A

All right. Good morning, everybody. Welcome to the party. This is simply Cyber's daily cyber threat brief. I'm your host, Dr. Gerald Dosher coming to you live from Las Vegas the W here at 5am local time. We've got a great show for you. If you're looking to stay current on the top side news stories of the day, regardless of your physical location, well then you're in for a treat because that's exactly what we're going to do. Get your coffee. I've got Team Sippy Cup. For those who are big fans of the old sippy cup, it's good to see you. Shout out to Justin Gold for helping me with the audio. We're gonna go through it, guys. You know, with the mobile studio, it's always a. It's always an adventure. Let's get. All right. Good morning everybody. Want to say what's up to everybody in the chat. Cyberloom Cloud Solutions. Pirate Kitty. What's up team? See Pirate Kitty, a recent newcomer to the community and straight crushing it like a boss. Team Sippy Cup. Yes. Chris Hidalgo. I'm glad you're digging it. I think Space Tacos always looks for forward to it. Yeah, I don't, trust me. I don't know what the hell this is. I couldn't. It's. It's a man and a woman and wrapped in intimate embrace in the. In the water. I don't know. Deep drum. What's up, dude? Find the true. What's up, tj? Good to see you, man. Tech media guys, listen. Every single day of the week, we crush it in here. Today I'm going to be going through eight cyber stories of the day. I haven't researched or prepped for any of them. Ain't nobody got time for that. Flew into Vegas yesterday, grabbed a late dinner last night and got up at 4, 4am in order to shower and be ready to deliver this hotness to you guys today. Now of those stories, you'll get my honest reaction. And of course we can. Thank you, Kathy Chambers. Of course we'll be going at the surface level but dude, the reality is like you can get an RSS feed. I'm sure many of you have your preferred cyber news outlets of choice. So what, why, why spend time with us today here at Simply Cyber? Well, it's quite simple. The value prop here is I got 20 years of experience. I've done a lot in the industry. I'm very passionate about cyber security as many of you have made Red Hulk memes about. But I want to be Able to go beyond the headlines, give you additional insights, give you additional value, give you things that you wouldn't learn except if you were, you know, in the seat, as, you know, as it were. So that's the really the value prop. And one of the other cool things is regardless of what the story is, if I don't know something right, say it's about industrial Control systems chat right here live right now. There's going to be someone in there who is totally up on what we're doing. So you know, it, it is funny, dude. Like once you can't unsee this, this is, this is good. Thing is the bed's in the other room so I don't have to deal with it. All right guys, we got a good one for you. If you're here for the first time, you might be like, this is an interesting experience what this guy's got going on here. Kai cipher. You're 100% right. Space tacos. I see you in the chat. Look what I've got. Space tacos, I've always. The sippy cup is we can all enjoy it but space tacos I think particularly really enjoys it. So hey, listen really quickly, if you're here for the first time, I don't. I normally coming to you from a studio but when I'm on the road, the reality is, dude, here's the real, real, okay, showing up every day, consistency, that's what's required in cyber security. And sometimes you're on the road, sometimes you're not feeling well, sometimes you have in laws staying in your studio and you got to do the show from the garage, you know what I'm saying? So it's all about getting it done and you know, with whatever capacity we have. And as a GRC card carrying member, you know, business continuity, the opera, mission critical operations must go on. So that's what we do here. I've got a little mobile studio, the mic is hot right here on my lapel and we're off and running. So if you're here for the first time, drop a hashtag first timer in chat. Is this going to work? I guess, I guess we're doing manual sound effects, everybody. The stream deck doesn't work now for some reason. Welcome to the party, pal. So if you see someone drop a hashtag first time or squad members, please use the John McLean emote in the squad tray. And let's get it going. Now, did you know that every single episode of the Daily Cyber Threat Brief is worth half a cpe? That's right. Cyber. What is going on here? Dude, my computer. I think I'm like pushing the boundaries of what my computer can do, which is annoying because I just bought a new computer because I was pushing the boundaries in my last one. Every single day of the week has a special is worth, bro. Every episode of the daily Cyber Threat brief is worth half a cpe, including this one. So it's very easy. Just go to Cyber threat brief, simply cyber.IO cpe. I can drop a link in chat really quickly. Here we go, link. You can also hit exclamation point CPE in chat. If you're watching on replay again it's Cyberthreat brief. Do simply Cyber IO and you basically go to this landing page here. You type in your first and last name and your email address. You check these two checkboxes and hit the yellow button and it, it captures it right. I've got a database on the back end. Once a month at the end of the month you'll get emailed and it'll have like today's the day. So I don't even know if the emails have come out yet. Like has the emails come out yet? I forgot when I scheduled them to go out. So you'll get it today which is super cool. If you are watching on replay you have until 6, 759 the following day in order to get credit for the today's show basically. So this page changes daily as it were. All right, so Marcus says he didn't get the thing yet. It'll come out later today, I promise you. All right, so let me get some coffee. I've only had one cup. Okay, we will, yeah, we'll get the emails. Oh dude. Guys, if you want like, I mean I can manually fire them. Fire the function. You guys can watch me. After the show is over you guys can, we could try to sort it out. All right. Every day of the week has a special segment and Mondays is simply Cyber Community member of the week sponsored by Threat Locker. Which means I get to give a hundred dollar Amazon gift card out to one community member. Just kind of recognize them. It's very nice. So we'll do that at the mid roll. I am, I am a little tired guys. I don't know if the energy's coming through. All right, so. No, no, not that, that Kai cipher. I, I have, you know the Starbucks vias, like the instant Starbucks coffees. So that's what's going on in here. All right guys, here we go. Before we get started, let me say shout out and Love to the stream sponsors, those who enable me to bring this show to you. Starting with Flair. I gotta get a better flare read. But guys, listen, people aren't. Why is the thing cut off like that? Hold on one second. That looks not good, bruh. All right, we'll have to sort that out. Mobile studio. Listen, threat actors aren't breaking in, they're logging in nowadays, which totally sucks. So you have to be mindful of identities and when the identities in your environment, your user accounts, your maybe not human identity accounts, any, any token session keys or anything like that, that's going to allow threat actors access to your infrastructure, to your applications, to your data. You need to be mindful of those before they get used, right, because there actually is a window where creds get compromised through, you know, scrapers, key loggers, data breaches, etc, and then there's a period of time and then they get used by threat actors. So how do you, how do you attack that period of time? Flare has done this. Flare goes on the dark web. Flare goes into those nasty telegram channels and pulls out all of that interesting information and puts it into their platform to make it very quable to, for you to find your users, your VIPs, your domains and see if where the credentials are that are compromised, allowing you an opportunity to rectify that compromise or that issue before it becomes a very big issue for you. You know what I'm saying? So it's definitely awesome. If you haven't tried Flare before, I strongly recommend it. I know many of you in chat have used Flare, but if you haven't yet, you can check it out for a two week free trial right now. I'm telling you, two weeks free trial. It's super easy, super awesome. The thing will sell itself. Honestly, it's such a powerful platform. I've used it, I really enjoy it. Go to Simply Cyber IO Flare right now and check it out. Here I'm going to drop a link in chat, Simply Cyber IO Flare to go check it out. What's up? AA Witherspoon, I will tell you if you want to support the channel, going to check it out. At least clicking on the link and go look at it does help. It does help. Okay, the channel and the, the community be able to do these things. So thank you very much. Also want to say shout out to Anti Siphon training. Anti Siphon training always has on demand and live training courses but they also do some really sweet stuff just like June 17th for six and a half hours, 10am Eastern time. They are, they Are putting on the threat hunting summit. This is good for blue teamers, defenders, but also. Hold on one second. Blue teamers defenders, but also GRC people. Red teamers. Everyone can get value from this kind of education and learning. You can see this is a free six and a half hour conference. The networking will be good. You'll be able to chat. It's a virtual conference so you don't even have to like fly anywhere, get a hotel. You'll be able to chat with like minded people. The communities that are at the anti siphon, Black Hills and simply Cyber. There's a lot of overlap. And for people that don't know about each other's environments, they're very similar people. Now I'm seeing really quickly. Ryan Lopez is getting a wrecking ball, which means only one thing. We are interrupting the program to bring you this news. Where is it? Where? I can't see it in chat. Where is it? Where is it? Where is it? Where is that? Hold on. Ryan, Ryan, Ryan, Ryan. Damn it. I don't see where it is in chat, but I know that we don't get fake wrecking balls, so. What? What's going on? Why can't I get my wrecking ball? Hold on, bro. Hold on, hold on, hold on, hold on. I'm not going to do a manual wrecking ball. Give me one second. This, this. Ryan put in the work. Ryan did all the hard things. The least we can do is have the full on sound effect for them, right? I mean, yeah. Ryan, can you put, can you put your update in chat? I would love to like give it a shout out. Wrecking ball. There it is. Can we. How do we, bro, Play it. All right. I don't know why it's not working. I'm sorry. Maybe I can just do it manually. Hold on one second. I. I know, I know. For people who are here for the first time, like Jesus, man, this guy's show is tough. But trust me, wrecking balls are where it's at. Stream sounds. Okay, I'm gonna play it manually through windows. Windows sound player, Media player, VLC player. There we go. All right, Ryan says starting full time as an information security engineer today after interning for over a year. Hell yeah, dude. All right, it looks like this isn't going to work. Oh, here we go. I can't hear it. I don't know if you guys heard it. Crap. All right, well, Ryan, I'm sorry, it's manual, dude. But you know what? Ryan came in like a wrecking ball. Yes, sir. Yes, sir. Love it. Love it, Love it. That's my favorite thing, man. Just. I love. I love the wrecking ball. For you guys who are new or here. Whenever someone in our community gets a job, especially if it's their first one in cyber security, we absolutely make it a priority to celebrate that win. That is why we're here. We're here to help each other. We're here to level up and to not take time and give that the proper respect. It's just not how we operate here. So congratulations, Ryan. Super pumped for you. Coffee cup. Cheers. All right. Anti Siphon trains Threat hunting summit. Guys. I gotta tell you, Ryan, that wrecking ball, you just lit my candle, dude. I am. My energy level just flip flopped. I am. I am. I am lit now. All right, dude. Anti Siphon stride hunting summit June 17th. Go check it out. Lots of great training opportunities. You could see they have actual training training, not just conference talks here. What? Why is my camera my thing? Look at this. Wade Wells doing a two day cyber threat intelligence training. You want to learn living off the land. Both Windows and Linux. We got you covered. Threat hunting on the edge. Maybe you're more of a junior person. John Strand's going to be te teaching intro to threat hunting. There's something here for everybody. Agentic AI if that's your speed. Larry Sherman in 23 months. Wow. Thank you guys. If you'd like to take these trainings, go beyond just the conference. The trainings they are offering Simply Cyber community members 20% off with a code simply CYBER26. If you'd like to take advantage of that. Larry Shervington with five gifted subs. What? Did we just become best friends? Yup. Thank you. Larry Shervington and all those people. All those people who just became a squad members. Welcome to the party, pal. Oh yeah, guys, I gotta tell you. Manual sound effects are activated. Coffee is flowing. Ryan Lopez's win has lit the fuse. Let's go, dude. All right. Finally. Shout out to Threadlocker. Dude. Threadlocker long time sponsor. They are crushing it. They're also the ones who sponsor the community member of the week. So I can give a hundred dollar Amazon gift card out to someone today. Zero trust platform application denied by default at the end point. Now in the cloud as well. Threat locker straight crushing like a bunch of bosses. Not settling. Keeping going. Let's hear from them really quickly and then we're going to go to the news. I want to give some love to the daily cyber threat brief sponsor Threat locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and confidence. Compliance, onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right, guys, you know what to do. We're going to have everybody, including Phil Stafford, sit back, Ryan Lopez, relax and let's all let the cool sounds of the hot news spicy wash over us all in an awesome wave. I will see you guys at the mid roll. From the CISO series cyber security headlines. Let me know if the audio is good.

