B (14:07)

These are the cybersecurity headlines for Wednesday, March 18, 2026. I'm Rich Strofalino. Energy Department to release first cyber strategy according to the acting director of the Office of Cybersecurity, Energy Security and Emergency Response, Alex Fitzsimmons, the U.S. department of Energy will release a strategic plan soon for how it intends to protect the energy GR from cyber attacks. This will supplement the recently released National Cybersecurity Strategy, which focuses on sector resilience. Fitzsimmons said this will rely heavily on public private partnerships. The strategy will also outline areas of investment for defensive AI deployments in the space, with Fitzsimmons noting that we're already seeing an increase in adversaries using it offensively.

A (14:49)

Okay, hold on. So really quickly, the energy sector has been a critical infrastructure category, or if you want to call it that, like one of the sectors for critical infrastructure since, you know, Obama call, you know, basically declared it with his executive order. And every sector is supposed to have its own strategic plan. Shout out to Health and Human Services, who developed a strategic plan years ago. Love you, healthcare. All right, so U.S. department of Energy is putting a strategy together. Remember, the Energy Department or the energy sector is tough because they have tons of legacy technology, tons of operational technology, tons of industrial control systems. It really is its own. It's its own beast, if you will. Very different from other environments. Let's see. Fitzsimmons, who's the secretary of Department of Energy, said the plan for their strategic cyber will focus on how to invest AI to defend. Okay, all right, so AI is coming to secure your industrial control systems. We'll see how that goes with the field engineers out there who, who are already like not interested in talking to the IT people. Now they're going to be not interested in talking to AI. I would love to get Don Weber's thoughts on this or Mike Hulcom for real. In fact, I know I said I was going to make a awareness training video yesterday for that deep fake voice thing, and I didn't have a chance to do it. I ran out of time. RSA next week. You know what I mean? But this would be a really good one to get Don Weber or Mike Holcomb's thoughts on, simply because this is the, the industrial control system. Energy space is very specialized and very unique within cyber security and it has its own, like, attitudes and stuff like that. So if it's Anything like the healthcare sector. I will say this again, I love the healthcare sector. I worked in healthcare for a number of years. If you ever get a chance to do cyber in healthcare, I strongly encourage you to check it out. It is for every one year of, you know, for every one year of real time that passes, you get about three years of professional experience. It's like a, it's like a career hack. And you Also age like 6 years on your body. So just there is a trade off. Okay, but the, the health care sector's cybersecurity strategy is great, but it's very nebulous. It's very big picture, pie in the sky stuff. So I would imagine that the energy sector one is going to be similar. We've been talking for years about best practices. There's probably a NIST special publication on industrial control systems. Let me see this really quickly. I bet you. I betcha. NIST882 Rev3 okay. At this I didn't even know. But of course, of course NIST has something because it's the best. Obviously. I wish I had an obviously. All right, so check it out. Oh wait, you guys are looking at me. Look at this. NIST Special Pub 882 Rev 3 Guide to OT Security. Originally written in 2015 Rev 2, which means Rev 1 was even earlier than that. Let's see when Rev 1 was. Yeah, I know, it's Rev 1 was 2013, bruh. Okay, so this is as of September 2023. So this document's only a few years old and it's telling you how to provide security approaches to operational technology while not compromising on safety, performance, reliability. Okay, so here's my point, here's my point. And this is, by the way, for thrills with Miriam and other first timers here. I. My entire promise to you is that I will go beyond the headlines and give you additional value that you won't get anywhere else. You're not going to get in a textbook, a classroom, a pot. I mean, this is a podcast, but this is a special podcast. All right, here's what I'm saying. The energy sector secretaries releasing a cyber strategy. Okay, but dude, for over a decade we've had tactical implementation guidance on how to secure these things. So like, is this moving the needle? No. Is it a good idea? Sure, sure, sure, sure, sure, sure. But for the people who are turning wrenches and clicking on keyboards, this has already been there. You can already take action. You didn't need this to drive you. Okay, Maybe you could use this to get the executive's attention and, and use them to help fund your cybersecurity program. But for the most part, as far as I'm concerned, when I read this, I'm like, cool story, bro.

