A

Foreign. What's up, everybody? Welcome to the Daily Cyber Threat Brief. James, I see you here. If. Are you in a position where you can take this? I can't hear you. I can only see thumbs up, thumbs down. All right. Hey, what's up, everybody? Welcome. This is Daily Cyber Threat Brief. I'm your host, Dr. Gerald Ozer. We are dealing with a bit of a disaster right now. Normally when we're coming from the hotel or we're on the road or whatever, it's business continuity. You're. You're continuing to deliver, but in a diminished capacity. I came in half an hour ago into the studio, and my main rig is having significant mixing board issues, which, you know, the show doesn't work if there's no audio. And so I hopped on the old laptop here, the old mobile setup. But the. It's always audio. It's always audio with this show, man. The audio is not. Not getting picked up. Not getting picked up. So I'd have to. I can do the show. You just have to give me a few minutes because I have to pull out my gear from my travel bag and then figure out what pieces are part of my home studio, what pieces are part of my travel kit. So it's a bit of a hot mess. I see James McQuiggin in the studio. James, can you do this show for a minute while I unpackage myself? All right, all right, hold on. Here we go. So this is amazing. So listen, sometimes when you're dealing with cybersecurity incidents, you have to call external incident responders to come in, those who are ready with the little go bag to deploy, and that's what we're going to do right now. My friend, dear friend James McQuiggin is gonna slide in here and save the day. James, how are you, buddy?

B

I'm doing all right. How are yourself, Jerry?

A

Good. I'm good. I'm not losing my mind here. It's just. It's just I t. But, dude. Yeah. Not all heroes wear a cape. So, James, let me throw it to you while I continue to troubleshoot, and maybe I can slide in here. Don't. Don't worry about the ads. I'll. I'll do those a little bit later.

B

All right, I'll kick us off. Welcome everybody in. And I can probably do. I can do your ads for you, and then.

A

Okay. All right. All right. Well, then, ladies and gentlemen, I'm gonna pass the mic to my man, James McQuiggin. James, thank you. Literally, it's like I have fire that's on fire here.

B

Dumpster fire is on fire itself.

A

Yeah, yeah, yeah. All right, well, I leave you with James. Thank you, James.

B

All right, we'll see you in a bit. Good morning. Everybody talk about, you know, and it was funny because ad tech was in there earlier going, hey, is Jerry in the house? Or, you know, we're gonna have Jerry back in the room. And it's like, yeah, no, I know he's home. I. We chatted last night, and I'm sitting here working away. I'm still at secret Con here in Minneapolis, but not Minneapolis, St. Paul, Minnesota. You got to be careful because you can't upset the. The Minnesotans. And I look at my clock and it's like 702, and I don't hear Jerry, and I'm like, oh, my gosh. So I jumped in here with that. So. Good morning, everybody. Welcome to the Daily Cyber Threat brief. It is June 5th, 2026. This is episode 1147. 1147. Don't ask me to do the binary. I. I didn't prep for it. It's probably episode 47B in hex code. I did look at that. But if you are looking to stay current as we get things going here, you're looking to stay current on the latest cyber security stories. What's going on in the industry. Looking for a little education, maybe a little entertainment. A little entertainment today because I know at the mid roll, Jerry's gonna need some. Some good belly laughs with the dad jokes I sent him. But you are in good company overall. We got a bit of a delayed start, but let's. As Jerry likes to say, let's get cooking. All right, we're back. Good morning. Hopefully everybody's hearing me coming in nice and loud and clear. You're all having an awesome Friday overall. You know, it's just kind of like you got to dive into the. Dive into the fire, got to run into the. The burning building to help save the folks. And that's certainly what sounds like what's going on with Jerry. He'll be back here shortly. I'm just gonna get us to get the show going, get us moving. But, yeah, you know, I gotta imagine people that are here for the first time, people that have never seen the show, and they're like, hey, I heard about this. Simply cyber. Let me go check it out. They come in here and they got the dumpster fire. It's all good. It's all good. You know, we're gonna. We're gon you the news stories of the day. I'm just having to quickly get my gear, my setup going here. It's not, this is not something we just kind of jump on camera and go, woohoo. Hey, everybody, guess what? No, it's, it's like I had to get my audio set up, have to get everything going in. But if you are a first timer, if this is your first time on the show, please, please, please drop us a hashtag. First timer in the chat. We would love to know that you're joining us for the first time. I'm trying to keep an eye on the, on the chat as well, but if you are a first timer, let us know. And we have an awesome emote that we like to use. It's the John McLean from Die Hard. Welcome to the party, pal. I know I've, I've been saying that when I see folks coming into the communities and the communities are strong, whether it's here at Secret Con, whether it's ours with the, the Simply Cyber group, whether it's BE or Isaac, whatever, you know, there's lots of great communities all around and hopefully if you're joining us, because this community is all about support, it's all about inclusion and it's all about empowerment. If you've just graduated, you got a job, you got an interview, you got something going on, let us know, drop it in that chat. We would love to hear because we want to help celebrate you, help empower you to build up overall. Also, if you're coming to the show, you might be looking for some CPEs, continuing professional education credit credits. This is a show that can deliver. One of the cool things is, is Jerry does provide a half CPE and he's got his website for it. I am going to very skillfully here, see if I can bring up the website for that cyber threat brief. Simply Cyber. There we go. Let's see if I can swap on over to the. The right camera for it. Nope, it's not there. Let me see if I can. This is always the fun part. Try to do this on the fly because, you know, that's what this show is all about, is, you know, making it work and coming for all of you. So let's see there. I think this is the right window. Yep, there it is.

A

But.

B

And of course it's not. There we go. Let's get that in the right space. There you go. So you have your daily cyber morning threat brief. If you haven't signed up, you come up here to the little CPE icon, click on that, you get to fill out the form. Get your CPEs, your half CPE credit and be glad to help you out overall with regards to that. Okay, so let's see. Talk to. Welcome to everybody. Did first timers, did the CPEs. Oh, we got to talk about our stream sponsors because this show, as much as Jerry loves to do it, we can't do it without the stream sponsors. So first up we have Flare. Right now threat actors, they're not able to break into systems. They're not lot. They're not breaking in, they're logging in. You know, they're out there stealing those credentials and everything else. And Flare Cyber Threat intelligence platform combs through the dark web looking at those info stealer logs and any of those criminals telegram channels to find those compromised identities. And that's important because not a lot of organizations know about what of their accounts has been compromised and what's sitting on the dark web. And Flare does that. So definitely check them out. You can sign up for a two week free trial there over on Simply Cyber IO Flare. So let's see the other sponsor that we have can't, we cannot forget about anti siphon training. Love these folks. They've got their threat summit coming up here June 17th and that is a free. Did you hear me right there the first time? A free training that they've got available all day Summit, some fantastic speakers that they're going to have. Our own Wade Wells is going to be doing a training. He's doing a two day CT101 training. So definitely check that out. You've got the full day live training and then you the full day summit and then you have the live training that's there as well. And then finally, cannot forget about our friends and we never would and threat lockers here at Secret Con. But we have Threat Locker that are there to handling the Zero Trust app issues. They've got their own deny by default solution, enterprise grade, trusted by major organizations and the federal government. But if malware tries to run on an endpoint protected by Threat Locker, it simply won't run. So definitely check out Threat Locker. And I don't even have my coffee. But let me see here because I literally jumped in the fire for Jerry here. I didn't even get a chance to spin up my podcast and get today's story. Let's see if I've got the right story here. I don't even have the the website up yet, but give me just a sec. We'll see if we can't get these stories. But let's get our first story going. I know Jerry's gonna jump in here and save me once he gets his audio up and running, but we will. Oh, look at this. Got to verify I'm human. Click the checkbox. So here are stories kind of giving you the secret sauce here, but the let's get the first story rolling here. It's going to be about a Chinese hacker group. Surprise, surprise. All right, let's hear the first story. Let's get into this. Let's roll. Lines are available every weekday. Head to cisoseries.com for the full story. And it helps if I play the right story. Helps if I play the right day. Here we go. June 5th. Here we go. From the episode series, it's cybersecurity headlines.

C

These are the cybersecurity headlines for Friday, June 5, 2026. I'm Steve Prentice. Chinese cybercrime group sets record pace. According to Proofpoint, the group currently tracked as TA4922 has, quote, been escalating activities and expanding to new Geograph. It uses social engineering to deliver malware and engage in credential phishing and fraud schemes such as credit card theft. The group does not appear to be involved in espionage, but instead appears to be financially motivated. Using hr, payroll tax and invoicing themes, the group has started to expand beyond its current targets in Japan, Taiwan, Korea, Singapore and India to now also focus on organizations in the U.K. germany, Italy and South Africa using messaging platforms such as WhatsApp and Microsoft Teams, Cisco.

B

Pause. There we go. Good. All right, so here we have a Chinese group that have been, you know, getting themselves out there utilizing the lay of the land tools, tools that we all like to use, WhatsApp and Teams and everything else. But, you know, the, the tracking of this TA492,4922 malicious email campaigns, and they're looking at remote access. You know, nation states are always jockeying for more intelligence, always jockeying to be able to get into organizations, into government facilities. Heck, reading all about, and I'm going to do it again, but reading all about the cuckoo's egg. If you haven't read this book, you have to read it. But that was KGB looking to buying secrets, buying ways to get access into military operation sites. Now granted 1980s security. Yeah, was, you know, they took it seriously, but they were, you know, using those very, very weak passwords. But here in this particular case, you know, trying to gain access, trying to gain a foothold. Not necessarily looking to attack, but looking to gain access into those environments overall. So, yeah, of course, credential Seating, phishing, imposter scams. You know, they're always going after the human, always going after the, the, the end user, the person sitting behind the keyboard. Because, you know, essentially when it's a, when you think about it, everybody that's got an email address has a key to the front door. And if they can get somebody to be able to click on that link, be able to cough up their credentials thinking they're logging into their webpage, then that's what they're going to be doing. And so leveraging, you know, leveraging the human to be able to gain access, you know, looking into, you know, hr, leveraging these remote access tools, whatever it takes to be able to gain access into these organizations, always constantly developing and creating new tools as well. So cool. All right, so that's the, the first story down for the day. I'm, I'm hearing Jerry's running into some issues with, he's swapping cords. It's a USB issue. So let's get on with the, the next story. I'm great to see folks dropping messages in chat with regards to what they're thinking is going on with the stories. Not a problem. Always like to have everybody's feedback because, you know, this is that awesome community that we got. Cool. Let's have a look at the next story.

C

The critical Unified CM flaw with proof of exploit code the company has now released security updates to patch a critical severity Unified Communications Manager flaw that is Unified cm. The flaw allows attackers to gain root privileges. This product, formerly known as Cisco Call Manager, serves as the central control system for Cisco IP telephony systems, handling device management, call routing and telephony features. The vulnerability, which has a CVE number, can be exploited remotely by threat actors without privileges in low complexity. Server side request forgery attacks. It has earned a critical rating because exploitation of this vulnerability could result in an attacker elevating privileges to root. Cisco's product security Incident response team says it is yet to find evidence of active exploitation or targeting of this exploit.