B

These are the cyber security headlines for Monday, June 1, 2026. I'm Steve Prentice. Yes, Steve Prentice, Palo Alto Global Protect VPN off bypass flaw now exploited in attacks. The company is warning that quote, hackers are now exploiting a.

A

All right, I just turned the volume to 100.

B

Bypass flaw in attacks attempting to breach corporate networks. End quote. The CVE numbered flaw was fixed earlier in May.

A

All right, hold on. We're going to have to figure out if this audio works here. Hold on. So I'm on a 20 second delay from you guys, so I'm in the future. I've just turned the volume up to 100, so let's play it and if it's still low, then I'm going to have to sort it out. Okay, hold on one second. There's a lot going on here.

B

However, on Friday the advisory was updated to warn that the floor being exploited in attacks against unpatched devices, raising the severity rating too high. And as of Friday it has.

A

All right, how's that guys? I understand my voice is too loud. I can dial my voice down. Hold on. I could turn Spotify up. Hold on one second. I've got multiple mixing points going on. Hold on. Here we go. Ready? I'm going to crank it. All right, stand by. Every. Put your head, put your head away from the speaker because I don't know what this is going to sound like here.

B

The CVE numbered flaw was fixed earlier in May. However, on Friday the advisory was updated to warn that the flaw was being exploited in attacks against unpatched devices, raising the severity rating to high. And as of Friday, it has also been added to the cisa. Kev Catalog.

A

All right. How's that? Is that better? Let me know if that's better. We got to get this sorted out, guys. Hey, if you're new here, this is what it looks like we solve in production. Oh my God. Sounds fine. Okay. Still a bit low. Good. Now it works. That'll work. Sounds still good. Okay. Okay. Anticlimactic. Okay. All right, well then let's go with it. All right guys, so check it out. Palo Alto's Global Protect VPN has a vulnerability that absolutely needs to be addressed. The Global Protect VPN is a very popular enterprise grade VPN solution for companies. It's been around forever. I remember we used this at Booz Allen back in the early aughts. It is a authentication bypass flaw. Which is, which is not good. Listen, I've said this before, like anytime you have a security technology that has a vulnerability, not just a piece of enterprise technology, but a security technology, it needs to be escalated. Not because we're security and it's our, it's our, you know, problem. So like it gets a higher priority. No, it's because we're security and that is the line of defense. So when those particular piece of tech get vulnerable, you can have a cascading problem. Now this is CVE 20260257 and I'm going to have a hot take for you in a second here. So let me go to dj b6epss tool. You can see here, this is a great little tool that DJ B Second Chat has developed. It is in the KEV list, as you can see on stream here. Hold on, this is really starting to annoy me. As you can see on stream here, it is in the KEV list. One second. This is, this is officially bothering me now. So I'm going to sort this out here. Hold on. Yeah, there we go. I didn't like I was cutting off on the side there. All right. The KEV list is the known exploited vulnerability catalog list, which is CESA's tool that basically lets us know that they have seen active exploitation. Remember, not every vulnerability has an exploit, okay? Just because you leave your door unlocked doesn't mean that your house has been robbed. Know what I mean? But every exploit has a vulnerability, right? So it, it, they, they go in that direction. The fact that there's a known exploit out there, it should escalate your concern. Your likelihood variable and your risk calculation needs to go up. What are we looking at here? I don't know about this. This trend data slightly misleading. DJ B sec, your time horizon goes from left to right down. DJ B sec. I don't. You don't typically see graphs where the data. The date range on the x axis goes it backwards in time. That's. That's interesting. That threw me for a loop. Okay, so it is EPSS score, 41%, 97th percentile. Okay, so check this out. This is all you need to know about this one right here. Okay. This is awful. If you're like. This is why we immediately go to this EPSS calculation. If you're running Palo Alto's global protect VPN solution, you absolutely have to get this sorted out asap. In fact, when did the story break? Because today's Monday. This is May 30, so this is two days ago. Chances are you hopefully I'll tell you two things. One, if you are running this enterprise solution in your environment, you probably worked on it this weekend. Number two, if you did not work on it this weekend, if you did not know about this over the weekend or on Friday, two things. One, you've got to get this sorted out. First of all, repair and all those things. Number two, you need to have a better process at your business on getting notified of issues like this. Like, this is not something that you should have waited on two, three days. Okay? Zero trust csm. Welcome to the party, pal. Good to have you here in chat. The company fixed the flaw earlier this month, warning that it could be used to establish unauthorized connection such. Right. It received a medium severity rating, which is interesting because typically medium vulnerabilities won't ever rise to the top where you'll actually, like, look at it. Most of the times it's critical and high vulnerabilities, but that's why we use EPSS and not cbss. The flaw received a medium because it requires devices to be configured with off override cookies enabled. And then Palo Alto updated the advisory because it was being actively exploited. Okay, so, yeah, 100%. Do you guys see? Again, I don't research or prep for these shows, but I'm showing you my logic and my thought process so you can steal it and make it part of your own. So the idea here is it wasn't a big deal because it required a lot of, like, setup, but it got escalated because now it's being actively exploited in the wild. So Palo Alto, good on you for elevating it so it gets on people's radars. And then you GRC professional in chat right now. Good on you for realizing that the likelihood value on the risk calculation should go up when exploitation is Being active in the, in the wild to know that this is a much bigger risk and requires a lot of your, your focus basically. Obviously, updating your VPN solution could result in end user downtime. You just have to basically communicate that, that, that maintenance is going to be happening. This is something that I would not, this is, unfortunately, this is not something that I would wait for a maintenance window. If your maintenance windows aren't super frequent, like, I would get this one sorted out right away, maybe even lose a little bit of political capital. Meaning, what does that mean? So you can't listen, here's the reality, everybody, okay? And if you don't know this, you'll, this will make sense at some point in your career. You can't, you can't scream at the top of the mountain every, every vulnerability like, oh, we got to fix it, we got to fix it, we got to fix it, we got to fix it. Because when everything is urgent, nothing is urgent. You know what I'm saying? So you have to pick and choose your battles. And typically you build political capital by being a good steward, sometimes sharing budget, sometimes allowing your counterparts like the, you know, CIO or the Chief Application officer or the chief Data officer, letting them have their wins, and you support them in their agenda, you build up that political capital. So when the day comes when you need their support and them to basically push your agenda forward, you can cash in that political capital. Okay? And this is one of those ones where to me, I, I would, I would cash in political capital. I'd be like, guys, we have to get this thing patched. When's the earliest we can do it? You'd have to coordinate with, communicate. Well, communications obviously, but the networking team and potentially the security team, which you're probably already part of, depending on who owns that vpn. So in some organizations, that VPN would be owned by the security team and a security technology or an engineer would be responsible for it in some businesses that's owned by the networking team. So whatever your organization setup is, make sure you get it sorted.

