Steve Prentiss (5:13)

Huh?

Dr. Gerald Doer (5:13)

Yeah. Yep, yep. This is just coming over the wire right now. Oh, my Lord. Oh. It's being reported right now that people in Miami are having to put long sleeve shirts on. I repeat, long Sleeve shirts in Miami. Oh, all right. We'll set up a go kick gofundme, a go Kickstart. Me a gofundme for the, for the, the children of Miami to get them some long sleeve shirts. Okay, guys. Every episode of the Daily Cyber Threat Brief is brought to you by the show's sponsors. They enable me to have this microphone, that TV and this attitude every single morning. This cup of coffee paid for by sponsors. So let's say what's up to them and do me a solid. Go check out the sponsors. There's links in the description below that can allow you to go check them out every time you click on it. It's good for Simply Cyber, it helps support the channel and I don't partner with scumbags, you know what I mean? So we're dealing with good companies with great products. First, let me tell you about flare. Flare Academy. Love myself some flare. You guys know I've been outspoken on flare and the people over there, well, check it out. If you go to Simply Cyber, which is the title of this program, simply Cyber IO Flare, you can register for their 29th of January, 11am to 1pm webinar inside the life of a Ransomware Operator. Now, if you've been on the fence about this one, if you've been on the fence about this one, stop it. Cost nothing to register. It's super awesome insights that you like. Literally, as far as I know, you can't get anywhere else short of joining a cyber criminal gang, which I'm not gonna do. For real, ain't nobody got time for that. But I can get insights. And because I'm so pumped about attending this, I just declared publicly that I was going to be doing a watch party. So come join me, come hang out, come have a good time, come learn. Go to Simply Cyber IO Flair to giddy up on that. I also want to say holiday Anti Siphon training. These guys, you know them, they've been crushing it like a bunch of bosses. John strand had his four day, 16 hour course this week. I saw many of you talking about Michelle kh's training on Wednesday and how great that was. Well, check it out. Go toantisiphontraining.com. look at their calendar events. You can see everything that's coming up. But I want to call your attention to this guy right here, my friend. I'm, I'm happy to call this dude friend. Hayden Covington. He's, he's basically just a blue team ninja and he knows what he's talking about when it comes to SecOps and SecOps workflows. He's got a one hour webinar, absolutely free to attend to teach you how to integrate AI into that. Also, just as a little teaser, we have if you saw my three videos on Simply Cyber, how to interview for GRC jobs, like, like basically with real interview feedback, go to simply Cyber's YouTube channel, look at the videos. There's three there. I'm getting phenomenal feedback on that series. So much so that I've done one for pen testing and I've done one for sock analyst. And this guy right here, it was a no brainer for me to ask this guy right here who agreed because he's my friend to be the representative for the senior sock analyst role or candidate in the job interview series. So if you liked that series and you wanted one for the blue team, just, just know that Hayden's coming down the pike to answer those questions. I'm super excited. That'll probably come out in March though. So, you know. Yeah, manage your expectations accordingly. All right, hold on, hold on, hold on. What are we doing? All right, what else we got? Oh, Threat Locker guys. Holla at Threat Locker, Zero Trust World me, Kathy Chambers. Kimberly can fix it. Who is in the Miami area. She was actually who I was thinking of about sending hearts and prayers and long sleeve shirts to. So if Kimberly's not, you know, if Kimberly can get through the, the, the 65 degree weather, she'll be at Zero Trust World there, uh, in March. So quick word from Threat Locker and then going to melt your face with the news. Let's go. I want to give some love to the daily cyber threat brief sponsor, Threat Locker do zero day exploits in supply chain attacks keep, keep you up at night. Worry no more. You can harden your security with Threat Locker worldwide. Companies like JetBlue Trust threat locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn. Learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right everybody. Well, you know what to do. If you're a regular here, you know exactly what to do. I need you all to do me a solid. Sit back, relax and just let the cool sounds of the hot news wash over you in an awesome wave. I will see you at the mid Roll and reminder Fridays is James McQuiggin's dad. Jokes of the day. So get ready to spit your coffee out even if you're not drinking any at the mid roll. Let's go.

Daniel Lowry (10:55)

From the CISO series, it's Cyber Security headlines.

Steve Prentiss (11:02)

These are the cybersecurity headlines for Friday, January 23, 2026. I'm Steve Prentiss. Multi stage adversary in the middle Phishing and Business Email Compromise campaign abusing SharePoint researchers at Microsoft Defender have uncovered this multi stage campaign targeting multiple organizations in the energy sector resulting in the compromise of various user accounts. This campaign targets SharePoint file sharing services and delivers phishing payloads, relying on inbox rule creation to maintain persistence and evade user awareness. The researchers state that password resets alone are insufficient to mitigate this issue. Impacted organizations in the energy sector must quote additionally revoke active session cookies and remove attacker created inbox rules used to evade detection. End quote.

Dr. Gerald Doer (12:00)

All right, so, all right, so you know biz, there's a bunch to unpack here. I'm like borderline overwhelmed by like, where to begin? Number one, business email compromise. Straight cash, homie. Straight cash homie. And I gotta tell you, you know, I'm not a criminal. I don't condone crime. I'm not in it to win it. But it's if I was, if my moral compass was broken, if I did turn into Gerard Butler in that movie where like, he needed to get money for his kid or something, I forget what that was called. But if I was going to turn to the dark side and become like a sith lord of cybercrime, my crime would be business email compromise. I would not go into ransomware. Like ransomware. Sure, you make a lot of money, but like, you know, the risk, I'm a risk professional, y'. All. So the reason I say this is because business email compromise is the sleeping giant. It is the second most, you know, devastating attack or likelihood attack that you're gonna see next to its big brother, ransomware. Okay? So don't sleep on business email compromise. And it's basically just getting your business. There's different ways to achieve it, but it's getting your b. A business to send you money, okay? Like fake invoices, stuff like that. The next thing is I, I want to use a, a word here because I've been in 2026, I'm making. I. I'm doing two things for 2026. No one, no one asked me what my goals were. But I'm going to tell you, number one, I'm trying to say no a lot more in 2026. Okay? Not to you guys, but in general, no. Secondly, I'm going to try to spell out acronyms as often as I can because I. I heard a lot of people at the end of last year who were trying to get in or work cyber adjacent say, like, it's just so many acronyms. I don't know what the hell you guys are saying. And I'm like, all right, well, let me try to break down those barriers. So, aitm, which nobody says that acronym spoiler. Adversary in the Middle. This is basic. This is not. Basically, this is man in the middle attack. It's just been renamed to Adversary in the Middle. I assume that's because of political correctness. I never got the email or the memo on this needing to change, but it's not a different attack. So when I first started, I was like, oh, how's this different than man in the Middle? It's not. It's the same thing. It's just they changed the name from man to adversary to be gender agnostic. Okay, so now let's do what we're doing here. All right? SharePoint File Sharing Services to deliver phishing payloads. Okay. SharePoints of File Servers, basically with a GUI interface so you could put files in there. Let's see, how is this working here? Attackers leverage. Yeah. So here's the problem. Okay? This is fine. Look at the infographic. Okay, I'm not even gonna. For a second. I was gonna give this the saxophone treatment, but let me just tell you what is happening. Step one, okay? And this is why. This is why I, like, have to roll my eyes. Okay? Step one, you already have compromised credentials. Like, I feel like this is a key and peel sketch already. Like, step one of this attack is that the. The threat actor already has attacked you and been successful. Okay? So they have creds, they log in and they. Well, they build like a phishing landing page. Right? And they're using SharePoint, I presume, in the same organization that the compromised creds are, and they're attacking other people within the same organization, I would assume, or partners, you know, someone that they would expect to be getting an email. They put a phishing URL on a legitimate web page like SharePoint and then, boom, send the phishing email. The person goes to it, and. And now they are able to steal your session tokens. I don't fully understand how this is adversary in the middle versus just straight up stealing your stuff. But, you know, multi factor is not going to help you here because they're stealing your session tokens. They do modify your email rules in order to maintain persistence. So that's definitely something to get an eye on. And then they start doing the actual business email compromise campaign. So as as many words as the reporter used and as big as this infographic is, let me tell you what is happening. A threat actor is stealing someone in your organization's credentials. Then as an internal user, they're setting up a landing page to steal and harvest more people's creds, presumably someone who works in procurement or finance, I would assume. And then. And then basically they get in the email and monitor the email, which is like a key part of business email compromise. And then they do second stage, which is all that is the actual attack. The second stage of business email compromise in this particular story is just sending the fake invoice or emailing a business partner, telling them that the bank account number has changed and they need to wire the money for the deal to a different bank account. That's it. This is like, I don't know, I feel like they put like they took like last year's Christmas gift and just rewrapped it and then called it like a new gift. Like, this is. This is how it's done. All right, so what would I say if I was a defender looking for this one? Here's the deal, y'. All. Number one, you should. And DJ B sec, if you're in chat, I would love your thoughts on this one. But like, threat actors, especially in business email compromise, want to get an email and then you know how you can forward your email. I don't know if you know this, but you can go in and configure forwarding your email to another email address. Okay, so this is a great classic persistence mechanism for a threat actor, because if you change your password or you, you know, invalidate session tokens or anything like that, they're still getting your email. Just all emails that come in to your inbox they're getting a copy of, which gives them visibility over current conversations and potential transactions, which they can intervene with. Right. So that, like, watch out for that. And then, of course, your. Your finance and accounting office should be trained up and aware of these. These type of business email compromise attacks, because they're the ones who are going to be targeted. Okay. That. Not all business email compromise attacks can be stopped by educating your finance team, by the way, because if a threat actor gets into the emails and. And then emails a business partner of yours and tells them, like, listen, basically let's pretend that Phil Stafford and I are doing a project and Phil Stafford, like I did services for Phil, right? So I came to Phil's house and like fixed his printer, whatever, right? And then I'm going to send Phil an invoice and then Phil's got the invoice. Well, threat actor in my, in my email can just email Phil and say, hey, Phil, quick note, my bank account changed. It's this one right here. And Phil says, okay, I have no idea about that. The only time I find out is when I call and harass Phil because Phil hasn't paid the invoice that he owes me. And he's like, I absolutely paid the invoice. You told me to change the bank account. That's another part of why getting in your email and having visibility by forwarding it to the threat actor controlled email account has the ability to allow this to execute without your visibility. So this is the attack, the way it's manifesting in this particular one. So just be mindful of that. And yes, Phil, I will, I will. I'll be invoicing you for the, for the, for the printer. Hey, team Simply Cyber Team sc. Looks like we have a first timer in chat. Nuno Moreno says first time in chat, but long time car commuter listening to your excellent podcast in Portugal. Nuno, welcome to the party, pal. Hold on, hold on. The anime. Wow. Kind of overrode that John McLean. Go again. Welcome to the party. All right, thank you, Nuno.