B

So it's Friday. It's another vulnerability. It's another thing that we've discovered where there's a backdoor access into a product. You know, I, I did a number of years working doing product security, you know, we did. And I can attest, you know, we don't put products out there with, you know, the expectation that there's these vulnerabilities, but people do find weaknesses, you know, security researchers and everything else. And so with this particular one, and I know folks that are at Cisco, you know, Having this vulnerability, I'm sure is not something that they wanted to deal with this week, deal with overall. But this particular vulnerability, you know, it's got a CVE number they've got, it's got a high, a high it doesn't have. They're not seeing anything being exploited in the wild, but it does have a high value to it. I know Jerry and we, and I know DJ B Sex in the room. He's probably sitting there running it through his, his EVS score over to kind of see the likelihood of somebody doing that attack. But of course, here you have a system that's used for communications. This is exposed to the Internet. They don't have any workarounds for the vulnerability. You know, welcome to the joys in the world of information security, cybersecurity when doing it. Oh, Roswell UK dropped it in here. Cisco Floss CVSS three one eight point EPSS is 0.02% 4.96. I'm going to show this on the screen. Roswell. Thank you for dropping that in chat. Saves me from having to fumble and trying to go around to another page. But yeah, CBSS score 8.6. EPSS is sitting there 0.02. So a small likelihood, but I have to imagine the story's now out there and cyber criminals are. They're not sitting in the basements. They're constantly scouring the, the, the stories as well, hearing about what vulnerabilities have come out. For all we know, there's somebody's creating an agentic AI to be able to go out and search for these systems. Because we have Shodan. You can go out and use Shodan and go out and find what devices are connected. You've got using those mass scanning tools to be able to go out and find where these devices are and being able to then exploit them and take, take over with it. I wouldn't be surprised if we start hearing about rumblings of, you know, cyber criminals gaining access, nation states gaining access in through these tools. Now the idea will be, okay, they gain access into that system, how are they then going to leapfrog to other systems? Can they do that from there? Can they use that as a jumping off point? Can they use that as. Yes, that's the entry point. From there, where can they go? Can we mitigate the risk that's behind that system? And usually when you have something like this where you can't mitigate it, you can't patch it. You got to patch it. Sorry, couldn't resist. There is usually the opportunity where you can mitigate the risks that are behind it. So. Or you end up shutting it down, you end up secure isolating it, or you find another solution. But it sounds like with the Unified CM administration interface, it's heavily interactive with a lot of the Cisco products that's there, so hopefully they can get a update out very, very quickly. You know, they've also had other backdoor accounts, so they've had their fair share of issues with this overall. But great info coming in from Roswell UK incident directly echoes yet the 2045 one earlier this year. Yep, that was in the, that was in the article. You know, you gotta love it when you've got these products that are out there that have these vulnerabilities and there isn't a patch yet. And I know with Cisco Live, I'm sure there was probably engineers that were busy working on trying to get the get this issue resolved overall. So cool. All right, let's keep cooking. Let's get on to our next story.

C

Hackers spied on a stock exchange executive's Outlook mailbox for five months According to researchers at Symantec and Carbon Black's Threat Hunter team, a hacker spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange copying inbox content in small repeated batches and routing them through Dropbox and OneDrive so that the traffic blended into normal cloud activity. The researchers say this points to an espionage campaign rather than financial theft or data theft, noting that the executive's inbox can hold non public listing details, enforcement matters, deal terms, market moving plans, as well as the executive's own calendar and contacts, giving the hackers broad access to other business systems. By the time the first malicious activity showed up on October 10th of 2025, quote, the attacker was already running two binaries as system, which is the highest Windows privilege level, one faking Adobe's updater and the other faking OneDrive, meaning they had full control of the machine, while how they got in is still unknown.

B

Five months inside of an executive mailbox at a global stock exchange. Wow. You know that's what you read about things happening in years ago. This for me I'm, I'm getting the sense right out of the gate that and I hopefully I'm hoping everybody can see the, see what I'm sharing here. There we go. Oh, let's see if I can fix it now. I've probably made it too big, but where is my obs? There we go. See if I can clean. Not that one. There we Go. Hopefully. There we go. All right, good. So, yeah, so here we have this particular story where you've had two binaries. Let's move me over. There we go. We've had two binaries that were loaded on system in Windows, so running with the highest privileges. These guys were sitting inside this mailbox. Sitting inside, reading the email, collecting the information. I mean, you know, that's part of our cyber kill chain is basically going through and doing recon and looking at information. And they probably when they originally got in, you know, back in November, you know, they pulled a Dropbox API token, started uploading data with curl, deployed the main tool. You know, that's all part of the. The cyber kill ch and gaining access in there. They would come back every two to four weeks running the mail, having a look at the mailbox. And while it's not a fancy play the Sax music infographic. This is a very nice. Looks like it was probably created with a large language model, but basically a nice breakdown of the phase, of the different phases basically relating to the cyber kill chain. Get your initial access, get your persistence, your Command Control, your C2 going through and looking at this. But one of the concerns here is they were inside the mailbox. And they were inside the mailbox for five months. With current technology that you're able to go through, you know, being able to spot when somebody unauthorized is gaining access into it, where were they coming from? Were they vpning into a system that was over here and then from there leapfrogging. So it looked like, okay, we're not coming from China, Korea, north, the Philippines, wherever. You know, they would be just the cybercriminals most likely be disguising themselves overall and essentially at this point, gaining access, looking at the email, they might. This is a classic case of business email compromise. For all we know, they may have been going out and sending emails from that person or they were just collecting data, but finally being able to, you know, recognize that they were finally able to recognize that somebody was in there and take the necessary action through it. It's just, you know, unfortunate that it took five months for them to be able to discover that they were in there. And this is, this is always one of the biggest fears, especially when it comes to your executives. They are always going to be targeted. They're going to always be the ones where cyber criminals, nation states want to get into because of the fact that they have keys to the kingdom, they're making the decisions. They can send emails from that mailbox to other people in the organization. To get them to take certain actions, transfer money, change accounts, whatever it may be. Because if it's coming from the CEO, it's coming from an executive, then you've got to follow through and do that. So yeah, it's, this is, this one's a nasty one. You know, of course, no cve, nothing related to it. This is just a classic case of the fact that you had an executive that didn't know and an IT team sadly didn't know that that kind of exposure was happening and cyber criminals had gotten in there. So always need to make sure that, you know, we've got that monitoring going on. We're checking to see, you know, who's accessing when, especially with regards to our executives overall. Cool. Let's get on with our next story.

C

Gov UK dumps Stripe, the United Kingdom's government digital service that is GDS has opted to replace Stripe with Netherlands based provider Adyen A D Y E N as its processor for many payments made through its gov.uk pay service. In a blog post about the contract awarded last Tuesday, GDS said, quote, it will migrate around 1,000 services to this new supplier, end quote. The change of supplier they say will help introduce new options including pay by bank which transfers money directly between bank accounts and using open banking services, avoiding the need to type in card details.

B

So very interesting coming off the heels of yesterday now I realize see if we can't make it bigger. There we go. Coming off the heels yesterday where we heard and I know our good friend Roswell UK is probably going to throw in some comments with regards to that always comes back to money for some people. I live in startup land so I see it every day. But here we have government UK going with a Dutch for a Dutch payment service to handle all the processing of transactions. Because yesterday we heard with regards to digital sovereignty we heard that the EU looking to try to leverage non American services and products and here we have the government UK already going with leaving Stripe and signing up with this three year contract overall. So you know, while cyber security related, you know again we're looking at what EU is doing in the regards to supply chain, they're doing it in regards to leveraging European products and services overall. So yeah, I mean this has got to be a blow to Stripe overall losing this kind of, you know the, the this amount of transactions overall. But you know it comes down to a business and I was Roswell saying this marks their inaugural entry into the core UK public sector enterprise digital infrastructure, moving their portfolio beyond traditional private sectors like uber eBay and Ms. Yeah. So this is, this is kind of a big thing with regards to organizations over there starting to, especially the government one starting to leverage EU services and products overall. So this could only just be the beginning. This could also be things that are a sign of things to come. It's going to certainly be remain to see what, what comes out of that. You know, it might even be something this could be competing with with Stripe over here as well in the long run with regards to it. So kind of, you know, not a heavy duty cyber story, but essentially, you know, this is certainly a change and following in the theme of what we've been seeing already with regards to the digital sovereignty coming out of yesterday. So cool. And I believe there's. We've got the fun little ad that we got to play from CISO headline. So let's play that and then we'll get into the mid roll.

C

Huge thanks to our sponsor Vanta. Your team just added its 67th AI tool and unfortunately also your 67th security blind spot. The good news, Vanta Agent works like a GRC engineer in the background finding every app your team uses, scoring the risk and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ramp Cursor and Harvey who are shaping the future with AI and staying ahead of AI risk. Get started at vanta.com headlines that is V A N-T A.com headlines.