B

Chat GPT share links used to host fake outage pages to deliver malware. Cybercriminals are abusing Chat GPT's sharing feature to distribute malware through a campaign researchers call lll them Share attackers create legitimate looking Chat GPT share pages hosted on OpenAI's domain and use them to display fake service outage messages. Victims are told they can continue using Chat GPT by downloading a supposed desktop application, which is of course malware. Researchers found that the campaign leveraged online advertising and users trust in recognizable AI brands to increase success rates. This is a different Chat GPT hacking story from the Gray Vibe story presented Friday.

A

All right, so Chat GPT's content sharing feature to display fake OpenAI outage pages. All right, I mean, guys, this is, I gotta tell you man, I, I've said it before, if you're new here, I know there's a couple new people in here. The when threat actors innovate, it really, it really is interesting to me. I like hat tip, hat tip, if you will, to the threat actors. So they know people are using Chat GPT. They know people are wanting, you know, basically just all the time access to it. So they're showing, they're showing that it's down, right? And telling you like, oh, click here or download this to fix the problem. And you're downloading malware. Here's another one, right? Fake sponsored chatgpt advertisement I don't even know how, how this would work. Like, look at this. If you're looking on stream. This is a different technique, by the way. So I, I didn't read the story. So this is a different technique. This is you. This is like SEO poisoning or basically it kind of. They're paying Google to show up. As a top result on Google, this says chat GPT.com. honestly, I don't understand how this is. This is a fake download. The URL looks correct. So if someone can correct. Explain to me in chat how this is done, I would appreciate it. But you can see here if this is in fact a fake one. When you click it, click through. It's going to have a look alike landing page, typo, squatted domain and you know, victim is going to download whatever it is that's in there and you're basically installing malware yourself. Again, threat actors don't need to use next level zero days on you. All they have to do is tell you you can download this thing and get, you know, whatever for free. Watch. Watch UFC on the White House lawn for free. Watch FIFA for free. Use Chat GPT for free, right? And then you screwed. So this is interesting. They're using Google Ads to direct users to search for Chat GPT to, to use a malicious page hosted on chatgpt.com I didn't even know you can ho. So basically Chat GPT allows you to host your own files and then share content that way. So they're literally the threat actors are putting malware in the, the OpenAI infrastructure and then allowing downloads like, here's my thing, guys, like you're talking to me about AI is going to take my job and like, everybody's going to lose their jobs and stuff. Like, how, how is it that Chat OpenAI can't use Chat GPT in its own infrastructure to find this malware and get rid of it? Like, Jesus, man. So it does take you to a legitimate website, the, the legitimate chat GPT page. And then they use social engineering to tell you that the, the site's down. This is what the page looks like. Chat GPT.com. we're experiencing high traffic right now. Download our desktop app. Guys, this is a very effective social engineering attack. What I would recommend. You know, I, I say this once in a while, but like, dude, this is a perfect, this is a perfect case study for end user awareness training. Everybody at your work knows what chat GPT is, even if they haven't used it. Even if it's like my Aunt Kathy who's not really using the AI, they've heard chat GPT. So you could say, hey, listen, look at this, look at this attack. Wouldn't, would you, wouldn't you click that download button? That's malware. You will infect yourself and have your money stolen, have your email be locked out of your email, whatever. And I've always found effective end user training, I. E. Behavior modification works when you have a salient example that the person you're trying to educate understands. If you show them like a hex editor or, or disassembler, or you show some type of advanced, you know, data flow or something, that they don't care like you and I care about cool nerd stuff. My Aunt Kathy does not care about cool nerd stuff. She just wants to do her thing and, you know, finish her work and go home. That's where we have to go. This is the final thing I'll say on this one because I haven't said it in a minute. You don't meet, like, when we're doing GRC work and educating people, we don't meet them halfway, okay? You don't meet your end users halfway. You have to go 95% of the way and you meet them there. I'm telling you, you get. And if you're stubborn and you're like, no, they can meet me halfway. Okay, that's fine. You can do that. Good luck with your end user awareness training program. Being effective and actually reducing risk. If you really want to reduce risk, meet them 95% of the way. I'm telling you something, sometimes 99%. Right? Go, go right to them. All right.

B

Federal audit reveals NIST's NVD problems.

A

Oh, yeah.

B

A report released on Thursday from the Department of Commerce found that nist, the National Institute of Standards and Technology, has quote, mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs, and failure to communicate with users, end quote. The National Vulnerability Database, also known as nvd, collects information about computer security flaws and adds details like severity ratings and affected products. In February of 2024, the database's enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse. NIST leaders admitted they had, quote, no long term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025. Google.

A

I'm about to lose my mind. I'm about to lose my mind. Are you, are you, are you serious with this? Are you like, I've got the. If you're listening on audio right now, I've got the leave Britney alone meme guy. Leave NIST alone. Leave NIST alone. What are you doing right now? Like, dude, can you. Do you know what this is the equivalent of? Okay, so first of all, let me explain to you like what has happened here. So NIST is responsible for managing the National Vulnerability database. So that Palo Alto vulnerability that was in the first one that it. NIST has the catalog, the fact that there was a Kev finding the known exploited vulnerability catalog. CISA manages that. The value of that CVSS score, NIST calculated that what technology it's affecting, where is the scope? Where can you get all these things? Like, how bad is it? This is all managed by nist, which by the way is a federal program, like, or it's a federal agency, right? So it's not a for profit company. All right, so now they're saying here that NIST didn't have. So the, the problem, the problem is that there are thousands and thousands and thousands of vulnerabilities being submitted to nist. And it's basically like a bunch of people trying to go through, you know, like the toll booth plazas. Back in the day before we had easy pass, you had to like go and like you pull up and you'd like throw money in it or, or think of it a parking garage when you're trying to get out. But there's only one gate that you can go through. So all the cars pile up. That's what's happening at nist. Like, don't come at me with. NIST did, like, crappy strategic planning, and NIST doesn't know how they're going to fix their problem. My guy, you freaking took away a third of their budget last year. And AI is absolutely just saturating the. The industry with vulnerabilities. Like, the amount of AI discovered vulnerabilities on new and backlog software is outrageous right now. So going back to my parking garage example, effectively the budget got cut down. So now Instead of like, 15 different exits to the parking garage, there's one exit with, like, an elderly guy. No, no, no disrespect to the elderly people. I'm just saying they move a little slower. So that's the budget you gave us. And then we have AI basically just generating thousands of cars in the parking garage that are all trying to exit at the same time. And then you're going to come to me on a Friday and be like, hey, Jerry, we're looking at the. The metrics of your parking garage, and it looks like cars aren't getting out. You suck at your job. It's like, you know what, Kevin? I don't suck at my job. You've set me up for failure. This is 100% the outcome of when you set something up to fail. So don't come at me with this nonsense. Like, strategically, what's strategic planning, dude? The budget has been in flux. This is a bunch of crap. Dude, I feel bad for nist. This is some sh. This is some. This isn't cool, man. This isn't cool. Like, NIST's enrichment program is hosed. They're gonna have to do AI to automate these things. I will tell you that When NIST lost budget a while ago. Hold on. Did Dan do this? Oh, my God. Okay, so Dan did this. Okay? So free meme of the week here. Leave NIST alone. Leave NIST alone. So. And, dude, I gotta tell you, there's no amount of. There's no, like, people. This happens at work sometimes by toxic people. Like, yes, if we're looking just at the time window of, like, the last two weeks. Yeah, it looks like NIST isn't doing their job, but you have to take the entire picture into account when you're judging them. Okay? Nist, like, NIST lost budget. The enrichment program was going to go away. Europe is standing up their own enrichment program right now, which was part of, like, the fallout from all of that. So, like, yes, we've got some big problems. Okay? We've got Some problems. I mean, obviously, you know, Tomahawk missiles don't pay for themselves. We got to find budget somewhere. So let's just Route NIST's budget. So it, I guess what I would say is like, I don't use the term fake news often, but like bro, nist, NIST has a big problem, okay? NIST has got a real big problem only because of the influx of vulnerabilities being submitted to them and their ability to process them. Okay, so what, what do they need to do? They need to, in my opinion, they need to use AI to do at least initial triage and get some type of baseline enrichment going. And then you know, for the, for the ones that are going to have higher reach, more enterprise grade applications, more sensitive to federal government, then you know, prioritize those. But don't, don't, don't, don't. But don't believe the hype, okay? Don't believe the hype. Federal audit reveals they're plagued by poor planning.