Steve Prentiss (20:21)

Smarter Mail auth bypass flaw now exploited despite patch following up on a story we covered on December 31, threat actors are now exploiting an authentication bypass vulnerability in Smarter Tools. Smarter Mail email server and collaboration tool that allows resetting admin passwords. Specifically, the issue quote resides in the Force reset password API endpoint which is intentionally exposed without authentication, end quote. The issue was reported by Watchtower on January 8, and Smarter Mail released a fix on January 15. The Watchtower researchers found evidence of exploitation just two days later. This suggests, they say, that hackers reverse engineered the patch and found a way to leverage the flaw.

Dr. Gerald Doer (21:10)

Oh yeah. All right, here we go. A couple things here. Number one, I hate to dunk on these guys, but Smarter Mail, the term the. The title is ironic. You are so dumb. You are really dumb for real. Okay, so he. This is the immediate situation. If you're running Smarter Mail, which is like a self hosted email server, it does not seem like it's a enterprise grade email server. So I don't know how likely you are to find this in your environment. But if you're running smarter mail, you've got some serious problems and you should go look in your logs to see if the API for the password reset has been interrogated or if there's been any logs of admin password resets, essentially. This flaw is horrible. This flaw allows anybody unauthenticated. So basically just anyone can just show up, right? Modern rogues in chat, modern rogue could just wander up and, you know, give a little tickle to the reset, pass admin password, API and boom, like a magic trick. He, he's the captain now. This is like, this is the absolute Captain Phillips. Look at me, look at me, I'm the captain now. Flaw. And I mean, it's, it's, it's straight up gross, dude. Because listen, root level, system level, privileges, that's the, that's the crown jewels. Like, if you own the, like super admin account, you can do anything you want on that system. You can delete accounts, add new accounts, delete stuff like files you can shut down, you can log things, you can, you can, you know, add additional malware payloads to the machine. Whatever you want. Like the world's your oyster at that point. What I will say here is, number one, you should always keep this in mind, okay? Number one, any functionality, either functionality or a system that has to do with security controls must have an elevated priority in your IT infrastructure. Okay, so this one is an email server for. Fine, but because it is a hard, like a password reset API that is a security function and therefore needs to be taken with higher priority or higher criticality when you're evaluating the system. Now, if you're running the system, you are relying on the Smarter Mail Web, excuse me, the Smarter Mail software engineers, to, you know, protect this system. You as an end user, you can't really, you could maybe disable that API, but I'm not even sure if that functionality is there. So you're just kind of taking on this risk by running it. The final thing I'll say, and this is like, this is definitely a best practice with AI nowadays. I have not done this myself, but I can imagine it quite easily with AI when, listen, when a patch comes out, right? When a patch comes out and you apply a patch, think about it for a second. There's the system before the patch, then you apply the patch, and there's the system after the patch. Now, Microsoft Windows roll up. Patches are going to change lots and lots of things. But for something like this, the patch is like one thing. Okay? So imagine if you will, you have Like a brick chimney. Stay with me on this analogy. You have a brick chimney, right? But it's old in some of the, some of the mortar and the joints is starting to flake out and fail or whatever. So you hire a mason to come in to fix it, right? So then the mason looks at the whole chimney and it's just this one spot where the brick is broken and the mortar is kind of gouged out. So the mason comes in, removes that brick, cleans up the mortar, puts a new brick in and adds fresh mortar and boom, your chimney's back to 100% right? Santa Claus can slide down that thing all day with no issues. Now, if somebody else were to walk up and look at that chimney, you would be able to tell exactly where the work was done because the mortar is going to be dark gray, not light gray. The brick is going to look newer than all the other bricks. Like not sun kissed, right? Same thing with patches on, on software like this. When you put a patch in, it's trip, not trivial, but it's, it's not unbelievably difficult to take the previous version and, and the current version and compare the two and guess what's going to shake out? What? The patch fixed. And once you can grab that in 2026, I would throw it in AI and say, hey, AI, what, what is this patch fixing? What did it do? Look at the old state. Tell me like where the, the flaw is or how it could have been exploited. Like the, the patch fixes the exploit or I'm sorry, the patch fixes the vulnerability from being exploited. Right? And that can come in a bunch of different ways. But this is a great opportunity for researchers and unfortunately threat actors to be able to identify where a gap is and then most importantly, how to exploit it. And then remember guys, just because a patch comes out and I play this button every day, ah, you gotta patch it. That doesn't mean that every organization is applying the patch. So then you get this window of exposure where, where businesses that have not patched it and threat actors who have looked at the patch, analyzed it, and then developed a weapon or an exploit or a payload to exploit that patch can now go looking for the exposed businesses. So just because a patch comes out doesn't mean that that flaw can't be exploited anymore because you still have humans who are having to apply patches. All right, go look at what happened to Equifax in 2017 with the Apache struts vulnerability. Tell me, tell me. It, you know, everything's patched I mean even crino allowed when Vault 7 dropped the the NSA tools of the CIA tools and Eternal Blue came out with that SMB share exploit. It was three months later when North Korea took WannaCry on a worldwide tour like it's a K pop band running around blowing everybody up. Where the the initial WannaCry ransomware explosion happened. Remember that the patch had been out. Microsoft was screaming from the mountaintops, patch your stuff. And still hundreds of organizations, including the national health system in the UK got punched in the mouth. So anyways, this is all a long way to say that you can reverse patches. Thank you for coming. My TED Talk and patch your stuff.