B

There we go. Get my own little house music playing in there. I don't have the chat up right now. I wish I could. Do I have it? No, well. Oh yeah, no, I can, I can pop it out. Let me see if I can throw the chat up here because that's always good to see everybody chatting here. Like I said, this, this community is all about support, inclusion and empowerment overall. Let's see if I can get my. You can see I've got it paused from earlier that. You know what, never mind. We'll just go back to where's my. Nope, that's. There we go. We'll just go back to that. And as we get to the mid roll of course I got to remind everybody about our awesome sponsors that we've got with regards to flare, anti siphon training and of course threat locker. But real excited that you are joining us. Jerry has had some technical difficulties he's fixing. He is hurriedly fixing them inside the osier buffer over buffer, Ozier overflow, whatever he calls it. But he's, he's having some fun trying to swap out USB cables Reboot, reload drivers, reboot the system overall. So I know he's certainly keeping himself busy with regards to that. So let's see. You know, every day of the week, we have. I can't believe I'm gonna get to do this, but so be it. Let's do it. Every day of the week, we always have a very special, fun segment. I don't have the graphics to do it, so you'll just have to be sub staring at me. But every day, Jerry always does something special. Monday, it's member of the week. Tuesday, it's tidbit. Tuesday. Wednesday, it's throwback that he's doing Friday. Thursday. Yesterday was his meme of the week that we had. That was if you caught the show with me doing was the GRC Schools out. GRC with Alice Cooper. And now this week. Sorry. And now today, here on the Daily Cyber Threat Brief, on Fridays, we do the dad's joke of the week, presented to you by this guy. And I sent Jerry the dad jokes, thinking, oh, he's gonna have a blast reading these on air. But sadly, I'm gonna be reading them now. But I always love it when Jerry reads them. But that's okay. We will the buffer Ozier Flow studio. There we go. So, all right, so let's get in. I don't even have my sound effects, so everybody can just join in and groan or, you know, kind of say what they think overall when I. When I drop in the dad jokes for the. For today. So here we go. Dad joke number one, coming to you. This was kind of a potpourri this week overall for the dad jokes, but here we go. Seeing as we're getting into summer, people going to the beach, people going swimming out there in the water. What can you find in the middle of the ocean? You know, going out there swimming in the ocean. What can you find in the middle of the ocean? That would be the letter E. Yep. Out there swimming in the ocean, you can find the letter E. I'm just gonna have to do it manually. So why doesn't the sun attend university? You know, now that we're done with school, or most of us are done with school, some of us are still dealing. Got a couple more weeks to go. But here in Florida and universities, they've all graduated. But the sun, the bright ball of gas in the sky, you know, why doesn't the sun attend universities? It's because it's already got a million degrees. Yeah, there you go. And finally, finally, this one, I wasn't sure if Jerry was cool with this one, but I'm just going to read it anyway because when I read it, I literally busted out laughing. When I, when I saw it, I thought it was pretty funny, but hopefully people know who this person is. But on Facebook, you know, you can probably get all those strange Facebook requests, but why shouldn't you accept a friend request from Lizzie Borden if you're not sure who Lizzie Borden is? You can look it up after you hear the punchline here. But if you can't accept, why shouldn't you accept a friend request from Lizzie Borden? Because she's unknown hacker. So definitely go check those out. And if you, if you don't know who Lizzie Borden is, then hopefully you can go research who she was. She did another very nice thing overall, but that's okay. Being a known hacker, you will certainly get it. Yeah, you lose your head over laughing at that particular joke overall, but alrighty. So we got through our mid roll. Sorry, don't have the I wish I had the Simple Minds music to play and everything else. I've just got my nice little beat music going on underneath here. But I know Jerry is, is frantically pulling cables trying to figure things out there in his studio. So we're just going to have to kind of keep going, keep going with the, with the stories of the day. Let's see if I can get my system, get everything back up and running. Yesterday I was all prepared for it. Today it's leaping into a dumpster fire. But that's all good because this is an amazing community coming together. Let's see if I can go find my podcast link. There it is. Okay, let's carry on with the next story.

C

Piece of directive for AI Executive Order to be released this week. This is according to CISA Acting Director Nick Anderson, speaking on Wednesday. The agency plans to release a directive to federal agencies detailing actions required to carry out the President's Artificial Intelligence Executive Order by the end of the week, end quote. This directive will focus in part on vulnerability alleviation and vulnerability management, Anderson said. And this latest version of the order asks companies to voluntarily submit models to the government for testing 30 days before they are released publicly. DHS Chief signals efforts to reshape yeah,

B

so here we have again a follow up from yesterday's story. Again, not necessarily wholly cyber, but you know, the CESA directive for a Executive order released this week. So yesterday, if you caught the show, we had a, we had a story dealing with the executive order signed by the Trump administration wanting organizations to kind of put Forward their AI models voluntarily and wanting to, to be able to so the government can review them, look at them and everything else. And you know, while that is all well and good, you know, there's regulations that go on. What kind of, you know, poking around are they going to do in there? You know, you're looking at releasing intellectual property before it needs to be released, sharing it with the government. How do we know they're going to keep it secure? How are they going to share it? Overall, you know, the potential risks posed by some models are important to consider. Buddy focused on how AI can bolster cybersecurity protections. Yeah, we know AI is here to improve us. It's here, it's here to make us a lot stronger. But overall, you know, giving up this kind of models, this kind of information, you know, for me is kind of concerning. Granted, it's volunteer. I, I think I said yesterday I will be curious to see how many people do come forward, how many people do offer up their models to be able to share with the government what kind of information, you know, is it going to be OpenAI coming forward, volunteering, because we know we've been doing, they've been doing a lot of that stuff as well. So yeah, it'll be interesting to see, you know, CEASE is going to play the key role in the cyber clearinghouse. So they're going to be the ones that are going to be evaluating, looking at those. And so their CEASE is basically coming forward, pushing the executive order overall. So not exactly a heavy duty security story, but let's carry on.

C

In further CISA news, Homeland Security Secretary Mark Wayne Mullen said on Wednesday he would revitalize the agency, which has lost roughly one third of its workforce and has seen its $3 billion budget slashed during the current administration. The fiscal 2027 budget would cut more than $700 million from the agency. Mullen said that CESA probably needs somewhere around 2,800 employees, despite its ability to hire up to 3,400. He also hinted that the White House, quote, intends to announce a nominee to run the department's cyber wing, which has been without a Senate confirmed chief, end quote, fluttership.

B

Okay. Another non cyber security. Well, yeah, kind of cyber security, but not really. Again, we're getting, we're getting more into the politics, the administration of this country, and we don't focus on politics. But here we have, you know, Cesar was gutted last year and now, lo and behold, hey, we're going to cut even more money, but we're going to put somebody else in charge and we're going to restructure it and everything else. Okay. Doing this with a smile, doing this without making it political, doing it. Making think that I know personally, new folks working at CISA working with regards to cyber security and them going, oh, we cut all these people, okay, now we got to restructure it. You know, you kind of almost see that with organizations as well when they got, you know, certain cyber security teams and we go down to cybersecurity teams of one working in somewhat organizations, but you know, again, not very heavy duty with regards to cyber security overall. But our own cyber security practitioners that are out there, yeah, very much a dumpster fire with regards to what's going on with that. So you know what, let's jump off this one. Let's see. Ah, okay, good. We got a backdoor story on the next one. Let's check that one out.

C

Back door spreads to Mac OS through Google and YouTube apps. According to Palo Alto Networks, Unit 42, a macOS malvertising campaign codenamed Operation Flutter Bridge, is spreading this new backdoor. It is built using the Flutter framework and infects targets with adware via malicious desktop applications. In addition to its adware functionality, the payload possesses backdoor capabilities including shell command execution and file system manipulation. These campaigns distribute malicious Google and YouTube advertisements using a network of Google verified shell companies, with the ads acting as a lure to trick targets into deploying malware that masquerades as legitimate desktop applications. Watch out once.

B

Watch out. Yeah, we'll get to that story. Oh, get the sax music out, folks. We got an infographic. We got what Jerry loves. Still thinking of Jerry, as he said, trying to get his system back up and running. But I, you know, for years it was always a fun statement of, you know, when it comes to what's better, Windows machines, Windows computers or Mac computers. And the running joke was always, well, Macs are better because they don't get viruses. Well, here's a nice primed attack for them going in through ads. And the annoying thing drives me nuts. I run an ad blocker and Safari. I know Safari has their ad blocker as well, but there are a variety of different ad blockers that are out there. So if I'm running on Edge or Chrome, I've got those installed. I get why ads are out there and it's a business for a lot of people and they make money. But when I go visit particular websites, and some of them are like new sites when I go visit them and they are full of ads and even Though I'm looking for a story or looking for some information or whatever, but if it's full of ads, I just close away. It's like, no, if, if I can't read, I'm distracted by your ads because I gotta. I'm trying to read what's on the site and your ads are blocking it or showing up like every page. Scroll. Now I'm out of there. A couple of reasons. One, it's annoying for me. So tidbit, Tidbit. Tuesday on a Friday on James McQuiggin at 35,000ft for you. Ads drive me nuts. And if I go onto those page, I'm gonna go find it elsewhere or I'll drop it into the reader function that you have in Safari so I can read it without having to see all the. But you go visit some ads and they go, oh, hey, we noticed you've got an ad re. An ad blocker. Can you disable it or sign up? And I get it. They're trying to make money. They're trying to run a website. It's not cheap. I think I have like three or four of my own websites as well that are out there and certainly know that it's. It's not very easy to. Or cheap to be able to run those. But here we have another way to be able to gain access into systems through the use of ads. And essentially you've got J Score, Core Runner, File Ripper, and then I love the title of this one, Fluttershell. But they're targeting the Mac os. So your Mac operating system's a lot different than your Windows operating system. Even though the Mac OS is built on the old Unix. You've got regular Unix, you've got the Berkeley Unix, you've got, you know, and all different flavors of the different kernels that they're based on. And so this one is targeting, particularly ads that show up on webpages to go after the, the. The Mac OS systems. Us, Canada, Australia, France, Germany. So all the big countries where a lot of it's out there, but basically, let's see, we'll get all nice and nice and, and low as the sax music plays. Thinking of you, Jerry. But yeah, it comes in through the web page, executes the Java code, native code specifically to the macOS and then looking to gain access to it. So for me, a lot of that. For me, a lot of. I'm blocking a lot of those ads anyway coming in. So hopefully it might be something where within the browser pages or within our security tools, we can block Ads that come from these particular organizations or just have ads blocked all the time on our browsers within our, within our organizations. So yeah, so this one's kind of a nasty one. But again, going after targeting the Mac OS system certainly got, you know, you can't rely on the fact that you know, Macs never get attacked. They get attacked a lot more than we realize and this is certainly evidence of that. So yeah, they're, they're bumping up their technical depth with regards to that, the scale of the distribution network, the shell entities, you know, they're looking to be able to gain access. They're you know, cyber criminals go where the populace is, they go where there a lot of people are using products. So in this case with regards to the Macs, you know, with regards to Windows, sometimes you don't see as many, you know, attacks on the Linux systems, but we do see them from time to time.

C

All right, let's keep cooking for odd LinkedIn connection requests warns Five Eyes. MI5 and its international allies are once again warning that quote, China is shopping for state secret leakers on popular recruitment platforms including LinkedIn. Indeed and Upwork. End quote. This is according to a new advisory published by the agency on Wednesday. It states that Chinese military intelligence officers quote, specifically target security clearance holders including those in defense, security and foreign affairs, military personnel and those with indirect access to government information such as academics, journalists, think tank employees and others, end quote. The victims are then pressured to provide non public information for unspecified clients who are associated with the Chinese government. It's Friday.

