DJ B Sec (9:59)

There's.

Dr. Gerald Ozier (9:59)

There's no reason not to register. Okay.

DJ B Sec (10:03)

Shall we play a game?

Dr. Gerald Ozier (10:04)

Thank you, Sierra Montgomery for the reminder on David. All right, guys, quick word from Threat Locker. Remember, I'll be at Zero Trust World next week with a bunch of you. Ross, TJ, James McQuigan, Real Bilbo, FedEx. Kimberly can fix it, Kathy. Guys, there's. It's going to be a simply cyber party. Dennis Keefe, are you going to be there? Let me know. Bruising hacks, let me know. Let's do Threat Locker ad and then get into the news. I want to give some love to the daily cyber threat brief sponsor, Threat Locker do zero day exploits and supply chain attacks, keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approval approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their U S based Cyber Hero support team. Get a free 30 day trial and learn more about how threat locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right, whoever said let's have a drinking game for every time? Jerry groans Honestly, if I was not the one in pain, I would also be like all in on the drinking game. I'm gonna power through it. You know what, guys? This is what consistency looks like. Sometimes it's ugly, sometimes it's ugly and sometimes it really hurts. All right, let's cook.

James McQuiggin (11:46)

From the CISO series, it's cybersecurity headlines.

Steve Prentice (11:53)

These are the cybersecurity headlines for Friday, February 27, 2026. I'm Steve Prentice. IPhone and iPad cleared for classified NATO work the announcement was made yesterday by Apple that its phones and tablets are the first consumer devices to receive approval for working at the NATO restricted level. The devices are now part of the NATO information assurance products catalog. This means that iPhones and iPads can be used with classified information without requiring special software or settings. The listing specifies that the native mail, calendar and Contacts apps for iOS and iPadOS provide secure access to data us.

Dr. Gerald Ozier (12:42)

All right, all right. So I mean, I've never heard of the NATO restricted level again in the world of information security, media labeling, which I believe is MP3. Wait, hold on. Mp3. Media marking winner. All right, so in the world of information security, we can mark data as, you know, sensitive for official use only, internal use only, whatever, Top secret, secret. I've said this on the channel before. I've never seen media marking work at scale ever, except in the US Federal government with classified and unclassified. So this NATO restricted is just a level of. A level of. What's the word I'm looking for? It's like a level of minimum security in order to be allowed to access that level of information. And the big story here is that Apple iPad and Apple iPhones are now allowed. Now here's the thing. Apple recently released the lockdown mode configuration setting for iOS devices, which I would imagine is probably required for devices that are going to be accessing NATO restricted level data or NATO restricted level systems. Yeah, I mean, this is fine. They mentioned the default mail app and stuff like that. My only thing is, I find this interesting already. You know, Apple devices are not immune from malware, but it is difficult or it's more challenging to compromise an iOS device than it is an Android device. One thing that Jumps out to me though is like, you know, by default, like you need a Apple ID to log into these things. The Apple ID automatically gives you a 5 gig iCloud storage drive because they want you to, you know, fill it up with pictures and then they want to sell you more icloud space. So I, I don't know how they're managing data leakage essentially from these devices going into the Apple ecosystem, but clearly they've done it. I mean, whatever, I guess. Here's my thing. Like, just because you can, does that mean you need to like, like, I don't know what, what options they were using before, but it's like, ooh, now, now I'm an executive and I can sit down with my iPad in this NATO restricted area. Sure, whatever. Here's my thing. The only, the only, the only thing that you need to know. Like, listen, if you're, if you're in simply cybers community and you're responsible for securing NATO, like, welcome to the party, pal. It's nice to have you. But for the most of us, Super Zoomy 26, 29 months. Thanks Super Zoomy. For, for us mere mortals who are not securing NATO, the, the TLDR here is having minimum, basically policy around what devices are allowed to access what systems. And to make this even more appropriate for everybody in this chat to get value from this story, there is something called posture checking. And I would argue that this is more of, this is like a more mature control. So like if you have like a one to five cyber security program, maturity level, one being like your basic stuff, right, like MFA or whatever, and then like five being, you know, you've got Faraday cages and you know, man traps and all this other stuff. Like I would say that posture checking is like a two and a half, maybe a three. And this is essentially when any device connects to your network, before it is allowed access to the internal network,

DJ B Sec (16:45)

it

Dr. Gerald Ozier (16:45)

is assessed effectively to see if it has, you know, is it on the current version of Windows? Is it an authorized device? Does it have, you know, applications that are required? Is it running any applications that are banned or not allowed? And based on the posture checking of the device, the network will shun it over to like, you know, a, you know, a bad boy land where, like devices, you know, misfit toys land where they don't really have access to anything. Maybe they have access to the Internet. Maybe it's like a little holding pen where they can get further review and analysis or they get granted access to the main network. Think of posture Checking as effectively walking into a sports stadium and, and being patted down for like weapons or something like that. Right? Like, you know, are you wearing like it's, you know, are you wearing pants? Yes. Okay. Are. Do you have weapons? No. Okay, you can go into the internal network. Do you have pants? No. Okay, you can go over to this tent over here where we have a rack of pants and you can install a pair of pants on you and you can come back in and we can re evaluate you. That is what posture checking is. It can be difficult to implement because if you have like, visitors coming in, vendor reps coming in, visiting people, you know, your executive team with their like one off snowflake builds, it can be challenging. But posture checking is very good. And that's essentially what's happening here. Okay, let me know in chat if you've ever done posture. We. We did it at Muscle. It was pretty cool. You can also, by the way, you can also do posture checking for like, just certain network segments, right? Like more sensitive areas instead of your entire network.

Steve Prentice (18:36)

Education and healthcare targeted with door Backdoor. This attack is being conducted by a previously unknown group named by Cisco Talis as UAT 10027. The group's goal is to deliver a new backdoor codenamed Door D O H D O O r which uses DNS over HTTPs, hence the DoH in its name for command and control communications. The campaign is suspected to involve the use of social engineering phishing techniques leading to the execution of a PowerShell script. The threat actor hides the command and control servers behind the Cloudflare infrastructure. And although the group has not been identified, certain attributes of the campaign strongly resemble those used by North Korea's Lazarus and Kim Suki groups.

Dr. Gerald Ozier (19:28)

Okay. Oh, my God. All right, so just as an update for those who are following my, my. My current evolving pain issue, I just picked up one of these, like, so I have like these like pelican cases for traveling. I just picked this up. If I let it hang as like a dead weight and pull my arm down, that actually feels quite nice. So if we have any physical therapists in the chat, let me know if. If the fact that this feels good is a good idea or if I'm like, just further injuring myself, please. All right, here's the deal. Yo. Lazarus Group Advanced persistent threat actor DNS over HTTPs c2 for days hiding in Cloudflare. Oh my God. Oh, my God. What are we doing? My bro. My. My guy starts off with a phishing email. Hello. Like, if you. If you nerf this Thing like, basically, if you don't allow the criminal into your house, they don't set up shop in the upstairs guest bedroom. That's what's up. Like, at the end of the day. Yes. They're doing all sorts of crazy stuff. And it's a. Woo. It's sophisticated. Yeah, let's go. And we could talk about IOCs and uncovering this if Carl, in your account, in your office fell for this fish. But, like, for those who want to crap on grc, hello, grc. We're the unsung hero of the cyber program. Because of grc, our end users know not to click on things because of grc, we have, you know, we tell them about click fix, we tell them about not, you know, not falling for these fishes, not doing these emails.

DJ B Sec (21:09)

Right?

Dr. Gerald Ozier (21:09)