Steve Prentiss (27:48)

Spanish Judge closes NSO Group Spyware Probe the reason for the closure of a probe into the use of Pegasus spyware to snoop on top government officials has been reported as a lack of cooperation from Israel. The probe started in 2022 when the court looked into the alleged spying on devices belonging to Spain's Prime Minister and Defense Minister allegedly using zero click spyware known as Pegasus, manufactured by Israel's NSO Group. Israel has not responded to five cooperation requests, the judge said breaking the balance inherent in international cooperation and violating the principle of good faith that should govern relations between states.

Dr. Gerald Doer (28:31)

Okay, I was responding to Jay Gold in in in chat, but all right, couple things here. One, so Pegasus Spyware just so we level set for everyone, Pegasus Spyware is, is the Bugatti of spyware. Okay. If you want it. Absolutely. Zero click infected with text messages, emails and call logs by lunch today you go Pegasus. You don't cheap out. You, you don't go to on TEEMU and buy spyware. Oh no, you go straight to, you know, whatever, Rodeo Drive and you pick up some Pegasus spyware. I'm being silly of course, but like NSO Group is an Israeli based cyber security software company that sells the best spyware. If you're looking for some like, you know, more affordable spyware, Predator is another one that's quite popular. But Pegasus is like you know, the Coke a Cola, not, not, not Miami 1984. Okay, so NSO Group, it was being probed by Spain on their use of spyware. And don't forget, I don't even think this has anything to do with it. But just a couple years ago in the Catalina region, not to be confused with the Catalina Wine Mixer, was. Did we just become best friends?

Steve Prentiss (29:58)

Yep.

Dr. Gerald Doer (29:59)

Catalina region in spyware was being used on one of the candidates. Right. April 2022. I think this might be related. Look at this story. Oh my God. April 2022 Cataline leader targeted using NSO spyware. Okay? This guy was running for political office and his adversaries, the people who were currently in power, bought themselves some Pegasus spyware so they could spy on this guy and his. In his like, entourage, okay? Which by the way, is a gross violation and not what NSO Group says that their software is to be used for. But guess what? Money talks, baby. Great cash, homie. All right, so Spain was investigating them and NSO Group said no. So I don't, I don't get this. Like, I didn't re. Like, obviously Israel is. I shouldn't say obviously, but it appears that the country of Israel is advocating for NSO Group and kind of like, I guess, quote unquote on their side because Spain is trying to investigate them. And NSO group's like, no, we're good here. And Israel's like, yeah, no, we're good here. Move along. So I didn't realize you could just stick your head in the sand and be like, nah, we're good here. The part of the problem is Spain doesn't have a leg to stand on. Oh yeah, look at right here. Indictments of three former senior executives of NSO Group for their role in a hacking scandal of 63 Cataline members of civil society. So couple things here. Number one, this is like a nation going after a private business and the private business's host country has got its back and saying no. The fact that Spain just gave up on this is wild to me. Secondly, you know, it's wild to me that executives would be held accountable for something like this. But honestly, they, they absolutely should. And three, this just goes to show you how powerful NSO Group is and, and Israel for that matter. I've heard. I haven't tried to price Pegasus. Like they don't have a website landing page where you can go look at pricing. It's like you, if you have to ask how much it is, you're not going to be invited into the room. This is like, you know, the, you know, back room baccarat tables that, you know, normal people aren't allowed at. I've heard, I've heard it's like a 500, 000 to a million dollars per infection. So, you know, we're talking big money, especially if 63 people were infected. I mean, let's just do the back of the napkin Math. That's like $32 million, right, if you bought the. At the cheapest. So I don't know, man. Spyware is no joke, man. For real. So I guess this, you know what, you know what kind of is like wild to me, this just further empowers companies to, to effectively just snub international norms and, and law in order to make money, right? Like, NSO Group is selling the software to whoever has money, including it's supposed to be for law enforcement, but if you have enough money, right, and you're, you're, you're worried about revolution or coup, or an investigative journalist investigating your horrible, horrible crimes like genocide or, you know, like, things like this, you can just buy this and figure out who's, who's getting after you and then eliminate them. I mean, it's horrible and like, man, it's wild.

Steve Prentiss (33:54)

Fake cell tower scam uncovered in Greece Back in September, we reported on scammers who use mobile cell towers packed into cars to blast phishing messages to phone users in a selected city. Police in Athens have now taken down such an operation after stopping a car at a checkpoint east of the city. The mobile computing system was hidden in the car's trunk. The device forced nearby mobile phones to connect to the suspect's system and downgraded them from 4G to the less secure 2G network, exploiting long known vulnerabilities. This allowed the thieves to harvest identifying data such as phone numbers, and then send scam text messages to posing as banks or courier companies. Three fraud cases have now been uncovered in Greece, but authorities said, quote, the full scope of the operation remains unclear. End quote.

Dr. Gerald Doer (34:51)

Yeah, this is a, this is a thing. So I actually was talking to my cadets, my, my students just the other day about this. Okay, so this technology has been around for years, okay? Years. If you want additional info, look up FBI Stingray. Okay? FBI Stingray. So the reality is, and I, I mean, you never really think about it until you think about it, but the reality is your cell phone, I don't care if you're running iOS, Android, or you got some bizarre third party one, because you're, you know, not getting down with the norms because you're a hipster, okay? Whatever it is, your phone will connect to the strongest cell tower it can see. That is the flaw. It's a feature. Because, I mean, if every single person in chat right now, and if you're like a kid listening in chat, right? Like maybe you're Micah heading to school right now in the car, okay? Everybody has had one bar of service before and been like, ah, my service. Sorry, I've only got one bar. It's hard to hear you. Everybody knows that pain, right? So by Design cell phones want to connect to the strongest signal possible because they want us to be like, oh yeah, we're doing good. I mean, freaking Verizon had a campaign for like a year and a half. Can you hear me now? Good. Can you hear me now? Good. Billy Bob Thoron's walking around the Midwest for T Mobile right now talking about, you'll never believe where I am. You can hear me. The whole fraking thing is about pitching that you can have a big strong signal wherever you are. That feature is exploitable. And honestly, this is why I love threat actor methodologies, because I'm a conformist and I wouldn't see this, but now that it's been exposed, I, I can like giddy up on it. Here's the reality. Because your phone will connect to any strong signal it sees. If you can create a strong signal, every phone around you will connect to you. Now you might be like, how can I possibly put a cell tower in my bag? Like, doesn't even make any sense. It's just the, you know, the radio station, you don't need the whole friggin metal structure. Right? Obviously. And these things have gotten small at Black Cat. I mean, it's alleged law enforcement's walking around with these things. What ends up happening is your phone will connect to their tower, they'll use it as a relay to an actual real cell tower. And then you're basically routing through their device, which means they can see the traffic, they can see phone numbers. Like they can see who's connecting to what and to whom. And, and if they're making phone calls, I don't entirely know if they can listen to the phone call audio or not, but it's a lot of visibility. And also if you want to be a real peckerhead, you can just not forward the data. And now even though you have service, you can't make a phone call. And you don't know why. It's like having Internet service. Like when your wireless router still works in your house but the Internet's out, so you're like, I'm on the wireless, why can't I load Google? Because you don't have Internet, right? So you could even do that. And of course, if you were being an absolute deplorable human being and wanted to commit crime, or you're about to be like Seal Team 6 and break into Maduro's apartments or whatever, you could just put a wicked strong stingray right down, not forward anything. And then you effectively have a cell tower blackout. Like a cell Phone blackout. So if someone's trying to call for help or call for anything, guess what? That ain't happening. And you can't change anything. You can't. You can't tell your cell phone to go to a different tower. That's not happening. Okay? So now that we understand the technology and why it's working and everything like that, scammers basically set up one of these suckers in like a. A panel van parked at downtown Greece, which I know is silly. Downtown Athens, in Sparta. Okay. And basically anyone that was around them, they'd be intercepting their cell towers and then just blasting them text messages. Because it's a known protocol with phishing, Right? And it's not being routed through the phone company. That's another thing here. This is not going through your cell phone provider. So Verizon, AT&T T Mobile, they don't have any visibility that you are getting barraged with these phishing text messages. And the threat actors don't care because it costs them $0. So to blast you with all of this text message stuff. Now, I don't know how the Greek police found them. My suspicion is that they arrested somebody and that somebody gave them insights in order to get a. A, A more lean sentence or it was like a, you know, an informant or something like that. But that's what's up with this. And you could see the cell tower fit in the car trunk. Very interesting. I am glad that they arrested these people. I would say that this is not a concern. Like, this would be something in a city. I would see this happening in, like, downtown New York City. Like, for example, if you wanted to do like, a likelihood analysis of suffering for this one. All right, good stuff, guys. I also, I will tell you, like, if you're getting messages on your phone from anyone you don't know, disregard them. Right? Like this, this, this, this attack, it's just. They're blasting your cell phone with text messages, which is wicked annoying. But, like, but as you drive past them and, and grab another cell tower, the messages will stop, right? And if you don't respond to them, you're not compromised. And this isn't 2004 where you're paying per text message. So, like, just pump the brakes, okay? I will say that they must have been making some money because if they weren't, they would have stopped. Right? All right, let's keep cooking.