B

Yes it is, it's Friday. I do believe this is the last story of the day. But we have five eyes so you know, all the countries come together watching out for odd LinkedIn connection requests. You know, for me LinkedIn is a platform that I'm on every single day. I need to have a look at my app and see what, how much time I do spend on LinkedIn. But cyber criminals, nation states, international allies basically warning that China is looking for state secrets. You know, whether they were breaking into, breaking into military, trying to break into military computers or trying to get people to be able to provide information overall it's always about intelligence gathering and you know, using LinkedIn is certainly, you know, LinkedIn indeed Upwork going after people that are working, going after people that are maybe looking for work and are desperate and so they're, they're leveraging this type of connection of, of going to people, trying to get them, hey look, we can pay you if you can give us this kind of information. And if you've got people that are disgruntled, those are, you know, and they, you can look at indeed and upwork and you can see those disgruntled employees. You can see those folks that aren't happy and then they go after them. Them. We've heard, you know, that insider threat has been huge for years. There's an article that's, that's been around for a number of years where you had a Russian agent trying to get somebody at a plant that made the Tesla batteries to get them to plug in a flash drive. They probably. They most likely discovered them through LinkedIn or through Indeed or one of these work sites where they were disgruntled. They had posted, they were unhappy. And so it's like, all right, we'll leverage the insider threat. Leverage those people that are frustrated. And yeah, so essentially we get to the Chinese military now trying to leverage people that are frustrated with their work or just want. Don't have a lot of money, that need money, that, you know, they're working three jobs. Maybe they're. They've got their job and they don't like. So, so essentially here we have China trying to gain access to the military secrets. They're paying people for it and using the number one, the number one attack vector, going after the people. So it's not surprising overall that we've been that this continues to happen. You know, again, paying through Zela and everything else. Wow. Jerry is not able to recovery set up. Boy, that's got to be a rough day overall. But he's going to be back here for the Cyber Career Hotline. He doesn't need to do the mixing panel. So we're gonna see Jerry. I'm gonna finish out the show here in a couple minutes. Here in a minute. But yeah, with regards to this, you know, overall looking today, we've had some government news. We've had follow ups on the stories from yesterday with regards to digital sovereignty. We're seeing the government UK coming forward with that. We've got more vulnerabilities and more backdoors. We've got unpatched systems. So that certainly makes it a Friday overall, an interesting day to end the week. I think there was one more little ad bit that wanted to come out of the. Come out of the cyber security headlines. The CISO series that. Bring it to it. Let me play that and we'll wrap up the show and we'll get onto the Cyber Career Hotline.

C

That means you can close out your week with the department of no live stream. At 4pm Eastern today, join us on the CISO Series YouTube channel and find out how the news of the week applies to your security team. Join in the chat, have some fun, and dig a little deeper into the headlines. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love

B

to hear from you, and I'm sure we would love to share our thoughts. No, it's. It's great. We have these stories. It allows us to come together and. Great. Allows us to be able to kind of chat and share our perspectives overall. So, yeah, you know, Chinese cybercrime group get. You know, sets a record pace. Plus the. Their Chinese military intelligence trying to steal secrets. We've got unpatched systems from Cisco. We've got cyber criminals hiding inside of executives mailboxes. Yeah. So like I said, it's a Friday. All right. But it's also Friday, and it's the day that we do an awesome panel with the Cyber Career Hotline, where essentially, you know, the lines are open. We're gonna probably kick off. Kick it off here a couple minutes early, but that's okay. It's just been a crazy firestorm, fire, dumpster fire on fire kind of day overall. And I actually do have. Hang on a second. I think I have it here with me. I actually. And I think my good buddy Steve gave it to me. Or did I take it out of my bed? Oh, no, there it is. I got it. It's not totally a dumpster fire, but I have my dumpster fire challenge coin. Yep, there it is. The dumpster fire challenge coin. Everything's okay? It's fine. It's fine. Jerry's system can completely collapse from out underneath them. But, you know, we can have somebody come in and pinch it and do it two days in a row, you know, And I just realized yesterday I had sent a message to Jerry last night after he got home. I said, hey, wouldn't it be funny if I got. Got on and started the show in the morning? And then you kind of pushed your way in going, what? Who do you think you are? You do one show and you think you run it? Looks like I got my wish here today, so. All right, let's get on with the Cyber Career Hotline. We know everybody loves it. You know, phone lines are open. This is your chance to ask us questions. We're gonna have an awesome panel coming up. I think I might be able to stick around. I might have an 8 o' clock meeting. I have to check, but let's get into it. You know what? Since there's going to be two of us, I'm going to play both of the fun little reels as we get into the Cyber Career Hotline today here on Friday. For everybody that joined us for the Daily Cyber Threat Brief, thank you for being here. Thank you for putting up and tolerating kind of the. The crazy fire that we had today. But we got through the stories, shared some great information. Hopefully all of you got some good tidbits of information that came out of it as well. So, yeah, we're gonna get into the Cyber Career Hotline. It's gonna be three of us. It's gonna be me, Jerry, and. Oh, we got a special guest coming through. But let's kick this off.

A

I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it.

B

I'm James McQuiggin at 35, 000ft. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it and let's get into it for sure. Let's see. Let's bring on Jerry. I don't know how I bring people on because I haven't done this before, buddy. So why don't you jump in? There you are.

A

How you doing? How you doing? I. I was. You know, I feel like if you're gonna drive the car across the country, I can't shove you out of the way and pull it into the driveway. So I wasn't gonna just take over the, the, the ship here. But yes, like on the. When you hover over the pick people's profiles, you'll get a pop out JavaScript thing and then you'll see our feeds and there's a little slider left and right. Ladies and gentlemen, this.

D

Oh, there it is.

B

Okay.

A

James McQuiggin did a phenomenal job with the Daily Cyber Threat Brief. Thank you, James. And everybody in chat who stayed with us. That's what community is. That's what support is. James did tease it. We do have a third panelist to join us today. Fleet is posting the third. Come on in here, Fleet.

D

Happy Friday, everyone.

A

Yeah, well, it's a Friday, I'll give you that.

D

It's a happy Friday.

A

Assign this one. For those who are wondering. I'm going full scorched earth. I. I've actually ordered a flamethrower from Amazon. It'll be here about 2 2pm today. I'm gonna nuke my setup and, and then go ahead and fix it. I'll be reporting or reporting. I'll be doing the show live from Georgia next week. Week. So. Wow, we'll see. I'll have. It's going to be a hybrid of like mobile studio plus high production stuff because I'll be in the same house for five days. So I'm going to bring lights and all that. But if you have any questions, drop them in chat. James, myself and Fleetus all have collectively 60 years of cyber security experience, roughly. So we're all very passionate about helping others and mentoring, you know, in, in whatever capacity it takes, whether we're on the road, we're at a conference, etc, so if you have any questions, put them in chat with a queue and we'll get them. James, just to kind of kick the show off, if you would, you've been traveling quite a bit. You're in a hotel room right now. You've been at multiple conferences. Can you give us like, I don't know, like two minutes on like what you've been seeing? Is there any kind of like themes or through lines or vibes from, from what you've been hearing at the shows?

B

Yeah. So here at Secret Con, this has been run by Monster is his handle, Mike Getzman. He, this is the second one that he does. He does also Cipher Con, that's in Milwaukee, which is tag teams and with B sides Milwaukee. And this, this particular event was called Hypnotized and this one's a very practitioner based. This is like a Wild west hack and Fest regional conference here in Minnesota. Yeah. And the overall vibe, you know, you've got folks that, yeah, they recognize AI is, is kind of the big thing. We, I was chatting with somebody yesterday about, you know, yeah, AI is doing all the good stuff, but it's taking away all the entry level jobs and how does that, how do we get into that? So AI is very, very much a strong focus overall. But then at the same time people are still coming forward with all the practitioner work that they're doing, you know. Yeah, may involve AI, but a lot of the times it's like it's still the good stuff that, you know, looking for the vulnerabilities, the hardware attacks, firmware attacks, those kind of things. The even, you know, everybody's having fun with all the, the badges and the. I got to show you the badge here for Secret Con is this little owl and they, the Way they designed it is there are two ports on it where you connect in with a speaker cable and you can check chat with people and they're trying to bring everybody together. My eyes are blinking red here on this and they do red and green and they're trying to get everybody to all come together and connect so we can turn all the eye colors one. So community is very huge, very big overall with this particular conference. I ran into Steve yesterday and we were he game and saw my presentation. I did my talk yesterday on deep fakes. I even deep faked Clifford Stoll. Cool. That was a lot of fun as well. So. But the vibe's really good. Everybody's engaging, loving the being a part of the community.

A

So yeah, I love it. Well, thanks for sharing, James. And I was with you on the badge until you said there was an audio component where you talk to other people. And I would, I would just assume that it wouldn't work for me given my track history of audio. I got the eyes going every color. Which way? Left and right. But audio, it's like, no, not happening. Soul Shine with a quick question, Jerry. Did Jerry Guy destroy your audio setup? That's quite possible. For those that don't know my alter ego, Jerry Guy, he's freewheeling and fun. Actually I would be Jerry Guy, I suppose on Cyber Career Hotline. So I'm super pissed about what's going on over there right now. Like that is, that is like I, I literally buy more expensive equipment. Not, not because it's more pricey but like I buy the higher end stuff. So I don't have have this happen and it is happening and I'm, I, I have a solution but I'm ultra mad about it. This is what ultra mad looks like, by the way. All right. Hey, coming in a hot here Felus. You know you ha. You're, you hire people. You're a senior practitioner in industry. Are you looking for Google Cyber Cert? When you see Google Cyber Cert. Let me change this question for Soul Shop. When you see Google Cyber Cert on someone's resume, what are your reactions, what are your thoughts and what are you telling HR about it?

D

Yeah. So Google and GCP is becoming more prevalent, especially if you're in the startup PE environment. They're generally going to be running Google Workspace. You're not going to be on Microsoft. So I'm going to assent. Basic assumption, probably negative assumption is that you've only worked in small startups. Not. That's nothing wrong with only working in small startups so that's the first perception piece. Any cert shows me that you're at least willing to try to further and advance your career. So it doesn't matter if It's Google, CompTIA, ISC2, AWS, Azure, etc. So I appreciate that, but I'm going to ask questions about it. As a hiring manager. If you put a cert on your resume that's likely going to be a question. Why did you take that cert? What did you learn from that cert? How do you apply that certificate? Are you applying it in your home lab? How do you think it'll apply to the role in which you're applying? So I know it's not technically the question, but anything on your resume is free game for an interview question. So just if you're going to put it on there, be able to defend it.

A

All right, There you go. 100%. And I will say from my experience on the Google Cyber cert, it, I've taken it, I have a video on the channel on my thoughts on it now that video is probably a year old so. So I don't know if they've modified it at all. That, that is one of the collection of entry level certifications that I think it's worth taking the training. Not maybe you don't get the cert one way or the other, but like the training itself is pretty good for foundational understanding and kind of baselining. There's some python in there, there's some SQL related stuff in there. So like, like you are getting a smattering of different kinds of concepts and stuff like that. So if you have zero technical background, if you're pivoting in from being a tank mechanic or you know, a K through 12 teacher or something like that, it does have value in that capacity. Next question coming in. If you have questions, drop them in chat. Real fun. One quickie for you from Space Tacos James. She wants to know, well, restream, she wants to know if you sabotage my setup, I, I can't bring it on because this, everything is broken today.

B

Well, it's like, I think it's karma. It's the universe smacking me upside the head because I, I dropped in our chat joking in about, hey, why don't I take over the show? Well, it looks like I got my wish. Not that I, you know, not that it was something I didn't want to do but at the same time, you know, dang, don't like to see other people's equipment, you know, take a header off the. Off the cliff there and not work. You know, that's.