B

Frickin audacity Purity engineer accused of profiting off confidential search trends on polymarket security engineer Michele Spagnolo, a 36 year old Italian citizen who lives in Switzerland, was arrested in New York charged with crimes related to bets he allegedly placed on the decentralized prediction market platform that allows users to place bets on the outcomes of real world events. He is accused of using confidential information pulled from Google systems. According to the Justice Department, he allegedly abused internal access to Google's non public year in search data and placed a series of bets on the most searched people on Google in 2025, end quote. The scam made him $1.2 million, but now carries a possible maximum sentence of 50 years.

A

What a clown. All right guys, so this clown, baby, you can't, you can't commit insider trading, okay? These Poly markets, Kashis or whatever the hell they're called, people are doing this all over the place. I do want to point out, like without naming names, I mean it would appear that people in the, in the federal government or people in government positions are abusing these things. These. The Poly market, dude, I, I can't believe where we've, where we've come to as a society. It's so dystopian, but so Poly market, if you don't know, allows you to bet like literally on anything you can bet on like. Well, I have audio issues today. Will I, you know, will my flight be delayed? Will, you know, freaking, you know, this guy win a fight or whatever? Will, will J.D. vance be the next president? You Know, president, like all these dumb things and because you can bet on anything, essentially there's tons of corrupt insider trading going on and you obviously we're not going to be able to catch it all. This guy abused the fact that he had access to Google data so he basically could see the answers before they went public. And then he bet on it. I will, I will say two things. One, and this is going to be a. Get your Kool Aid man ready. This is going to be an incredibly deep cut. So many of you won't get this, but this guy's name is Michelle Spaganulu or whatever. Spagnulo. Whatever. All I know is when I saw his name Michelle, it made me think of Michelle Goulet. This is the deep cut Michelle Goulet who was like a defenseman for the Blackhawks back in the 90s. Michelle. Good way. He was sick though. He was on that Chris Chelios team with Ed Belfort. Net and oh my God, Jeremy Ronick I think was captain. Anyways, Michelle Goulet, look it up. It's awesome. Insider trading's gonna be a thing. I honestly, I think this guy got caught because he bet such a ridiculous amount of money. Dude, 1.2 million on. On something like that. Like, listen, I don't want anyone to commit insider fraud or corrupt trading or anything like that. But I will tell you one thing. Most people who get caught, it's because they're greedy. People who are not greedy typically don't get caught. I have studied fraud. I love fraud. I know that sounds dumb, but from an academic perspective, I love studying fraud. It's fascinating. Michel Goulet was also in Nordic. Nice, Quebec. Yeah, yeah. I'm not talking about Chelios as a human. I just, you know, as a defenseman, he could really. So anyways, whatever. This isn't really a cyber story at all. Okay. So moving on,

B

Huge thanks to our sponsor Vanta. Your team just added its 67th AI tool and unfortunately also your 67th security blind spot. The good news, the Vanta agent works like a GRC engineer in the background finding every app your team uses, scoring the risk and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey, who are shaping the future with AI and staying ahead of AI risk. Get started today at vanta.com headlines that is v a n t a dot com headline headlines.

A

All right, all right, let me do this. Oh my God. My guy. There it is. I gotta turn the volume down though. All Right. I'm just randomly choosing a volume, a low volume, so let me know if the music's too loud over my voice. Guys, thank you so very much for being here. 380 of three of you today. So you know what I really appreciate? I appreciate that even when it's the mobile studio and we're having some production deficiencies, you guys still show up. You guys bring the heat. Yeah, I really appreciate it. Thank you. And by the way, I'm not calling out one side of the aisle or the other. I think there's tons of corruption going on across the government at federal, state, local levels. Like, inside people, dude, humans. That's why fraud is such a fun topic to analyze because it really does cut across socioeconomic boundaries. It. It, dude, like every human, it doesn't matter what you are. All right, shout out to threat locker, anti siphon and flare. And thank you, all of you guys again. I appreciate you enabling me to do the show remotely and just kind of bring the heat to you. I. I apologize for this. This thing over here. I did not request this in my room. It's not like this wall was empty. And I called help desk, or I called the front desk. I'm like, can you bring me in some mildly, like, cine, like, you know, cine text, taxi cab, confession level, soft core black and white painting into my office, please? Thanks. That'd be great. Every day of the week has a special segment. And Mondays is simply cybers community member of the week. You guys are the community. I love it. Again, I genuinely appreciate you so, so much. Without you, I don't do the show without you. It doesn't happen without you. And many of you are wonderful community members, and I like to take this opportunity to just recognize one of you. Okay? So today I'd like to recognize our friend Dennis. Keith. Now, Dennis Keefe is former law enforcement. He is an OSINT extraordinaire. And the reason I brought him up is because he's at, I think, osmosis con. But I am seeing him all over social media, taking pictures and sharing experiences with other simply cyber community members. I saw him with James McQuigging. I saw him with Chuck Sapp. I'm sure he's out there with some other folks. And I just, you know, shout out to Dennis Keefe, like, appreciate you, Dennis. Appreciate you being so open to, you know, socializing, networking. I know for a fact that you're. You help people all the time. I know you help the community. I've seen you supportive in the discord server so, Dennis, Keith, thank you for being awesome. Keep. Keep crushing it, my friend. And yeah, if you see Dennis, say hi. He's a good. He's. He's one of the reels, you know what I mean? All right, let's finish strong, everybody.

B

North Korea's Kim Suki Deploys HTTP SPY in new attack. The state sponsored threat actor, also known as Velvet Kalima, is being identified as responsible for a new wave of SO cyber attacks targeting South Korean military and corporate entities these past two months. It used social engineering tactics including spoofing security software, installation packages and crafting a fake WebEx meeting page that leveraged a legitimate meeting schedule. This is according to the white hack hacking group Enki. In an analysis published this week, Kim Suki has used these attacks to deliver a variant of a known malware family dubbed HTTP Spy Malicious npm.