Steve Prentiss (40:58)

Huge thanks to our sponsor, DropZone AI. All week we've talked about alert fatigue, MTTR, and the math that's breaking your sock. Here's the proof. DropZone AI is trusted by over 300 global enterprises and MSSPs. Named a Gartner Cool Vendor, recognized in the Fortune Cyber 60 and backed by $37 million in Series B funding. But they're not stopping at a single agent. They're building toward fully agentic SOC teams where human engineers are augmented with specialized AI agents for threat hunting, detection, engineering and forensics. Your team deserves a backup that never sleeps. Book a demo at dropzone AI that is Drop Z O N E AI.

Dr. Gerald Doer (42:01)

All right guys, holla. We are at the mid roll. Thank you very much for being here. Great to see everybody in chat. Love, love the conversation I'm seeing going on. You guys are great. Oh, Shamira Gonzalez, good morning to you. How you doing? All right guys, let me say thank you to the sponsors again. Threat locker, Anti siphon flare and Area. Guys. Area. If you didn't know, you can go to Simply Cyber. Simply Cyber. IO A I R I A Dude. Your leadership team is straight up banging their fist on the desk screaming AI automation. Your employees are using IT tools that aren't even approved. You don't even know what kind of AI is being used in your environment. You know, the sales team's using it, the marketing team's using it. Who knows what data is going in there? Guys. And it stinks. Because one security incident, one failure, even one that's like outside your organization. Right. A third party risk from with data that is from your environment could result in real penalties, financially or competitive advantage for your business. It sucks. But let me tell you this. What if AI became an advantage instead of a risk? I like that. What if teams could innovate faster and you are still the hero because that data and your organization are protected. Go on, Jerry, say less. Well, guess what? That's what area does. They deliver a unified platform combining AI security, governance and orchestration. So you don't have to choose between innovation and protection. You don't have to be the office of. No, you can be the Office of AI Enablement. Take control of the day. Turn your AI stress into. And to AI success go to simply cyber IO/air I a today. Thank you very much. Area again. Area and the other sponsors, they make the show possible. If, if they didn't sponsor the show, I, I would, I would have to. I'd have to find something else. I'd have to get a job. All right, here we go. Every single day of the week has a special segment. And Fridays is none other than James McQuiggin at 35000 feets jokes of the week. This guy's been delivering hot takes and hot giggles for two plus years. He. He was doing the joke of the week when I was back in the guest bedroom. Right corner. Corner. Jerry, as casually Joseph likes to call it. All right, here we go, guys. What? And again, I don't read these in advance, by the way. What. What do French fries say when they finally see each other? What do French fries say when they finally see each other? Come on, everybody. Nothing. They just catch up. Oh, God, I feel like I need a shower after that one. All right, guys. What's a scarecrow's favorite fruit? What is a scarecrow's favorite fruit? Also, fun fact. I can't eat these right now because I'm. I'm on a. Dietary constraints. Scarecrow's favorite fruit is a strawberry. A strawberry. And finally, guys. What? God. When potatoes have babies. When potatoes have babies, what are they called? What are the potato, you know, Mr. And Mrs. Potato Head. They, they shoot out a couple youngins. What do they call their kids? They call them Tater Tots. Oh my God. All right, Roswell UK thought maybe that the French fries catching up would give each other a high fry. I love it. I love it. I love it. All right, guys, let's finish strong. We got panel jawjacking for you at the top of the hour. Thank you very much to James Quiggin. I hope he's enjoying his vacation. Well earned, well deserved. Let's finish strong, guys.

Steve Prentiss (46:18)

NIST officials describe impact of staff cuts At a meeting on Wednesday of the Information Security Privacy Advisory Board, NIST officials described how they are dealing with current mandates on AI, cybersecurity and post quantum encryption. The director of the Information technology laboratory at NIST, Kevin Stein, said the agency has lost more than 700 people in the last year through personnel initiatives like resignations and voluntary deferments. The agency is facing further constraints, including a Congress led cut of $13 million from NIST's labs program. Such constraints, he said, are, quote, forcing a very focused discussion on prioritization of our activities and.

Dr. Gerald Doer (47:03)

All right, So I am a huge advocate of nist. Okay? So just to preface that as a bias, NIST was. I mean, NIST is like a science and research organization, right? So when DOGE came crushing through in the first part of the year last year, you know, they were, they were one of the ones, right? So that got impacted. So they lost 700 jobs. This is, you know, hey, you get to quit or be fired, your choice, right? So this is impacting a Lot. So nist, National Institutes of Standards and Technology, they do a lot with cyber security, right? They are involved with the CBE program. They are involved with the Special Publication 800 series. They help everyone do security better. They developed the cyber security framework. I mean, I don't, I don't know his story. Okay, So I can't say definitively, but I will point out that Dr. Ron Ross left NIST last year. He did start his own consulting gig afterwards. But like, that's just like the type of talent we're talking about. And if you don't know Dr. Ron Ross, you absolutely should. The dude's like friggin. He's like a Terminator. Except instead of terminating Sarah Connors, he was like terminating cybersecurity problems. And you know, AI is coming. We are all aware that AI introduces massive risk, like the kind of risks we're not even aware of. Yes, prompt injections, a thing. And we've got that. But I mean, like what about data governance and data sovereignty? What about just like AI tooling to help offensive security professionals? What about, you know, just weaponizing AI to do all sorts of things? So sadly, this is the impact of quantum computers. Remember when quantum computers was the hot thing for like a second before AI crushed it? Like, that's coming. So this is just here. I'll tell you this, okay? This is the real deal. Just remove the government, remove NIST from this for a second at any business you work at, okay? It took me, it literally took me like 10 to 15 years to figure out why. It's so important to understand why. Like to understand how the business you're at makes money. Like, it took me 15 years to figure out why. That's so important to understand how the business makes money. Your business. Okay, when, if businesses aren't making money right, or they have a dip in revenue or profits are down or whatever, tariffs come out of nowhere for whatever you know, that happens and their profit margins go down. It could result in cost cutting reductions, staff layoffs. But the important thing is that they will have to prioritize initiatives. So it's not. Listen, have you ever been going for a job and then you find out the job's just been eliminated? That's because of things like this. You might be all geeked up, ready to do a project that's been greed lit, management approves it. You're going to be doing all the things and all of a sudden, oh, hey, priorities have changed. That whole project has been scrapped. We're not doing that anymore. It's because of things like this. So it's very important for you to a understand how the business is making money, what mission critical processes are priorities and things like that. So you at least have a little bit of flexibility and understanding when you can see the writing on the wall. Right? I just read in the news this morning over my coffee, Amazon announced they're going to be laying off 30,000 more corporate jobs. Like these are, these are the things. Okay? So I am really disappointed and it sucks that NIST is getting impacted this way. NIST has been very vital to the overall success of society's information security posture improving. All right, sorry, that was like a little rant.

Steve Prentiss (51:31)

But alternative to CVE appears. The Global CVE Allocation System, or gcve, will be maintained by the Computer Incident Response Center Luxembourg as an alternative to the traditional Common Vulnerabilities and Exposures program, which narrowly avoided shutdown last April when CISA initially failed to renew its contract with mitre, which operates the CVE system. Although collapse was averted, it exposed the program's dependence on a single funding source. The proposed GCVE avoids reliance on a centralized system allowing independent numbering authorities to allocate identifiers. The system will maintain a backward compatibility with the existing CVE infrastructure through a technical accommodation.

