A

Good morning, everybody. Good afternoon, good evening, wherever you are in the world. And hello there. So welcome to the Daily Cyber Threat Brief, Simply Cyber's Daily Cyber Threat brief. Today is Thursday 4th, 2026. This is episode 1146, or if you want to put it in binary, 10001111010. Yeah, okay, geeking out a little bit. But if you want to do it In Hex, it's 47A. But episode 1146. Impressive feat that Jerry's been doing. I'm not Jerry Ozier. No, I'm James McQuiggin. I'm filling in for Dr. Rosier here today as he is traveling back from Cisco Live. So if you're looking to stay current on the top cyber news stories of the day while being educated, entertained a little bit and also having an awesome community experience in the group chat, you are certainly in the right place. So without further ado, let's get cooking. All right, we're back. You know, let's change the view a little bit here. There we go. That looks a little better. Now I've got the. The chat in there and wow, we got Sean. What do we got here? Hang on, hang on, hang on. Before I go any further, let's have a look at the chat here. We've got Sean Sailor 6923. He's been a member for 19 months. Fantastic. Did we just become best friends? Yep. Yeah. So also I got my first article published today. Sean, that is awesome. That is great news. That is what we want to hear. Everybody that's in chat, I know we're certainly going to be thumbs up for you with regards to that overall cool. Congrats again. And I think we've got Sean in there. We've got Code Brew, we've got Phil Stafford, you know, but if you are a first timer in here, then go ahead and drop in that hashtag first timer. We're all excited to see folks that are joining us for the first time. This is a very supportive group, certainly very inclusive, and we want to empower all of you to be awesome folks that are you. Thanks for the shout out there, Tom. Yeah, always excited, always thrilled to be able to cover for Jerry. And did Jerry get a haircut? Huh? No, he, you know, you just got a lot of worse looking. Jerry's quite the handsome fella. But anyway, enough about that. So, yes, Jerry's on his way back from Cisco Live. I'm here in another hotel room. You know, you can tell it's a fun hotel room by the fancy art work that's over my shoulder certainly got, you know, don't exactly get to pick the artwork or the backdrops. But I am coming to you here in St. Paul, Minnesota because I'm going to be at Secret Con later on today. I'm actually presenting there later on this evening doing my AI agent, Deepfake talk, social engineering, all that other good stuff. But if you are here in Minneapolis, I do know there is somebody here in Minneapolis definitely come on by Secret Con. I'll be here today and tomorrow. But I'm just doing the show here for Jerry today. So anyway, enough about that. Again, if we got any first timers in there, let me know. I've got Mod Chat set up. So folks, if you guys see anything, let me know. I know I've got Haircut Fish in there. We got Jenny Housley over in there and real excited for the show that we've got to for you today. Eight stories coming to you from the Cecil Master series. We're going to go through those, play them for you. I'm running on my newly improvised travel rig, don't have the stream deck. Hopefully I've got everything working, coming through. Hopefully the sound will come through as well. I tested it all before so, you know, business, continuity, hopefully everything plays through okay. One of the neat things that I'll share with you at the mid roll so that'll be something to make sure that you stick around. But at the mid roll I'm going to share a picture with all of you of somebody that I got to meet yesterday, somebody I consider a legend. I don't fanboy very often, but this was somebody I was really interested to meeting to meet. Got to meet them last night, got a picture taken. I'll show you that at the mid roll. But again, if this is your very first episode, drop in a hashtag, first timer. Thanks for checking us out. Real excited that you are here. We do have for those folks that are part of the Team SC squad, you know, we've got that emote, we've got the McLean. Welcome to the party, pal. Real excited that you would be joining us here today. So again, this is one of the things I love about this community. One of the things I love about what Jerry does with the Daily Cyber Threat brief is that this is all about support, this is all about inclusion and this is all about empowerment. Want to help people, you know, drop in a message if you're starting a new job, if you're finishing up a degree, because it is that kind of the End of the year where folks are getting their degrees, got a new job, got an interview, you know, drop it in there. We're all very supportive, excited that you are here with us overall. All right now gotta get over, gotta get some of the housekeeping, some of the business work done. So hopefully, let's see here if we can get this to display. Hey, there it goes. Looks like it's showing up. So we can't do this awesome show without the fantastic support, amazing support that we get from the sponsors, the stream sponsors that help keep this show free. Helps to keep it no cost to all of you. And of course first up we have Threat Locker. You know their Zero Trust application denied by default solution is enterprise grade and trusted by major organizations and the federal government. So if malware tries to run on an endpoint protected by Threat Locker, it simply won't run. So I know we have a. Jerry's got the threat, the ad read for it. I don't have it here in my system so you know, definitely check out the. Let's make it a little bigger. Definitely check out the world leading Zero Trust platform. Next up we have Flare Threat intelligence that prevents breaches. Threat actors aren't breaking into systems, they're logging in. We've heard Jerry say that so many times by using stolen credentials and but with Flare Cyber Threat Intelligence platform, it combs through the dark web info stealer logs and criminal telegram channels to find those compromised identities before they're weaponized. So check them out. Flare IO sign up for that two day. Sorry, not two day. Two week free trial at Simply Cyber IO Flare. Finally we have Anti Siphon training, their upcoming training, their live courses. I've been helping out Anti Siphon as well with regards to their anti cast but they've got live training. But more importantly what they have coming up here is the threat Hunting summit happening on June 17th. It's free, it's going to be from 10 to 4:30. I've registered, I signed up. I'm looking forward to seeing it. It's coming just under two weeks and it's perfect for anybody that wants to beef up your sock skills. You know you're looking to try to break in. This is going to be a great session. Also we've got Wade Wells's today not one day. His two day Cyber Threat Intelligence 101 class. Certainly not to be met. He you can use Simply code Simply CYBER2 6, Simply CYBER26 at checkout and you get a discount off his fantastic course. I believe it retails about 575. But get your employer to play pay for that one if you can. Maybe it's an early Christmas gift. Maybe for the dads out there. It could be an early Father's Day gift, but definitely check that out. I will be. I personally teach cyber threat intelligence at a university private university in central Florida. I certainly and highly recommend taking Wade's class. Overall cool. Well, we got the housekeeping out of the way. Now we're gonna get on to the good stuff, what you're really here for. But gotta give a shout out to Devin Gray, Marcus Kyler of the Yeet Crew. Roswell UK is there Good to see you. Nice nice Lord. Nice Lord Nyse. And then we got jt find the true two. Good to see all of you. Marlon J.22 Good to see all of you out there. A very special coffee cup cheers to all of you. I've been saying it for years and excited to be able to share coffee cup cheers with you. All right, let's check to make sure I've got everything. I asked about the first timers. I said hello to everybody. That's important. We did the sponsors had to get, you know, make sure we got paid.

B

Cool.

A

Well then right now is the important part of the show. I'm just checking to make sure all my audio is good to go. Hopefully it comes through. I've got some awesome folks in Mod Chat helped me out. Justin, Jenny and Mr. Dan Ren, the haircut fish who we're gonna see Dan's meme of the week at the mid roll because every week sorry day of the week Jerry always has a special segment. I'm particularly attached to Fridays because you know, bad jokes. But today Dan Ray brings us the meme of the week. I'm certainly excited to be share that with you when we get there at the mid roll. But in the meantime I need Mona, Sam, Samuka to sit back. I need Devin Gray to relax. I need the rest of you to be able to let cool sounds of the hot news wash over you in an awesome way. Okay. I had to try it. I love how Jerry says it but you know that's his line. He does it really, really well. So we will let him do doing that. But you know what it's time for? Let's get going with this from the CISO series. It's cybersecurity headlines.

B

These are the cybersecurity headlines for Thursday, June 4, 2026. I'm Rich Tropolino. Law enforcement cracks down on illegal streamers. Bulgaria in coordination with Europol and private security vendors led a seven month effort dubbed Operation Kratos to disrupt illegal streaming services that distributed copyrighted sports TV and movie content. This led to the takedown of 27,000 URLs and over 4,300 domains and the identification of 86 suspects, with 59 cases sent to authorities for prosecution. Europe stated that investigators targeted a broader criminal network that supported these services and warned that users of illegal streaming platforms face significantly increased cyber security risks.