A

Okay, just so everybody knows, my, my Spotify application has just completely gone all black. Like, I have no, I have no. Let me, let me show you what, what, what I'm looking at right now. This is my, this is my screen. Oh my God. So, yeah, this is what we're doing here. All right, guys, Kim Suki, long time North Korean threat actor extraordinaire, if you will. They got a set of cyber attacks targeting South Korean military. This is pretty common. North Korea steals a lot of digital money and they attack South Korea. They've also, even though they're friends or like boys with Russia, they have stolen missile technology from Russia. So don't sleep on that, okay? Everybody's doing their thing. L. Web, thanks for joining the squad. Wow. Manual sound effects. Today they did a bunch of social engineering. They spoof security software install pages, created a fake WebEx meeting page, and they're getting spyware deployed via an installer. All right, guys, here's the deal. For first of all, for many of us, this doesn't matter, okay? Like, as far as I know, there's nobody in chat right now who's like working in South Korea or managing a South Korean military operation, right? So as a GRC person, I'm like, okay, this is interesting, but I'm not really going to do anything about it now. One thing that is worth noting is that they are tricking end users into installing malware. Okay? So they're not doing zero days or anything like that. They're getting the end user to just install it right away. You've got a chain of opportunities to be able to address the risk. Number one, social end user awareness training. First step, right? Hey, like, this is not normal. You're not going to get a WebEx calendar invite thing from a random person. Number two, maybe you work in HR, maybe you work in Accounts Receivable like you're doing. You're dealing with random people all the time. Number two, this is a malicious installer. Put in an endpoint detection and response tool and have it fire on something like this. Or how about a tool like Threat locker? Right, Threat locker. You have to be on an approved list before that binary will run on an endpoint. This malware is definitely not going to be on an approved list, therefore it would not fire. We got a little bit of a graphic here. Let's take a look here. So they send a malicious link via email or probably text message or something. Victim runs the malware. Like, dude, here's my thing. Do you see this step right here? Step one, this is annoying. Okay, step one, send malicious link. Step two, victim is infected. Like, okay, like there's a lot that happens between step one and step two. Right after step two, where the victim is infected, the threat actor can do whatever the hell they want on your machine. They own you like the, like, you might as well get a, might as well get a, a bouncy ball or something, or get a Nintendo and go chill out because you're, you're, you're not really involved anymore. They own your machine. As always with malware, there's probably IOCs, so you can go threat hunting in your environment. If you have this running in your environment and you haven't detected it yet, IOCs will help you figure out if you have indicators of compromise. Yeah, the malware drops and opens an HTML file named meeting.HTML which redirects the victim to a WebEx meeting room. Accessing that URL opens a legitimate WebEx room associated with an actual scheduled event. So it is going to look real. The WebEx can be subbed out for a teams meeting or Google Meet meeting. It doesn't matter. All right, let's see. Here is the. Their malware payloads that do the tunneling. You can see basically this malicious dropper. Again, the dropper is usually like an initial payload, like the draw. It drops on the machine first and then reaches out and starts doing the things that it needs to do. And it does register as auto run. So it's setting up a persistence mechanism. Pretty standard stuff here, by the way. That's where you could look for indicators of compromise right there. Let's see. They. Oh, my God. I don't know why. It's my web. My computer's like chunking around right now, it's okay. So it says that organizations in Brazil and Germany have also seen attack. So North Korea, listen, here's the deal. If North Korea can get this to work and they want to attack other groups, they're just going to change the initial attack vector, right? So like basically look at, look at this graphic right here. Okay. Right. So if all of this, all of the malicious compromise is going to work, all they have to do is change the malicious link at the beginning to be like, hey, like here's a Wiener schnitzel like for a German end user. Or hey, here's a, you know, NFL 2026 schedule for American. Right? So you know, the, the, they can get economies of scale with this malware, so be mindful of that. But for the most part this is interesting, but not really anything that I'm

B

sweating Packages published mimicking Open Search and Elastic search libraries. This appears to be the work of a lone wolf NPM user who on Thursday published 14 malicious packages within a four hour window. According to Microsoft, these mimicked popular open search, elasticsearch, DevOps and environment configuration libraries. The attacker used a newly created maintainer alias to target Amazon Web Services, HashiCorp, Vault, GitHub Actions and the NPM Registry itself. As pointed out in the register, these types of attacks allow the actor to, quote, move laterally across close cloud environments, steal additional sensitive data, and push even more poisoned updates to packages owned by hijacked maintainer identities, thus expanding the attack beyond the initial 14 end quote soft.

A

All right, so a couple things here. Like first of all, if you know, if you just got here or you just woke up from like a 40 year nap, supply chain attacks on open source software are so hot right now. Do I have this? Open source software Supply chain attacks are so hot right now. So in squad members, if you would, let's go ahead and use the Will Ferrell so hot right now, that would be where that comes into play. And because of AI, these threat actors that this is, they call it a lone wolf. We'll see. I mean they use one developer account. Like I don't know. I would if it, if it truly is an individual activity, it is interesting. Slim Daddy, I'm not going to reimage my Windows machine into Linux to see if it fixes this problem. It may fix the problem, but I'm on travel right now and I use this machine a lot, so I'm not going to. I've seen you mention it a few times about putting Linux on this AI allows people to Move faster, be more efficient, do more. We've seen agents do all the things. I'm here at Cisco Live and AI is like all over the place and we're. I'm going to be talking, actually. Dude, I got to tell you guys, this is sick. Like, I'm actually going to be talking to the CISO of Cisco, Jason Lynch. Like, but like not, not like somebody who's like high up. Like literally the CISO at CISO at Cisco. I think I talked to him tomorrow. It's so sick, but it's AI all over the place. Okay, meaning a lone wolf can be hyper effective. Now, this guy did 14 different malicious packages. He set them all up at the same time. He made them look like popular packages. Right. Elasticsearch, open search, which are used by security people, typically for sim type stuff. Yeah, I saw that too. Super chat from Wolf Hammer Dr. Eric Cole. I saw that on LinkedIn. Dr. Eric Cole passed away. He was kind of young, you know, relatively so I didn't know enough about what's going on with that. But yeah, Eric Cole lost him. He. He's been big into giving a lot back to the, the community. He was like one of the og, like very forward facing people giving back. Yep. So pretty standard. They're going to steal the tokens and secrets and then move laterally across cloud environments and steal more sensitive information. It's. Guys, listen. All right, it was 59. I mean, I, I guess the closer I get to 59, the more it doesn't seem like it's so old. I'm sure my son would say, oh, 59 is ancient. Listen, these supply chain attacks, most of them are going for your secrets and your credentials, your API tokens and keys. It is brutally painful to have to revoke those keys and tokens and then reissue new ones and then get them into the environment. Right. Revoking and creating new ones is not super hard. Right. It's usually just a click, like revoke and then click, generate. It's getting those keys into the GitHub repositories or into the, you know, whatever environment variables. However, you're doing your API keys and your tokens and doing it with some quickness. I also want to point out, like, I vibe coded some apps lately and I used to be a software engineer back before, like CI CD pipelines and stuff. But like, I'm not taking explicit, I'm not taking great care to write down all of the, where the keys are that I'm using. Right. Like, and I know that's probably reckless of me. But I guess just as a typical person, it makes me think that when you do have some keys that get compromised, going to revoke and issue new ones can be hard because you don't have a full inventory of all those keys and where they are. So it is something to note, maybe an opportunity. Start talking to the engineer, start talking to the developers. Hey, guys, like, as you're developing, make sure that you're capturing where all your keys are because we are going to have to legit revoke and issue new ones periodically. Because of all this, be mindful of where what NPM packages you're pulling down, what PYPI packages you're pulling down. Like, this is a super common attack vector, one that you will see. And by the way, if you're a little bit more advanced as a cybersecurity program, use this as the next tabletop exercise for the technical audience. When you're doing your technical tabletop exercises, use this one as an example. Hey, we just found out that a threat like we've installed malware in one of our packages and we suspect that all of our tokens have been or not tokens, all of our API keys have been compromised. What do you want to do? You know what I mean? So I will say in some instances the key cannot be seen. You get to only see it when it's initially created and then you save it off. So. But it is a good tabletop exercise and a difficult one to manage, frankly.

B

To invest up to 75 billion euros to build French data centers. The company, which among other things is both an investor in and customer of OpenAI, announced on Saturday that it plans to spend spend this money, which is around US$87 billion, to expand operations in France to enable up to 5 gigawatts of additional data center capacity. The first phase involves building data centers in Dunkirk, Bokeh and Bo, all in northern France. This, they say, will be its largest AI infrastructure investment in Europe to date.

A

All right, so it like, hey, if you were looking for an example of what a not cyber story looks like, this is one of them. So they're building a huge data center in France. Okay. I will say it is interesting that the data center is going to cost $87 billion. Holy crap, dude. So data centers are so hot right now. I know that a lot of people are upset. I feel like data centers are like. And this is, this might touch on some topics that people don't like. Data centers are like homeless shelters, okay? At least in my, my opinion. All right? People are like, oh, like we need all. We, like, we have a, we have a homeless population problem. And they're like, all right, so let's build a homeless shelter. They're like, people like, great. And they're like, we're going to build your in your backyard. And people are like, no, no, no, no, no, no, no. Like, I don't want it in my backyard. Like, I want, I want homeless shelter, but I want it somewhere else. I don't want to see it. People. The same thing with data center people like, oh yeah, dude, give me some AI, give me some data center. Give me, give me, give me, give me that power. And they're like, fine, we're going to build a 67 square mile data center in your neighborhood. And they're like, whoa, whoa, whoa, whoa, whoa, whoa. No, no, no, you don't understand. I want the all the utility of the data center, but I want you to build it not in my neighborhood. I don't want my property values going down. I don't want to look at a data center. This is what's happening, dude. Like, it is. I don't know if you, if you're following on social media, but like a lot of people like losing their mind and for good reason. I know, I know. Near Dixon, Illinois, there's some action going on. I know in Utah, just outside Salt Lake, there's some action going on. I know in Georgia because I might move to Georgia. Like talking about deciding next week whether I'm going to move to Georgia. And we're like, we're literally looking at where the data centers are. Lake Tahoe, dude. The power company in Lake Tahoe told the citizens that they're going to stop providing power to them in 2027 because it makes more money for them to give power to a data center. It is crazy. Okay, so this is not a cyber story, although it is, you know, it is, you know, news, whatever.