We make sure that, you know, MFA gets rolled out. Now, I know that's more of an architecture thing, but there was a GRC person somewhere who said, we need this. Okay? So let's just say that we can protect ourselves from getting this massive sophisticated thing from blowing up in our environment if we just stop the phishing. Now, if we do not stop the phishing, we've got PowerShell execution. All right? Now, I don't know exactly how that's happening. Like, you don't just, like, get an email and then PowerShell detonates on your computer, and they don't go into explaining this, and there's no info. Hold on, hold on. I. I digress. Let me, Let me evaluate Cisco Talos. You minx. I should have known Cisco Talos would have an infographic. My neck hurts, but it doesn't hurt too much. Oh, behave. Cisco Talos. All right, so. And for those who don't know if you're a first timer here, I have an unhealthy obsession with infographics. Okay, so look, the attack kill chain, they start at the top left with PowerShell reaching out to a website that detonates the PowerShell. So effectively, the phishing email has a link that they click. Okay. It then pulls down. You can see. Well, you can't see it very well. But the first step is pulling down the PowerShell. So second is downloading, executing, which then runs a Windows bash script, which then reaches out to grab a second stage payload while also running a legitimate Windows executable. The. The, the legit Windows executable is fondue.exe. stop. Is that a real binary in Windows Fondue? Like, like the cheese fountain. Hold on. Oh, my God. It is a legitimate tool. Okay, all right. I was Today, years old when I found out about fondue for a Windows binary, it's related to Windows Update. So this is an example of Lazarus Group living off the land, using the fondue binary to actually, instead of pulling down updates, it's pulling down payloads. They install a persistence backdoor and then you're off and running. So for indicators of compromise, for indicators of compromise, look for your, you know, look in your logs for. Basically look in your network logs for websites where the resource being pulled as a PowerShell script. PS1, look for PowerShell being detonated on your endpoints where there's like obfuscated code or obfuscated like base 64 encoded arguments. Obviously this fondue, I mean, you can't block. You can't. Here's the thing, the whole reason you live off the land or run native Windows binaries as part of your attack kill chain is because it's. You hide in the noise and it's difficult. Plus, these are, you know, cert, there's certificate signed binaries. Okay, so this is pretty good. Again, educate your end user about fishing so you don't get all this going on on your box. The other thing is they're doing DNS. Oh, they have Cobalt Strike too. Interesting. So look, for beaconing in your environment, you can use a tool like RITA from Black Hills Information Security for beaconing. Right here, here's the RITA tool and it's open source, named after John Strand's mom, Rita. And the final thing I want to say about this is they're using DNS over HTTP for C2. You can. C2. Command and control is how a compromised endpoint speaks to a attacker controlled server or infrastructure management console. Okay. That's all C2 is. Don't get, don't get overwhelmed and confused by C2. All C2 is command and control. It's the server or threat actor commanding and controlling a compromised endpoint or collection of compromised endpoints. They need to communicate with it. And you can do it a million different ways. As long as you can have an endpoint speak to the Internet, you can do it. You can do it through the blockchain, you can do it through Telegram, you can do it through crap. I mean, we've even seen it through Twitter anywhere. This one, they're using DNS over HTTPs. Now you can use just DNS. I'm not super familiar with DNS over HTTPs. My assumption is that it's DNS, but instead of port 52, which I think is DNS, it's port 443. So it can hide. It can hide in the noise. Again, I don't know why DNS over HTTPs is a thing, but. Whoa, whoa, whoa, whoa, whoa. Excuse me.

Steve Prentice (26:22)

Trend Micro warns of critical APEX1 code execution flaws. The cybersecurity software firm has patched the two vulnerabilities, which would allow attackers to gain remote code execution on vulnerable Windows systems. QUOTE Apex1 is an endpoint security platform that detects and responds to security threats and including malware, spyware, malicious tools and vulnerabilities, end quote. Both of these named vulnerabilities have CVE numbers, as Trend Micro explained in a security advisory released on Tuesday. Successful exploitation requires attackers to have access to the Trend Micro Apex One management console, end quote. Meaning customers whose console's IP address is exposed externally should consider mitigating factors such as source restrictions, if not already applied.

Dr. Gerald Ozier (27:14)

Okay, really quick, Chad is saying, well, first of all, on that DNS over HTTPs, really quickly, Roswell UK offers a really great suggestion. Consider forcing all DNS queries through a trusted internal resolver and blocking direct DoH queries to public providers at the firewall level. There you go, that's a good one. Now they're using Cloudflare. So you know, obviously also people are letting me know DNS is 53, not 52. So I did make a mistake there and then I appreciate Chuck Daly saying that my take on DoH is most relatable. I think that I'm like, what? And, and then really quickly, just for my own self satisfaction, what is on port 50? Hold on, what, what's. Oh my God, what's port 52? Port52 is associated with the Xerox network system XNS. I definitely never heard of that. So yeah, I just made a small mistake. I'm sorry. But thanks chat for clarifying port 53. All right, so Trend Micro's got this issue here. Critical Apex one code execution flaw. I don't know what Apex one is, so let's look at that. Apex one is a, I guess a solution sold by Trend Micro and allows remote code execution, which is the worst on vulnerable systems. So it sounds like Apex1 is an EDR solution. Anti malware endpoint detection and response, which, which is a very important security control. So if that's compromised, we're not good. Right.

James McQuiggin (29:00)

So

Dr. Gerald Ozier (29:03)

I've never. Listen, I've, I'm, I've been around the block a few times. I've never heard of Apex1 as a, as an information security solution, EDR or whatever. So I don't know if anyone in chat is running Apex1, but if you are, you gotta patch it. Ah, you gotta patch it. This one's pretty straightforward. The, the SAS console version's already been patched. So this is for on prem only. Thank you. Roswell uk. Roswell UK is like low key, turning into like, you know, Johnny Carson and Ed McMahon. I know that is such a reference to like, old people. I don't know what a more common one is, but Roswell UK is turning into like the right hand man here with the hot takes on these stories. So thanks Roswell uk. Exploiting the Apex one is not trivial. Several specific conditions have to be met, but this is not one you want to screw with. Essentially, if you're running Apex One, look for you want to be on patch build 14136 or higher. All right, sisa. Okay, so cease is tracking 10 apex vulnerabilities that have been exploited in the wild. Thanks, Jenny Housley. I, I knew Jenny would get it. Jenny. Jenny's awesome. Really quickly, just as a side note, ceases down to like 34% workforce, right? Like they're, they're, they're, they're hobbled right now because of budget. So just a quick shout out to them.

DJ B Sec (30:53)

All right.

Dr. Gerald Ozier (30:55)

Not much here. I mean this is, this is one of those stories where it's like, listen, if, whatever, like it says Trend Micro and Apex1 today. But like it could be Palo Alto Cortex, it could be Microsoft and Defender. Like, if your EDR solution has a vulnerability that can lead to remote code execution, patch it. You gotta patch it. Like, don't screw around with software maintenance, especially on your security tooling.

Steve Prentice (31:26)

European E commerce chain Mano Mano suffers data breach. Mano Mano, spelled M A N O M A N O is an online marketplace specializing in DIY home improvement, gardening and related products. It is based in France and sells to customers in France, Belgium, Spain, Italy, Germany and the United Kingdom. And its E stores reportedly have about 50 million unique visitors per month. The company learned of the hack in January of this year and an investigation has determined that 38 million individuals are affected. The data stolen appears to be basic PII with no financial information. The cause of the breach is believed to be a third party vendor, specifically a Tunis based customer support service provider that suffered a Zendesk breach.

Dr. Gerald Ozier (32:18)

All right. Hey. Today's Friday, February 27th. Allow me to introduce you to a garden variety third party risk supply chain issue. Okay? That's what this is. Mano Mano did everything right and one of their vendors that they used to help support them did not and their data got breached. So it's, it's so funny. Like, not funny but like, think about, keep this in mind, okay? The story, we're covering the story live right now and mono, mono is in the title of the story. However, it's through the, the, you know, issue of another business that suffered a breach, that this caused it. So from a PR perspective and when you're talking to management like this is another kind of dimension of supply of tabletop exercises or thinking through different risks that might affect your business, you could do everything right and you're still going to get dragged through the mud. So you could do everything right and you're still going to have to send 38 million people a letter saying that you take privacy and security seriously. And guess what? Last time I checked, sending 38 million letters in the mail isn't free. Like, I know the post office is like, you know, has bulk rate pricing but like I don't know what they do in France. But my point is you could do everything right and you're still going to get a financial burden, you're still going to get slapped in the face. So manage those third party risks. GRC again, I mean, obviously I'm biased because I love grc, but like, did this company need all that information? If yes, then okay, like then, you know, I guess that is what it is. Sometimes you can't imagine, you can't manage, you can't reduce all risk, you can't eliminate all risk, but you can do data sovereignty, data governance. Do you know, do these people need all this information? Right. It was, it was basically PII information for like help support desk people. Okay, Full name, email, phone number, customer service, comms. You know what, the, the help desk people need this. They need to be able to call you or email you to answer your question and offer you support the historical elements of the chat that you have with the help desk people. That's great. So you can go back and review their account and see the problems they've had. So honestly, shout out to mano mano that like they are doing the thing that I'm saying, like this doesn't have unnecessary additional information that would not be necessary for helping in a help desk situation. But still sucks, man. All right,

Steve Prentice (35:11)

huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering security training fails when it's generic. Adaptive's platform personalizes training and runs deepfake simulations across email, sms, voice and video. And with Adaptive's AI content creator. You can drop in a breaking threat or compliance stock and instantly turn it into interactive multilingual training. No designers, no delays. You can learn more@adaptivesecurity.com that is the two words adaptive security together dot com.

Dr. Gerald Ozier (35:55)

Let's see if this makes me feel better. You know what? Doesn't make my shoulder feel better, but it makes my heart feel better. What's up everybody? Welcome to the mid roll. I love the support. Thank you all for the kind words, kind wishes about me dealing with this shooting pain in my neck right now. Thanks to the stream sponsors, Threat Locker, anti siphon flare and material Reminder, many of us will be at Zero Trust World next week. Thank you so very much all of you. If you want to support the channel, definitely check out the links in the description below. Every single day of the week has a special segment. And Fridays is James O' Quicking at 35,000ft. Joke of the week. James has been doing this for years and I certainly appreciate it. Here we go. I don't read these jokes in advance either, so like the groans that you're doing, I'm right there with you. Let's see what James has cooked up for us this morning. What did the big computer say to the little computer? What did the big computer say to the little computer? My data is bigger than yours. Oh my God. Thank you, James. What's the difference between a well dressed man on unicycle? Hold on one second. What's the difference between a well dressed man on a unicycle and a poorly dressed man on a bicycle? What is the difference between a well dressed man on a unicycle and a poorly dressed man on a bicycle? A tire. A tire. Oh my God. I think like James McQuiggin went into the obscure folder on it in his dad joke database. All right, James says he's still trying to.