B (19:59)

Next, tech giants sign on to fight scammers. One of the pillars of the new US Cybersecurity strategy is a greater public private partnership to combat transnational cybercrime organizations. We're seeing that with the Energy Department. This is an extension of this larger strategy. We're already seeing one example of this in practice. The online services accord against scams was signed by some of the biggest names in the industry with Google, Microsoft, Meta, Amazon, OpenAI, Adobe and match Group all on board. This accord calls for increasing information sharing about scams seen on their individual platforms, both with others in tech and law enforcement agencies. Each company is also committed to deploying new fraud detection tools and introducing new security features to users, then sharing any best practices from those with their fellow signees. It also calls for clear reporting mechanisms for users. The accord is voluntary with no enforcement mechanism. Font.

A (20:55)

Okay, I love this. I love this. And at the same time, it like, kills me that this hasn't already happened. Listen, this, the story is that retail businesses are going to share intel to help curb attacks. Okay? Like, fine, fine, fine, fine, fine, fine. All right, let me, let me tell you what's really gonna happen here. Okay? Number one, there's definitely an uptick in activity. We just reported yesterday. There's a 245 increase in cybercrime since the start of the Iranian excursion. I say that with absolute derision in my voice. So obviously retail is, is going to be included in that scope of attack. Large organizations are get a huge plethora of telemetry around attacks. People like Amazon, right? Like, obviously they are a huge marketplace. Best Buy.com, i'm sure is in there. Staples.com like all these large, large Fortune 500 companies. And when they get attacked, they, they have TTPS, they have indicators of compromise. They can share that. So the retail businesses are sett a voluntary thing. Here's what I will say. If you work in retail, you and you have an online storefront or presence, you absolutely should get in on this. This is a great idea. Okay, now let me tell you something else that's like the reality of that. Okay? Let's just pretend. And again, this is something that like, you would only know if you've literally sat in the seat, okay? Tech, retail, they're going to share threat intelligence. Amazon's getting hacked and you're going to Find out about it because you work in retail too. Cool. Fine. Let me tell you how difficult this is in practice. Number one, we already have ISACs, information information sharing and Analysis Centers. These things have existed for years. Okay, National Council of icex. I'm going to drop this in chat really quickly. Okay? Boink. Go ahead and look at that. Now let me. Let's look at these. Sector ice. We have American chemistry, automotive, aviation, communications, natural gas, elections, electricity, financial services. By the way, you'll notice that there are several energy sector ones. Again, Secretary of Energy. Cool story, bro, but we've already got it handled as a side story. Okay, Financial services, food and aggro. Somebody get Kathy Chambers on the line. She's got to get in on this. Healthcare. Two healthcare ones, which is great. Maritime. Sure, sure, sure. National Defense. Public, Real estate, Research, Retail. Hello. Okay, so my guy, this has already existed. So again, like, I hate, I hate that they are taking something. It's like taking a, a present you already got and wrapping it up and handing it to you again. Like, like stop, stop building new bridges and start repairing the existing bridges. Like it kills me. Like, I'm all on board for this. Cool, let's do it. Fine. The problem is A, it already existed and B, with all of this retail telemetry that's already coming in, are people doing anything with it? Dude, if I turn on a fire hose, a threat intelligence telemetry and spray it at your face, are you going to do something with it? Do you have a SIM to ingest that threat intelligence? Do you have a security operations center that can detect a problem coming from that threat intelligence and make it actionable? Can you operationalize this? Like, the problem is it sounds great in Oppressor where you're like, oh, oh, we're going to tell everybody all the things about all the attacks we're suffering. What do you do with that information? It's, it's not trivial to operationalize that. It's actually quite difficult. And if you tell me you're going to turn on taxi and sticks and ingest threat intelligence into your sim. Fine, fine, fine, fine, fine, fine, fine, fine. You go ahead and ingest all that stuff. What are you going to do with it? Do you have orchestration? Are you going to open JIRA tickets? Are you going to have someone who's watching the sim to see when bad happens? It's hard. This is why Security Operations center analysts is a job. Because it's hard. So like, keep doing this. Thank you. But like, let's all pump the brakes on how instantly this is going to stop global scams. It's hard, all right. Anyways, I'm passionate. Like, my, my brothers and sisters in arms across the socks everywhere are like, just like, they're just like, bro, please, I'm tired. I'm just tired, boss. I'm tired. And they're like, no, no, it's cool. We got a ton more threat intel coming. Stop all the things. All right.