B

Attorney General sues 23andMe over 2023 breach California Attorney General Rob Bonta filed the lawsuit against 23andMe now Chrome holding company over quote, the company's failure to protect sensitive customers genetic and personal information, end quote. This led to a high profile data breach in 2023 that exposed the sensitive information of nearly 7 million customers, including more than 850,000 Californians. The California based company, quote, confirmed that the leaked data was genuine and claimed that it had been extracted following a credential stuffing attack targeting accounts with weak credentials. And quote, the incident exposed genetic data, health predisposition information, ancestry and ethnicity information Biological relatives and DNA matches. Remember to subscribe.

A

All right, so you guys all remember 23andMe, because everybody wanted to know if they were like 1 8th German or, you know, 1 16th Navajo. Like, I, I never understood why people were like, losing their mind about wanting to give their DNA to a private company. What's the big deal, Jerry? Who cares? Well, I don't know. Maybe if they get hacked, that data could be, you know, used. So 2020. I mean, this is old news. Honestly, I don't know why California has decided to sue the crap out of them right now. If I had to guess, it is a California based company. Yeah, they got hit with credential stuffing, by the way. Just as a quick aside. Well, two things. One, if I had to, this is probably not true, but it makes me feel like California is like hemorrhaging money and they. California's got a lot of problems. And I almost feel like this is like a quick way to make some money for the state of California. Like, I know that it's a legit lawsuit and everything, but it's three years later. Like, why are they bringing up a lawsuit now? The firm. So I honestly, I don't think that this company, this lawsuit is going to have any merit to it. Okay, listen, let me, let me break this down to you. The argument here is that the California Attorney General is saying that 23andMe claim to have higher security standards, yet this breach happened. My guy, as a complete nerd, I would like to point something out to you. This attack happened because they didn't have multi factor authentication like the, the attackers logged into user accounts. They didn't hack into the corporate infrastructure. They, they didn't dump a database. They didn't do malicious USB drives. They literally logged in with leaked credentials into like millions of users accounts. Because the users had reused passwords, because the users had crappy passwords, because they didn't require mfa. Okay, so what are you talking about, dude? Like, so, so the state of California, your, your claim is going to be that 23andMe should have required their users to have MFA. If that's the basis for reasonable security for a company, California better get ready. Because many companies, most companies don't require MFA of their customers. I bet you the state of California, several, you know, like whatever. The state of California's dmv. Right. Website. I wonder if they require their citizens to register mfa. My point is it's a pretty slippery slope where you're saying no mfa. So, you know, whatever, we'll see where this goes. I don't really care. It's a three year old thing. It doesn't matter. It seems like it's a money play. I do want to tell you one thing before we go. 23andMe blames users. Dude, this is the number one thing to take out of this particular story. This happened in, in 2023. But dude, this is how you. This is how not to do it. If your company suffers a cyber breach, do not do a 23andMe did. They literally blamed their users for being fools for having crappy cybersecurity. They, the company got breached, leaked all of their customers information, and their response publicly was to say that their users were idiots. Right. Can you imagine? Can you imagine a business telling the people that give them money that they're fools? Such a hideous look. I mean, of course 23andMe went down the drain after this anyway, so just lashing out. But this is the worst PR move I've ever seen in my life. Okay. Okay. All right, so let's do this really quickly. I'm way over time. I was having myself. Oh, I can't even. I can't even advance the. I can't see the Spotify thing. Hold on one second. Let me, let me. The show's over. I'm gonna try to play the outro music, but I literally don't have an interface. Freaking. Hold on. We got a wrecking ball. Who's the wrecking ball? No, there's no wreck. Okay, so looks like. Have a good Monday, Jenny. It looks like FL1 flip node past their sack plus whoa. Gets a Ric Flair. Woo. Wrecking ball is reserved for getting a job in cyber. All right, let's go. All right, guys. Hala, hala, hala. Holla. Thank you so very much for being here. I hope you enjoyed it. Again, we are the Buffer OA Flow studio. I mean, we're in the Las Vegas so mobile studio trying to figure it out. Guys, do me a a solid. Have a great day. If you're at Cisco Live, let me know. I'd love to high five and meet up. I'm Jerry from Simply Zyber. I will do the cyber career hotline, so don't go anywhere on that one. It is. It is 6am here local time, so nobody's up yet. Nobody's doing anything. I'm Jerry from Simply Cyber. Until next time, stay secure. Don't go anywhere. We're totally going to flip the script and do the thing. Here we go. Just me. Yeah, this is me. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cybersecurity, this show is for you. Let's get into it. All right, what's up, everybody? Welcome to Jawjacking. I would love to make a cup of coffee if that is. If it pleases the court. Here, let me. Can I do this really quickly? I am mic'd up, so I do want to say shout out. Let me get the water cooking here. One second. Oh, yeah, there's enough water in there. This is what Cyber Career Hotline, ama. If you have questions, put them in chat. I will do everything I can to answer them. This is a opportunity to basically, if you got questions and you've been looking for some guidance, you've been looking for some leadership, this is what we do. I provide the answers. But the whole community's here. There's 300 plus people in here. Lots of people. No triadetic memory. There are CPEs. Half a CPE every episode. Go to Simply. Go to Cyber Threat brief, simply cyberio and register for today's. Today's class. I mean, today's lecture. All right, I like this angle too, because now you don't see this, like, skinimax poster up in here. What's the J word? Hold on one second. All right, so let me go. Let me do this. I can't. Even though, like, there's nothing for me to hear except music. I like hearing the music. Any update on the new merch? I'd love to snag a tear hoodie. Yeah, let me actually do that. Nintendo yes. Stones fan. I'm in Las Vegas. I'm in Las Vegas, dude. Oh, jawjacking. Yeah, Cyber Career Hotline. Where's. We're still making the transition. Let me check on the merch store right now. Actually, they should be. Here we go. Hey, what's the update on the store? Community asking. All right, I just. I just sent a slack message, so we'll get. We'll get that. Okay. When did this emails get sent with the number of CPEs you have earned? Is it today? It is today. Humble student 0023. We are in beta. So this will be the first time the email goes out. Yeah. Here, one second. I can. I can actually just look up when the CPEs are gonna happen. Let me see. One second. Okay. When does the CPE email go out? Today is June 1st, and I think it goes out today, but I don't know when or what time. All right, let's see. I just asked. Okay. Left coast. Yeah. Roswell, uk. All right. Is it possible that there's a general job shortage? Like it's not just cyber. Kyle, Kyle. I don't know. I mean, here's the thing. Let me see if I can bring this up again. I don't want to get like super political, but like, I don't trust the statistics coming out of the Department of Labor anymore just to put that out there. So I don't know, man. If you look at. There's a website that I like, it's. It's tech focused. Layoffs, FYI. Hold on. See, Layoffs, FYI. I like this website. I don't know if you guys have seen this one or not, but check it out. This website tracks tech employers. So it's not all businesses, it's tech employers. But it is interesting. You could see here like click up, Sentinel One just laid off 8% of their workforce. Sentinel One, right. Security company. Some of these groups I'd never heard of. Groupon just laid off 25%. Wix 20%. So click up 22%. Actually, Kimberly conf. Is Kimberly in chat. Kimberly's brother works at ClickUp. Meta. Of course, Meta is laying off tons of people, which is crazy. So you can look at this. You know what's an interesting thing? So Kyle, to your question here about is it possible. Yeah, I think, here's the thing. I think there's a contraction in the market. I think that with the increase in prices of everything due to inflation, tariffs, global economy, all these things, I feel like businesses are struggling a little bit. And whenever you're in a business, the easiest thing to your biggest expense is labor. Always. Right. So firing people or laying people off is an easy way to do it. Pirate kitty. The website is layoffs, FYI. I'll drop it in chat. Here we go. It's a great little website. All right. Website. All right, hold on, I gotta get my coffee. 