Dr. Gerald Doer (52:22)

All right, so I agree with this. I think that this is great. So going back to like last year in the United States when DOGE was like, you know, just hatcheting all sorts of programs and stuff, this got hit and part of it, like I said, if you don't not seeing the value in it, the CVE program like for a hot minute was going to not get funded. Okay, like people in our industry were flipping out. I was flipping out. John Hammond made a video about it and it kind of scared people. Now ultimately in the 11th hour, funding came through. But like any good cybersecurity professional, you don't want single points of failure. And if you have something that's important at your organization, typically something that helps make money, you do not want a single point of failure. Because if that thing fails, then your whole company collaps, not collapses, but it, it goes down. Like I'll give you an example, like YouTube for me right now, right? Like if YouTube, like if my channel got banned or YouTube just disappeared or something like that, that would be very like, that would be a hard hit for, for simply cyber, obviously right now. Oh, Casually Joseph is awake. Wow. What's up party people? Happy Friday. Happy to catch a live for the first time in a long while. Geez. Casually Joseph Good to see you, dude. You guys remember Joseph, right? So anyways, for business continuity and resiliency, they spent the last, I don't know, 12 months working on a alternative to the kind of US based NIST CVE program. And now it's going to be the GCVE. It's got a bunch of different orgs that can contribute identifiers to it, maybe like share the burden or the financial expense of managing this program. So I have two thoughts on this one. First of all, we'll see, right? We'll see if this turns into a standard because remember this IPv6 was supposed to replace IPv4 and then we figured out requests for comments RFC 1918 which basically made non public routable IP addresses allocated, right? So your 192168 x x networks, your 172 dot I think 0 to 16 and 10.0 like those IP address ranges became non publicly routable and that solved the IPv4 exhaustion problem, you know, whatever, 10, 15 years ago and no one uses IPv6. I know that it's there, I know some people use it, I get it, but for the most part it never really got adopted. Okay, so we'll see. Just because this exists doesn't mean that this is going to become the new thing that everybody. Oh, let me get that GCVE number. Right, so we'll see before I, before I, you know, you know, before I buy property there, I'm gonna rent for a few months and we'll see where it goes. You're picking up what I'm putting down. We'll see. Although my other thought is this is just further, I don't know, further globalization of cyber security. Which is good.

Steve Prentiss (55:59)

Cyrus. Ransomware emerges in vulnerable driver attack. Researchers at the semantic and carbon black threat Hunter are warning of a new ransomware family called Osiris. Osiris that targeted a major food service franchisee operator in Southeast Asia in November of 2025. This campaign used a malicious driver named Poor Try P O O R T R Y as part of a known technique called bring your own vulnerable driver BYO V D to disarm security software. This is a brand new ransomware strain not related to the one of the same name that was present around December 2016. It is thought that the actors who deployed this ransomware may have been previously associated with Ink ransomware. And it is being described as, quote, an effective encryption payload, end quote, that makes use of a hybrid encryption scheme and a unique encryption key for each file.

Dr. Gerald Doer (56:59)

All right, the problem of so OSIRIS Ransomware. I never heard of them before. They're. They have a lot of the ttps of Inc. Ransomware Inc. Which was well known. So it, they could have just rebranded or like, you know, one guy could have left the. The group because he got enough money. Excuse me. Like any other ransomware attack, once they, you know, own the machine, it's just a matter of exfilling data and dropping ransomware payloads they are using. Bring your own vulnerable driver, which I haven't done in a lab or anything, but my understanding is it's very similar to a like, side, side loading a malicious DLL or something. Like, you bring a driver in that is malicious and you, you have. And you replace one that is on the system. And when it loads that driver, you, you, you've got, you know, you, you've got, you own it. Right? All right. Kill AV deploys a vulnerable driver to terminate security processes. So this is just part of the kill chain. Like one, once you start detonating, like once you get execution capability on a machine. Yeah, you want to stop edr, you want to stop these things. You want to establish persistence, you want to reach back on C2. It's all the same thought. That's why, listen, you should have security and detections across the entire kill chain. But like, I always try to focus on the initial infection because like, the sooner in the chain you can stop them, the better it is for you. From like a cleanup perspective and just an overall. How bad is this perspective? Let's see. I'm just trying to see if there's like any IOCs. Yeah. Click Fix style. Yeah. So Click Fix is another one of those initial infection mechanisms that they can get you where you basically run PowerShell to pull something down and then they start executing code in your environment. I'm just looking through the story really quickly to see. Yeah, okay, so the guidance in the story here is monitor the use of dual use tools. Okay, Good luck with that. Restrict access to RDP services. Agreed. You shouldn't have RDP running. It says Services, by the way. Remote Desktop Protocol. So normally rd, like the acronym rdp, is almost always reserved for Microsoft Remote desktop protocol, like RDP port 3389. Okay, but in the, in the, in this story, it's basically like anything like TeamViewer, log me in any desk, things like that. Oh, enforce multi factor Authentication. Like, I don't know who needs to still hear this in 2026, but for Christ's sake, like, like, can we just like normalize MFA Please. It's ridiculous at this point. And then application whitelisting. Good luck with that. I will say. Oh, excuse me. Application allow listing. I guess that's a PC way of saying it. By the way, that's literally what Threadlocker does. That is their entire business model. You should also do tabletop exercises and pretend you got hit with ransomware and did data Excel and figure out, have you guys got in place what you need. All right, let's speedrun the last story.

Steve Prentiss (60:30)

AI agents emerges at Davos. At the annual World Economic Forum meeting, better known by the Swiss resort that hosts it, the topic of AI agents and how to secure them against becoming the ultimate insider threat took center stage. The chief technology officer of the training company Pearson Dave Treat, stated, we have enough difficulty getting the humans trained to be effective at preventing cyber attacks. Now I've got to do it for humans and agents in combination, end quote. It seemed no one had a good response to this. Cloudflare co founder and president Michel Zatlin said, quote, with agents, you need to think about them as an extension of your team and an extension of your employee base. Hatem Dawadar Group, CEO of Emirati company Etisalat, suggested more guardrails with human agents. Many years ago, we started saying all calls are recorded for quality purposes. We need to create that also for AI agents, he said. And MasterCard CEO Michael Maybach said organizations should take a page from the banking industry's security and threat intelligence practices and collect as many signals as possible from relevant data streams and other indicators to determine if activity is safe or malicious.

Dr. Gerald Doer (61:50)

Shall we play a game? All right, we're out of time for the show. We're gonna go into jawjacking this. I have, like, so many thoughts about this, and I don't even know where to begin. I want to have, like, a positive attitude, I guess. Just my big picture takeaway. That's my least scary or least dystopian takeaway so as to not ruin your Friday is. The value to a business and the incentives of a business to leverage AI as quickly as possible and to deploy it everywhere is so high that even with these discussions of concern and risk and everything else, you know, I don't. I don't know, like, you know, in order to curb someone's behavior or modify it, the risk has to outweigh the benefit. Right? And I just. I'm glad I. I guess what I'm. I'm glad they're having these conversations. I think they're having these conversations three years too late. But I Don't know, man, you know what? Suck. Sorry, I hate to be such a wet blanket on this one. The, the, the one CEO who said you need to start thinking of AI agents not as like software, but as like part of your workforce. Okay, so, you know, to me that's a pretty slippery slope because then. All right, so now if I start thinking of like, I have 10 employees. 10 employees. Seven are human and three are AI. I'm thinking about them like my workforce. Well, three of them never complain, never take time off, don't ask for salary, don't like, file HR complaints, don't show up late to work, get their work done on time. And these other seven, that's a mixed bag. But it's all my workforce. Like, I, I don't, I.

Steve Prentiss (63:59)

I.

Dr. Gerald Doer (64:00)

All right, shall we play a game? All right. All right, my friends, I hope you had a great, great, great daily cyber threat brief. I know we went a few minutes over and I got good news for you. Because it's Friday, because you made it to the end of the week, we got a special surprise for you. It's called Jawjacking Panel. And I'm very excited to tell you that at least one Daniel Lowry will be on the panel. What's Daniel been up to? We're going to find out that and we're going to get answers to all your questions. So stick around. I'm Jerry from Simply Cyber. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. All right. Welcome to the party, pal. How you doing? Daniel Lowry.