B (26:11)

Rendering hides malicious commands from AI in plain sight. Researchers at LayerX released a proof of concept attack that uses custom font remapping and CSS to fool LLM based tools while keeping a payload in clear site in the browser. This takes advantage of the fact that an LLM looks at structured text rather than a full page render. AI tools scanning the PoC's HTML only see meaningless unreadable content, but when it's rendered, it shows malicious instructions for a user. LayerX found the approach worked on most major models from ChatGPT, Claude, Copilot, Gemini and Grok. Layer X presented the findings to vendors in December, but most found this issue out of scope, saying it was a social engineering attack with only Microsoft accepting and addressing the finding. New.

A (26:58)

I love how like fan fiction, Fan fiction is like the, the web page that they chose to do. All right, so this is, this is a very cool attack. This is not anything new. I mean, I guess it's new because a dude, this picture is like fever dream all day long. Okay, shall we play a game? All right, calm down, Joshua. All right, so check it out. Here's the deal, all right? If you put in malicious commands, like, not even. This is not prompt injection. This isn't about attacking AI. This is like, like, let's just say like doing a click fix pop up. Okay. If you train the AI tools to look for malicious code, right? They'll detect malicious code. That's fine. Humans have been taught to like, look for weird. So threat actors use, you know, like obfuscation techniques in order to hide stuff from humans. This is the same thing. I mean, shout out to the security researchers for doing this. It's very cool. But effectively what they're doing is they're spraying the, the malicious command kind of throughout the web page, but not, not on the front end, like on the back end, right? And then I'm assuming there's some type of JavaScript function that reassembles the malicious command once it, once it's to, you know, deploy onto the endpoint, so, you know, it's bypassing the AI analysis. So let's see. Really Quickly, AI tools analyze the pages HTML and see harmless text. Okay, but they don't check the malicious instruction rendered to the users. Exactly. So they review the page, they look at the clear text, they don't see anything dangerous. And then the JavaScript function, I assume it's JavaScript, by the way, the JavaScript function assembles the command and then boom, detonates it. Tough act. And 10 acting. Okay, look. Encoded payload string. Perfect. Reads raw HTML sees gibberish. Blob sees Dan Reardon's fan fiction, his Baldergate 3 fan fiction. AI says it's safe, no problem. Let's go. And in reality, the rendering engine, the thing that makes your web page look like a web page will it says remaps, glyphs, but essentially it is assembling the malicious command. So this is great. I mean, honestly guys, I'm not going to develop this myself, but what I would say is basically you just, just move AI up. Just move the AI from reading the web page to reading the web page and looking at any commands being pushed to JavaScript. Like, I'm not saying this is trivial to fix, but like, bruh, it's trivial to fix. Okay, I guess I am saying it. So you know, hey, Chrome, I'm looking at you, Chrome, Google, throw some of your infinite money cheat code at having the AI look at JavaScript before it runs commands. And I, I told my students this at Citadel yesterday. Guys, here's the deal. You can have, you can have malware obfuscated for days, right? You could literally have one string of malware take 300 gigs of, of of data because it's just super obfuscated, right? At the end of the day, it has to be, it has to be assembled if it's to run on your machine. So right before execution, that JavaScript, that command, that PowerShell, whatever it is, it is going to be assembled. And that's where you can see it, right? You can see it. This is how signature based anti malware solutions work. They look at the freaking fingerprint of the hash before detonating or not detonating before executing the process. Okay? Now again, signature based anti malware sucks in general, but my point is they can do this. They can solve this. We have the technology. Okay? Thank you, Joshua.