23andMe laid off 40 in 2024. All right, all right. You know, the one thing is I don't have a stir stick. So like I'm just like hoping that this pouring the hot coffee or hot water on it works. There we go. There we go. Oh, I just burned myself. Team sippy cup. Third cup of the day. Oh my God, dude, it's freaking cold in here. My guy. I wish I had something I could put on. Hold on one sec. I am freezing. Hold on one second. Yep, I'm going to do the arm thing. I know you guys hate this, but it is what it is, okay? And then going to make this look fancy. All Right, There we go. There we go. Here we go. Come on, my guy. No, no, no, no, no, no. There we go. Close enough. Got my arm. My arm rests. All right, let's go. All right, here we go. Questions are coming in. Duncan's going to use AI agents to district managing with a bachelor's in cyber. I am going to answer your questions now. With a bachelor's in cyber and no certs, I just completed one year in ir. Is it okay to look for jobs or is it okay to look for jobs, or should I wait till at least two to three years of experience? Okay, so here's what I would say about this one. If you've done your first year in ir, that is pretty solid. I would. Honestly, if you. Unless you're in, like, a really toxic situation, I would do two years. I don't know why. It's like a magic number, but, like, two years, it's a good amount of experience. And basically, with no certs, like, you don't necessarily need certs, but, like, experience is. Is more valuable than certs, obviously. So I think with two years, you'll. You'll, like, fall. You'll fall past the, you know, kind of entry level, and you'll be seen as, like, two years is as minimum as you can get as kind of like mid. Mid tier. Right. So for me, what I would do, I would. I would stick it out, man. If you can get three years, that's fine, but two years. Two years is where you can start moving around. Yeah, James, we can. We can meet. So congratulations, by the way. Super pumped for you. I. I would try to get two years, though. Yeah. I am wearing pants. All right. Continuing to look through chat. What up? Shamira Gonzalez. Good to see her there. Good to see everyone here. What are we doing here? Okay. Simply froze. Yeah, I don't know why my computer freezes. I, like, literally bought a new computer because that reason. All right, cool. All right, so Kimberly says that her brother is safe at ClickUp. By the way, if you get a chance to meet her brother Matt, he is a riot. Let's try to get Matt to simply Cybercon. All right. Continuing to look through chat. Guys, moving to Georgia. Is it a new school you work in? So what's interesting is there is a university in the town that we're looking to move to, and I've already reached out to the computer science department head, and there is an opportunity if I'd like to teach at that university. University. So I. I would not be able to teach at the Citadel anymore. And I would have to, if I wanted to, I would teach at University of Western Georgia. The move is not forced. We're choosing to potentially move just so we can have land and do some fun stuff, get some dirt bikes and do some fun stuff. Can you give us your honest opinion on GRC Engineering Playground? Yeah, I mean, I made a whole video about it, Soul Shine. But for those who don't know, I released a video yesterday On Simply Cyber's YouTube channel on a GRC engineering platform that I found that's pretty cool. Here's like, I guess to go deeper on a candid opinion, Soul Shine, the GRC Engineering playground is cool if you have zero exposure to GRC engineering. It is, I would call it almost like a beta platform. Like, they have a lot of things that are stubbed out, like, coming soon, coming soon, coming soon. They need, they need. It needs to be finished. But it's like, it looks like it's like a hobby or, you know, kind of a free platform thing. So it looks nice. I wish that they would finish it. But for someone like me, who I've, I've talked about GRC engineering, I've read about GRC engineering, but I wanted to like, get my hands dirty and kind of eliminate a lot of like, complexity. GRC Playground was perfect for that. Go watch the video, people. People are really liking it, right? Let's see. Hopefully the audio, the music's good. I can't hear. Let me know if there's music you guys hear. That's a bother. I'll you tell alternate offer. If a person wanted to learn more about AWS cloud engineering, what free sources would you recommend? Jazzy Jazz asks Jazzy Jazz and everybody, regardless of the cloud solution, the big ones, Google, Amazon and Azure, they all have free training from themselves, right? So Amazon has AWS training, Azure has Azure training. Microsoft has Azure training. Let me see. Aws. Dude, why is my computer suck? AWS training. Yeah. So here's the website, Jazzy Jazz. And I'm going to give you two options. Okay. By the way, Jazzy Jazz, that's option one. Come on. This is option one. And it's. Remember these, these platforms. Amazon wants you to be trained on Amazon. So you can use Amazon and pay for Amazon, right? Aws, so they give free training. That's what I would do here. One other like notable. And this isn't free, but I know it's very good if you want to learn cloud security. This right here, Cypr. And I'll drop a link to this. My friend, Christoph Limpolaire runs this. This is exclusively super focused on AWS cloud security, defensive and engineering. Okay, so check that out. Also, also now this is a shameless self plug. Okay. At Simply Cyber Academy. Come on guy, what are we doing here? If you did not know Jazzy Jazz and everybody else at Simply Cyber Academy, we actually have Tyler Ramsby's AWS pen testing. So if you wanted to learn specifically aws pen testing, 60 bucks for 67 lessons. Less than a dollar a lesson from Tyler Ramsby who's been doing this for quite a while. Quite, quite good at it. Hopefully that helps you along. Continuing to look through chad here. It's 9:20. It's 6:20. Well it's 25 past the hour. We'll go to college couple minutes after. What's the best way to sell GRC Engineering to my csa? So it doesn't sound like more compliance work? What framing actually makes people care? Oh my God. So Ralphie, the best thing about GRC Engineering is that it two things. One, by putting policy enforcement in place, you can't deploy non compliant configurations, right? So like the very simple example is an AWS S3 bucket. If you have a production bucket bucket and it shouldn't be public facing, you can have GRC Engineering checking as the CICD pipeline works and if a violation occurs I. E. You have a public facing production bucket, it will reject the commitment or the commit to allowing that bucket to be created and then provide clarification on why. So you go from reactive security to proactive security. So if you're trying to convince the ciso, you could say well and hold on, let me give you a second benefit. The second benefit is and, and I don't know if you watched my GRC Engineering video that published yesterday, but I included it in the video right now like it say you have a thousand servers in your environment. Okay. If you were going to do an audit to see if the servers are compliant, chances are you would sample those servers and your audit would only be like every couple months, right? If, if you were doing it really fast. So if you only sample a set of servers you, you could be missing some and it's slow because you have to like plan the audit, then do the audit, then get screenshots or get an engineer with GRC Engineering you test all servers and you can do it, you know, daily if you want. Right. So by getting that kind of visibility and getting that high fidelity of results on audit, you can go from a kind of like an annual audit program to like a basically real time audit. Program. It's like a very, very maturing capability to introduce GRC Engineering into your environment. It's very proactive. It's awesome. So if you want to, like, okay, so now let's get to selling the CISO on this. How do you sell the ciso? You can be like, listen, if we introduce GRC Engineering, we will redo. Like, we will reduce risk because we will have less config misconfiguration. And if you want. Ralphie, go pull a statistic. You can find one easily on the number of cyber attacks or the amount of money from cyber attacks in 2025 because of a misconfiguration. You can pull that, and you could say, listen, if we do GRC Engineering, right, not only can we actively have visibility into our environment and ensure that we are compliant with whatever we have to be compliant with, but we can also. We can also prevent misconfigurations from being pushed into our environment and eliminate most of these type of risks. It was a $30 million, $60 billion, like, whatever issue last year for businesses in our industry. We. We can just eliminate that right off the rip. Like, I'm sorry, isn't your job to manage risk here? Like, I'm. I'm doing you a solid. Hopefully that helps. All right, so we've got music. Awesome. All right. Oh, my God. This coffee's good. Oh, yeah. Here, let me. Let me just show you guys really quickly, since I've talked about it a few times. Dude, I swear to God, it's obs. I swear to everything, it's obs. Here's the video. Here's the video. Drop a link to it. If you. If you think it's good, do me a favor and drop. Share it in on LinkedIn. Let people know. All right? GRC Engineering, this is the analyst that GRC analysts need. Look at it. Yeah, look at this guy. Okay, I don't know what's going on. All right, Cyber risk witch has got to get out of here. Have a good one. Speaking money. They love numbers. Exactly. Shaft tv. Any good sources to learn and pass cism? Yep, I got. I got you, Rob. Listen, number one, the. And this is my opinion, the only resource you should use to pass any ISACA certification exam is the official ISACA resource. I. I have. I let them expire. But I had the cisa. I had the cism, okay? I'm telling you definitively, the ISACA official training is the right one. Now, they're not priced cheaply, which sucks, but in my experience, unless they've Changed it. I got. I forget what years I got them. I think I got the cism in like 2012. The questions they ask on that exam, the answers that you're supposed to give are not exactly the answers that you would do in real life. And I know that that sounds ridiculous, but I'm telling you, like, I'll give you like, a silly example, okay? A silly example. And this isn't a hundred percent one of the questions, but like, it'll be like, oh, you, you know, you get notified of like an active breach in your environment. What's the first thing you do? And like, option A is like, you know, call a board meeting and like, let them know what's going on. Number two is like, you know, contain the endpoint. Number three. Three is like, confirm it's actually a breach whatever whatever. Number four is like, go for a walk or something stupid. And like, the answer, the correct answer is number one. And like, again, that's not an accurate, that's not an actual question, but it's something along those lines. There, There are several questions where, like, you do something very like, bureaucratic as the correct response, but in reality you would do. You would do the bureaucratic thing, but you wouldn't do it first, right? Like, you would contain the problem and then like, let management know or something like that. Like, it's. I just remember thinking