A

Yeah. So I'm gonna say space tacos. He did not sabotage my setup. But I will say. I don't know if you guys. Yeah, I'm a huge. Like, I'm not ultra religious, but I am very believable. I believe a lot in, like. Like, I don't even know how to explain. It's not even karma. It's like, I feel like there's like, this, like, weird, like, vibe thing that just kind of persists reality. And I. I knew that this was going to be happening. Like, I've been at Cisco Live these last few days. It's been a bit busy, right? I've been very busy, and everything was kind of clicking. And then yesterday when I got my connecting flight for in Charlotte, things started going sideways. Like, every single person getting off the plane did not know how to get off a plane. Like, I don't understand how in 2026, you don't know how to get off. Off a plane in an organized way. Like, you know, the person in front of you is getting up like, guess what? You're next. Like, I don't know how, like, how to. Like, they don't need to do that in the intro tutorial when they're telling you how to buckle a seat belt. Like, this is how you get off a plane. Then you get off the plane and like, the concourse is under. Everything's under construction, so people don't know how to walk around that any. Anyways, so. And then my son, three in the morning, iPad, I'm like, why are you even awake? And why are you waking me up? Like, I have so many questions. All right, Random skills. I'm playing. I'm planning to do a talk at a conference. The call isn't until August, so I have time, but I'm thinking about doing my talk on deep fakes. What are some of your favorite resources? James McQuiggin, you've done several talks on deep fakes. Why don't you drop some thoughts here for random skills and not just a couple resources, but give them a bonus on one tip on how to make that CFP shine.

B

Oh, there you go. So, yeah, the resources for me, a lot of it comes out from playing with the different tools and services that are out there. Hydra, Lemon Slice, Sync. So are just some of the tools that I use. 11 labs for the audio. Go. You got to play around with those. You got to get comfortable being able to, you know, make the deep fakes from there. I Like to do the. The sync videos where it's a video that's already created and then I'm just changing the mouth area. I've done face swaps. Look at all the different kinds of deep fake videos that you can make. Whether it's face swap, full body avatar, whether it's just face avatar, whether it's you being substituted. So it's recording your motions, your. Your face and everything. And your voice. Voice and it, you know, puts it into another body. You know, look at those different tools overall. And so if you're doing a talk on deep fakes, make sure also have an underlying message of why I should care, you know, when it comes to deep fakes. Yeah, it's fun to do and it's fun to demonstrate. And I can pretend to be Jerry or I can pretend to be our good buddy John Strand or Cliff Stowell, but what's the purpose behind it? What's the reason? Why are deepfakes so concerning? For me, a lot of it comes down to the executive takeovers. It's the, you know, we've seen an organization already impacted by a $25 million loss because they thought the finance person thought they were talking to the cfo. But to make that CFP shine, make sure you go through and answer all the questions fully. Provide the information that they need that they're looking for. For me, I always like to provide learning objectives. If they don't ask for it, you know, what are three things people are going to be able to take away from your presentation or call to actions for them overall, make sure you've got that detailed in there. So yeah, that would, you know, and it doesn't hurt to have. I know I do it, but I have a large language model help me write it and then I rework it. It's the foundation. But then I rewrite it in my voice on the way that I want it to sound. And that helps me as well.

A

James, just give one tool for someone who hasn't done anything with deepfakes, give us one tool for them to start. So it's very, very actionable.

B

I would probably start with Hydra H E D R A. Okay. They have a. They have a free version that you can play with. You upload an image and a voice and a way to go.

A

There you go, everyone. And soul shine. C2 Hydra H E D R A Just ignore that. Another restream thing. Except. Or JW Cyber Grind. I have an immediate risk. Immediate risk response Job interview. I'm. That's a new acronym to me, immediate risk response. I haven't heard that before. Any tips? You're having a successful interview. Thank you for all your assistance. Have you guys heard of immediate risk response jobs?

B

I mean, I, I have a guess

D

of what it is.

A

Go ahead, Cletus.

D

I, it's so what I, what I think this is and the person who asked maybe clarify the job description. This is probably someone who's going to coordinate and be like a BA and that's a business analyst or the note taker or the person that's interacting with the incident handler and the IR team. But that's my assumption. Or it's a business continuity. Joel. And then there's renaming BCP into Risk Response. So from an interview point of view, similar to what you just heard for a cfp, make sure you address everything that's on that job description. Any bullet point that you have experience with, how you would get experience if you don't have it. When you're interview, use their language so it looks like they like intermediate risk response. So throw that term in there somewhere to sound familiar. Research the company. You want to sound like an employee, so figure out how this role came about. Did they have a, if they're publicly traded, go look at their 10k. Was there a breach that you can talk about? You don't want to fix their breach, but you want to at least be able to talk about it because you've done your research. Especially if the role is being able to do IR response. So anything you can do to sound like an employee is always beneficial in an interview. Because it shows me as a hiring manager or a panelist, that you've done your research and you want to address every bullet point that's on that job description, either in the resume or in that interview in some way, shape or form.

A

Yeah. And JW came back over the top and said he, he mistyped it. It's immediate risk reduction role, which, which is still, I mean, again, maybe I'm just not, I'm old or something. I, I haven't heard that. Like, I mean, I, I can understand what it's trying to do, but it's so generic that my first thought was it was an iron role. Like you're, you're immediately reducing risk. Like you're, you're, you're quarantining, you're containing. But at the same time, Fleetus brings up a good point. There's a lot of, there's a lot of support roles during IR that people don't typically think of. Just, just like for A soldier in war, there's a lot of support for like getting them logistics information and getting. Making sure they have bullets and food and stuff like that. But you always think of the tip of the spear and stuff like that. So yeah, it's all. All good. Thank you Felis for that visual visually xing. My friend has the comptia trifecta and just graduated with a bachelor's in cyber. Congratulations friend. She's convinced she just needs the BTL one to be qualified for sock analyst role. What are your thoughts? No problem, James. Sounds good. We'll keep, we'll keep you going, give you a few minutes before you have to balance sense. Okay so I'll, I'll answer this one first because. And if the panel use private chat, if you, if you want to comment on this one, I, I think this is a great question because I feel like a lot of people can meet this, meet this kind of requirement, right? There's a lot of people who feel like oh, if I get the SEC plus and I've got a bachelor's degree in cyber, I'm good to go. The Blue Team Lab 1 is a very practical soc soc related skill. I would, I would say this, this is what I think about this one. 1. I think your person would be qualified for an entry level soc analyst role. Okay. So I think your friend is right on that one. However, I think in order to get that job, let me, I guess, let me rephrase this. There's a lot of people who are qualified for that soc analyst one job, right? So now your friend is competing with a lot of people for one job. So there's. You need to stand out some more. Right? You either need to go Beyond Blue Teams Lab 1 cert. Realistically that's probably fine. On the tech skill set you probably need to get more into personal branding and marketing yourself and, and building a network, going to local cons, figuring out. I would also tell your friend real quick to target MDR service providers. Some of the larger ones like Expel and Arctic Wolf etc they are. Oh, okay. Thank you Cyber Laurean with the super chat. I'll. I'll comment on the super chats. Just let me finish my thought here. The, the mdrs managed detection and response firms they are set up for. They have run books and playbooks and they know how to onboard entry level talent that don't know really what they're doing yet. And I will tell you they will get their money's worth out of you. They will, they will squeeze you and it is a understood relationship that you're gonna get three, four years of experience in a two year window. You might get burnt out. You're going to be working overnight or shifts you don't necessarily want, but you're going to get an a load of training and experience because they have built out basically a program. That's what I would do if it was my son and he asked me this question. Fleetus, you in this space you want to, you want to comment?

D

Yeah. Not to add a whole lot more to you, but for entry level roles it's 20, 26. We've talked about it numerous times. Those are very competitive and 99 of the time never posted. And when they are posted it's because HR required them to post it and they're already getting a feeder from a contract firm and I hate to say that, but it's contract to hire for a lot of entry level SOC roles. But to Jerry's point, find the MDR firms. So there's plenty of them out there that they, they're always looking for talent. It's swing shifts just like Jerry said. You're probably not going to work 8 to 5, you're going to work 12 to 8, 8 to 8 to 2, 2 to 8, whatever they make you or 12 hour shifts. But just be prepared for some of that. But other than that, like you're qualified from a paper point of view. Now you just need to show hands on experience and we talk about that all the time. You need to be able to show that you, you've stood up a home lab, you put a SIM in place or at least a log source, you put some kind of sniffing, some kind of DNS showing end to end capabilities. That's what they're going to want you to talk about in the interview because you're going to look like everyone else with the Comptia search a BS in cyber, etc. Etc.

A

I love it. Okay, so let's talk about Cyber Lauran here. I don't have the sound effects so it's sad that you're going to get a manual sound effect. I wish I had it. So Cyberlorian drops a super chat in and says hold on, see if I can find it so I can bring it up on stage. There we go. That's one good thing Restream does says, well, I've held on long enough. Got the senior differ consultant role. Thank you. Simply Cyber Community starts next week and kudos to job hunt like a hacker, which is Jason Blanchard's live stream series that he's done with Black Hills Information Security or anti siphon for quite some time. Jason does a great job with that cyberlorian. Congratulations. Wrecking Ball, everybody. I. I really don't want to do the Wrecking Ball sound effect. I feel like I don't even do it remotely justice. I'll pull it up as a quick side, but dude, wicked. Congratulations. Senior roles are awesome. Differ roles are awesome. You are awesome and absolutely well deserved. I'm super pumped for you. Yes, sir. All right, let's keep cooking. There's a lot of interest in my co workers at my new job to pursue a PhD. One is occurring. One is a current PhD candidate. I was done after my master's, but now I have the itch. What factors should drive me towards a PhD? Gentlemen, if it's all right, he only

B

knew anybody that had a PhD.