A

Hey, I timed it perfectly this time. Awesome. Well, hopefully let's turn that off. Yeah. So first story of the day, we're kind of hitting right out of the gate. We got an Operation Takedown. 13 countries took them. Seven months, not surprising. 29 arrests, nine criminal networks taken down. That's pretty huge because, you know, yes, we certainly love Europol, we love the poll polls that are out there, especially with what your poll are doing. So necessarily, you know, this is, we're looking at organized crime, we're looking at cyber criminals that are out there doing these attacks. We've got law enforcement going through and busting these guys, you know, going in like a wrecking ball and busting them down. You know, when, you know, these services that are out there, you know, all these websites that taken down, you know, they were exposing regular folks just like you and me to all this malware, all this spyware, the data theft. You know, somebody installs a, an app on their tv. How do we know, you know, it's not protected? How do we know that that app doesn't have some sort of malicious software that's behind it that essentially is giving cybercriminals access to be able to create up those botnets that we always hear about. You know, there's no integrity checks, no signing, nothing. It's just, you know, you end up getting, loading up an app so you could watch something on your TV maybe or listen to something. But you know, when that ends up happening in your system at home, that's one thing. But when it's in your organization and you have all those IoT devices, it's important that we're segregating, separating those networks as well. So this takedown's real. This is huge, you know, with, with regards to everything that they've got going on. But you know, I find it interesting that the seventh month, seventh month, these seven months, Operation Kratos 2. So that kind of leads me to believe there was a Kratos one. So, you know, enforcement is constantly working to take down these different groups that are out there. You know, we're always dealing with streaming good, bad or indifferent overall. But you know, when you've got streaming going on, that can be considered an endpoint risk as well. You know, whether it's going to your users that are streaming and listening to certain things, you know, they might be thinking they're saving money by getting these apps or whatever, but you've always got to be aware of what the app are bringing to your system. You know, if they're not trusted, they're not vetted, they're not checked, you know, you're opening up the door and letting the cyber criminals walk in and be able to gain access to systems, devices and everything else overall. So great work on behalf of Europol, great work on behalf of them to bring down another one of these groups. Again, 4300 domains linked to piracy and 400,000 additional URLs. Flag for suspension. So great job on the part of them. This is great to see that groups are bringing down these, these criminal groups. But the kicker is, is, and I, you know, I know I've said it, I know Jerry said it, the fact that, yeah, great, we're going to cut this head off. If people aren't being arrested and detained and put behind bars, they just keep going, you know, but at the same time, these groups, they're constantly educating each other, sharing information. You know, if you chop the hat off, you know, take out the leaders, you know, the people that have been working for them, they're going to be running around building up other groups and carrying on their effort overall. So certainly a good story to start the day off here today with regards to, you know, our cybersecurity stories. Cool. All right, let's get into the next one.

B

The European Commission releases Digital Sovereignty Plan. This plan looks to boost Europe's existing tech sector to eventually challenge US rivals and reduce dependency. The plan includes the EU's Cloud and AI Development act, which empowers the Commission to review vendors from countries outside the bloc to determine if they are trustworthy enough to serve the public sector. The plan will also direct more public money toward tech products that contribute to Europe's economy, reduce administrative overhead for opening new data centers, and require member countries to create national strategies to boost adoption in new tech, particularly AI. A European Commission study found that member countries spent a combined 264 billion euros annually on tech from Microsoft, Google and Amazon.

A

The startup costs are startup costs being extra. But let's get back to this one. So, EU plots a long game against digital US digital supremacy. I was in Denmark last year yeah, Last year did a presentation for them and one of their big concerns, especially with gdpr, especially with the AI EU act that they've got coming out, there was a very, very big concern with regards to US technology. Everybody was using, you know, Dell laptops or they had IBM laptops. And wow, that sun is coming in. Hang on just a sec. There we go. Close it out there. That Sun's getting to the right point of the day here. All right, so you've got EU gdpr. And I know we've probably got some folks that are listening that are from the eu. I know we got Roswell uk. Well, technically you're not part of the EU anymore, but anyway, you've got the EU act over there. They've got their GDPR and everything going on where they're controlling the systems, the software, you know, making sure things are vetted and so forth. And what's interesting for them was here you had Microsoft releasing Copilot, their generative AI tool, to use with all the Microsoft products. While talking with lawyers, certain lawyers in Denmark, they were concerned last year about how that would impact with regards to the EU act, because they don't have any control. It's a black box when it comes to that generative AI. And so we've also, and I heard yesterday that President Trump's new executive order relating to AI, this is probably something that follows that. And there was a mention of Trump, of his EU plan in there as well. Weaponization of Europe's dependent on American firms not getting into politics. But essentially the EU is concerned about the American products coming in, whether hardware, whether software, operating systems. Some of them are having conversations of like, do we need to switch over to start using Linux, you know, using an open distribution. So they're in a, you know, and with this, they're trying to look at it from, you know, to be able to secure and protect their borders, their citizens overall. You know, they're looking to be able to grow their data center capacity. They want to have, you know, be able to control the, the assets that they have within their organization. When everything comes over from the U.S. they're kind of wanting to be able to stand on their own with regards to this. So, you know, Europeans enterprise could fully exit U.S. hyperscalers. They could do it where they set up their own data centers and start having their own infrastructure over there using their data centers, maybe their own operating systems, their own systems overall. But when we look at this from a global perspective, you've got organizations and CEOs that support the US, but everybody else, you know, all the other countries, whether it be Europe, could be Africa, could be Australia. So it's, you know, very concerning with regards to how this vendor lock in may happen. It's not really relating to just procurement anymore. No, this is now geopolitical conversation and we keep politics out of here and religion and all that, but, you know, this whole digital sovereignty that we're starting to hear about, this could be, you know, either good for the supply chain or bad. It could be helpful with regards to resilience, but we need to make sure that, you know, the security teams and CISO has a security table when it comes to these discussions and everything else as well. So very interesting with regards to their plan that they've got coming out. You know, wanting to be able to protect their, organize, protect themselves as a country, certainly looking at defending their own interest, making their own choices, as the article references. But they're looking at trying to keep their money in the eu. So they don't. Yeah, Elliot, you hit it right on the head. They don't want to be beholden to the us, the stock market, regulatory space, government handling altogether. Yeah, I agree completely. So certainly, you know, as we look at the first story, criminal profiles, criminal networks are coming down. You know, start looking at that digital power struggle of everything that's happening right now. You know, the EU is looking to try to move away from the US's tech dominance, see how this plays out over the next couple years. All right, let's get on to our next story.

B

Cyber force. According to a new report from the Commission of US Cyber Force Generation, as part of the center for Strategic and International Studies, the cost of starting up a US cyber force is estimated to be around $11 billion. The report estimates that starting up the force would take 12 to 18 months and would need to include at least 5,000 members of the National Guard and up to 6,000 civilian staff. The Government Accountability Office reported last year that roughly 61,000 people are currently involved in cyberspace operations across the Department of Defense. And The Trump administration's 2027 budget allocates $7.7 billion for cyberspace operations within the Pentagon.