like, like this is not how it. You know. So anyways, that's. That's what you would do. And the only way you know what the right answer is is because. Because the official ISACA information says that. Oh, Space Tacos has phone screening for auditor two and 20 minutes. I'm thinking that's in 15 minutes from now. Space Tacos, Good luck. Best wishes. I try not to say good luck. I try to say best wishes when I say these things. Let's all send some good love to Space Tacos. Space Tacos. I can't win. Wait for Wrecking Ball on you. Okay, so Low Pro bought the question bank, not the official book. Low Pro, let me. Do you have the system scheduled to take already? I. I would love to know. I mean, again, I took it 15 years ago, so maybe they've changed. Would love to get an update on that. Truly Original says, don't forget my question. Truly Original. Will you put your question in chat again, please? I'm sorry, I missed it. Put your question in chat and I will answer it right now. You will be my next question. Oh, Elliot Matice just got the system last year. He says you need their Q A Database. It's the only resource that worked. It's essential. Yeah. So that's. It's probably this. Elliot's probably referencing the same thing that I'm talking about. Like, you have to understand how Isaca wants you to answer the questions, not how you would actually do it in real life. All right, All right. Did anybody see the. See out right here? Truly original says. Don't forget my question, please. If someone can put. Yeah, put, Put. Put your question in chat. Again. Put your question in chat. All right, I'm gonna go a few minutes over just because I. I went late on the. On the show today. 268 people here, guys. Oh, here we go. I found it in a tier one sock roll. I want to move to tier two. Should I get two years of experience in the tier one before pivoting? I'm currently underpaid in my sock role as well and getting married soon. Well, first of all, dude, congratulations on getting married. What a. What a just life experience. And to find. Find the one is phenomenal. So I'm very happy for you and wish you the best on a long and healthy marriage. On a sock one role, you do not need. Here's what I would say. And, Chad, I want you to weigh in on this, too. Here's what I would tell you. I would go. I mean, dude, you don't need necessarily to move to a tier two sock. Like, if you could get a promo, here's. Here's what I would do. If you can get a promotion internally to sock two and get more money, do it that way. If you can get another job. I don't know how long you've been in your role at tier one, but if you can pivot to another company doing tier one sock work and get more money, then do that. You don't need sock two to get more money. You could find another company to pay you more for sock one. If you can get a job as a sock two at another company, you can get a lot more money. You. You will absolutely always get paid more if you switch jobs than if you get a promotion or pay bump at work. It's just the way it is. So that's what I would do. I. I personally, I said this earlier. I think two years, especially when you're more junior in your career journey, I think two years is solid. I think one year, it's a little dicey, especially if it's your first role in cyber, because now did you get enough experience? And if you do it again now, you look like a flight Risk where people are going to look at you. Like, for me, like, you know, I, I've been at some jobs where I was at it for like one year but like it happened later in my career and I didn't care because I'm, I'm well established. Right? So it didn't, it doesn't, I can explain it or you know, people don't care. You know, almost a year of experience. So you don't even have a year yet. You definitely need at least a year. I, I would try, if it were me, truly original, I would try to continue to max out that role that you have right now. Remember, I know you want straight cash, homie, to pay for things like the wedding and all these other things, but the experience you're getting right now is incredibly valuable. I know you can't buy groceries with that experience right now, but that experience is very valuable. So don't sleep on that kitchen. Infosec says change companies better money. Yeah, 100%. All right, so he says there's no room to move up internally. I mean you can low key be looking, looking on the side for another sock job and get paid that way. And you know when you're, when you're interviewing and they say why are you looking to move after only a year? You can literally say there isn't, there isn't. I wouldn't mention the money. I would just say like you just said, there isn't any room to go. Could say, you know, I want to be challenged professionally. I like to, you know, excel and push myself and there's no room to grow at my company. Is there room to grow at this company? You know what I mean? People, managers love hearing that. Okay, so we're at 9:38. I'll go. Two more minutes, guys. It's been really fun hanging out with you guys. It's a great way to start the, the Monday here at Cisco Live. I gotta meet up with my videographer. I gotta, I gotta figure out. Oh, hold on, let me two things. I got an update on the storefront. He says we're very close to launch. The team finished uploading all the products and we're working on developing the approved design into the store. We'll share a preview later this week. In the meantime, we would like to send some samples for you to check the logo and quality. Can you share a shipping address? Okay, so that's the update on the store and then the update on the CPE things is. Oh, there's a cron job that fires at 10:00am Eastern. Time. So I guess everybody's getting their CPEs in 20 minutes. Fingers crossed. Everybody? I, yeah, I have no idea. I'm, you know, it's beta. We're beta testing. All right, All right. Continuing to look through chat. Hey, you're welcome. Truly original, dude. This is why I do simply cyber. You know what I mean? It's like I'm, I'm. What, what, what a privilege, what an absolute privilege to be entrusted to answer that question and to be able to potentially help you. That's a real privilege. Jerry has a video. Oh yeah, I got videos up for days. Taekwondong says I'm focused on learning pen testing, but there is information overload. Any ideas? I own books and have a subscription. Yeah, I mean it, it's, it's not uncommon in cyber to get overwhelmed. So what I would say is for me, right, your mileage can vary, but for me, what I would do is I would, I would, I would set some goals. All right, if you say like, I'm gonna learn pen testing, that's just like too vague a goal. Say like, I'm gonna learn, I'm gonna do one box a week. Okay. Or I'm going to learn all I can about cross site scripting or I'm gonna learn SQL injection. And then how am I going to do that? How do I measure if I've done that? So then maybe you spend like Monday and Tuesday. Say you have like an hour a day to study. So say Monday and Tuesday I'm going to do study, study. Like I'm going to read books, watch videos, do these things, take notes. Then Wednesday, Thursday, I'm going to try to do hands on SQL injection stuff. And then on Saturday I'm going to assess whether or not I understand what SQL injury injection is if I do not. Let's go again. Right? Or I'm going to start with, you know, the overall cyber kill chain. Right? Don't try to boil the ocean. A, A, A, A huge mistake I see people make all the time is they, they like want to go from like A to B, all right? A to B, and then they take like one step towards B. And then they, they see something else over here and C, so they take a step there and then they see something in D and they take a step there and ultimately what ends up happening is they just walk around in a circle on the same spot where they started and they don't really actually go anywhere. And that's a, that's a metaphor, right? But, but I see it all the time. People just Kind of like dabbling and, you know, basically trying a bunch of different things and, and not committing to one path and going and getting it. Honestly, the only way to do it is to put your head down and grind and grind. I'm sorry, there's no easy button. And I'm not taekwond long. I'm not saying that you are asking for an easy button. So I'm not trying to, like, I'm not putting this on you. What I, What I'm saying is I see it all the time. People, People want, it's exciting. There's a lot of fun stuff, but it's, it's, it's. It's hard. It's. It's the one thing that I want everybody to work in cyber, that wants to work in cyber, but the one real truth that I have to share, and I would be disingenuous if I didn't share it, and I'm not gating. I'm not gating anyone, okay? But the reality is it's hard. It is hard. And whenever someone gets their first job in cyber security, I typically say, like, congratulations, now the real work begins. And, and that's not to be like tongue in cheek or, or cheeky or whatever. It's true. It's like you worked your ass off to get to the job. Like, you just climbed up and got on a plateau. But guess what? Now you can see the, the rest of the mountain and you gotta get climbing. That's what's up. All right, I, I do got to get going here. All right, guys. Any, any, I guess any final questions? I want to say thank you very much, everybody. Thanks to the mods. Justin Gold hooking me up with AV checks before we went live. So mobile studio has mobile studio challenges, right? But definitely. Cool. Go watch the GRC Engine Engineering video on YouTube if you're interested in learning about that. That was like, something cool I just found and I made a video about it. It's not like it's sponsored or anything. I'll be at Cisco Live putting out some content, guys. If you, if you like the show, if you want to support the community, you know, any, any of the sponsored things, interacting with it helps. Helps the show. Code Brew. I do want you to know I do have this for you. I actually bought a bunch of like, envelopes and postage stamps and stuff. I'm shipping out a lot of stuff, so I, I wanted to save some money, so I bought. I'm gonna do like the, the postage at home, so. All right, guys, take it easy. Everybody be good to each other. I wish you the very best today. Look forward to tomorrow. I'm Jerry from Simply. I'm Jerry. I'm Ron Burgundy. I'm Jerry from Simply Cyber. Until next time, y' all stay secure.