Steve Prentice (38:21)

I'll be.

Dr. Gerald Ozier (38:25)

Oh my God. Oh my God. Okay, James wants all of you to know, right? James has made it publicly clear that he's like looking for new opportunities and he wants to share with you all a little personal message. He says he's still trying to get a new job because all he does is crush cans all day. James is trying to get a new job because all he does is crush cans all day. He says it's so depressing. Oh my God. Soda pressing. Wow. All right. Well, those are your James McKagan jokes of the day. Thank you. James, as always, is James. So, hey, swims with sharks. Are you gonna be at Zero Trust World holler at us in chat. All right, guys, before we get back into the news and finish strong, let's let the la Las wash over us. I'm probably gonna have, like, a subdued dance because my shoulder. But let's go. Spin around in your office chair. Close your eyes. Let it wash over you. Dance like no one's watching. Let the kids get embarrassed. Let's go. Ain't nobody got time for that. When you walk around so good. Let's finish strong.

Steve Prentice (40:15)

Ransomware payments dropped in 2025, but attack numbers reached record levels. A new report released yesterday by blockchain research company Chainalysis stated that claimed attacks grew by 50%, but victim payment rates dropped to a record low of 28%. This translates to a total of $820 million in payments to ransomware actors in 2025, which might rise to 900 million as more data arrives. Chainalysis researchers attribute the increase in attacks and slowdown in payments to the fact that companies are getting better at incident response and that regulatory scrutiny has increased to the point where payouts are now heavily discouraged. End quote. The UK Turn.

Dr. Gerald Ozier (41:01)

All right, so this should track. Okay, so Chain Alice is first of all. And by the way, hey, really quick, I haven't seen Alpha Sierra in chat in a minute, so I don't know if she's, like, taking a hiatus because we weren't playing the song, but if you see her, let her know that we are playing the song because she's one of our drum majors for don't you forget about me. All right, so Chain Analysis to me is like the. The og you know, standard name. Like, if. Listen, in the world of, like, marketing, if you can replace the generic name for a product with your brand name, that is the gold, metal, super, like, desirable option, right? Like. Like, if you call it Kleenex instead of tissue. If you call it band aids instead of, you know, bandages. If you call it Coke instead of cola, right? That's. That's, like, amazing, right? Chain analysis, like, when you think of blockchain, blockchain analysis, like, to me, it's chain analysis, and then there's anybody else that's doing it. They have been around for so long. They are awesome. And if you want to learn more about them, they're not a sponsor or anything. I just. They're awesome. If you want to learn more about them, check this out. Okay, I haven't mentioned this in a minute, but Simply Cyber IO Books. Simply Cyber IO Books is my book reading recommendations that I have. I've read these Books. I like these books enough to recommend them. This book right here, I know many of you in chat have read this book, Tracers in the Dark by Andy Greenberg. This book right here is all about tracking crime. Come on, give me the book. Tracking crime. But it's using cryptocurrency to track these threat actors. And I mean the first story they talk about, you know, like all the stories really chain analysis gets involved. So you can really understand how chainalysis influences this. So when chainalysis releases this report, this is like, this is objective reporting. This is not like cherry picking statistics. Okay, so what can we learn from this? Ransomware victims paying up fell significantly. Okay. If you, if you attended the Tim Papa Simply cyber skill stream on Tuesday. This week we talked about ransomware negotiations and using emotion to manipulate threat actors to reduce, to reduce payments or straight up give you the keys. So they're, they're seeing that less people are paying although number of attacks have increased. Oh, thanks Jenny. I guess Alpha Sierra is having some power issues and misses the community. So Alpha Sierra, if you watch this on replay, I hope everything is well and hope they you can get back online soon. I actually saw a report from Paulo Alto last, earlier this week. Wait a minute, never mind. I, I think shout. I think the report I saw from PA Alto isn't released yet. So I'm not going to cite it. Sorry. Whoops. So listen, I just, I know, I know for a fact that a lot of threat actors are not even encrypting data anymore because the controls are in place for you know, recovery and you know, kind of stymie mass level encryption of files at scale. So a lot of threat actors are just doing the data exfil of data and then trying to sell it back to the threat actors. I mean sell it back to the victims. Which by the way, if you have great backups and you don't necessarily, I don't want to say care but like it's not business operation impacting. If a threat actor gets your, you know, data or whatever, then, then you're not going to pay. So you know, as far as like combating ransomware, it is not going to be a simple push a button and ransomware is gone. You, it is slowing down and it's taking multiple approaches, both regulatory, technical and administrative approaches to, and law enforcement arresting people to, to, to curb, to curb down, you know, just basically ransomware which has been a blight for nine years. Dude, ransomware is legit. When I try to tell people about it and they're like, okay, yeah, ransomware. I'm like, dude, it's $820 million in payments. $820 million in payments. Like, not a lot of people pay, right? I forget, look it victim pay rates drop. Just become best friends.

DJ B Sec (46:19)

Yep.

Dr. Gerald Ozier (46:20)

Priceless pancake with a super chat. Just wanted to share that I start my new CMMC role at the Miter core on Monday. Dreams do come true. Thanks for the support. Heck yeah. Yeah. Priceless pancake. One of our own. One of our own working at Miter. Miter's super legit, dude. So congratulations, Priceless pancake. You're gonna look kind of funny wearing the I heart nist shirt around Miter's hallways. So guys, I want you to put this in your, in your pipe and smoke it for a second. Look it. Payment rates dropped to a record low 28%. So for every hundred attacks, 72 of them do not pay. Yet last year, that 28% of victims that did pay amounted to $820 million. So if you just do like, you know, very simple math, you say, let's say it's 25%, right? To make the numbers easy, that is essentially $3.2 billion annually in ransomware demands. $3 billion in ransomware demands annually and only 800, I mean, and 800 and 20 million of it actually comes to be realized as paid. So I mean, dude, this is still so much money, it's ridiculous, which is why it's not going to go anywhere. Okay, but again, if you want to track these things, chain analysis, like the blockchain's immutable. So I mean, you could take any, any ransomware threat actor that drops a wallet on, you know, in payments. You can go look at that wallet today, next week, next month, next year, right? Which is also why you can, why you can track it and follow the money until they kind of get it where they can cash out to Automated

Steve Prentice (48:16)

scanning to speed cyber fixes. The British government said yesterday that it has, quote, slashed the time required to fix some of the most serious cyber vulnerabilities across the public sector, pointing to a new automated monitoring service, end quote. This service is called the Vulnerability Monitoring Service and it operates as a central scanning platform that continuously checks Internet facing systems used by public bodies from central government departments to health and local authorities for signs of known security weaknesses, end quote. This is the latest in a series of steps and attempts made by the UK Government to formulate a stronger cyber defence position. The service currently covers around 6,000 organizations and is leading to about 400 confirmed vulnerabilities being processed and resolved each month.

Dr. Gerald Ozier (49:06)

Okay, what?

Steve Prentice (49:07)

AI driven development makes security unaccustomed.

Dr. Gerald Ozier (49:10)