Daniel Lowry (65:11)

Oh man, I have been busier than a one legged man in a butt kicking contest, my friend. It is really good to be back on the show. I'm glad I had some time today to be able to join. I have missed the, the simply Cyber community, my friend. I've missed you. I've missed everybody. I'm just so busy.

Dr. Gerald Doer (65:28)

We missed you too, Daniel. But I'm. You know, as much as I miss you, I'm also super pumped for why you haven't been available. Right. You know what I mean? So you gotta, you gotta find the silver lining in these things. But welcome to Jawjacking. On Fridays we do a panel. I will say that it will be a 9:30 cutoff time. The ice apocalypse is coming through. And while I did make fun of people in Miami for. I, I don't know if you caught it earlier, Daniel, but we started to go kick me fund or whatever for, for the people in Miami to get them some long sleeve T shirts. We're thinking of the children.

Daniel Lowry (66:07)

You know, you need some hard hats too, for when the iguanas fall out of the trees. You don't want to get clunked on the head by a 15 pound iguana who's frozen stiff. Yeah, that's like a brick hitting you, man.

Dr. Gerald Doer (66:19)

It is actually, you know what, really quickly and then if you can, Daniel, explain where you've been because people are wanting to know what you've been up to. Google exploding trees. So my wife yesterday is like, oh, hey, I, I saw a report that like if you live in Minnesota, Steve Young and up in the UP of Michigan, be on the lookout because it's so cold that trees are exploding. And then I, I immediately went on YouTube because where else are you going to go to find whatever it is you want? And I googled that, dude. There are straight up exploding trees. Like basically the, the, the moisture in the tree freezes and it expands. Yeah, yeah, but it's cool. I mean it's, it's very cool. Daniel, do you want to share with the audience?

Daniel Lowry (67:07)

Yeah, I would love to, Love to. See, there was this thing where I was like looking for work and then I found a job, right. The, the heavens opened, angels descending, holding one long note. And the Lord himself handed me a, a wonderful, amazing job which I have thoroughly enjoyed. But as you all might know, when you start new work, you know, there's things that you got to learn about what's going on there, internal stuff that's going on there. This has been the most technically challenging job I've ever had, but it's also been the most fun because it's challenging. Right? I like a good challenge. I like learning new stuff. I've gotten to learn all sorts of new technology. I've gotten quite handy with git. That's been fun. Learning a bit about ansible and things of that nature. And it's a. So the company I work for, uki, they do cyber security training for the military and other stuff, but mainly they're, they're, they're for the military and stuff. The DOD kind of things. That's about as much as I could say about that. But really cool.

Dr. Gerald Doer (68:16)

Really cool. Cool. Yeah.

Daniel Lowry (68:18)

And so, man, the people, I'll also say this, the people I work with. Friggin awesome, right? There is something to be said about working with amazing people. And let me tell you what, I work with a group of amazing people. Everybody there super solid.

Dr. Gerald Doer (68:35)

Well, I would also like to point out that here on Simply Cyber's Jawjacking panel. Not going to name names, but I get to work with some amazing people on this panel specifically today. Again, no names. I don't want to. I don't want anyone to feel left out or anything, but. Very nice to see you, Daniel. So get your questions in chat. Elmo777 says. I've seen him on it. Pro TV. Yes, yes. That's gonna be on your tombstone, man. Like your tombstone's gonna read, here lays Daniel Lowry. You saw me on it, Pro tv.

Daniel Lowry (69:09)

You know, that's such a funny thing is like when I think back about. Because I just think it was just yesterday, I'm walking into my house, I'm like, how did I get here in life?

Steve Prentiss (69:17)

How.

Daniel Lowry (69:18)

How did I make it from a kid living in a trailer with no insulation, right, to like, you know, middle class American? Like that is a crazy thing for me. I never would have thought of it. And. And a big part of that was it pro tv. A massive part of that was getting. Landing on. And I had Don Pezette on After Dark a couple weeks ago and you know, me and him just got to hanging out a little bit in the back and even during the show and everything and just talking about it. Pro TV days. It was a lot of fun to kind of beat you in the same grass with Don again for a hot minute that time that it Pro TV was such a special. I don't. I don't really see anything that's like that still. And of course that place that shall not be named, they were gonna piss on it and do all sor. Anyway, I digress.

Dr. Gerald Doer (70:13)

Yeah, no, it is good. I just gotta tell everybody in chat too. Like, you know, I don't. I can't speak for everybody and of course I can't promise anything, but there, there's been, there's been a few events in my life that were so important to like, they were like, like decision points in my life that laid foundation for what I, you know, became or whatever you want to call it, like. So. But it's all about being prepared and being able to execute when those situations appear. So like just really quick like one, like probably one of the most important ones is I was a software engineer at a little company up in Massachusetts and I, I was getting screwed over royally by the CEO to the like. And he knew it, right? Like it was like an open conversation that he was actively screwing me over. But what could I do? I had no power. And my, my uncle had a friend who ran the accounting department in of the Marine Corps who was working on, who needed software built, had a contract and they could use me, right? Like they could use me. It wasn't like it was like a hardwired, give my kid a job and they put me in contact. I got that job. And because I was prepared and ready and did what I needed to do, I got that job. Which then led me into government contracting, which led me into Booz Allen, which, you know, you know, it just, it was unbelievable that because I was ready when that guy needed me at that moment. It's one of the most important things that ever happened in my career and the success of my career. So just be ready for those things. Let's get some questions going. Pocket Pixie, how long will it take me to be an expert in cyber after having taken a bachelor's degree in cyber security? Daniel, your thoughts?

Daniel Lowry (72:05)

It's somewhere between. It's usually, you know, anywhere from three to four months to 40 or 50 years. Somewhere in that scope is what we're looking at. It just depends. Like, you are a unique individual, a snowflake that is none like all the others. Therefore we could not possibly predict. Now, there are generalizations. We see a lot of people get spun up pretty quickly, especially when it comes to your level of dedication and time availability. If you, if you crank and you hammer down, you, you put the pedal to the metal, you can learn a lot pretty quickly. There's the good news is you're living in a time where resources are aplenty. So if you want to learn something about cyber, it is but a Google search away from you. Whereas Jerry and I, it was like we were in the, the, you know, catacombs of a, some library somewhere looking for some long lost technical book. Yeah, yeah. This has all the RFCs in it.

Dr. Gerald Doer (73:04)

Ah.

Daniel Lowry (73:06)

And I get to read RFCs. I don't have someone breaking it down for me and things of that nature. Right. So, yeah, that's the, that is the. You do have some, some great advantages to being a part of this day and age and getting started. Now there's plenty of it available to you, so if you're dedicated, it shouldn't take you too very long. I don't know about expert. I don't know that anybody would ever even call themselves an expert necessarily. A lot of people don't like that term because there's always Something new coming out that we're not experts in.

Steve Prentiss (73:35)

So.

Dr. Gerald Doer (73:36)

Yeah, Jerry, 100. I mean, I like the term expert is kind of a very subjective term. Pocke pixie. I, I would say, you know, how long will it take you to become proficient in one specific area in cyber security after a bachelor's degree? I would say like three years. Right. Like if you want to be known for something and, and, and get hired for it and proficient at it, like you're great at detection engineering, or you're great at hardware hacking, or you're great at, you know, GRC awareness training or whatever. Like, like, you know, like one to three years pretty much. But like even myself, like sometimes, like very seldomly will I say I'm an expert in something, right. It's usually I'll say that if I'm speaking to someone who doesn't work in industry and I'm trying to quickly convey to them that I understand grc. But normally what I say is like my specialty or my area of focus is this because as Daniel pointed out, there's a reason imposter syndrome exists because there's, there's too much to learn in cyber security and you just, you won't ever be truly an expert. You might know more than other people about certain things, but not experts are subject to term doom. Kraken. Jerry, how did you make your studio shed? Okay. If you've ever driven down like not an interstate highway, but like a highway, like Highway 17, you know, A1A Beechwood Avenue. Right. Kind of thing. You'll see these like I see them all the time now, but it's like, instead of, it's like these like pre. Made prefab like sheds, like wood sheds. Right. And they have different ones. Right. This came really popular during COVID but they sell different ones like she sheds or tool sheds or whatever. I went and bought a 10 foot by 12 foot one. I had them drop it on my property and, and then I, you know, I built it out with insulation, sheetrock ran electrical ran, put a separate breaker on my house ran electrical ran.