A

Yeah, I'll take this one if it's okay with everyone. So what I would say is the following. Kai Cipher. First of all, I have a video on the channel that, that literally goes deep into this question. So just Google simply Cyber PhD. This is it. If you have the itch, that's fine. This is what you need to do. Number one, it's going to take you about three to five years, right? So the shine that itch is you're gonna itch that itch within the first like month. Okay, so then do you want to be in a PhD program after that? It is incredibly demanding. There's two parts to it really. There's the education piece of it and then there's the dissertation piece. The education piece. Look, I, I have a master's degree too. Like it's very much like getting a master's degree. Like you just crank out courses, you, you take it seriously, you learn whatever good to go then. And you have to take some like how to do research courses. But whatever, that's fine. The dissertation at least pre AI was very lonely. It's very arduous. You're creating new content. You have to go super deep on a very specific problem. And if you're not super into whatever that topic is, it is going to be a struggle bus like every day. I'm not saying don't do it, I'm just saying like be super passionate about it. And number two, the question would be, why do you want to get it right? Is it because your co workers are getting one like you? I would, I would argue that you need either, like you're gonna get some type of amazing job unlock, right? Like you're, you're in academia and you need it to get a promotion or you are in a research facility and it's a huge pay bump. When I got my Ph.D. i had to switch jobs before I got a new salary. In fact, I got my PhD and then I got like more work and like no more money. So that sucked. So it does, it does. Just what, why are you doing it? For me, I'm passionate, lifelong learner. I always wanted a PhD. I found one in a discipline that I loved and I didn't look back. So that's what I would say about that. Okay, thank you for that opportunity. And like I said, I've got a video on the channel on how to do it. Also, if you want Kai Cipher, Kathy Chambers is currently going through a Ph.D. also, you can get someone's perspective on who's currently going through a PhD. I'll just, I'm sorry, I'll just say this last thing too. When you get into the PhD and everybody's got their own different experiences, but like you're going to tell everybody that you're in a Ph.D. and then if you back out of it, you're going to have this like social accountability anxiety thing that you, everybody's going to be asking you how's your PhD going? And then you're going to be like, shoot, like I don't, like you don't want to say, like I dropped out. Right? So like, and then the dissertation is usually what screws people, not screws people up, but the dissertation is typically what trips people up. And then there's actually a connotation in academia called abd, which is all but dissertation. And it's like, it's basically a four letter word. Like it's a bad word. You don't want to be abd, but you know, you, sometimes you can't stop it. Okay, so that's it. Kitchen Infosec is offering some audio interface information. Yep. Thank you, Kishan. Infosec. I, I got the XLR mics, I've got, you know, USBs, I got all the things. I just gotta. They gotta work for me. That's the, that's what they gotta do. All right, we're at 9:22. We got a few more minutes. Let's take a question, then we'll have James McQuiggin sign off. Sierra Montgomery, is there a current project, research effort, community initiative or professional endeavor that you're investing significant energy into and would like to highlight? Sierra Montgomery, a person of the people. James, go first. You got something you want to highlight?

B

Yeah, the, the apparent secure, apparently and the apparent thing is is what I'm doing with the parent security is trying to keep myself compensated, keep myself busy. Got three contracts, one with and all three came through network connections. I'm not going to go into details about the who I'm working with but. Well, one you know is Michelle Khan because he's posted about UN resources but yeah, doing a lot of vciso work. Doing stuff with regards to security awareness training as well but focusing more on it is human, human resilience with human resilience management with regards to, you know, trying to change the behaviors of users. Not just to be a once a year security awareness thing overall but then also working striving to work as a vc so as well probably do a couple more take on a couple more clients as well. So keeping busy with that, going around, doing the presentations, playing around with deep fakes, trying to make sure that my audio doesn't crap out like Jerry's. So that's me.

A

Oh my God. Just like James runs by, he just like slaps me on the back of the head as he passes me on a lap. Hey, really quickly, Reginald, I don't know if you're a first timer or not, but welcome to the party, pal. Great to see you. Don't be nervous, Chris. It's all about good times up in this piece. All right, Fleetus Sierra wants to know if you got anything you want to pump.

D

As I said the last couple times I've been on here revamping, trying to put some content out. I started putting shorts directly into LinkedIn instead of just using my channel just to drive some topics I'm having internally, a lot of AI governance. I'm diving into Azure AI Foundry right now, now figuring out how to use the existing AI platforms that's built into our commercial tooling since that's our day job, not just playing with Claude or Cursor or Wing. Was it some of the others? There's plenty of them out there. We can name drop tools that are going to be gone tomorrow, but pretty much just trying to understand what's new each and every morning because there's a new model, there's a new LLM, there's a new tool that someone's talking about. And from a governance point of view and AI governance, you have to be able to research them quickly when your users start asking to use them. So that's the boring answer, but that's what I'm doing. I'm researching. I'm constantly researching and researching and researching anything and everything because the names are Funny. And just by reading a name, you don't understand what the tool is actually doing until you pull it back. So a small project is I'm trying to work to build a model model build materials. So for people who are aware that like software bill materials or hardware is understanding what's the LLM, what's its context window, what's its tokenizers, what does vector database look like? And being able to map that per chatbot that's inside of your SAS tools or what you're deploying with your agents.

A

I love it. Thank you. I apologize to the two panelists who are on panel right now because a lot of people are upset that I'm not singing this wrecking ball. So, so you came. All right, cyberlorian, if you guys want to dip. So you're not even seen on this. Came in like a wrecking ball. All right, there you go. Cyber Laurian. You know, I mean, hey, if you're gonna go get a job to force me to sing that online, go for it. I, I, I salute you. All right. J5oli says I'm four years out of the company. Solo is CS person with a successful CMMC cert under my belt for the company and I still can't get responses on job apps. Any self marketing wrecks to improve chances? Oh, for sure, dude. I mean, number one, I actually, I'm going to give an update on this in a second but like I, I'm actually going to be putting out some real practical content on how you can establish a personal brand and how you can market yourself. What I would say is, you know, you've got four years, which is a good amount of time. I'm sure you're doing a lot of great stuff at that work, especially as a solo operator. You're probably asked to do a lot of diverse things. What I would recommend is you say I can't get any responses to job apps. One thing I would recommend is like, I would almost recommend having a couple versions of your resume. Like one that's like, like I don't know what kind of jobs you're applying to but like let's say soc analyst and grc, like have one that's like really focused on sock. So all the things you're doing, I'm sure you're doing a bunch of things that are can be somehow supportive of a soc role. Like maybe you're doing threat intelligence or maybe you're doing like straight up writing detections or maybe you're educating end users. Well, that's not Necessarily Sock. That would be more grc. So you'd want that more featured on your GRC profile. It's all about perspective and, and, and shaping your work experience to support the role you're going for. That's number one. And then number two, if you can, dude, go speak at a conference on something that you've done, making a dollar out of 15 cents as a solo operator, I'd go watch that right now. So those are my two thoughts. James, what do you got?

B

Yeah, exactly what you said, Jerry. Sorry.

D

Okay.

B

All right.

A

Well, if you say just what Jerry

B

said, you know, I mean, for me, self marketing recommendations, you know, I'd be going out to. I got to promote what I do, but it'd be going out to the security groups, going out to the ISE2 meetings. Issa, go to the B sides, go to the small meetups. Go be out there networking, marketing yourself. Be the CEO of yourself as the things that we always say. But, you know, figuring out, you know, how to make yourself marketable, make yourself stand out from everybody else. But get out there, network, you know, the, the Issa ISE2. Those are the places to be to be able to. Hopefully you have them in your area. I don't know where you're based, but definitely go check those out. That would be my two cents.

A

Awesome. Felitus, any anything besides what we've talked about that you tell people?

D

Not really. Just be consistent. Like, if you're going to put out content, be consistent. If you're going to speak, be consistent. Don't do three or four, then disappear. So make sure people like I. The joke or the comment I give is it's not who you know, it's when you know them. So they need to be thinking about you constantly and they need to have seen you recently.

A

That's a really great point. A lot of people get all geeked up and will like, you know, do like five posts, one a day all week and then burn out. Like, you don't, like, just build up something. And James is gonna have to leave us in just a minute here. So, James, you want to pump something, promote something, or say anything before you leave?

B

It's. It was been a fun and wild day. Didn't think I was gonna get up and cover for you on the show, but always a pleasure, always a treat to be able to talk to everybody, share whatever knowledge I got with all of you. It's been, it's been a fun week. Meeting Cliff stole. Hearing his keynote yesterday was fantastic. I got another day here at Secret con. Got some meetings take care of first, though. But I know a couple folks that are going to be here looking forward to seeing all of them. And I think I did this show in a way that I don't think Jerry's ever done before. I've done it without having any coffee. I even have had my first cup of coffee yet.

A

Oh, my God. How do you function, bruh?

B

You know, it's. It's kind of like. It's my experience from working in theater. The show must go on. Felitus, get lost. The show must go.

A

Coffee cup. Cheers.

B

Felitus, coffee cup. Cheers. I got a bottle of water, you know, actually. Well, you know, I could. Well, yeah, no, that's the good stuff. That's for tonight. No, it's. You know, the show's got to go on, man. You know, if. If technical difficulties arise, you can put a pause, but otherwise, you know, you find somebody to stand in, go on the understudy, the swing, whatever. But it was a pleasure to do it today with all of you. Have yourself an awesome weekend. I leave you guys in the capable hands of one Dr. Jerry Ozier and Fleetus. Post in the third. I'm out. We'll see y' all later.

A

All right. Thanks, James. I'll take you off camera. There you go. All right. Hey, Fleetus, let's talk trash about James now, shall we?

D

Let's. Let's do it.

A

Since Guy doesn't know how to drink coffee. What a rock. All right. Hey, great. Great. Again, I know he's left already, but seriously, genuinely appreciate James and Quigan. I haven't had a disaster that. That couldn't be worked through here after a thousand episodes. And when it happened. You know what I mean? Fleetus just said, it's not who you know, it's when you know them. How's that? Like, I've known James for years, and it was never like, oh, I'm gonna cultivate this relationship so James can and step in on June 5th and fix my show. But you know that when the time happens. There it is. Fletus, give us a preview on your tactical GRC talk.

B

Sure.

D

So very much what we've talked about, I want to help GRC engineers, and I'm calling them engineers, intentionally. Be comfortable working where your development teams are. So for the content that I've put out this week, I've talked about that specifically, is you need to be comfortable sitting beside the developer and shifting GRC as left as possible, just like we've done with Security Engineering, Security Ops, and Being comfortable. So I'm going to talk you through what it is, why it's important to be tactical, not just strategic or the legacy screenshots. I'm going to walk you through a lab on just mapping stuff to MITRE, ATT and CK, which your SoC is doing already so you can help with that process and show your, your value add. I'm going to walk you through how to do a quick 60 second GRC assessment on an application. So as I said, I've been doing a lot of research on AI tools, so using that to do that and then hopefully at the end of it you realize that grc, as Jerry and I have talked about numerous times on here, is not just paper pushing anymore. It's not just screenshots. It's not just the ability to pass an audit. GRC is more than just being a glorified auditor.

A

There you go. I love it, I love it, I love it. Rogue Cyber asks, is there any update on the Cyber mentee? Yeah, so the update is, I think she watched the show the other day when I, when I had made a note about how I've, I've done my part and I'm waiting for them to execute on theirs again. Maybe I'm not entirely fair. I, I did ask them to make a commitment on an sla. I mean made them sign an agreement that would bind them to certain, certain timelines which they are unfortunately not adhering to. But, but the good news is it, it. I'm super busy so I can't, I'm not like flipping out about it. So details to come. I just. So everyone knows. I think what I'm going to end up doing is putting this into simply Cyber Academy. So you would end up taking it in a structured way. If I just posted on YouTube like you might watch video 3 first and be like what the hell? So I think I need to put it in, in the academy. So it's organized, structured. There'll be like downloadable like a, downloadable PDFs and kits and a diary and all this other stuff. So. But I'm, I'm super pumped. I haven't really told anyone. I had basically like, like an epiphany the other day on how I could do this for people and make it actionable. So stay tuned please. It's really cool. It's like a whole like basically glam up on how to like fix your LinkedIn, build a personal website and then what the flywheel looks like. So is it similar to your personal

D

branding course you used to do?