Okay, so, all right, so the British government is doing stuff for the public sector, which is fine because the British government controls the public sector, right? Automated monitoring service, See, so they have like a glorified super vulnerability scanner that scans Internet facing systems used by the public sector, which is. Okay, I mean basically what they're doing is they're offering a centralized service. This would be like, this would be like CISA scanning, you know, all of the federal agency IP addresses. Okay, See really quickly, what's, what was, what's the impact though? All right, so the we there, okay, so vulnerability patches down 53 days to 32 days. Fine, fine, fine. How quickly we can spot and fix weaknesses. The problem is like, dude, the central body that's scanning isn't the one doing the patching. All they can do is notify that agency's IT administrators to patch their things. Right? Yeah, legacy technology for sure. Okay, here we go. I'm going to tell you, like, listen, this is a perfect example of a story. This is why you come to Simply Cyber's daily cyber threat brief. All right, like right now, 100. This is the value. This story on the surface looks awesome, okay? But having built vulnerability management programs, I'm about to pop that bubble. All right, so check it out. The UK is offering, you know, the public sector, right, that, you know, state, city, local, federal, right? We have all sorts of publicly funded agencies, they all have tech. All right, so the UK has offered a vulnerability scanner, effectively, that scans all your public IP addresses, public sector IP addresses, and then I imagine that they email or notify somehow whoever is the point of contact for those devices. Okay? That does not patch them, that doesn't change anything. And I mean, you would think that these public sector groups would have their own vulnerability scanner since they would probably be doing information security. Okay, listen, as someone who has built vulnerability management programs, let me tell you, getting the scanner up and scanning the network, I don't care if it's all the public sector IPs or it's just your internal network or it's just a VLAN. Scanning the IPs and getting the results back is step one. And it's an easy step. Okay, I'm not downplaying it, it is work, but that's an easy step. So like this is great, but this is the easy part. After you get the results, there's two things that have to happen. One is reporting so you can see trend data. Are you Getting better? Are you getting worse? The reporting is not easy, right? I mean for 70 grand the vendor will sell you a reporting module. But like if you're going to do it on your own to save a couple bucks, get ready to get comfortable with Power Bi and constantly updating it. Okay, so there's reporting and then the important part there is remediation. Okay, Patching the things, hey, we scanned your network and we see you have these vulnerabilities, go fix it. Well, now you're asking me to stop doing what I'm doing and go patch something, which you know you should do, but what's the priority? Do I need to stop doing what I'm doing? If I patch it, does it break something else? You know what I mean? Like, oh, like you're constantly emailing me. What about like who gets the email? Is it, is it the senior admin who's like, doesn't want to be bothered, right? If you see a legacy system like a Windows 7 machine or something, Microsoft Access database, okay, maybe you can't like that thing makes money or that thing's a critical mission, mission critical asset and you're not going to turn it off or you're not going to be able to do anything like that. So I just, I'm not, I'm not crapping on the uk. Like this is good, okay, but don't like scanning the networks and seeing problems does not change the risk at all. Think about that for a second. Like my, my, my dissertation is literally called flashlight in a dark room. Okay? And the reason is, it's because like you turn on the flat, like the bad, bad is there, okay? All these vulnerable systems are there. You turn on a flashlight or you turn on the light in the room, you see all the vulnerabilities, okay? That doesn't change anything. You just know about them now, which is great. Step one, identify the problem. You have to do something with it. And that's not what the centralized body is doing. This is being pushed downhill to the IT people to take action on it. So you know, just be mindful and like, I don't care about this UK story specifically. What I'm trying to tell you is like rolling out vulnerability management, your organization. It seems like a quick win, like, oh, we're going to get visibility and instantly patch all the things. That's not reality.

Steve Prentice (55:16)

Tainable warns Vera Code in its annual state of software security report. The company says that based on data from 1.6 million applications tested on its cloud platform, more vulnerabilities are being created than are being fixed. And that high velocity development with AI is making comprehensive security unattainable. The researchers do say, however, that the higher numbers may be a result of increasing use of testing tools, meaning that more problems are being spotted than might have previously been missed. Veracode also suggests that there is an accelerating pace of software releases causing new code to be added more quickly than existing vulnerabilities are addressed. And that AI generated code makes remediation more difficult.

Dr. Gerald Ozier (56:02)

Right, Exactly. This is a reality. I mean not to get, not to get anyone depressed, but man, if I was a. I was thinking about this last night. If I was a junior in college getting a computer science degree to become a software engineer, I would be so angry at the world. So AI is crushing software development, okay? Just absolutely crushing it. And AI writes at the speed of AI and we as security professionals cannot review code and do all the things as fast. Not to mention it's not just AI's writing code at the speed of AI. Everybody and their cousin can vibe code something up and it just, it's gross right now. Okay, I will say that. Not the obvious solution, but what hot take. Okay, so let's get our little tinfoil hat on here. Tinfoil hat. Here's the deal. Basically we're going to write AI code that reviews code before pushing it. Like a sub agent that reviews code as a software QA tester before pushing to production. OWASP top 10 are well defined. There is a boatload of training data that can be provided to AI on what to look for and how to do. I mean, dude, there's all sorts of offensive security AI tooling out there right now. You could just take that and point it at your software, let it run, and then send it back to the developers with bugs and then let the AI fix the bugs. Okay? So right now we're in, we're in like a, you know, oh, like we can just build all the things, let's go. And you know, basically it's scaffolding. And once we get, we realize that it's stupid to like move faster than we can without reviewing the code. They'll just bake that in and then we'll be off and running. The, the easiest analogy I can think of for this one is like, again, I never served in the military, but I, I did support the Marine Corps for a while and I know a thing or two about military operations. Again, I'm not pretending to have been. I'm not a veteran.

DJ B Sec (58:12)

I'm not.

Dr. Gerald Ozier (58:12)

This isn't stolen valor. I'm Just when you run like an operation or like, you know, a military theater, you have the tip of the spear, right? You've got the soldiers with the guns and they're doing the thing, right, the one they make the action movies about. Okay? But for every one soldier, there's like a bunch of logistics people, right? Someone's gotta provide the, the, the, the base where the soldier sleeps, right? Someone's got to make sure that food is being shipped in. Someone has to fly the food in. Someone's got to run recon so the soldier knows what's in front of them. Someone's got to make sure the soldier has bullets, right? Like all of that stuff is logistics and support infrastructure so the soldier can be successful. Same thing here, rapid AI software that's like sending the soldier out full blast without. Because they can move super quick without making sure that the whole train of logistics and support keeps up with them. And you're going to get, you know, obviously that soldier is going to get toasted a few times and, and then they're gonna be like, oh, we should, we should make the whole support thing move with them. That's all that's going to happen here. So I don't know, man. Again with AI, we're seeing 90 day cycles of like. So like I would expect Opus 47, you know, out by June. Like these 90 day cycles, these things are growing quite quickly. Software engineering is definitely going to be one of the first things to. All right, let's keep going.

Steve Prentice (59:42)

Aeternum C2 botnet stores Encrypted commands on polygon blockchain. Researchers at Curator Labs have disclosed details of a new botnet loader called aeternum C2 that is spelled A E T E R N U. That uses a blockchain based command and control infrastructure to make it resilient to take down efforts. The public Polygon blockchain being used is widely used by decentralized applications including polymarket, the world's largest prediction market. Aeternum C2 first appeared in December of last year when a threat actor advertised the malware on underground forums.

Dr. Gerald Ozier (60:22)

Are you going to be all right? So as I mentioned earlier in the show, if you, if you have been following the show today, I mentioned earlier about C2 command and control. It, it's got a, it's got a cool name and it sounds fancy pants, but like it's basically just, you know, a threat actor sending commands to a compromised endpoint. You can do it any way you want. As I mentioned earlier, there's DNS over HTTPs, there's just straight DNS, there is Telegram Signal, GitHub, repos, Twitter posts. Like, you can do it any way you can. If your compromised endpoint can reach out to the Internet, then you can do C2. And in this instance, they're using blockchain. Now, as I mentioned earlier, blockchain is immutable, which means you can't edit it, you can't screw with it, whatever it says to avoid takedown. The thing is like, listen, if you're doing DNS over HTTPs for your C2, like the, the, the, the victim endpoint still needs to reach out to some asset on the Internet, right? So some server, some IP address, right? And you know, if, if it's threat actor controlled, you know, law enforcement can get involved and take it down, which would screw up the entire operation. I just want to point out, yes, blockchain is cool and you know, crypto all the things and. Nft. What, what? But like, dude, like, if you use Twitter for your C2, that still avoids takedown. I mean, technically law enforcement could ask Twitter or X to delete the posts themselves. Whereas the blockchain's immutable, you can't delete anything from it. But like, I don't know how,

DJ B Sec (62:12)

I

Dr. Gerald Ozier (62:12)

don't know how like likely Twitter poster would be taken down or something like that. You know what I mean? So I will say that because it is immutable, it is, you know, it, it takedown can happen unless they pull down the whole blockchain, which is they're not going to do because it's being used to support other stuff. So nicely done. They do encrypt the messages on the blockchain so you can't read them. An extra layer of security for the threat actor. So malware analysts and law enforcement cannot analyze what the commands are. Now, one downside of that, for what it's worth, is if the, if the encryption ever gets break broke, right? Like the, the, the, the private certificate gets discovered or whatever, because it is immutable, law enforcement will be able to go back and decrypt every single one of those things because the threat actors cannot delete them or modify them as well. So there you go. All right, we are at time. Oh my God, bro, Give me one second. All right, guys. Today has been Friday, February 27, 2026. This is episode 1078, I believe, the. The Pain Shoulder Grown episode. I hope you've enjoyed it. I do apologize. I apologize for, you know, basically grunting and groaning the whole show. But if, if, if you Know me for a minute, and you know this show. I will do this show at 30 capacity or 20 or 85. Right? I'll do it. I'll do it from a hotel room with crappy lighting. I'll do it from the garage. If we have family in town and the guest bedrooms in use, I will do the show with a incredibly sore shoulder because the show must go on, right? I. I owe it to you guys. Oh, God, I'm in.

DJ B Sec (64:25)

In pain.

Dr. Gerald Ozier (64:26)

All right, looks like we're going to pivot over to Jawjacking. Don't go anywhere. We're going to do 30 minutes, because that's about all I can handle. I'm Jerry from Simply Cyber. Don't go anywhere. Just like, literally stand up, do a spin in your chair. Sit back or do a spin. Put your left foot in, put your left foot out. Do the hokey pokey. And then we will have James McQuigan and myself answering your questions. Let's go. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking. All right, welcome, everybody, to the show. I present you our joke of the week. You know, I guess Mc James with Quiggin at 35,000ft. How are you, James?