Daniel Lowry (75:40)

Do you have to get permits for that? I didn't ask if you got permits for it. I said, is that a requirement?

Dr. Gerald Doer (75:50)

I mean, I, I don't know. I don't know. Maybe you should.

Daniel Lowry (75:53)

That's a good question.

Dr. Gerald Doer (75:55)

Yeah, so I mean technically. So I ran all the power.

Daniel Lowry (76:01)

So anyway, you put the power in.

Dr. Gerald Doer (76:03)

And, and that's what's up. So I'm in a 10 foot by 12 foot box. And the best part is doom cracking and Everybody in chat is that my neighbors don't know what I do. I live in one of these like you know, communities that's like built where they just put house, house, house, house, house. And you know, all my neighbors see is me come out every Single day at 7:45am, come in here, yell for an hour and then I go in the house afterwards and talk to my wife and stuff for 15 minutes. So that's what my neighbors think I do. This is like, they, they probably think this is like a therapy shed where I just come and scream and then leave. So that's the story with the shed. Robert Hendrickson says, I work in industry now, but we do internal pen testing for my company. What's the best way to drum up business? Is this, is there a good model for this? Daniel, as a pen tester, what say you and Tyler Ramsey, if you're in chat, by the way? Tyler, Tyler and I run getting business. Yeah, like Tyler and I run a pen testing company. So we can certainly answer that question too. But Daniel, you go first.

Daniel Lowry (77:09)

You know, it's funny, you know, we always talk about networking is so great for getting jobs and that like that is your number one superpower. If you can build a really good network then the job thing becomes a bit less, you know, painstaking. It's kind of the same thing for business. People love word of mouth business. I had a pen test with so and so, hey, tell your friends, tell your. And then I've noticed that in the industry there's a lot of, you know, I use this word and it sounds horrible, but it really does describe what's happening. The cyber security industry, specifically within like pen testing and where you're, you're providing services for people. It's a bit incestuous. Right. Everybody knows everybody kind of. And a lot of times, you know, company A has more work than they can handle and they chuck it to company B and vice versa.

Dr. Gerald Doer (77:56)

Yep.

Steve Prentiss (77:56)

Right.

Daniel Lowry (77:57)

So you'll see that happen a lot. But other than that, you gotta advertise, you gotta put it out there, you gotta do things that are cool. I've, I have been a part of marketing before and basically that's what you, you need to market yourself, you need to market your business. You get out there and let people know what's going on and telling people that these are the services that we offer. I've always been of the mind that do cool stuff, do interesting things that people find interesting and that's going to draw attention and then people are going to go, what is it? That you do. Oh, we're a pentastone firm. Why do you need a pentas? We'd love to give you one. Right? That's. You don't want to be like, I, I, I, I hate being actively sold stuff. I hate being like, buy this new toothpaste. It's amazing. It'll whiten your teeth, it'll brighten your smile, it'll make your farts not stink. You know, it'll do all this fun stuff. I hate that. Especially when I'm scrolling through a feed. What I want to see is like somebody like this man is gonna hold on to the ring of death with, by his teeth for 25 minutes without letting go. And you're like, what the heck is this guy doing? And then it's brought to you by toothpaste. Oh, gotcha, right? You did something cool and fun and interesting and now I want to know more. It wasn't even like about how great it was for your teeth or whatever. Not that that's necessarily bad, but it, we get that so often. I hate that crap.

Dr. Gerald Doer (79:21)

Yeah, yeah, it's your, it's your dad's commercials, right? You need something like the commercials. I'm not that you could recreate this perfectly, but the Dollar Shave Club, like they had like sir commercials. They were entertaining, right? So, so that's the deal. And I agree with really quickly with Daniel on this. Like one of the very first things that Tyler and I did was I, I, he and I have different networks, right? Like groups of people that we know. We tried to organize as many calls with other pen testing companies as we could just to introduce ourselves and tell them what we're doing. And because we're a small shop. Kairo Sec Pen testing. We're a small shop. You got to remember this Robert Hendrickson, like a company like I'll just name like tcm, right? They do security pen testing, but they're not going to take like a small gig. They're not going to take like a company that is only going to pay like do a little gig, right? So they don't even want that work, but they look great to their client. And or if they say, hey, we can't do it right now, but we have someone that we trust. So now they're solving their problem, they're hooking us up, we get work. And when that company gets bigger and they need, you know, a bigger team or whatever, they've, they've got that relationship. So definitely one of the things, like we probably met with like five or six and it wasn't like, hey, you guys got any work we can get? It was like just hey, like meet and greet, right? All right. Continuing to go here, Zach Morrison says I'm still looking into my tech role. What would be good home labs to do for Looking for your I.T. job? Daniel, give us one lab, please.

Daniel Lowry (80:59)

Oh man. If you're just going straight, I t. I would jump cloud. Honestly, I would. I would do a cloud environment and probably something in enter ID or you know, Azure stuff.

Dr. Gerald Doer (81:13)

Bill.

Daniel Lowry (81:13)

Oh, 365 or whatever it is. Microsoft 365, the thing that was down yesterday for crazy amounts of time.

Dr. Gerald Doer (81:21)

Microsoft Azure cloud structure. You can start with SC 900 and SC 500 for the security architect role. But if you're just doing straight IT also I would just throw out, maybe get a little beefy computer or something you can do and set up Proxmox after friggin. Oh my God. Broadcom purchased. Is it VMware?

Daniel Lowry (81:45)

Yeah, it's VMware.

Dr. Gerald Doer (81:46)

Yes, Broadcom. Anyways, there's a licensing thing. It's going to be very expensive to do virtualization the way that it used to. A lot of people are talking about using Proxmox. So if you got learned up on Proxmox, that could be Broadcom like open.

Daniel Lowry (82:01)

Or they didn't open source it, but they, they made it free for personal use.

Dr. Gerald Doer (82:06)

Yeah, no, I know but like businesses like.

Daniel Lowry (82:08)

Oh, business. Yeah.

Dr. Gerald Doer (82:10)

They're not gonna be like that for his role. Right. So if he gets good at proxmox, a business might be switching to proxmox.

Daniel Lowry (82:15)

All right, Absolutely.

Dr. Gerald Doer (82:17)

Roswell UK says after watching last night's Fireside, just so you guys know, I run a Thursday evening live stream called simply Cyber Firesides. Last night's guest was Bryson Bortz talking about starting and running a business. He said, did I feel I left feeling like I need to grow up. Did anybody else? If you were at the talk last night, just let Roswell UK know in chat. If you do, I will tell you, Razo uk, I had several people DM me and say that they felt like they were sitting at the kids table. So you were not alone at that. But very inspirational talk last night with Bryson Bort.

Daniel Lowry (82:51)

Man, I missed that. I like Bryce. I've met Bryson a few times. I've talked with him a bit. He's a super nice guy. And what's funny is, is if you. If you're talking about I didn't get catch the Fireside, I didn't even think about it. I was watching kids and stuff. But he, he's a cut up man. He is kind of goofy and funny and he wears you know, the unicorn stuff on his head and shorts with unicorns on. Like he, I've seen him at bsides a few times and that kind of stuff. He's very chill and fun to be around.

Dr. Gerald Doer (83:18)

Yeah.

Daniel Lowry (83:18)

So I don't know why people thought they were at the kids table. He is also very professional. He does run businesses well.

Dr. Gerald Doer (83:23)

So the whole point of last night's episode was like helping people understand how to start and run a business. And I think the kids table reference is because he's like, he's just done like a million things and he tells you exactly how to do it and then you, you not to say look at yourself. But if you make the mistake of comparing what you've done versus what he's done, which is not a fair thing to do to yourself, you're like, oh Jesus, I probably should get together.

Daniel Lowry (83:48)

Why am I not a captain of industry at this point?