A

Kind of My personal branding course was much more of a, like a two day or, you know, it was a four day actually. But like, it was like how to like really get deep into like finding the content and building it. This is a much more, I don't want to call it surface level. Like, like, like it's much more about the infrastructure of like having the platform to be able to, you know, make your content align, like a market landing page so people understand what you do and how you do it. And then here's the, here's the, the cycle of like content you're interested in. You make it here, you post about it here, and you have it promote itself. So the personal branding course went much deeper into like where to find stuff and how to, how to actually make the content. So yeah, people did like that, that it was just a, it was a lot. It was a lot. All right, continuing to look through chat. Oh, I do wanna, I wanna, I do wanna. Well, here, let me answer some questions. I have something I want to promote for myself, but I, I, I feel like that's not fair, especially since we need, we have questions in chat. Daniel Lowry's in chat. He's gonna go live at 10:00am, everybody. Just so you know, know and continue the party if you're into it. Sierra Montgomery wants to know that Fleetus is the man. There you go, Fleetus. Getting some, some support and love from Sierra Montgomery. Oh, while I was in Vegas last week or this week, I got some more insights on possible locations for Simply Cyber meetup at defcon. So that's fun. Kyle wants to know, Fleetus, what's your coffee order Most of the time?

D

It's something very dark, very black. Black, no creamer, no sugar, and as hot as they can make it.

A

There you go. Yeah, I feel like you can tell how old you are by like how you take your coffee. Like if you're in your 20s, it's like half calf cold foam, extra sugar, extra everything, syrups all over the place. And then when you're like 50, it's like black and bitter. Leave me alone.

D

Correct.

A

I almost wonder too. Like, I gotta tell you, like, I used to think people did that because, because it was just like you're more likely to find like just black everywhere. Like, you know, you can't guarantee wherever you go they're gonna have creamer or vanilla bean syrup or whatever. And it's not that I'm all, I'm old and crusty.

D

It's also the, the chloric intake. Like, I can drink 12 cups of black coffee and not feel bad about it. But if I drink 12 cups of something with half calf, all these flavor in it, I just put 4, 000 calories in me by drinking 12 cups of coffee.

A

Yeah, exactly. Yeah, let's go with that. It's, it's a, it's a health conscious decision. In 2026 I shouldn't be drinking 12

D

cups of highly caffeinated coffee either.

B

So.

A

Oh. So check this out. Pocket Pixel has a question and I want to like follow up on it too. The most popular AI tools right now is Claude Chat GPT and Gemini. I, I would agree that these are the most like marketed tools for, for different like specific niche industries. There are other tools else. One thing that I heard and I like, I'd like to have like a little conversation about this, I attended, I went to Cisco Live this week. Okay. And I, I posted like every day like my recaps and stuff. So if you're interested in that, I, I think they're really cool. Go check them out on LinkedIn and I, I actually want to show you my like wrap up for the whole event video in a minute. But I attended a talk that had the head of, of security at Cisco and the product security lead at OpenAI. So like not just some dude that works in open AI, like one of the guys who's in the room like that you need like clearance to get into and they asked the question how many times a day do you use AI Right? Like personally, like how many times are you engaging with AI? And the joke got around to the open AI guy and they're like oh like you must use, you must use Chat GPT all the time. And he said I don't use Chat GPT hardly ever anymore. I use Codex. And everybody's like oh yeah, Codex. I've never heard of Codex. I didn't want to be the goober in the room who's like excuse me, what's Codex like? But have you heard of Codex? Do you know what Codex is? Break it down. Because according to this guy and this guy was like former NSA and seems like a wicked sharp dude. Like if he's using Codex all the time, I, I think I need to look at Codex and, and, and understand it. What is it? Fetus?

D

Yeah. So I can't go deep into it. I have my developers reviewing it. I have one of my AppSec folks taking a look at it to see how it can be used and how it can play. So it showed up in my research. It's on my backlog of things to go through. So I will be researching it with you. But I've seen it show up at least a half a dozen times and AI requests and people have following such as you. I see. Hey, I've just did this in Codex. I'm like, okay, let me go look at this. And I add it to my notepad and then I never get back to it. But no, I have heard of it. I think it's similar and I could be wrong. I've been using Cursor for my own and stuff. But if you've got like I keep drawing a blanket. It's Wind Surf, I believe is what the commercial version is. So Codex and Windsurfer are like quick development tools to allow you to quickly build a platform from end to end and then you start plugging and playing your, your logging, your, your APIs, Etc. Yeah, it's their coding platform. So that's what it's similar to Cursor or Windsurf.

A

So yeah. Okay, so that, that sounds right. Codex is Claude code. It's basic. It's kind of funny how. Isn't it funny like just from a business perspective how if you like. For me, I love, I, I don't know, I just love learning Fleetus and like when you look at like the market and when you start seeing you get old enough, you see patterns and stuff. Open AI and Anthropic are clearly the two biggest titans in the room on this AI thing. And they were both like crazy doing their own thing and pushing boundaries and stuff. And now it's turned into an arms race. Right? Like one release is Mythos, the next one releases Cyber55, one releases Claude Code, now code like it's like they're, they're competing on features now instead of just trying to be innovative. And maybe they're innovative in the same direction, but it's just, I just find it funny now that like the project Glasswing was the, the friggin Claude Mythos kind of thing and then Open AI had one, I forget what it was called, but it's like they're, they're tit for tat. Their. Microsoft and Apple are their.

D

And then everyone and you see it in cold brews is putting their own cowork. So every one of them has put a cowork platform out. So Microsoft has theirs, Claude has theirs. So they're all to your point trying to like mirror. It's just like when Chevy put out this feature, Ford had to put it out when like they're literally following what the Automotive industry or Samsung and Apple if you want to go with something that's more technical like Google Pixel versus the iPhone, like they're, they're literally just trying to catch each other and if you're already in this ecosystem, which most people are, they just stick with it. So that's why I was talking about earlier. I can use Azure AI Foundry as my codex and then I can pull in Claude, I can pull in Gemini, I can pull in OpenAI into the foundry because I can select what model I want to use because I'm using the Foundry from Microsoft from commercial.

A

And this all checks out because like the, the product security lead that Open AI who was talking about this like he, he seems like a really like a really sharp guy. But I feel like anyone that was like deep level NSA Tao operator, like the kind of person who's like thinks in assembly like they're just naturally drawn to programming and coding platforms and stuff like that. So it all totally checks out. I think my my day three retrospective doesn't drop until 10am so I'll have to share that afterwards. But keep the questions coming. I'm here join with Fleet Fleetis post in the third myself this is Cyber Career Hotline. We're just here to help out answer questions. I saw Zemif ask earlier if we're gonna do the, the mentoring session on Discord. It's the first of the month. I know it's on the calendar zmf. I may have to punt or reschedule or, or find someone. Like my whole setup melted down. Like I've, I've got, I've got a lot going on right now. Like a lot going on and I, I could really use the hour. Like I'm going to Georgia on Sunday for a week and it's not just to like work remotely. It's like to find a house and potentially do a bunch of things. So I, I may have to punt. Just basically asking for the community to grant me some grace because I could use the extra hour basically. Dude, I got home late last night. I made dinner at like 8:30 or 9. Like my son woke me up at 3:30 in the morning to ask me to like install an app. I'm like again, I don't know if you were here Fleetus. I was like why are you. I, I like rolled over. I'm like go to bed. Like what are you doing? Yeah, summer break is crazy right?

D

Yeah, I just, I took my son to a bananas game. It wasn't the Savannah Banana as it was their farm or their sister teams. And then I came home and he's like, let's turn on the Hurricane game. Because the, the hockey.

B

Oh yeah, yeah, the cup is going on.

D

So I stayed up for that. And then to your point, kids are like, it's daylight outside. I'm like, no, it's not. Yes, it is, but no, it's not. Go, go, go away.

A

Yeah, yeah, yeah, yeah, yeah. 100, dude. 100%. Also like, hey, if you have questions, drop them in chat. I just want to share a couple other, like, small things. One, I only go. I go to Vegas like once a year. I don't, don't. I don't like. I really like the people of Las Vegas. Okay, so let me qualify that. Like, the citizens of Las Vegas are cool and I really enjoy them. I don't like gambling. I don't like cigarette smoke. And I gotta tell you, I've been going to Las Vegas Black Cat DEFCON for like, 14 to 17 years. I'd have to like do the math. But it has changed dramatically. Like the casino, like Mandalay Bay, where I had to walk through, there are, are far less table games and slot machines. Like they're, it's, it's, they're clearing it out and it really. And there's like no cigarette smoke. No one's smoking butts anymore. It really feels like there's a major shift going on to experiences in entertainment. Like they're building a baseball stadium. They've got almost all the major sports teams. The sphere is popping off like it really is more of an experience destination than a gambling destination. And I know a lot of people are pointing to like, you can gamble on your phone now, so what's the draw? It doesn't really. I've never really felt comfortable walking up to a gaming table. I didn't really want to gamble anyways, but. So anyways, just interesting. Major transformation.

D

I was just out there in J. Or just up there. I was out there in January for the Consumer Electronics Show. And it's all the same thing. Like certain tables, certain machines didn't turn on until a certain day. Like they used to run 24 7, 365. And they were, they weren't even staffing half their tables Monday through Friday until it was like three or four o'clock and then there. They mainly wanted you there to go to their night show. Whatever casino you're at, whatever show they were promoting that night. They wanted you to gamble an hour or two before go the show, come back, gamble into the morning and then they shut it down again and then they restarted again. Wash, rinse and repeat. So I see the same thing. Yeah. With the baseball stadium. They've got the Raiders out there. You've got the Sphere. The Sphere is amazing. If you haven't done it, I would recommend going to Vegas just for the Sphere. Like whoever hasn't been there, I went out there for. They. They did the keynote for the consumer Electronic show and then Gwen Stefani performed afterwards. So seeing a live concert in the Sphere was also impressive because they changed the backdrop for every song of hers. So you get a net new experience for every song.

A

Oh my God. Yeah. The Sphere. The Sphere is cool. The Sphere is very cool. If you get a chance to go, it's very cool. I attend. I saw a movie or something there.

D

They also had, I think the. They had the Oz playing when outside of the show. So like that would have been pretty cool to go back. Some of the students I took went there, but I didn't go back over.

A

Yeah, it's basically a huge movie theater. I will say if you're, if you're one of the lucky people who grew up in Boston where the Museum of Science had the Omni Theater, it's very. It's like a massively big, big Omni theater. But like if you've already been exposed to the. Essentially when the screen goes past your peripheral vision, you get an immersive experience, which is pretty cool. All right, We've got about 13 minutes. Questions coming in. If you have any questions, please share them. We're super excited to help you. That's the goal here. Fleet is posting the third has been working in industry for a number of years. He's leading an information security team currently. I've also got 20 plus years of experience and kind of go around, do a lot of things. Fleetus, do you have. If you have questions, drop them in chat. I will answer them. I don't currently see any outstanding questions. Oh, actually I do. I'm sorry. Straw hat sex says I'm ready for SEC plus working on my personal branding. So can I get more responsive in rejection. And email saying even though you have impressive background for trends to move on with another people.