A

So now we're starting to see money coming back to getting more cybersecurity professionals. You know, we know with between CISA, with nist, with the end, nsa, all of these different three letter agencies, the FBI, CIA, nsa, ncsc, they've all got cybersecurity teams. Overall, you know, whether Army, Navy is going to be looking at getting in within the military, the Air Force is very active with regards to cybersecurity. All of them have some type of branch or some type of group that is focusing on cybersecurity. So now we're starting to see some money coming back into this overall. I mean, You've already got 61,000 people already in Department of Defense cybersecurity operations. You know, it's not exactly. It's a headcount issue. It's more about getting more people. That's part of it. But you think about when Space Force spun out back in 2019, this is kind of the same thing, you know, same concept, same debate now just doing it to cyber, even though they gutted last year. And so essentially what we're looking at here is trying to get more funding in there, get more collaboration, certainly help with talent overall as well. And so as we, you know, you know, Cyber Command is doing okay, but, you know, the problem is there's not a path to grow. So, you know, they've got all these people that are coming in, but there's no real path to be able to educate, continue that education, grow them. And with what we're seeing with all regards to the different attacks, it's crucial that our own Department of Defense has cybersecurity team to be able to. Overall, it's typically better to prepare for war in advance of conflict rather than after the fact. You know, seeing that quote in there kind of applies to our security programs. You know, if we can be more proactive with our security programs and I know, I know. Don't come at me. Budget ciso. Easier said than done. But, you know, if we're able to be prepared, think about our incident response plans, we think about our tabletop exercises. If we can sit there and be prepared, and we know what we're supposed to do, rather than trying to figure out when it happens, that we can then know what actions we need to take. Hey, guess who's heading off to the airport. There's our good buddy Jerry heading off to the airport. Happy to help out, you know. Have a good day, everybody. So there you go, coming from Jerry. And this is showing off. Wait, there we go. So being prepared is always. Is always key, you know, with what's going on here with this 11 billion to try to get more of a cyber force, even though, you know, we have so many cyber forces already between within the DoD, the different military branches, the FBI, the CIA, the NSA, they've all got their cybersecurity forces that are in there trying to get them to collaborate, trying to get them to work together is going to be huge as well overall. So let's see where this ends up going. We know that being proactive is key. Being able to be prepared just like the Boy Scouts be prepared, that is critical and hopefully this is something that, that comes through. But you know, yeah, shuffling the same people around, are they bringing people back? Are they going to bring on new folks? Are they going to rebrand it? You know, I don't. I see. Rob well, UK's comment. Brilliant. I love it. I heard. Must be absolutely trembling. I can smell the sarcasm there with regards to that. We need to make sure that our cybersecurity defenses are in order are checked. We have. We're very proactive with regards to it. Otherwise we're going to end up suffering more data breaches and more issues, you know and I finished reading Cuckoo's Egg again. It's been a long time since I read it the last time and when I read it the first time I just kind of skimmed over it. Reading it again over the weekend and diving into it deeper with more awareness now in cyber security, trying to collab the issue. If you haven't read the Cuckoo's Egg, definitely read it. But you've got Cliff Spoil who's trying to collaborate with with the nsa, the CIA, the FBI, trying to get them to take awareness, try to take note of what he, what he's got going on inside of the Berkeley labs and nobody's really taking them seriously. And so you know, that frustration is certainly there. If we don't have the right security programs in place, we don't have things set up and running and tested and ready to go. We're just going to end up falling victim to another breach later on down the line. All right, let's get to the fourth

B

story of Microsoft build featured quantum and AI updates Microsoft announced a new quantum computing chip called Majorana 2 at its build conference. This chip uses lead based materials for superconducting wires rather than aluminum and claims to offer a 1000 fold increase in certain performance metrics compared to Majorana1. Notably, Microsoft now estimates that production capable quantum computers will become available sometime soon in 2029. Microsoft also announced the Adaptive Spec Driven Scoring for Evaluation and Regression Testing, mercifully shortened to the Assert framework. This open source framework is designed to make evaluating AI behavior easier, letting researchers use plain language descriptions of expected behavior and policy which are then turned into structured sets of behaviors, problem scenarios and test cases and then run against AI system that produces a final score. And finally, Microsoft also released the Agent control specification or ac, which lets developers define policies for agents to follow in a single file. The idea is to create a common governance layer for agents where admins can state what they can and cannot do as well as when to bring a human into the loop for review.

A

All right, so Microsoft coming up with some tools, coming up with some frameworks, helping out with Quantum, you know, there's a lot to, to unwrap there overall, you know, with Quantum, we know Q Day, my good friend Roger Grimes wrote a book on Quantum, you know, and we're constantly having to deal with Q Day or making sure we have quantum resistance qrc, Quantum resistant cryptography. So that way, essentially that way we're if cyber criminals nation states get their hand on quantum systems and they probably already have that, they're, you know, not end up going to be being able to break all of our encryptions that we've got. So we've got to make sure we've got that quantum resistant cryptography already. But here we have Microsoft coming out with an AI framework, really evaluating application specific AI behavior, which I think is interesting. We've seen some frameworks out there already. We've got NIST, we've got the ISO standard 42001, we've got OWASP, they've got their top 10 regarding agent AI regarding large language models. You've got Underwriter Labs have now come up with an AI standard as well. So we're having all these different frameworks coming out and Microsoft has now come up with their open source one assert taking plain language descriptions of AI models, expected behavior policy, turns them into a structured set of acceptable and unacceptable behaviors, generates problem scenarios, test cases, runs them against blah blah, blah and gives you results. So I haven't tested it, I'm not familiar with it, but having them announce it yesterday, I'm sure it will be something important to try. And Phil makes a good point that not all machine language or AI are created the same. You've got different machine languages doing different modes. So with regards to this, it's going to be real interesting to see how this plays out with regards to, you know, how this tool is accepted and everything else and what kind of results it does provide. So three different things coming out of Microsoft yesterday. So you know, again more tools for us to be able to utilize as cybersecurity professionals. So it'll be interesting to see what, how well they're adopted. We know that Quantum is constantly evolving and folks dealing with it as well. You've got now this new framework so it'll be interesting to see what ends up coming out of this overall with regards to that. All right, let's carry on.

B

And now a huge thanks to our sponsor for today, Vanta. Your team just added its 67th AI tool and unfortunately also your 67th security blind spot. The good news, the Vanta agent works like a GRC engineer in the background finding every app your team uses, scoring the risk and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey who are shaping the future with AI and staying ahead of AI risk. Get started@vanta.com headlines