Dr. Gerald Doer (83:53)

Exactly. Jerry, what you Berlin or Belinda says, your thoughts on CMMC from a GRC analyst standpoint. What do I need to know and where to start? So Berlinda, I would say CMMC is great. That's Cyber Security Maturity Model certification. Basically it's a way for biz, it's the way for the Department of Defense to basically have a standard qualification for private sector businesses to have minimum security compliance, to be able to bid on government contracts. So there's money involved here. So businesses are going to be into getting CMMC compliant which means it's going to be valuable. They're going to hire people. So that's a good area to focus. What do you need to know? Just go look at 800 Berlinda NIST special publication 800171 and and then get NIST special publication 853. The 171 is going to name the controls that you got to look at and then look them up in 53, get familiar with them because basically those are the controls that businesses are going to have to comply with. And then you can help companies get compliant. Get ready for an assessment. That's what's up. All right. Crypto Roses says how do you feel about reports that open AI is still not profitable? And do you think concerns about AI bubble bursting or justified or overblown? Daniel, you want to answer this?

Daniel Lowry (85:12)

I mean I, I haven't had a chance to like last I've looked at the whole OpenAI profitability bubble thing was a few weeks ago because you know, I've been a little preoccupied. But it seems to be some, there's some smoke there, so maybe there's some fire. At the end of the day it probably doesn't matter whether it is or if it isn't. We have to compete on a global scale with things like China, specifically China on AI. And so it, yeah, China. We're gonna make the most amazing AI you've ever seen. AI like you've never seen before. It'll be beautiful. It'll tell you everything you ever need.

Dr. Gerald Doer (85:47)

To know about strong AI. Cry in AI tears. Exactly, exactly.

Daniel Lowry (85:52)

So it's like that's why we're throwing so much money at it is where China has the ability because of their communist country to say you are doing this and we can just gather data. So their data sets are much more easily like the weights and everything that they're using for, for their data sets and their AI is more easily gathered and has been for a long time. Whereas us, we've had to go to the, the private sector and say we really need you to, to step up on things here. So that's why our government is giving them basically like carte blanche to, to do whatever it is they need to do to compete and dump a bunch of money at it. I mean without, from what I understand without Microsoft and Google, AI would just fold.

Dr. Gerald Doer (86:36)

Yeah.

Daniel Lowry (86:37)

Because they're basically funding it well and.

Dr. Gerald Doer (86:39)

I'm not super sweaty about them not being profitable. Cryptic Roses if you had watched Bryson Bort's Simply Cyber Firesides last night, he pointed out that like basically there's two businesses, services like consulting and then there's product like software products and people who are investing in product understand that it's going to lose money. Like it's a long term investment and with a valuation of like $100 billion or whatever and everybody using it, whoever's investing in this is going to get their money back, believe me. So also really quick, I don't know if anyone else saw this, I haven't tested it but I saw a video of a guy asking chat GPT like what is he eating? And it told him what he was eating. And like there's rumors that like it's turning the camera on and like you know, multimodally ingesting data. So just test that, test that yourself. Yeah, I know. All right, we got a couple minutes here because we're going to be ending at 9:30. I'm going to be heading to the grocery store to see if I like, like a complete idiot Waited until the last minute grocery shopping.

Daniel Lowry (87:45)

Jerry's gonna be, like, surviving the great white out of 2026 on, like, tic Tacs and Mentos.

Dr. Gerald Doer (87:52)

Yeah, yeah, yeah, yeah.

Daniel Lowry (87:52)

That's all it's there.

Dr. Gerald Doer (87:54)

Fresh and full of life. Like, play the song.

Daniel Lowry (87:56)

Yeah, yeah. So he froze to death after he starved, but his breath is minty fresh.

Dr. Gerald Doer (88:02)

Yeah. Gather around, kids. We're gonna have a jar of turkey gravy for dinner. I will tell you in a complete coincidence. I've been very open. Hey, what's up? Wade Wells is in the chat. Good to see you. Hey, listen, I've been very open about this. I have a medical procedure on Monday, and you. You'll have a. Tyler Ramsby will be the. The host of the show on Monday. But coincidentally, I'm not allowed to consume solid foods on Sunday. I can only eat broth. So, like, I'm all set. Like, I. You know this.

Daniel Lowry (88:37)

Tell us you're having a colonoscopy without telling us you're having a colonoscopy?

Dr. Gerald Doer (88:41)

Yeah, yeah, yeah, yeah. I'm already enjoying just eating, like, meat for my meals right now. Like, you can't eat anything with seeds.

Daniel Lowry (88:50)

Yeah, yeah.

Dr. Gerald Doer (88:51)

Anyways, whatever.

Daniel Lowry (88:52)

Oh, man, it's fun getting old.

Dr. Gerald Doer (88:55)

Yeah, yeah, yeah, yeah, yeah. A drink. Okay, so. All right, one. One more question. Oh, this is a perfect one. Comp. Looking to study for Comp plus. I. I don't know which one. A plus net plus sec plus. Just. Nathan wants to know. Daniel, you just have, like, a general best practice for studying. For assert.

Daniel Lowry (89:19)

General best practice for studying, sir, is. Well, for me, I like to read through.

Steve Prentiss (89:26)

Really.

Daniel Lowry (89:27)

Like, do just a quick read through of whatever information I'm trying to ingest, then go back and follow every rabbit trail. Like, I. I want this, like, weird organic learning experience, and every time I come to something I don't know, I'm following down. I'm. And then I try to get my hands on whatever that is. I'm like, okay, that sounds nice, but let's see what that looks like. And I want to spin it up, if that's possible. So that's. That's kind of like how I operate. But I'm al. Also not that great at taking exams, so.

Dr. Gerald Doer (89:57)

All right, there we go. And we. I'm going to squeeze this last one in. It's from Tom. Who's. Tom? Came to Simply Cyber Con, and I. I know him. This It. He sets it up as a question, but it's not a question, so. Just offering some guidance on passing the pnpt. Exam. Treat it like it's. It's supposed to be more like a pen test engagement, not a CTF or a bubble quiz. And then he says, good luck to the Pats. Pats are playing the Broncos this weekend, so if you're into some NFL football, I'll be having a 16 ounce tall boy of chicken broth because I'm apparently not allowed to have alcohol 24 hours before my appointment, so enjoy that. But, yeah, no, it's good stuff. And thanks for the tip, Tom. Good to see you, Daniel.

Daniel Lowry (90:46)

Yes, sir.

Dr. Gerald Doer (90:47)

Before we get out of here, where can people get some more Daniel in their life?

Daniel Lowry (90:51)

Well, the good news is in about 30 or 29 minutes, cybercast IRL will be firing off on my YouTube channel. So definitely come hang out with us. There will be a live stream, much like what we just did here, except I get to be even more tomfoolery. And. Yeah, there you go. So there's that. Every now and then, we do Cybercast After Dark, which happens on Wednesday nights at 9. 00pm Eastern. I'm hoping to get a guest. I might be reaching out to you, Jerry, and others that we know. So it's just been a while since I've had you on the show. So it's 2026, a brand new year. I'm sure you got new stuff to talk about.

Dr. Gerald Doer (91:26)

Oh, yeah, I've always got something to talk about. You know, assuming I can make it through this event on Monday. But. And let me share this with everybody. This is what it looks like. I just dropped it in chat, but this is what you're looking for. Same guy, same great hot takes. Yep. And you can see here, it says 27 minutes until go live. So Daniel's gonna be doing that. I dropped a link in chat. So if you dropped a question in chat and you did not get it answered, good news is it's like the overflow lot. Daniel can pick those questions up and he's more than qualified to answer them. Also, he's going to do the monster pour, I'm sure, right?

Daniel Lowry (92:08)

Yeah. And. And tech Neck news. We always got to do some tech neck stuff, too. That's always fun, right? Turning this giant, raging, technically astute redneck.

Dr. Gerald Doer (92:18)

All right, well, I'll report back to everybody on whether or not, you know, it was just turkey broth and wet naps at the grocery store, but we'll see. All right. On behalf of Daniel Lowry, thank you for coming to the Jawjacking panel, everybody. I hope you had a great week. Enjoy the football this weekend. Enjoy Cybercast irl. And whatever you're doing, I wish you the very best. Until next time, stay safe this weekend as well. I know. It's freezing cold and exploding trees in parts of the country. I'm Jerry, he's Daniel. Until next time, stay secure.