D

So that's. That's an automated background by the way. So that statement right there, I hate that statement with a passion. I've told my HR team to stop doing that. There's not a question here. I don't think. I think I'm just going to cover my. I'm going to put my old man for going after Go for it.

A

I'm going to give you, I'm going to give you a bigger audience here. There you go.

D

So I hate and I hate the strong word but we need to stop putting. You have an impressive background, but I'm moving forward to know the candidate. There's nothing beneficial with the, that automated generated email because probably all of us were qualified. So I know you're moving on. That's, that's a stereotypical thing. But at the end of the day you could have handled that differently and I understand we get thousands. Again, put my HR hat on. My, my hiring manager had that mean it's fine. But the human FireWall or the HR firewall is just bad in 2026. It's been bad for years. It's just getting worse when I can get an automated rejection with at like 2am I know a human didn't look at this because there's no reason you would reject me at 2am or at Sunday afternoon unless the recruiter is just working through the weekend. But keep pressing on. Straw hat. We've talked before me and you have bantered offline so I appreciate that as well. Don't. You're not responding to them because most of the time they're coming from a no reply email. So really what you're going to be end up doing is just staying in contact with the business. Stay in contact with the people you met because hopefully you were interviewing with companies you already have contacts at. So if you have it, friend them, connect with them, stay in touch with them. Especially if it's an organization that you want to work for. But that's where I would take this right here. I wouldn't be trying to respond. I would just reach out to the contacts you made. Stay in contact with them, Check in with them every 30, 60, 90, 120 days. Especially if it's a company you really want to work for. Because you probably heard me say here and others, pick three to five companies you want to work for in your career and follow them. Keep following them. Connect with people who take jobs there, interact with them, check on them, ask them questions. So if and when or not if, when you get an interview with that company, you sound like an employee. I've said this three times on this podcast today, you sound like an employee. The closer you sound like me, the better you're going to get. Especially as we talked last week with Bowtie Security. I have unconscious biases. If you can connect with me or connect with the company which I secure, you got a subconscious tally in My book. Because you now sound like a peer, not a candidate.

A

Exactly. It's another, it's like a mentalist type way to, to stand out without being disingenuous. I just, so everybody knows, I literally just posted on LinkedIn. I, I, again, I don't do this often, but I, I'm kind of excited about it. So I just posted on LinkedIn in a post, which I pinned in chat here, a post about my retrospective on Cisco Live. If you guys want to go check it out, it has like a little video. Have you been to Cisco Live, Felitus? Okay, so this is, this is the video. I just want to show you this ridiculous hero shot that like I got a lot of weird look at this stadium. Dude, this is insane. But they, I, I went up on that stage after the thing right here like my hero shot. There's a ton of people looking at me like I was an absolute lunatic. And my, the guy was videotaping me. He's like, just do it. Just do it. They had dogs and everything. Anyways, go check it out. I'm super excited about that particular experience. I was, I was, I was actually very pleasantly surprised. Like the expectations I had of what I was going to do versus the reality of what I did was quite cool. And, and have, do you, have you met Joe Marshall from Cisco Talos Fetus?

D

I have not.

A

Okay. He's a, he's a longtime community friend. He comes around like, like a carousel. Like he doesn't show up often but when he does he's, and he's heavily involved at Cisco. He's a principal engineer now, which is a big deal. And he's actually going to come on. He does a lot of work with nos, so like organizations that don't have a lot of money that deal with like really serious things like like, you know, human trafficking or you know, war torn countries. He's going to come on and we're going to do a back doors and breaches tabletop exercise live event where chat's going to be, you guys are all going to be the ones voting on what we do. And we're, we're also going to try to pair it as a fundraiser so try to raise some money for like the Red Cross or USAID or any of those things. So that's early planning. I talked to Joe yesterday about it, it. We're both pretty excited, so stay tuned for that. I'll also try to get him out to Simply Cybercon. No pressure Fleet. So you come to Simply Cybercon if

D

you accept my cfp.

A

All right, all right, well, okay, there we go.

D

My goal is to come. Yes, my goal.

A

All right, good. Escobar Blue says, how do you, how do you secure agentic AI and nhis within an enterprise environment? Do you have some resources around the topic?

D

So that's a one.

A

I'll let you go first, but I just went to Cisco Live where like they literally. I spent hours looking at this thing.

D

More and more vendors are coming out with this. So first let's go with your second part. The non human identities, you gotta, you gotta know who they are, you gotta know where they're at, you gotta know what do they have access to. You need to be able to track those. So if you're. And let's just, we'll just use Microsoft because that's where I'm living right now. You gotta get into your Azure. You need to know over your identity, you need to know who they're assigned to. You need to need to make sure that they've got proper securities. Then you need to make sure that you have vaulting in place to secure those creds. So when you're putting your managed identities in place that you have a kms, so a key management system that you're working through that the agentic AI. Again, this is tough. Depending on your organization, you're going to have to do with little to no funding. And I'm going to wait to hear what Cisco has to say because I've talked to a few other major vendors similar to them and what they're doing. But. But it's all about segmentation, it's all about workflows, it's all about putting guardrails in place and gates just like you would for a developer. You do the same thing with the AI. You allow it to go so far and then it has to stop. The only other problem I'm running into, and this goes back to my model build materials comment is I don't know until I get the bill how many tokens I'm burning. Like I can say I bought this many tokens, but until someone can help me understand that. The Name field is 10Tokens. This query is a half a mil token. So that's a big query or it's 10,000 tokens. So getting that tokenizer piece. So you know when you deploy the app, because we've read some stories, I don't know if it was covered here, but Tesla and two or three other companies ran out all their credits in Q1. They burned through all of their credits in three months instead of 12 months because they let their developers spin up thousands of non human identities. They were doing UAT testing with these agents and they didn't pay attention to their spend. So not. I didn't ask your question directly. The resources out there is go out to your vendors. Your vendors are talking about this. Every vendor you have will have something to say about this. So just talk with your reps, figure out what you're licensed for which you're not licensed for. If you don't have a vaulting system, look at Cyber Arc there Cotta, look at others and see what they're doing to help you with the vaulting piece. If you can't use Azure or AWS's internal key vaults.

A

Yeah. So one term that I heard at Cisco Live for the first time but it was being thrown around quite a bit, it was buzz and buddy is a term called tokenomics. Right. And it's a real term. I borderline was like cringing on it but at the same time I'm glad it's got a term because it really is a thing that needs to be discussed and managed. One thing that I guess we're talking about, spend and managing your resources. Remember this? Okay. If, if you're gonna run Opus4Aid, which is like the newest model to like help you rewrite your email, you are driving a Lamborghini to go pick up milk. Like don't do that. Like use the right model for what you need and you know it's an extra level of effort but like, like you know, take the golf cart to go get your mail. Don't take you know, the gas guzzling F350 diesel super body and with like a boat attached to it. You would never do that. Right. So use the right model. That'll help you with your spend. As far as AI and NHIS go. Yeah. Pletus has got it right. You need some type of like PAM or access solution. There's a lot of products coming out. Island is one. The term observability is, is ramping up up in industry. You're seeing products do that. I bet you I'm going to take a hot take here. I bet you at Black Hat AI observability is the, one of the main themes that is being pushed by emerging vendors or, or existing ones that are introducing new functionality. That's, that's my hot take on that.

D

Yeah. I met with a couple Israeli companies. I'm not advising them but I've, I've been doing, I've met them and one of Them is observability. So we just had a talk on Wednesday morning of how they've added that and how they can observe all the different mcps, all the different non human identities. They can show you that Fleet is suspending twelve hundred dollars on his tokens. So I asked him to drill that down even more and help me understand. Is it because to Jerry's point, that I was using Claude when I should be using OpenAI? And for those that don't know, inside of your IDE, if you've got a plugin, you can choose it. Inside the browser, you can click and choose. If you want Deep Limit, you can pick the model. So change the model. To Jerry's point, you don't have to run every email, every query, every post, every prompt on the same LLM. And I'm hoping and talking to others. I would love to have an API like the AI gateway. So I just type in a prompt and it steers it to the right model, knowing after it reads the prompt, it makes a decision. Okay, this can go to OpenAI, this can go to cloud code. He's trying to develop something. This can go to Opus because he's trying to do Deep Seq decrease re, not Deep seq, deep research. And it can go to Deep Seq if it has to, if you choose to. So every model could be behind a prompt and then that prompt does intelligence and decides which model it goes to and then spits it back to you. Or if it uses multiple models to do so, that the mathematics would be part of one, the the graphics would be part of another, the image generation would be part of a fourth one and it builds it end to end for you. And it interacted with six different LLMs or and three different MCPs in one rack. Tag behind the scenes. Yeah.

A

Yeah, exactly. All right, please, we got two minutes. You wanna. Is there anything. I'm sorry if we did this already, but is there anything you want to share, promote?

D

No, I think I'm okay. I have the Continuum Con Tactical GRC next week. I believe I'm speaking next Friday afternoon. I'm still putting out some content. Again, if you're in the Charlotte area, same with James. Get to know your groups. I'm active in my Issa. I make sure fairly active in my IFC too. We have a few other groups. I have my DEFCON chapter that we meet, that we resurrected this year. Find a place to plug in, start networking. Your school's out. Take your kids. As I said, I took my son, my oldest, to a baseball game that was part of a vendor. They gave me a plus one. He got to come along, I got to network, my son got to watch a baseball game and then so find ways to make it a family event. Find plus one events. Take your part, partner with you, take your kids with you to these events. So it's not just you leaving to do your networking. Yes, your spouse or partner may not appreciate the fact that you're sitting and talking to someone all night, but they're getting a dinner out of it, a sporting event or pottery event whatever whatever. The plus one event is sage wisdom.

A

Again, I don't, I don't do this often but like I'm, I'm particularly excited about this. This LinkedIn post, like a lot of work went into it and I, I, it just, I spent like four days in Vegas and this two minute video is like the encapsulation of it. So I'm just asking you to go check it out, comment on it, provide your thoughts if you have any. I'll just drop a link again in chat on that one. Guys, special shout out to James McQuiggin and Fleet is posting the third coming and joining James specifically did the daily cyber threat brief with, with zero notice, zero prop. I, I my, my whole setup just collapsed on itself and at 8, 8 o' clock I notified mods and then at 8:03 James hopped in and took over. So really, really great kind of firefighter type thing. Community member. Right? Thank you so much for being so supportive to everybody who stayed with us throughout the stream. Thank you. Daniel Lowry, IRL. You can see up on YouTube he's about to go live, do his monster pour and continue the help help of leveling everybody up in the community. Stay tuned to Discord for any updates on the the monthly AMA type thing. I think I might push it just because I, I need to get my crap together. Felitus, thanks so very much for being here. Have a great weekend everybody. Have a wonderful weekend. Thank you. And until next time, stay secure.