A

all right, so there's the headlines. The ad read of Vanta sounds like Fanta sounds like Santa. That was kind of cute overall. But now we get to the part of the show we have reached the mid roll. Let's see if I can get the music to play here. Kind of put it in the background. Hopefully it's playing. Hopefully you're all able to. You may not be able to hear it actually. It's probably because I don't have the browser audio on. See if I can get that off. There we go. All right, well forget trying to play music. Not sure if it's coming through. There's always a live shows all around. But now we do get to the mid roll. The fun part of the show. I got to give a shout out to the stream sponsors again of course to Threat Locker, Anti siphon flare. Definitely check out the links. I know that they'll be in the chat. Fantastic mods. Doing awesome job with that overall. So every day of the week there's always a special segment at the mid roll that Jerry does and today is no different because today with regards to. Let's see if I can get to it here. The. There we go. So the special segment for today is Dan Reardon's the Haircut Fish meme of the the week. And basically Dan's been bringing these memes for a number of years now already. It's really, really cool and love the fact that he is able to generate these memes and do them so quickly. And of course he always does it, picking on Jerry a little bit overall, which I think is fine. But this one I was really impressed to see today. I got a kick out of it. Let me see if I can get this on display. There we go. School for grc. And there's our, our good buddy Jerry Ozier kind of set up as Alice Cooper. Now I, I know for me, you know, school's getting out for. For the kids. Schools getting out for, you know, universities are all done. High schools are finishing up. June is the month where we've got up in the north. I know a lot of schools are getting out in Florida. School's all done now. They're all into summer vacations. But here we have schools out for grc. Maybe we'll see if. If Jerry's gonna be checking out. We know he's taking. He's taking a week off in June as well. Kind of things are gonna be busy for him over the summer. But this one's. This one's cool. I gotta admit, a personal connection here overall with regards to Alice Cooper. When I was a wee. Glad. I don't know how old I was, but maybe 11 or 12. Long time ago, had a cassette. Got a cassette given to me as a birthday present or Christmas present, and it was Alice Cooper's greatest hit. I thought Alice Cooper was a woman until I started listening to the first song, and I'm like, that doesn't sound like a woman. But one of my favorite songs on that cassette tape, because I practically wore it out was School's Out, School's Out Forever. And of course, that was always played on the last day of school. And just a lot of fun memories with regards to that overall. So that was. That's Haircut Fish's meme of the week. School out for grc. Very, very cool overall. Let's see if I can kick it. Yeah, there we go. Coming back to the chat. Hey there. Mark Leva. Good to see you. Glad you're joining us here today. So flavored, you got Phil Stafford, Legratz here, Straw Hat Sack Berg, ssb. Good to see you. Give what? Devin, Gravy, Grady, we got John, JB3B7D. Just whole group of folks all joining us here today. Real excited that you're here. Thank you for being a part of the show today. And real excited. Now, I mentioned something, something at. At the beginning of the show that I'm here for Secret Con, a conference here in St. Paul, Minnesota. And I dropped it in the. I gotta go find it here. But I dropped it in the Simply Cyber Con chat last night regarding somebody I got to meet. Let me see if I can share this here. Not that one. There we go. Was very excited to meet this fine gentleman yesterday. If I can click it, does it zoom in? Yeah, there we go. A little bigger. If you recognize him, drop it in chat. If you don't recognize him, that's fine. But this gentleman way back in 1986, a bike riding hippie, as he puts it, an astronomer put together or started dealing with, started a new job at the Lawrence Berkeley labs. And that's the first rule of secret, don't talk about secret. Yeah, but yeah, I can see folks are starting to drop in the name. But he's an astronomer that was given the assignment of figuring out where 75 cents went to. There was a 75 discrepancy in their accounting off the computers. Now you're thinking why the heck is there a 75 cent discrepancy? Back in 1986 at the Lawrence Berkeley lab, they, they were charged for the time that you use the computer that you logged in because everybody had to log into the mainframe, Unix, the vax, whatever it was and then you were paid for it based off user account. So there was a. As he got went through, he discovered an account called Hunter and then he couldn't find who that was related to who, who owned that account. So he set up a monitoring system to track when that account got used and then discovered the person was coming in on a different account that was somebody had breached password and pretty well spun off a eight month investigation that he called the cuckoo's egg. Well, that is Clifford Stoll. He is here delivering the keynote here today. So I had the pleasure of meeting him last night, sharing some stories and one of the things that came back that as we were talking that just kind of blew me away and made me appreciate him that much more was, you know, this was cool. This was his 15 minutes of fame. It paid his mortgage off on his house. But the job, the role that he's always enjoyed the most, the one that has truly made him prouder, isn't an astronomer, isn't a physicist, expanded dad. And I thought that was real appropriate. Excuse me. Especially with Father's Day coming up. So for him, you can even see right here, he even made his own little name tag. Tore a piece of paper. Made his own name tag. By the way. Yes. If you're asking, that is me wearing a dad joke T shirt. Yes. I did drop a couple dad jokes on him last night. Great reaction overall. All right, so that's enough about what's going on here in this neck of the woods. Let's get back into today's stories, get things wrapped up and I'll be doing the cyber career hotline. So you definitely want to stick around that. But we'll get more to that here in just a bit. So let's bring back up our. Let's get back into our stories.

B

Trump Signs Executive Order on AI Model Reviews the order directs federal agencies to create a process in which makers of frontier AI models could grant the government early access to models for evaluation 30 days prior to releasing them to other trusted partners. To be clear, the order does not require AI companies to submit their models for evaluation. It merely establishes a process and an invitation for them to participate. The order also includes includes other cybersecurity provisions such as requiring agencies to harden national security Systems using defensive AI enabled tools within 30 days and establishing an AI Cybersecurity Clearinghouse within the Treasury Department to enhance coordination of vulnerability scanning, validation and patching.

A

So an executive order coming from the White House, you know, carrying over with the AI talk from before now we kind of see with regards to the digital sovereignty that we saw with regards to what the EU is doing here. Trump comes out with an executive order looking for AI developers to be able to share their models and their information. The key word there is voluntary, you know, and basically Give the government 30 days to check it out, maybe find some backdoors, find some vulnerabilities that they can use. I was reading too much of Cuckoo's Egg. But you know, voluntary is certainly doing a lot of heavy lifting here with regards to the participation. It's optional, you don't have to do it. There's no requirement, there's no pre clearance, there's no need. It's all voluntary. So it'll be interesting to see which folks, which groups, which organizations, developers do come forward with regards to it. Overall, I do believe. Yep, there she is. Diana Kelly, CISO at NOMA Security, had the pleasure of hearing from Diana when it comes to AI. She is one of the people that I go check out and pay attention to to what she's saying. And with regards to her comment, voluntary security programs can work, but only when they create real accountability, coordinated disclosure matured once intake channels, timelines and safe harbor terms are added in there. So, you know, it can't just be something where you go like, hey, come share your programs with us. A lot of the organizations are going to be like, yep, nope, this is our ip. If I start sharing this with you and you start leaking it out to other people, then, you know, lost our edge. And so, you know, it's going to be interesting to see, you know, who ends up coming forward. And it'll be interesting to see what kind of feedback the government provides the different organizations if they do it. But you know, we've known in the past that voluntary frameworks have a mixed track record. Sometimes vulnerability disclosure is really good. But you know, when you've got products that are brand new trying to come out, it can represent or present some problems overall. So it'll be interesting to see what ends up happening with regards to it, you know, technology's moving really, really fast and this is the government trying to catch up. I don't know. But we know that there's a big gap between, you know, the different standards when we're seeing technology move faster than it's ever done before. 18 months were based off Moore's Law with regards to technology of ram, hard drives processing capabilities. Now we're dealing with AI and we're looking at six months, months maybe the technology changing. I mean, I looked at a presentation I gave a year ago on AI and I completely had to refresh it, update it, because all that information back then is not saying obsolete, but it's out of date now and because because of what's constantly changing. So regarding AI, regarding ourselves from, you know, our organization positions, you know, we're having to deal with the technology of AI constantly changing. We have to make sure we get our AI governance going and get that in place. The technology is going to change a lot, but we can get our governance programs in place to be able to effectively manage these systems and keep our organization safe, you know, with regards to what's happening with all the different AI that's out there. Cool. All right, let's get on to the next story.

B

TTP2 bomb shows the wild world of AI vulnerability scanning security researchers at Calif. Discovered a denial of service technique dubbed HTTP 2 bomb. Using OpenAI's Codex, this attack impacts over 880,000 sites that use HTTP 2 and exploits a chain of three old 2016 vulnerabilities to launch a compression layer attack and amplify rates. Unlike other classic bomb style attacks, this attack form floods a server with near empty headers, exhausting the machine's memory. From the per entry bookkeeping, it allocates nginx, Apache, httpd, Microsoft iis, Envoy and cloudflare, Pingora are all vulnerable to this attack. Although at the time of this recording Apache and nginx rolled out patches. Oauth Token.

A

Well, well, well, it must be Thursday. There's another vulnerability out there and patches available to be able to fix it. So NGX, Apache with regards to this HTTP 2, they've got versions out already, you know, so we certainly want to make sure that we're going out and testing those and I have no doubt that there are Cyber criminals out there right now that are already running scans to be able to look at ngx, look at Apache, look at Microsoft, look at all these different systems and see how they can be able to exploit them overall. So certainly within your organizations if you're involved in the patching, because it is an IT process and program, we just oversee the governance to make sure it gets done, but certainly working with it to go. Okay, hey, is this something we've got ready to go or do we have the software, do we have a test system set up? Can we go through to make sure that we, we can get the systems patch? At least reduce the risk of some cyber criminal group being able to leverage this as an attack. But no doubt that they are certainly out there wanting to leverage up and use this as a denial of service attack. And this is hitting a whole bunch of systems. NGX, Apache, Microsoft Envoy, Cloud, Pingora, Cloudflares, Pingora. There are 880,000 Internet facing systems that are going to be exposed to this. So that's a lot of systems. And I, I would not be surprised if their cyber criminals have already got AI tools being generated to be able to go find this and immediately take hold, gain access and certainly look at trying to gain access into organizations with regards to it. So you know, if you've got web infrastructure that's running, you know, HTTP 2, you know, hopefully they're not on the default settings. If they are, you know, this could be something you tweak on those default settings. We know the code is already out there, it's public and this is another one of the ones that AI found. This is OpenAI's codex and we're going to start seeing a lot more of these. And I remember the story last week that Jerry had regarding bug bounties. So you know, it's getting harder and harder from the bug bounties because you've got AI finding so many of these. So you know the gap's narrowing. If the AI is finding it, then you know the AI is going to be out there discovering it and allowing cyber criminals to be able to take advantage of these vulnerabilities. So you gotta patch it, right? Cool, let's carry on.