James McQuiggin (65:23)

I'm kind of like you, Jerry. Kind of in a little down in the dumps, fighting off some congestion, some whatever. I don't know if it's allergies. I've never had allergies, but, you know, you never know. So, you know, we're. We're trudging through this. I. I take your spirit, Jerry. Let's run with it. Let's get through this. Let's answer everybody's questions. Yeah, go to the doctor. I've got plenty of NyQuil and DayQuil kicking in my. In my medicine cabinet, so I'm. I'm good to go.

Dr. Gerald Ozier (65:50)

All right, There you go. Thanks, James McQuiggin, for making the sacrifice for the community. Coffee cup. Cheers to you guys. If you've got a question in chat, drop it with a Q in front of it, James and I will answer it to the best of our ability. Now, James, is there any chance you will not be going to Zero Trust World next week because of this illness?

James McQuiggin (66:11)

Oh, you know, no. I will make sure. I'm at Zero Trust World. This. This. This will take me a couple days to work through, but I'll be. I'll be there with bell. Well I'd say with bells on but then someone will bring me bells FedEx. So I won't say that. I would just say I will be there on Wednesday.

Dr. Gerald Ozier (66:28)

I love it. Really quick. Roswell uk. Say I said this before the show ended. I will do it from the garage if I have guests. Say what? If you did not know there is one episode if you're a blue badge, you may remember before I got the Buffer Osier Flow studio I used to do this show from the guest bedroom upstairs. It was Thanksgiving or Christmas time or something like that. We had guests. The show was 8am in the morning. I got to get into the studio at 7:30 to get set up. If I have my aunt and uncle sleeping in the guest bed five feet away from the studio, I'd feel like a pecker head being like hey, welcome everybody to Simply Cybers Daily Cyber Threat. Like just like I'm like the worst alarm clock ever. So I did the show from the garage which is definitely like a storage container type garage, not a finished garage. So there were bicycles in the back. People did enjoy it. It was a fun little, you know, a little thing. So yeah, that, that was a thing. And if you were there for the garage episode, let a. Let us know in chat. Oh, James, did you know what port DNS was off the top of your head? 54.

James McQuiggin (67:35)

No, I didn't because I was like 52. I think that's. I knew it was in the 50s but.

Dr. Gerald Ozier (67:41)

Yeah, yeah, for some reason. Yeah. You know what? I was getting confused. If you had asked me, if you

James McQuiggin (67:45)

had asked me 15, 18 years ago, I would have told you right off the top. No problem. Yeah, I'm not, you know, when you're not in working with it every day, it's not as, you know, fresh and right there. And I know we've probably got plenty of listeners who were just, they were right there with it. But. Yeah, no, our brains can only hold so much information and some of it gets forgotten and, and you know, there are people I know in this world that have forgotten more about cybersecurity than I'll ever remember.

Dr. Gerald Ozier (68:15)

Yeah, I, I will tell you too like so just being real with everybody. Two things about, I guess it that have always confused me. Okay, well I shouldn't say confused. The fact that FTP has port 21 and 22 and it's because one's for data, one's for control. I always found that interesting because no other protocol really does that. And then the Other thing that's always confused me is that DNS on 53 can be TCP or UDP. That's another one that like only DNS as far as I know, has both TCP and UDP protocol versions, which is super. I've always been like, why? You know, so that's a thing. I'm looking for questions in chat. If you got a question. James and I are here to help you. Like we've got a lot of experience. What are your middle names? I don't know. That sounds like a password reset question.

James McQuiggin (69:05)

Yeah, right, exactly.

Dr. Gerald Ozier (69:06)

Yeah, I'm not gonna answer that one. Are they serving breakfast at Zero Trust World or should we do breakfast before? Kyle. Kyle asking. I think they have like coffee and pastries, right?

James McQuiggin (69:16)

The new continental breakfast that's available.

Dr. Gerald Ozier (69:19)

Yeah, yeah. There you go. Kyle, Kyle. So come on in. I'll be setting up.

James McQuiggin (69:24)

Any conference worth their salt will always have coffee. Coffee and ZTW Threat Locker does a great job. And so yeah, no doubt they'll be, they'll have a continental breakfast and, you know, something for you.

Dr. Gerald Ozier (69:37)

Yeah, the, the food is good there. The, like, it's a cool conference. Like they, I will say this. They do, they do extra. Right. Like I've been to a lot of conferences, Zero Trust World, they, they kind of take care of you like from, you know, almost like it's not nearly the same as Wild West Hack and Fest, but it's like similar in that they, they provide like food and activities all the way through the evening and stuff like that. James Aquigan, Ray wants to know what's the source of your dad jokes?

James McQuiggin (70:08)

You know, Ray, that's a great question and a lot of it is from the community. When I started doing these, I would find these online. I've got like four dad joke books behind me and I never. One of which is Michelle's, but I usually don't go to those. A lot of the times it's I'm going online and I'm finding them or if I want a particular theme, I'll go online and research it. I will tell you this chat, gbt, Claude and Gemini are all three of them are absolutely the worst for asking for dad jokes because every time I've asked it's like, no, no, yeah, forget it. Not going to do it. So it's a matter of utilizing the human in the loop for this to get the dad jokes. So. Or the ones I remember that data joke today, my, that one I've known for, oh my gosh, 20 plus 30 years I remember hearing that one when I was playing with computers back in the 1980s. So, yeah, and I remember hearing that one. And then there was a follow up. Somebody said, I apologize. I can't remember who it was, but it was, you're a chip off the old block. And it's like, yeah, okay.

Dr. Gerald Ozier (71:21)

Oh, my God. All right, so we got some. Go ahead.

James McQuiggin (71:24)

I was gonna say, I was thinking I was gonna update the joke and make it really techy and geeky for the server folks and go, what did the 8U server say? Did the 1U server. You know, my dad is bigger than

Dr. Gerald Ozier (71:35)

yours, so yeah, I like it. Hey, so we got some great questions coming into chat, so we're gonna answer those right now. Try to Keep it to 60 seconds per answer because there's a lot of them, James. And thank you everybody in chat for asking your questions. Being a little bit vulnerable because a lot of people have the same question. Punslinger. Are there roles in cyber or IT that are more likely to be remote or somewhere remote, or does it depend on the company? So, you know, I think I'll answer this one. I think most jobs are remote capable. I will say from a GRC perspective, not necessarily requires you to be there in person, but it is nice to interface with the business and, you know, go walk and meet people and educate them. And if you're doing, like education seminars, you can do them in person, meet with teams in person. So you don't have to do GRC work in person all the time. But it is benefit. I will say field engineer. The name itself denotes that you're in the field. That's where like, you're doing I T support. And like, James's computer doesn't work, so you physically go to where James is sitting and help him get sorted out. That's not a remote job, but I will say a lot of opportunities are remote capable. Pen testing can definitely be done remote, Although sometimes they like on site. And then, I mean, technically, you know, the blue teamers in Chad holler at us like haircut fish and stuff. Like, you don't have to be in a sock to work on as a SOC analyst. But sometimes it is nice because you can turn to the person next to you and say, hey, are you seeing this? And while you can do that on Discord or Slack, it's a little bit different. All right. All right, James. Cybersecurity, disability and accessibility. What have you. What have you seen or experienced regarding accessibility and working in cyber visiting cons best practices?

James McQuiggin (73:28)

Wow, great question. Yeah. I believe I've seen more, you know, a lot more. Man, you are really in pain there, buddy. Okay, Speaking of disability, serious, you know,

Dr. Gerald Ozier (73:45)

I'm gonna put myself on mute really quick.

James McQuiggin (73:48)

I've seen a lot more folks that are in wheelchairs, motorized wheelchairs, you know, elevators are readily available, ramps are readily available, ways to be able to get into sessions and areas set up so that, you know, people can be, have space available for them if they come in on a, you know, a wheelchair or whatever. Depending on what the disability, whatever accessibility you're looking for, you know, it's just going to depend, I know, more on the apparent visual type restrictions. They've been improved and made things a lot better. Me personally, you know, I mean, whether you're talking neurodivergent, that's something completely different. You know, I know that some conferences do have quiet rooms and do have spaces where you can go and they've got all the fidget spinners and all the fun stuff like that. So, you know, depending on, you know, what the accessibility, what the disability is that you're looking for, there have been changes and improvements made at a number of the conferences. A lot of the bigger ones.

Dr. Gerald Ozier (74:54)

All right, Ad tech. Many companies are restructuring due to AI and even cutting jobs. Yeah, I saw yesterday, Block, which is like the parent company for Square, laid off 50 of their workforce. 6,000 people just fired. So for this. And they're all being replaced with AI for the cyber community. What should we do in case we get the pink slip? There is a lot of uncertainty in my industry. Yeah, I mean, James, I mean, you

DJ B Sec (75:23)

want to talk about this?

