heads listen. I bought a headset with a microphone so during that two week vacation I can really get dialed in. I, I will need.

Haircut fish Justin Gold to help me. And then casually Joseph. I think he gets more frustrated with me than he, he does enjoy playing with me. So we'll see. All right.

All right. People talking F1 in chat. That's very cool.

Oh, Ray thinks he's worse at Ray. We should, we should get in the same squad and then have like a horrible battlefield off.

Yeah, I definitely tried to eliminate someone yesterday or whatever the other day and sprayed my entire clip. Didn't hit them. And then they ran up and stabbed me and then they.

They did a stand squat, stand squat on me which I, I actually wasn't even upset about because I totally deserved. What advice would you give to an interview round for what advice would you give for an interview round with the ciso? I have four years of experience in grc. The position is GRC focusing on third party risk and SOX compliance. Oh yeah.

Dude, if you're going to be talking to the ciso.

Right, Definitely. Here's the thing, right? The CISO is in charge of information security. You want to help them make their job easier. And really this is for anyone you're talking to an interview, but like you want to make their job easy. So let them know, hey, listen, like, well, first of all, you should. I've given some talks on third party risk. You can check that out. SOX compliance, you're going to be basically looking at cobit, C O, B I T. So go get familiar with the COBIT framework, use those terms and then just talk about.

I mean, managing risk. Third party risk management is very difficult. It will get into data governance and how the organization treats data governance. Because if you have good data governance, then the, the data going to the third parties is reduced and appropriate instead of just like a select all copy paste over to third parties. So you can make them aware of that and then, you know, let them know that you're going to be executing their vision of whatever their information security program is If. If the CISO should be concerned about.

Their frameworks, if they have one. So, you know, ask about like kind of what's their. Where are they going with their information security program. Kind of show that like strategic level understanding that you understand that. Yes, there's tactical things that you have to do every day, but a CISO is building a program. A CISO is a leader with a strategic vision or they should have a strategic vision. So get into that.

All right.

I hope that helped.

Saran Gupta, I'm excited for you. Go crush it, man.

Lazaro says, are you all playing multiplayer or red sec? I'm playing multiplayer. I haven't messed around with the red sec. The only thing time I would do red sec is if there was like a daily challenge or something. I think.

If anyone wants to play Battlefield 6, go into the hobbies channel on Discord. What's his face? James McQuigging at 35, 000 feets in there. Shamira Gonzalez is in there. Haircut Fish. Justin Gold, Casually Joseph. Haircut Fish. Who else is Poner Joe is in there. He's. He's very good. Poner Joe.

All right, guys, we're at time. I hope you got value from the show. I appreciate all of you. Thank you for making this a wonderful Monday morning. I'm gonna go do some cyber conferencing. Hold on. We have one more question.

Crystal says as a volunteer GRC for nonprofit trying to get remote people off OpenWorks. Any VPN.

I mean, personally, I use Proton VPN.

So not. Not a sponsor, not a. I'm not. There's no fees. I get. I personally have a paid subscription to Proton vpn. So that's my recommendation.

Oh, yeah, Lazaro with the new BF6. I like it. I'm telling you what, guys, I am going to be playing a ton of Battlefield 6 on my vacation.

So people really, by the way, quick funny story and then I'll get out of here. I told. I'm telling people that I'm going on vacation. They're like, oh, wow, that's awesome. Where are you going? I'm like, I'm not going anywhere. Like, that's the vacation. I'm not doing anything. When you get old, not doing something is the desire. All right, guys, I gotta get out of here. I'm Jerry from Simply Cyber Shout out to all of you, you amazing people. I'll be back tomorrow morning at 8:00am Eastern Time to run it all back again and show you the proof of life videos. I'm Jerry until next time. Stay secure.

Sam.