B

Vulnerable on GitHub dev security researcher Amar Askar released details on a vulnerability that allows threat actors to install malicious VS code extensions that can steal GitHub OAuth tokens when using the GitHub.dev web based source code editor. This is possible because the web editor does not scope tokens to a particular, particular repository. You're interacting with threat actors can exploit a message passing mechanism between Vs Code windows and Webviews using malicious JavaScript to extract the OAuth token. Microsoft was notified of the vulnerability on June 2, an hour ahead of Askar releasing a proof of concept. He cited previous bad experiences with the Microsoft Security Response center for the comically short notice Acer working to patch critical router.

A

Wow, you gave them an hour notice. That's kind of rough overall but you know, we've seen it before with regards to security researchers where they and even in Cuckoo's Egg, you know, they're reaching out to the authorities, trying to get somebody to listen, going hey, I've discovered this vulnerability, it checks out, maybe we should do something to be able to protect. And it sounds like this particular security researcher had problems trying to get get through. And so he said all right, fine, I'm giving you an hour and then I'm releasing the proof of concept. But we're talking about OAuth here. We're talking about one click, you know, your one click OAuth tokens, your single sign on, stuff like that. You know this is affecting specifically GitHub dev, which is a browser based visual studio code environment. There's no patch yet, so okay, we can't patch it. But with regards to the OAuth token being passed, we certainly need to make sure that with this vulnerability that we're being able to go through and make sure, first of all make sure we got backups of our repos. That would certainly be one of things. Make sure if we can rekey or re key those off OAuth tokens that will go a long way as well. But you know, a lot of the times if somebody drops in a link within a GitHub that could be problematic overall. But we know that cyber criminals are going after developers, they're going after code. So that was SolarWinds. We continue to see that overall down the line. So you know, while we have our developer tools, we have the open source code, you know, they're constantly being exploited all the time overall. You know, cybercriminals know this, they know that that's kind of where one of their attack vectors are. We're going after the humans, but now we're also, you know, going after development because that's on supply chain. If we can get in on the supply chain in the code against developers, some aren't the most security minded folks, others are. I've seen the spectrum, I've known a lot of developers over time. So in this particular Case, you know, while we want to trust in the developer tools, you know, we know this one's being exploited. So we certainly want to go through, make sure that our developers are aware of it and educate them overall as well. So it's not really coincidence, I'd say it's strategy on the part of the cyber criminals. You know, AI is finding vulnerabilities in web infrastructure as we heard in the last story. Now AI is finding vulnerabilities in developer tools could eventually seriously happen as well. And if we're not careful, one click is going to basically turn over our GitHub, all of our GitHubs or GitHubs for our own accounts to the cybercriminals with one tight click. Overall, cool. Let's carry. Not cool, but let's carry on as we hear about Acer.

B

In a security advisory released over the weekend, Acer detailed two security flaws impacting its Wave 7 mesh routers. One is a broken access control vulnerability that allows an unauthenticated attacker to remotely access plain text credentials in log archives. The other vulnerability comes from hard coded cryptographic keys that can allow an attacker without admin credentials to gain a backdoor into the router with persistence, as well as decrypt, modify and re encrypt system backups. Acer's expects to release a patch for both issues in its next firmware update, expected by the end of June 2026.

A

So they're vulnerable now is what you're telling me. Again, we've got ourselves another vulnerability. You know, we've got oauth development. We've had the cloud infrastructure developer tools, web servers, you know, you know these are sitting there between our networks either at home. Could be small businesses, you know, our cloud infrastructure, these particular devices being exposed. Not exactly kind of a good thing to have here. You know, two huge zero days and we're going to get updates by the end of the month. Now I know that the. I believe these had. So we've got the zero day. We got the. Yeah, zero day coming in on that cve. The other one's got another CVE attached to it as well. Trying to see does it list what the. Let's see what the open in the new tab. Let's see if we can see what is the score on this one. Where is it going to give it to me. Am I missing it? I could be waiting enrichment on that one. Okay, find that was 4920 and then the other one is 49201. Oh nice. They're back to back. So they're kind of filed at the same time again waiting enrichment. You know we could sit here and throw this on over to. Yeah, no scores there. We can sit there and throw this over to DJ B Sex tool that he's got the. Was it the evss? DJ B Sex. Go check out his website and his particular tools that he's got. His tools. Let's see if I can get. Yeah, his EPS scanner. Let's see if he's got these set up in there. Where are my. There. Let's see where. If he's got score set up in here. And what was the date of release on that one? Always fun doing stuff live. Do we have a date on here published there it is 5, 9, 20, 26. So let's see if we've got anything on the EDS scores. See if I can drop this in and paste it. We'll type it 5 29, 26. Get results. Let's see what comes out after this. So we got an PEPSS score of 0.02. The percentile 7%. So the likelihood of suffering an attack on that is pretty low. Let's have a look at, see if we can. I know the 0 was the other one and this one's.005 15 overall. So not showing up as a vulnerability, at least not yet. But I'm sure cybercriminals are going to be out there looking to be able to try to gain access. So you know, hard coded AES encryption keys in the firmware allows them to be able to attack. You've got a log file that's accessible without authentication. Anyone might be thinking, okay, so you know, this is more targeted our home users. But I think they're, you know, these type of devices could be used within a small business. You know, your small business owners might be out going out and buying these. Some of them might also be using like the Wave 6 or Wave 5 or Wave 4 versions. A lot of times small businesses, you know, if it's working, they're not going to mess with it overall. So there could be some impact from them with regards to that. So certainly want to disable any type of remote management that you might have on it. If this impacts you overall, you know, if your firmware, you know, you may want to disable the firmware, update through the Internet, the auto update until it comes out. Until you know it's out, then do it. But you certainly want to be able to restrict any type of external access and certainly be looking back at the end of June with regards to the the update that comes out for that overall. So I think that I got to the end of the stories and I'm about four minutes early. Let's see, what have we got here?

B

We think of cyber security as a discipline, but when do ideas like best practices and NIST frameworks change that into a system of belief? That's what we're talking about on this week's episode of Defense In Depth. Look for the episode, has Cyber Security become a Cult? Wherever you get your podcasts and if you have some thoughts about the news from today or about the show in general, be sure to reach out to us. Feedbacksoseries.com we'd love to hear from you. Reporting from the CISO series, I'm Rich Trofalino reminding you to have a super sparkly day