James McQuiggin (75:24)

Yeah. I mean, first of all, it's a matter of build. You start building your network now. Have, have your network, don't be building it the day you get that pink slip. Have your connections be connecting with people on LinkedIn. For me, it's always about having your options open, you know, always. You know, you're going to love the environment you're working in. And as we see with, with Square and Block, you know, your role could be eliminated one day. You know, be there one day and gone the next because of the way the business wants to go or whether it's AI or geographically or whatever the reason may be. So for me, it's always a matter of keeping your options open. Always be looking. What's the next thing that's out there for you? What's your five year plan? What's your three year plan? You know, figuring out what you want to do. And then when you're in that job, that's great. But you also need to make sure that keeping an eye out for, you know, what's that next next role going to be and start looking then. You know, it's funny in volunteering we always say when you get into a role as a volunteer, start looking for your replacement. You know, same thing you could do with, with work as well. You know, always be looking for that next job. You don't have to, you know, be actively pursuing and posting online open to work, but it's in those conversations that you have with colleagues, with friends, that people at conferences, that kind of thing.

Dr. Gerald Ozier (76:44)

Kathy Chambers said she's a big coffee fan. She'll be following me around at Zero Trust World. That's right. Kathy's producer and camera operator for a lot of the content I'll be developing at Zero Trust World next week. So definitely looking forward to Kathy demonstrating her talents. And she also posted on LinkedIn her new gear. She got like a gimbal and a nice camera and stuff. So it'll be fun. Yeah, it's fun.

James McQuiggin (77:10)

Ready to have, ready to get my cup filled with Kathy Chambers.

Dr. Gerald Ozier (77:13)

Yep. Any good resources to learn, Cody? And preferably budget friendly.

James McQuiggin (77:19)

So you have a video on this?

Dr. Gerald Ozier (77:21)

I don't know if I do have a video on this one. But what I would say is first of all, hardcore country, if you have zero experience with coding, let me just like, I guess give you a little heads up. So once you learn how to code like in any language, it's easier to learn more languages because the paradigm of software development, it's, it's, it's the same regardless of language mostly unless you get into like obscure like real time operating systems or something like that. But like we're talking about probably Python or something or C. So there's variables, there's functions, there's, you know, arguments like, like there's, do you know, there's control loops and stuff. So once you learn all those, you'll learn them. So it might seem a little overwhelming getting started, but just believe me that you're getting foundational blocks that you'll be able to learn. As far as learning coding, I, again, I'm not going to make any assumptions about your current skill level, but I. What I will. Oh wait, hold on. I've got the wrong camera on. What I will say is Google has one that's designed for teaching kids how to code. And it's not, this is not an insult to your intelligence. It's just, it's very good at making it very easy to learn. And it's basically like puzzle blocks. James, can you Google like this? It's like Google coding puzzle blocks. It allows you to take these blocks and, like, fit them together and it'll make sense because, like, the purple ones are variables and the orange ones are functions. And you'll stack them together and you can hit the run button and you'll actually see, like, a mouse move through a maze or something like that. So I would start there as a step one. Step two, I would take on Python. Python's an interpreted language, which means you don't have to get into compilers or, you know, handle memory cleanup or any of that crap. So get Python and then get a simple you. It's called Scratch, James. Thank you, James.

DJ B Sec (79:07)

I mean, thank you.

Dr. Gerald Ozier (79:08)

It's look up scratch. Dan just gave it to me. Or snap code, I guess. J. Crypto.

James McQuiggin (79:13)

The one I found was blocky.

Dr. Gerald Ozier (79:15)

Blocky. Okay, so here we go. Let me just share this in chat. Yeah, I'm gonna bring this up on stage really quickly and then we're gonna pivot and. Hardcore country. I'm a big fan that you're wanting to learn. Learn this. Here we go. Check it out. This is it. Powerful coding block by block. You like, perfect.

DJ B Sec (79:34)

Yeah.

Dr. Gerald Ozier (79:34)

You see how it's like, color coded and it allows you to very easily compare what the code looks like versus, like, you know, again, for someone who loves infographics, this is why it's, like, very clear what it's visually communicating. So go check that out. I'll drop a link in chat. And that's for anyone. But the final thing I'll say is the best way to learn a language or anything is to have some type of use case for it. Right? Just walking through a here's a variable, here's a function, that's fine, but it's not really gonna stick with you. Come up with some simple thing like scrape a website and then identify, you know, like, things, or write an RSS feed or do something. Okay, thank you, Hardcore country. Next question. S cool. 07. He's an IT government contractor and he wants to pivot to private sector grc. What transferable skills will be valuable? I. I mean, yeah, I mean, so, I mean, for what it's worth, I was an IT government contractor and went to private sector grc. So I've done this, you know, basically all the skills. Right. I mean, whatever you did in IT is, you know, GRC is concerned about controlling and securing the function of it. Right. And other things. But, like, everything you were doing in it is going to inform you to be able to do a better GRC thing. So obviously, GRC skills that are valuable. I actually did a YouTube short yesterday, and I put it on LinkedIn of three skills that you. You'll never learn in a classroom that are super valuable for you to kill it as a GRC person. Number one, being able to speak to the right audience, right? So how you speak to executives, you should be talking about money. How you talk to end users, you should be talking at like an 8th grade level. Again, no disrespect. You just want to make sure it's accessible to everybody. Number two is. I forget number two, but number three is empathy. Like, put yourself in that person's position. Instead of being like, hey, idiot, why you click on that? Be like, hey, like, I understand this sucks. Like, it's. It's a bad day for them, right? And if you don't empathize with them, the next time something bad happens is the last. The last thing they want to do is call you. I forget what number two was. That pisses me off that I forget. But, yeah, you're good to go. S. Cole07 Better money in pub in

James McQuiggin (81:47)

private than government, right?

Dr. Gerald Ozier (81:48)

Oh, yeah. Damon wants to know any tips on landing an intern position? James?

James McQuiggin (81:55)

Yeah, there used to be, and I don't have it handy, but I used to have a website. It was a government website, ironically, for government intern positions. Where are we now? We're February. Yeah, I know. A lot of organizations are planning for the summer. Hold on.

Dr. Gerald Ozier (82:13)

Really quick, really quick. We've got DJ B Sec live from the airport coming in as part of our panel today. So, ladies and gentlemen, DJ B Second.

DJ B Sec (82:23)

Oh, yeah, I think I'm gonna stop right here. That way y' all can hear me.

Dr. Gerald Ozier (82:28)

All right, thanks a lot. So, James, please continue landing an intern position, and then we'll. We'll throw something at DJ B Sec.

James McQuiggin (82:35)

Sure. I mean, I remember there was a government website. I'd have to go back and look it up. I know this is the time when organizations are looking for their interns. I tips on landing it is making just like any other job, make yourself unique. Make yourself stand out. You know, have a. Have your network. And it's kind of tough when you're at university, but, you know, find somebody, maybe even locally in your. In your area through, you know, the local meetup chapters, ISSA, ISE2ISAC or whatever, and kind of network with them to see if there's interns. That's how I connected one of My students with somebody at a health organization was because she showed up to a conference and introduced herself to me, and I introduced her to someone that gave her an internship and. And now she works there full time.

Dr. Gerald Ozier (83:18)

Awesome. All right, DJ B Sec, we're going to get one for you here. Here we go. How do you approach fellow Tech Expo viewers to connect on LinkedIn and grow your network? Still a cyber grad who's been job hunting and learning cloud fundamentals at the moment. So how do you. How do you do it before?

DJ B Sec (83:38)

Do it. Yeah, do it before the Expo. That way when you actually get to the Expo info, you can meet up with them.

Dr. Gerald Ozier (83:45)

There you go. So like how on Discord or what?

James McQuiggin (83:49)

As long as you. As long as they connect with you at first, right?

Steve Prentice (83:51)

Yeah,

James McQuiggin (83:56)

but. Yeah, that's if you can see your attendees as well.

DJ B Sec (83:58)

This connection is horrible. I can barely hear you guys.

Dr. Gerald Ozier (84:03)

Yeah, you are pixelated and. And you're, you know, you're moving. You're moving like you're.

DJ B Sec (84:14)

Yeah, I think this is called Restream on 5G.

Dr. Gerald Ozier (84:18)

All right, all right. Throwing some shade. Okay. All right, DJ B Sec, where you. Where are you heading? Hey, are you going to. Where are you going as far as conferences this year? Where can people see you irl?

DJ B Sec (84:31)

I'm headed home.

James McQuiggin (84:33)

You're headed home?

DJ B Sec (84:37)

I do not know yet.

Dr. Gerald Ozier (84:39)

Okay, so. All right, good stuff. All right, Ernet wants to know any tips for teaching kids coding that struggle with focusing longer than five minutes. DJ B Sec, you got any resources for kids that keep them engaged?