A

cybersecurity. A super sparkly day. Well, I guess I can't top that, but yeah, certainly, hopefully you all have yourself a super sparkly day here. I just realized I'd had the house music playing all the way through the time here. Yeah, there we go. Don't know what that was. Probably something off my coffee. Coffee cup. Cheers everybody. But we made it to the end of the show. Certainly some interesting stories overall dealing with, you know, government, state, geopolitical issues. We've got some vulnerabilities that are out there. Got some home devices that are going to be exposed overall. Law enforcement taken down a huge group overall. And you know, again, the vulnerabilities regarding web is certainly out there. I completely forgot at the beginning of the show about the CPEs. I completely didn't have it in my script so I forgot about it. My bad. But I know we've had that in there, but definitely get in there and get your CPEs. This show is worth a half a CP. Come on in here into the site. I know we've had the link in there, but basically, there we go. You come in here, you put in your name, your email address, your check, your box, and at the end of the month you'll get an email from Jerry from the Simply Cyber folks with your certificate. As long as you signed up every day you'll get a total count of everything regarding your CP's that you've had. So you know, you, you figured you've got about 20, 20 episodes a month, so you get about 10 cpes if you listen every day, right? So certainly make sure you fill that form out to get your CPEs for today. You have, I think Jerry now says till the morning to be able to do it. So if you. If you're listening to this on Team Replay, definitely go up there and check and fill out so you can get your cpe or you can take a screenshot of the chat put in there. Today's date with half a cpe. Take a screenshot. Save those if you want. But now Jerry's got this really cool, fancy, fancy vibe coded, awesome tool available for you. So definitely go check that out. So it has been awesome, all of you joining me here today. I didn't get a chance to see how many folks were connected to us here. 240, 42 folks live. I just saw the where it was here on the screen. But this is the end of this particular segment of the Daily Cyber Threat Brief. Stick around as we're gonna get right into the Cyber Career Hotline, where I'm gonna answer your questions. Should I get this or what should I do for this interview? Is this a good job offer? What conference should I go to? You know, I'm gonna be more than delighted to be able to answer your questions. So let's get into it. I'm James McQuiggin at 35,000ft. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. Hey. And so we're back, back here at the Cyber Career Hotline. That was such a fun little video to make overall. But yeah, we're back. Let's bring up the chat. There we go. This is awesome. Me bring the chat up here in front of me so I can see it. Thank you very much to everybody that watched the. The Daily Cyber Threat Brief today. Hopefully you're sticking around. We. We had an awesome meme of the week from Mr. Dan Reardon. Also, it was great meeting Cliff St. If you are here in Minnesota, definitely try to swing by Synchron today. I think they had like 600 register registration, so I know I'm gonna see a certain somebody today who's here. I'm looking forward to that as well. Bruising hacks saying, how do I get as awesome as you? No, you don't want. There it is. Version hacks coming in with the high compliments. How do I we get as awesome as you, James? You don't, because you all are awesome in your own right, your own capabilities. You know, I. This community is fantastic. I love it. It's one of my favorite communities that's out there. You are all awesome. I'm just crazy enough to answer Jerry's texts on A at 5 o' clock in the evening going, hey, can you cover the show for me tomorrow? No problem. Be more than glad, more than happy to. Hanging out with all of you is a lot of fun. So drop your questions. This is the Cyber Career Hotline. The line are open. And when we say lines, we're talking about dropping it in chat. Put in a queue and let me know what questions you've got. More than happy to answer them. Kind of scrolling back here through. Are we a cult? I don't think we're a cult. We're an awesome community. Or if you ever watch the Sons of Anarchy, we're a club. But no, we are a community. A community where we are very inclusive. We support everybody and we empower everybody. I didn't see if anybody had anything in chat regarding any. Any new jobs, any new interviews, anything that's coming up. But certainly make sure you're hitting that, like, button. You're giving me the thumbs up. Oh, Kyle. Kyle came up with a fun question. Here we go. What Central Florida conferences should we go to? All of them. I know Issa meets regularly, monthly, the ISE2 chapter with our good friend FedEx. He's the vice president. I'm the past president. They meet twice a month. They do a virtual breakfast. The next one is Next Wednesday on June 10th. And then they do a face to face meeting. You have Citrus, you have Citrus, they meet the end of the month. You have Space Coast Tech, they meet. I can't remember when they meet, but then there's also the ISC2 Space Coast. They meet the Tuesday after the ISC2 Central Florida chapter meeting. So that's the fourth Tuesday for Space Coast B sides. Always a pleasure to go to BSides. Also here in Central Florida, we have Infosec World coming up later this year. If you can get your company to pay for it, then definitely do it because it's not a cheap one to go to. So definitely be looking at that. But yeah, a lot of good conferences that we have here in Central Florida, but definitely check out the chapters as well. So. Hey, Mike and Druzy, Good to see you on here. This is Good. Thanks. The eMore 151 oh video is super clear. Do you mind? Oh, you just tugged on my heartstring. Do you mind sharing your camera and lighting used in your mobile setup? I kind of had a feeling somebody might ask. And one of the things I did is I texted Jerry before the show what my setup looked like. And I actually have it here. Let me see where here it Is here. There you go. There's my setup. This is what I'm sitting in front of right now. I got two lights. The. The one light that's up here to my right is actually the light that's here in the hotel room, which works great. I love this. I wish I had this in every hotel room because it's got a. An arm that can, you know, I've got it angled up so it's giving me a warm light. But then I also travel with a light that's on the left side of the screen that you see there. That's my travel light. Usually I put that in front of me, put it at a 45 degree angle. What you see also is my Zebic monitor setup. This is. It fits over the center one and it folds out. And I've got two 1920 by 1080 resolution screens. It's. I usually. I've had this and then I've got a portable keyboard mouse and I'm using my AirPod for this. I found that the AirPods work really, really well for audio. And I used to carry. Used to travel with a microphone out of old kit. But I find the AirPod works just as well. It's small enough, it kind of hides out. And the audio sounds like it's coming through. Certainly has for the last hour. Otherwise, I didn't say anything in chat, but this all goes in my backpack. And then I have. I have a stand as well. So that way the camera is straight on rather than pointing up at me. So that's kind of how my gig. That's kind of how my setup is. I've also got a little cell phone holder as well that's kind of hiding behind the monitor. Of course, you can see my cup of coffee. I got some dice left over from last night. I got all my stickers. And you also saw the cuckoo's egg copy of the book that I had sitting there. So. AirPods. Yeah, that's kind of how my setup is. So thanks anymore. I appreciate the question. Let's see, what other questions do we got here? Cult personality. Is Security plus still the baseline? That is a. Let me get back here. Nope, wrong one. Nope, that's chat. Camera with chat. There we go. Too many. Too many selections to choose from. So is Security plus still the baseline? I guess it depends on what baseline you're talking about. It depends. I know everybody hates that, personally. If you're looking at doing cybersecurity, Security plus is a good baseline. You could also look at the ISE2 certified in cybersecurity that you can find. They were offering it for free. You could take it now. I think it's like 50 bucks a month. Let's see. Do I have. Yeah, got it working? No, your location never allowed. But the CC is really good. Oh, there it is. Exams, 200 bucks. The peace of mind protections, another hundred bucks. So 300 bucks if you want a peace of mind. But this goes. So depending on what your security plus cost versus the cc, both are really good as a baseline to get things started overall. So that is something to consider. You can look at the CISA, the CySA plus, that's another CompTIA one as well. That's out there. But it kind of depends where you. Where you want to go. I know. Also certification roadmap, one of the other things to look at. Let me bring up the browser back here. This particular one here, this is Paul Jeremy, he has it. I don't know if I can drop it in chat, but I will drop it into the discord. Let me close out here. I'll go into the. Actually, let's see. Can I drop it in chat? Yeah, it took it good. Listed me as host. But that particular gives you a roadmap. So depending on which field you want to go into, and that's kind of the key thing, do you want to do network security, do you want to do identity access management, security awareness management, testing, red team, blue team, that kind of thing. Depending on what you want to do. This is a great site to be able to go through and look at all the different certifications and figure out what your roadmap is overall. I know Jerry's had this on his site. I share it with all of my students all the time. So definitely. Yeah, check that out. Overall, great question from that guy jk. Let's see. There it is. Yeah, let's see. James Corrigan. Sounds like a cult. Yeah, I guess so. So flavored. That's good tech. Grunt goes, yes, we are a cult. A cult of personality. Very good tech run. I like that one. J.T. gorman coming in with a question. Hey James. I just got involved in my company's patch management process. You gotta betcha. I was wondering what criterion factors should be considered when deciding what users and devices are placed in a ring. Well, that's an interesting question. In a ring. Just got involved in company process yet. I was wondering what criteria factors because they're deciding what users and devices. So if you're talking. Talking about with regards to which ones get updated, which ones are part of the systems that are part of that patch cycle, the qa, the testing that you do, you know, I