DJ B Sec (84:58)

Oh, man, there's a. I hope I'm coming through. Right? There is a website I got. I'll. I need to find it and I'll send it out, but there's a website for coding, and I know you guys were just talking about this, that keeps them engaged. Younger kids. I like to give my kids the news and let them know what's going on. Tell them what's going on. We do the daily cyber threat brief here. I tell them what's going on throughout. Throughout the rest of the world and let them know. Keep them. Keep them in tune. So they say into.

Dr. Gerald Ozier (85:30)

Yeah. And one thing I would say, like, I haven't done this myself, but worth pointing out, like, if your kid plays Roblox, I know that there's an entire, like, you know, development ecosystem for Roblox. I mean, you might be able, like, if you can find something that they're personally interested in, you might be able to make that connection where that five minutes of focus lasts longer because they have a vested interest. Instead of being like, hey, like, let's write a file parser. Come on down, kids. Like, we'll go get milkshake.

DJ B Sec (85:57)

Same thing for Minecraft too.

Dr. Gerald Ozier (86:00)

Yeah, exactly. Minecraft. Perfect example. Heck, I mean, you could even write with AI. You could even write, like, a little video game from scratch with the kids. Yep. All right. Code it, vibe. Code it. Yeah. Taekwondong. Is it easy to perform in the private sector versus the government sector? I don't know. Perform what? I guess, like, is it easy? Is it easy to work? I don't know. I mean, I worked in both. I. All I'll say is, government sector, you get paid less, but it's. It's way easier to not, like, do less and not get fired. There are a lot of people in government that are just keeping a chair warm. And then private sector, you get paid more, but you're held more accountable. So if you're. If you're. If you're good at doing your job and you're high performer, I. I would say go to private sector. All right. Continuing to look through chat for questions, we're being joined by DJ B Sec and James. We're cooking at 35, 000ft. James. DJ B Sec is at the airport coming in, which is funny because typically. Typically, typically James is the guy at the airport, and DJ B sec is in the studio on the turntables.

DJ B Sec (87:15)

Am I coming in a little better now?

Dr. Gerald Ozier (87:19)

I would say the same. I would say the same.

DJ B Sec (87:21)

I switched over to a hot spot.

Dr. Gerald Ozier (87:23)

I miss you, DJ B Sec. This guy's been working hard. I'm trying to find a way to

DJ B Sec (87:30)

get back to Thursdays. So maybe in the next couple of weeks, we'll be able to get back to Thursdays.

Dr. Gerald Ozier (87:34)

All right, that'd be fine. That'd be good. Cyber Yardy wants to know what Mac did I use to install Claude and will you be trying out with Kali on another box through MCP? So, Cyber Yardi. I used a Mac mini M1 chip. I wiped it and installed Open Claw on it. I have Claude cowork installed on my Windows Pro, Windows 11 Pro machine, so I do not have Claude installed on a Mac device. Having said all that, I will not be trying out Kali through an mcp. I. I'm like, I'm very dodgy about mcps right now. I will only use an MCP if Phil Stafford personally approves it. Okay, James, are you doing anything with AI and then DJ B Sec, I'm gonna ask you the same question.

James McQuiggin (88:26)

So I by coded an app the other night for our check in for the chapter, our IC2 Central Florida chapter. We have a badge and a badge printer and it wasn't running right. I ended up vibe coding a whole new app with a graphical interface and I did it in about three hours, start to finish. But lately been Vibe coding created myself a tool called Fake Maker so I can create my own deep fakes a lot quicker. What would take 10 to 15 minutes. Now it takes me four using APIs and connections into programs that I use. And every day I'm on Claude and I'm on Gemini, I am finding my use on ChatGPT going down. I'm doing a lot more with Claude and Gemini and cloud code.

Dr. Gerald Ozier (89:09)

Yeah, I don't even use ChatGPT.

James McQuiggin (89:11)

I did load OpenClaw up on my, on an old, on an old Linux laptop, but I haven't enabled it and I haven't gotten back to it. But I got it installed and I got it up and running.

Dr. Gerald Ozier (89:24)

But mess with it, no problem. Hey DJ bsec, you answer the same question and then go on mute when you're not talking because there's so much background noise from you.

DJ B Sec (89:32)

It's.

Dr. Gerald Ozier (89:33)

It's bad.

DJ B Sec (89:37)

Yeah, yeah, if he heard you, he

Dr. Gerald Ozier (89:40)

is, he's on a delay where it wasn't so bad.

DJ B Sec (89:43)

I, yeah, I've been using AI Claude Chat GPT and. You not hear me.

Dr. Gerald Ozier (89:54)

Yeah, Yep, go ahead. Claude chat gbt.

DJ B Sec (89:57)

Oh, now I'm like stuck.

Dr. Gerald Ozier (90:00)

No, you're perfect, keep talking. Can we deep fake DJ B sec and just have like.

DJ B Sec (90:07)

Oh man, that was like to go. Hopefully. Yeah, I've been using. That would be, that would be amazing if you deep fake me right now. Yeah, I've been using Quad Chat GPT and a little bit anthropic coding. Actually the website that I built on GitHub is done through all of that.

Dr. Gerald Ozier (90:36)

Yeah, there you go. I'll actually bring that up on stage because that's actually a really cool, really cool website and a great opportunity for other people if they're looking for a project. This is DJ B sex GitHub website. But he used GitHub pages and it looks just like a real website. He's got his blog, his repos, he's written some tools in here, he's got his links. So like, if you're looking for a free, you know, homepage for you on the Internet, GitHub pages is definitely a good option. And dj bsec.com you can even do your know your own domain name and have DNS resolve over to it. Go check that out. Great little project dj.

DJ B Sec (91:18)

Yeah. I've also added into the re into the repo, which I haven't put on the page yet are some of the prompts that I use for all this stuff for different things. So I don't think it's actually on this page. You'd have to actually go to my GitHub directly right now. But I don't have a link to it on there because I've just been putting it on there and I wasn't gonna post it all out there, but you guys can see because it's public.

Dr. Gerald Ozier (91:43)

I like it. Okay. Hey, James Aquigan, he gave I think 75 professional conference talks last year. Like literally not hyperbolic secret agent wants to know what topic would you recommend for a training presentation at a company IT meeting for IT managers and where would you get the resources for it?

DJ B Sec (92:02)

Oh my God.

James McQuiggin (92:04)

Wow. A topic for training presentation company A teaming for I. So you're talking to your IT manager. So you're gonna see for me, I was always focusing on the human element with IT managers. Figure out what their pain points are, figure out what is it that they're struggling with on a daily basis. Is it, you know, is it how to talk to upper management? Is it, you know, are you going to be educating them on how AI is being used to help it better? You know, figure out what it is that they are trying to find solutions for and then research it and then present on it. Or it could be something, you know, whatever. Sometimes what works is giving them a day in the life of whatever it is that you're doing. It depends on kind of the. I need a little more context, but it needs to be a little more, you know, whether it's about you or what your role is or it's some training element for them.

Dr. Gerald Ozier (93:00)

So. All right, thank you very much. DJB said goats since yo says, do entry level auditing jobs allow for learning on the job or is there a certain level of knowledge that's expected? He does QA auditing for help desk at a large company right now. Dj B Sec. You got a question? You got an answer on this one? You want me to take it? All right, I'm going to take this one really quickly. So listen, I think that auditing is considered, I would call it.

DJ B Sec (93:42)

I'm probably killing this stream because it is. There's so many things right now that are going slow. So I don't know if there's a lot of on the learn jobbing, especially for auditing, because when you walk into an audit, you're going to need to know what it is that you, you need to know what the job is, what you're doing. I would say when it comes to auditing that you can actually learn different, different things that have to do with the auditing itself. Right. So.

Dr. Gerald Ozier (94:16)

Yeah, there you go. I will say that there is an opportunity. A bit goat since you. So typically if you get hired as like a junior auditor, you'll be doing grunt work, but there'll be like a senior auditor who can kind of double check your work, give you direction and stuff like that. So you won't be thrown to the wolves necessarily. Okay, DJ B Sec, we're gonna go ahead and move him off stage. So there is some of that. But I mean you, I would definitely push yourself for self development as well. Kind of don't, don't be the person who's pulling. Be the person who's pushing if you can. All right, great. Questions coming in. DJ B Sec. Is he, what's he doing? Hold on one second. I can see him off state. Oh, he just dropped all together. Okay, so we are at 9:36. Let's do just a couple more questions and then bury it for the day. I'm gonna go inside and pour a gallon of water on my shoulder. I heard the mention of a Central Florida chapter just starting in Cyber. Would joining the chapter be helpful? James McQuiggin. There isn't a more appropriate person to answer this question.

James McQuiggin (95:21)

Getting involved with a chapter, going to the chapter meetings is education. Opportunity for connections, opportunity to meet people. I know with the Central Florida chapter, this whole week it was ISAC ISE 2 and ISSA. We had all of our meetings this week and you get an opportunity to meet so many people and it could be as you're sitting next to them, you know, in the, the meeting, it could be something where you're getting food because sometimes they serve lunch or they have dinner and you're in line next to somebody and striking up a conversation and meeting those people, chatting with the board members and the officers that are there that are part of it. It's a great way to, whether you're experienced or you're looking to gain experience. It's a great way just to get out and meet the professionals in your community because you never know who you're going to meet. One day they're going to help you get a job the next, the next time around. Plus all the education that you're going to get and insights and connections to possible other cyber Leaders or educators or vendors.