right out of the gate the critical ones are going to be all your external facing ones. Those are the ones you've got to get through the patch process tested and get them released. Because we know it's gone from days to and weeks now down to hours of where cyber criminals start taking advantage and exploiting systems overall. Let's move me up a bit. There we go. You know, with regards to that it's certainly you want to get them QA if you want to get them tested and get them rolled out because those systems are exposed and you certainly want to make sure that those are tested right away. Users, you know, if it's users on who's got access, you know, only the necessary folks that should be having access. With regards to that overall, that would kind of be where I would start overall. Hopefully that kind of helped with your answer. If not, just kind of give me a follow up, be able to provide more info there. Cool. Cult is short for culture so I'd say yes. Oh, there you go. Orlando. I like that. That's kind of cool. Coffee cup cheers from folks. Yep. Coffee cup cheers. Looking through the chat, seeing what questions. What is the background music? Yeah, the music I got playing, I kind of came across it. I can't hear it in my earphone because it gives me a weird echo. But it's the minimal house music that comes with the Restream with this platform that Jerry uses for his. So that's what it is. It's just. I like it. It kind of gives a nice undertone. So overall I kind of like it. Ah, gooden Morgan meinfrouden. Space tacos. Very good. Here we go. Quiet kids 1. You gotta watch out for the quiet kids. On last semester of college about to obtain my AAs and CS. I'm guessing you're associate secure or associate of science or arts and sciences in computer science I'm guessing or cyber security. I don't have any certs yet but was wondering what advice would you give to someone out of college with a degree in cyber security? Computer science looking for employment. How much time do we have? So quiet kids, you've got your degree. That's your first step. That's awesome. You can look at the. I still, I think I still have it up over here. Let's see, does it show up There it is. The certification roadmap. Certainly def. Go check that out. I provided the link a little while a while ago figuring out what it is you want to do where you want to go. You know, hopefully with your education you found an avenue or you found a variety of different, different areas that you want to focus on with regards to cybersecurity. Depending on what that is. You can look at the search that are there, you can start with the cc, you can start with Security plus, but it's all going to depend on where you want to go. If you want to do pen testing, there are specific pen testings that you want to look at as well. So figure out what area you want to focus on, head towards that, look at what the different certs are on the roadmap and then, then you would be good to go overall. So good luck with that. Quiet kids. Keep us posted. Congrats on completing your, your degree, getting that certificate, getting that AAS degree as Ric Flair always does. So yeah. Cool. All right, next question we've got coming in here. Let me get back into mod chat here so I can see if anything's exciting happening there. Any specific AI tools, tools that we can leverage to complete security controls such as NIST 800757, Redvision 5 cyber GRC mafia that's coming from ad tech. Any specific AI tools we can leverage to complete security controls. So AI tools, I know there is, there's commercial tools that are up there, there's a variety of CISO type tools that are out there. Buddy of mine created Compile, there's open grc, but AI tools, I mean you can even leverage the large language models that are out there with, with Claude, with Gemini, maybe even Chat GPT, but going through and you know, you may want to do it where it's in house without uploading all that sensitive information. But I also have to imagine that there might be some AI GRC tools that are out there as well. But for me, I think I would be certainly going through and looking at leveraging the large language models that are out there with regards to, you know, looking at, trying to make sure you, those controls, you know, it could be something where you upload what the control is and ask what type of evidence would be needed or provide a template or the template for the policy overall, because that goes a long way and being able to, being able to identify what controls, what evidence you need for to support the control overall, that would be kind of one of the ways I would go. I know that a lot of folks here are going to be very supportive. They might drop in chat as well. What AI tools they recommend. Certainly a good question. There's a lot of we're seeing so many different tools that are out there and AI tools are coming out every single day. So certainly I would start with the larger language models, check with other GRC folks, see what they're using and go from there. Sorry, FedEx, I don't have my sippy cup with me. It sits back at home on my bookshelf. I also didn't think I was going to be doing the show on the road, but it's all good, so no safety cup for me. Any recommendations for home laptops suitable for labs with multiple VMs and large language model Labs coming from Tom L. Iron Zeppelin? It depends, and I know that's the answer everybody hates to see. But you could get an old dell like a G7, you get something with an intel processor, get something that can load up with a bunch of ram, get yourself solid state drive in there if you can, and load up your virtual machines are going to take a lot of space. So if you're going to have, if you're going to load all your labs and have all your VMs on the one machine, then you need certainly a powerhouse system. Otherwise you can get yourself a bunch of Raspberry PIs and load up with Kali, load up with Metasploitable. You could have a couple laptops set up our network together where you could have, you know, Linux running on one, Kali on another, Windows on another one. The exploitable machines that are out there, Metasploitable, you've got. There's a. OWASP has an exploitable system. You can get the old Windows machine in there as well. So there's a lot of different exploitable tools that you can load as VMs on systems. You might have one laptop be the attacker machine, one set up as your victim machine and it's got all the VMS loaded on it with all the different vulnerable VMS sitting there running and then you attack it through a firewall, that kind of thing, you know, whether you get old machines, whether you get newer ones depends on what your budget is. If you're a poor cybersecurity student or somebody that doesn't have a lot of money, Raspberry PI's are a good way to go. Buy secondhand laptops, you know, that are two or three years old, four years old, they'll still be able to carry what you need with regards to doing the VMs overall. Cool. Definitely keep these questions coming. 300 for the CC. Yeah, it is now. They were offering it for free that had expired because they were reaching open to get for to a million I guess they hit it and they turned off that cap that function or that ability to be able to get it. So sadly yeah, no longer available to be able to taking that take that search for free. So 300 bucks. I'm not sure how it compares to the security plus that's out there whether it's you know, comparable the same cheaper but hopefully it's comparable. Got a question here from Light pink soap. Not to be a Debbie Downer but how do I as a junior analyst not let the state of the market or per progression of AI discouragement things feel bleak realization check as much as we are happy go lucky, very supportive in this community it isn't easy. I met somebody last night at the dinner here at Secret Con. They are looking for work as well and I'll share with you the advice that I gave them which is advice that I give a lot of people when it comes to trying to get a job. Jerry said it, we've had it on the cyber career hotline when we talk about it as well is you got to make yourself marketable. You've got to get out there and be networking. And I compare it to what my daughter is going through, my oldest daughter who is an actor trying to get the gigs, get the work in the entertainment industry. She's a five foot female, red hair, beautiful singer, unbiased, I know, but beautiful singer, wonderful actor and strong mover. Sadly, there are hundreds like her that are out there and it comes down to how you market yourself, how you network, how you make yourself stand out, how you make yourself marketable. And that is what is needed right now in this industry. If you can be out there networking with people, volunteering at events, getting to meet people that eventually, you know, can help you find a job as well, that's not always going to be the case. It is a long road. But keep applying, keep connecting with people on LinkedIn. Make sure, you know, go through, comment on things that you're seeing, building up that network on LinkedIn, you know, asking around. So you what kind of jobs? If you have events that are in your area and they've got vendors, go and talk to them. But certainly you want to keep pushing. I get it. It's not easy. I kind of went through that for several months when I lost my role at the last organization that I was at. But it's a matter of just kind of pushing through. It may be something where you have to take another job and then work your way back into cybersecurity or within that organization, work your way into their cybersecurity group. That is another way that I've seen folks do that as well. So certainly look at that. But good question there. That roadmap is huge. Yeah, we're talking about this one. Wrong. There it is. We're talking about that one. Yes, it is huge. It's got. Because cybersecurity. We're a mile wide. You can't see. There we go. It's seen a mile. We're a mile wide this way, actually. I know what I can do. It's all about effect. Right? There we go. We're a mile wide and an inch deep. So yeah, when it comes to that browser, yeah, there's a lot to it. It all comes down to what you want to pursue and where you want to go from there. So definitely that's definitely the case. Overall, great map. Used to plan out my cert pass. Good to hear Phil like that. Cue the always sunny meme with explaining the roadmap. Oh, yeah, there you go. Let's keep scrolling through everybody talking about the roadmap, the CPE today. Today's headlines. AI search would be a good path if they. And I haven't seen a lot of. I've been hearing some come out, but there hasn't been any that has been like, oh my gosh, you got to get this AI shirt so you can get an AI job. I think there will be AI search, but it'll depend if there's a particular area you want to go into too. Something specific you want to focus on. Just like any of the other shirts that are