Dr. Gerald Ozier (96:19)

All right, great. Great answer. We're speed running. DJ B Sec is back with us now. Looks like it better now. Yeah, much better. Your.

DJ B Sec (96:28)

I think when you sent me the link, I clicked it and it stayed inside Discord and tried to open up Safari. Inside Discord record.

Dr. Gerald Ozier (96:35)

Oh, my God.

DJ B Sec (96:36)

Okay, but I'm walking and I didn't realize that, so.

Dr. Gerald Ozier (96:39)

No problem. No problem. All right. Yeah. Okay. I don't want to dox where you were, but I was going to make a reference to where you. Where you're coming back from and how that impacts everything.

DJ B Sec (96:55)

I'm in Memphis.

Dr. Gerald Ozier (96:56)

Oh, you're in Memphis right now?

DJ B Sec (96:58)

Yeah.

Dr. Gerald Ozier (96:59)

All right, well, Memphis be wild, I'll tell you that. All right. Hey, check it out. Esco07. James, what's your favorite vacation spot? And then, B sec, I'm going to ask you the same thing.

James McQuiggin (97:12)

Favorite vacation spot is pretty well, anywhere on a cruise ship. I'll be down 1 in about three weeks, so. Looking forward to it.

Dr. Gerald Ozier (97:18)

All right. Looks like if DJ B wins a cruise, he'll be giving it to James Aquan.

DJ B Sec (97:23)

D. James, right away.

Dr. Gerald Ozier (97:25)

Where's your favorite vacation spot, Jane? DJ Bacon.

DJ B Sec (97:29)

So, in all reality, we're always going to Disney World. So we always go to Florida. Go to Disney World and usually spend. Every year. We probably spend about a week or so in Florida at Disney World with the kids.

James McQuiggin (97:41)

See, that's what I do every week anyway, so.

Dr. Gerald Ozier (97:43)

Yeah, because you will.

DJ B Sec (97:44)

You're right there. Come on.

Dr. Gerald Ozier (97:46)

I know, I know, right? And then for me, I don't take vacations, so it's tough for me to answer this one, but I will say I really enjoy renting a beach house and being, like, right on the beach. Like. Like you walk out the back patio and, like, you're on a dune. I'm a big fan of that.

James McQuiggin (98:03)

I thought you were going to say any place with Mrs. Ozier and my kids, that's the perfect.

Dr. Gerald Ozier (98:08)

Well, I mean, I think it's. I think it's assumed that they're with me.

DJ B Sec (98:12)

Yeah.

Dr. Gerald Ozier (98:13)

Oh, I know. Yeah.

DJ B Sec (98:14)

The beach is outplayed for me since I. Since I live so close to it, which, I mean, you're pretty close to it in Charleston, too, Jerry, so.

Dr. Gerald Ozier (98:21)

Oh, yeah, no, I know. But, like, I don't. Like, I live in a. Like, I live in the low country. I live in the coastal area. It just. I love the beach. But, like, here's the thing. Going to a beach is fun and fine. Like, for vacation, I like staying in a beach house on the beach.

DJ B Sec (98:39)

That's.

Dr. Gerald Ozier (98:41)

I like getting up in the morning, having coffee in here and waves crash. All right, follow up question from secret agent for James, the IT members as subsidiaries with a wide range of roles. Experience doesn't need to be just IT want value for all ID or new perimeter.

DJ B Sec (98:56)

Maybe AI man for that, for that one, I would say just what James was talking about before. You're not. Don't bring technical stuff to that type of a meeting. Bring soft skills to it 100 bring soft skills. Because the IT people don't. They're not going to sit there and try to listen to somebody come in and teach them technical skills. I mean, I hate to say that, but yeah, when it comes to soft skills, I think James hit it on the head when he was talking about soft skills. Being able to tell people or explain to people up the chain what you're doing or how or. The other one, like James said before was bring. This is what I do all day long and this is how you can affect my job or how you can help my job.

Dr. Gerald Ozier (99:36)

Yeah. Personally, if I, you know, you know, shotgun response to this question, I think AI but like, specifically, like some type of demonstration of either how powerful AI can be or how risky AI can be, you know, in some capacity. And, you know, it's wild. Like, I, I find this wild. Okay, so we in chat, right, this community, James and DJ B sec, like, when I say Claude or Anthropic, you know exactly what I'm talking about. Okay. I have had conversations. All of my cadets at the Citadel, some family members, just some general people I ran into walking around town. They don't know what like anthropic is. They don't know what Claude is. They don't like open claw. Forget about it. Like, I, I think we almost are in a bubble here of like, what AI is and how powerful it is from like 99 of the, like normal population.

DJ B Sec (100:38)

Most people, most people are just like, chat GPT. It's a. It's the amazing Google. It's the way that everybody uses it and people don't understand. That's why I started building out the way to actually prompt things. Like, you need to give context within the prompt. And I think somebody said it, I was watching something, they said it greatly was we. When ChatGPT first started, it was all about prompt engineering. Now it's all about context engineering. You need to engineer the context that goes into what you're asking so you get the right result.

James McQuiggin (101:12)

Yeah, yeah, yeah. No, exactly. I mean, it's certainly looking Moving beyond just asking questions.

DJ B Sec (101:17)

It's.

Dr. Gerald Ozier (101:18)

It's.

James McQuiggin (101:18)

It's leveraging its real capabilities. Cammy asked, let's plan a cyber cruise. There already is one. It's called Cruisecon.

Dr. Gerald Ozier (101:26)

Yep, 100%. Also, I want to say this is not lost on me. Sierra Montgomery, she heard Folly beach is pretty good in November. This is where simply CyberCon 2026 is going to be. So 100.

James McQuiggin (101:40)

Right up on the IT question real quick. It could be something where you demonstrate how to use how IT managers can use AI in their roles to make their lives better. They may already be exploring it, but it could be a fun topic as well.

Dr. Gerald Ozier (101:55)

There you go. Perfect. 100. So it looks like we are all caught up on questions. I know we typically go to 10. I am, like, literally just in pain right now and would very much like to go take up my shoulder out.

DJ B Sec (102:11)

Get a shot. Yeah, in the shoulder.

Dr. Gerald Ozier (102:15)

Yeah, exactly. Well, hey, you know how Memphis. You know how Memphis be getting that lean?

DJ B Sec (102:21)

No, that's eight. Come on.

Dr. Gerald Ozier (102:23)

Oh, is that all right? Okay, so, hey, let's. Let's do a last call here, James. Where can people get more James McQuiggin or whatever they're doing?

James McQuiggin (102:33)

Well, certainly out on LinkedIn. JamesQuiggin.com I'll be at Zero Trust World on Wednesday and Friday of next week. I've got another event on Thursday that I'm heading down to. I just recorded a bunch of podcast episodes. Not mine yet. I'm still working on those. So I'm. I'm already out on one and I got two more coming.

Dr. Gerald Ozier (102:51)

All right, very cool. So James mcquiggin.com and on LinkedIn, DJ, B, SEC, or Ben, as it says in your name card here. What's going on? What dj bsec.com for sure, right?

DJ B Sec (103:05)

Yeah, you can find me there. You can find me at 37, 000ft in about an hour and a half.

Dr. Gerald Ozier (103:09)

Yeah, I love it. I love it.

James McQuiggin (103:11)

Seat 3B, buddy.

DJ B Sec (103:13)

Yeah, actually it's 2 or it's a 3A and then 2F.

James McQuiggin (103:17)

There you go.

Dr. Gerald Ozier (103:17)

Oh, my God. For me, guys, I like, let. Listen to this. These two guys first class to change the forecast while I'm in the back with like a, you know, like a chicken or something. And like, you know, our personalities may

James McQuiggin (103:30)

not be first class, but yours is Jerry.

Dr. Gerald Ozier (103:32)

Oh, well, thank you. I. I think I'd rather fly first class and. And just be a, you know, whatever.

DJ B Sec (103:38)

So.

Dr. Gerald Ozier (103:39)

Hey, guys, I want to say thank you so very much to all of you in chat for hanging out the extended jawjacking panel. James McQuick and DJ B Sec making a. Making it work from the road. Definitely appreciate that. I'm Jerry from Simply Cyber. I hope you all have a wonderful weekend. And we'll be back Monday at 8am Eastern Time, continuing to crush it. And remember, next week, we'll be doing the show live from Zero Trust World, Wednesday, Thursday, Friday. So fingers crossed, because I don't have DJ B Sec, Jesse Johnson or Casually Joseph with me, so I'll be in charge of audio. So it's always a. A bit of a wild ride there. So. All right, guys, thanks so much. We'll see you.

James McQuiggin (104:24)

Take it easy.