out there as well. Kyle. Kyle. Waiting on my B sides Beyond Yang coffee mug. I have a buddy of mine, he's got a bunch of those as well. Let's see. Is there a thing called automotive cyber security? Like because cars are computers and there can be some computer. Computer security threats there. Jazzy Jazz 88. You are absolutely right. Nowadays, especially like the Teslas, the evs, all the new cars that are coming out, they are essentially computers on wheels with a steering wheel. We're seeing more and more of those screens, more and more of those computers. Charlie Moore I think even did like Gosh, it's 10 years ago now, I think. But basically demonstrated how. Let me see if I can find it here. Can bus attack as he was attacking cars overall. Let's see if I can. Where is my cat and browser? There it is. I wasn't. Oh, it was Charlie Miller. Not Charlie Moore. Charlie Miller. Sorry, Charlie. But his can bus attack. Where he targeted a Jeep. Yeah, 11 years ago, 2015. Basically the full story. How he targeted the Jeep, was able to gain access. That was conspiracy. Actually. I just saw the wired one. Let's see if we can look at that one. But yeah, hackers remotely kill a Jeep on the highway with me in it. Who's the, who's the author of that one listed anyway? Oh, it was Andy Greenberg. Okay, Andy Greenberg wrote some great books, Sand Worm being one of them. But basically we've already been attacking these cars. You go to DEFCON and you will see, see at defcon they have a car hacking village. So yeah, there is automotive, I don't know specifically automotive cybersecurity for calling it that. But that's kind of what it is, cybersecurity for cars, for mobile transport. But that's certainly the case. Yes, they are computers, just like anything else. They need to be secured. We don't have enough security in it. So hopefully we get more folks that are engaged with that to be able to be able to protect it. One of the things I just realized as I've been yapping here is some of you don't even know who I am. So my apologies. I didn't really do the introduction at the beginning, but I'm James from Quiggin, of course, Jerry calls me James Quiggin at 35,000ft. Because I do a lot of traveling for my job. My job now is I work for Parent Security, the company that I formed to do contract work supporting some organizations now and really, really enjoying it. But spent six years working for Nobe 418 working for Siemens. Done everything from network security, security awareness, incident response programming, industrial control system, security building systems programming, all kinds of stuff. Did a lot over the years and now we're beginning to be realizing I'm one of the old guys. I was chatting with somebody yesterday. It's like, you know, I used to be the young guy in the room, now I'm the old one. But that's okay. I got lots of experience, I got lots of stories, lots of things to share with all of you. So excited that you are here joining me here today, folks, coming in with other support regarding what certs Grab a network. Security, Security plus maybe a cc, hit up one of the security vendor companies. Start a position, then reputable business, jump up the monetary ladder. Works 90 minutes, 80 to 90% of the time. Coming in from derelict my. Yeah, okay, fine. Let's see what other questions when we got about five minutes left. Wow, time has just flown by. This last hour has Been crazy. Oh, this one looks like fun Coming From Secret Agent 0011. A user clicked on a phishing email in the work email on the work phone and entered password. It reset email password but now two numbers are showing for their imessage phone has intune. What next should next steps be if it's showing two phone numbers. You know a lot of phones nowadays have an esim so depending if they entered in their password. Oh you're, you're saying two numbers are showing for their imessage coming in through intune verify which is their number and block the other one. I would certainly say we don't know what's on their phone so they may want to do a system restore system reset on their device overall just because we don't know what other malware may have been loaded that would be kind of my first step. But if they've got two numbers, certainly verify which is theirs and then get rid of the other one. And if they've got a second number in their on their phone then just have one, pick one which one they're going to use. But yeah, certainly want to make sure that they have their phone hasn't been compromised. You may hopefully have also done a password reset on their. You didn't email password reset but then maybe have a look at their system as well. Monitor their system. But definitely may want to consider doing a wipe and clean reinstall or recover from a backup prior to their attack. Overall, does that mouse pad say dad click? No, it says don't click on that. Probably one of the few things I have left from know before because when. Because I was I talk a lot about the human aspect with regards to cyber security and the number one rule is always don't click on stuff. So yeah, that's what that mouse pad says. Let's see Juice shop. Oh yeah, Juice shop is really good. Coming in from Kai Kyle for building those home labs. Juice shop has got a lot of those great exploitable systems testing systems. Definitely recommend that PF Sense metasploitable Kali security engine. All excellent tools. Definitely consider having those. PFsense is great if you can either get a physical firewall loaded on or use another laptop as a virtual machine and you have a firewall set up so that that way you can restrict access and everything else. Cuckoo's egg is the goat. Yep, greatest of all time. He won't say that after chatting with Cliff last night. Yeah, he's very humble guy, very down to earth, very eccentric. Really, really enjoyed chatting with him last night. Looking Forward to his keynote today at noon here. Let's see metasploitable 2vul hub. Yeah those are all over the wire for re free for red teamers to practice. Excellent. Good resources as well from John. Let's see when any other questions? We got a couple minutes left. I gotta get my dad jokes over to Jerry today as well as he travels back from from from Cisco Live. I actually came across one last night that I literally laughed out loud on. You'll have to wait till tomorrow to hear it because Jared will read it at the mid roll tomorrow on my on the dad jokes. Certainly it's going to be I, I liked it. I, I laughed out loud. Everybody's humor is a little different but for me I got it kicked out of it and it's a hacker one as well so. Or hacker theme cyber security theme one as well do to do. Let's see what other fun things we got. Love the chat going on with everybody. Oh, here we go. This might be the last one. Question. I'm in IT Cyber for the last 15 years. High pressure management roles and now the main thing in my head is take a couple years off work. Work life balance is key. That's huge. Do you think it's a good idea with the current job market? Huh. Well it depends yet. Toyo, how confident are you with regards to your network? Are there people in your network that you think that, okay, when you decide to come back in that you would be able to get another job quite quickly. If you're going to be relying on putting out your resume and hoping your experience gets you the job, that could be problematic. If you're going to take a break, that's fine. You also want to make sure you stake that on your Resume and on LinkedIn as well because I know sometimes when people take sabbaticals it's like why did you take a sabbatical? Because you had a. You can't ask why but they'll be, you know, their minds go off racing and it could be something because like what Rick Moranis did, he took 10 years off so he could raise his kids. You know, the way the job market is, is challenging but a lot of it comes down to you know, who you know and, and what's out there and that's available for the particular role you might have. I'd be maybe looking now seeing what's kind of out there and see if there's something, you know that that meets your needs overall. But it comes down to what you think is best for you. Maybe for your family, maybe you want to take a break. Work life balance is huge. And some people are like, nope, it's all about work. You got to be working or you're not doing anything. And so like, you know, I've worked with a lot of different folks in a lot of different cultures, you know, and the work life balances, you know, I'm, I'm working to live. I'm not living so I can work. You want to make sure you've got that mindset as well. So you know, my favorite answer of it depends. But certainly make sure you're looking at the market, you know, try and see if you can find another job that comes along long and, and see if that's something that, you know, maybe they would be willing to wait a month for you or a couple months. Overall. Last question I'm going to do because we've hit 8:31. Maybe a dumb question, but approaching the roadmap, should we pick a beginner intermediate expert cert? Well try ken or try K3N. Depends where you are in your industry. Again, it depends if you're beginning in your, you've got a degree and now you're looking, looking to get a beginning cert. Look at all the certs, look at the beginner, look at the intermediate, look at the expert, look at what their requirements are for you to obtain the cert. It's not just a matter of passing the test. There are, you know, could be particular requirements relating to how long you've been in the industry, that kind of thing. So make sure that you check those out. If you meet the requirements and you can pass the intermediate cert, then go for that intermediate certificate. Overall. So cool if I didn't get to your questions. Definitely come back tomorrow. We look today has just been an absolute blast. I've had a lot of fun hanging out with all of you, not only for the daily cyber threat brief. Thank you for listening to whatever advice I was able to provide. Hopefully that was helpful for you. Certainly the cyber career hotline. I love doing this, like love being able to talk with all of you. Granted it's a one sided conversation, but I look forward to the day where I get to see you in real life when we're at a conference and we can chat even more. So big shout out to all of you. Special thanks to Jerry for letting me be a part of this community and being able to support all of you, empower all of you with regards to your work. We're all inclusive, everybody belongs and real excited that everybody's here. So on behalf of Jerry, on behalf of the Daily Cyber Threat Brief, Simply Cyber, and the Cyber Career Hotline, thank you all for being here. Have yourself an awesome day. Hopefully I'll see you tomorrow. Maybe if I'm on the side Career Hotline panel tomorrow. If not, have yourself an awesome weekend. Have an awesome time. Take care, everybody, and thanks for stopping by.