B (31:08)

Spotted for Leaknet. The Leaknet ransomware operation has been active since the end of 2024, but it's expanding its bag of tricks. Reliaquest spotted the group using a bring your own runtime attack using the legitimate open source deno runtime for JavaScript and TypeScript to deploy a malware loader. The group first gains access through a clickfix social engineering attack. Then it uses the Deno based loader to load a JavaScript payload into memory, thereby minimizing forensic evidence. Once executed, the malware connects to a C2 server to extract a secondary payload.

A (31:41)

Oh, and now rich straw felino, you minx. Talking about second stage payloads. Behave. All right, check it out. But by the way, second stage payload, those happen all the time. If. If the first stage works, guess what? You can have second stage, third stage, fourth stage, you can wear those pants. Because if the first stage works, you. You are pwned. Okay, so Leaknet ransomware. New threat actor group. I've never heard of Leaknet ransomware. Welcome to the party, pal. All right, so they're using click fix like again, like, way to get on the bandwagon, bruh. And what are they doing? They're deploying malware. All right, so here's the deal. What do we got here? This is a quick fix to prove you're not a robot, I. E. A captcha. Okay, guys, Captures, right? Really quick. First of all, if you don't know what a click fix attack is, let me. I'm super excited to share this with you, okay? Because you need to know, number two, if you do know what it is and you're about, everyone in chat's about to know what this is. You should absolutely be educating your end users about click fix. This is the attack of threat actors today. This is very like, oh, bro, that's so 2026. Oh my God, Becky. Look at her click fix. Like, you have to know this attack because it is hyper effective and threat actors know it. Essentially the capture, right? Like, click on the crosswalks, click on the bicycles, move the puzzle piece, Solve this math problem. What letters do you see? Those are captchas, and they prove that you're a human. Okay? That's what they're attacking here. They know a human is going to see this and take action on it. What they're having you do is hit Windows key R, which will pop open a command shell. I mean, not a shell. It'll. It'll pull up a command prompt text. Jesus Christ. It'll do a start run box for you to run. Run a command, okay? Then you hit control V. They've already written a PowerShell command to your clipboard so the. The victim isn't going to see the PowerShell command. And then they have you hit enter, effectively running that PowerShell command. So you're running PowerShell on your own box under your own user's permissions and boom, dude, you are pwned. And I don't Even know what 80s 90s references I'm making at this point. I'm just all over the map right now. Anyways, you can, you can disable the execution of PowerShell for users in your environment. You probably can use a GPO for that. That's a good step. Number two, educate your end users not to do this. Number three, if you can, you should be getting updated updated indicators of Compromise for known IP addresses that would be hosting the PowerShell download. Like basically when you hit Windows key R control V enter, you're running PowerShell. But in this attack and very other attacks, it's pulling down a second stage payload or a first stage payload and detonating it on the box to take your machine over. So preventing reaching out to those known malicious infrastructure again. David Bianco's Pyramid of Pain Love myself some David Bianco Pyramid of Pain will have you know that changing IP addresses is incredibly trivial or it's easy to change. So not a solid defense strategy by itself, but you know, there's a couple different ways. And finally, dude, I'm telling you, if you just tell your end users not to hit Windows key R like even like do I. I know I can't show you on stream, but like let me see if I can Windows key R command box. I could probably show you a picture one, right? Yeah, bruh, right here. Like literally show, like put, put this in your email to your end users. Hey, if you see this, don't do it. Period. Full stop. If you see this, don't do it, I'll send you a cookie. You see this and you don't do it, call me. I'll come to your desk and give you a high five. A crispy high five. Okay, Click fix. Man, it works

B (36:08)

huge. Thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Attackers don't need malware anymore. They need trust. Set a simple passphrase for high risk actions like wire requests or urgent account recovery, especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs, deepfake and phishing simulations so employees practice this before it's real. Learn more@adaptivesecurity.com

A (36:45)

all right, here we go. All right, all right, all right. Hey, Hala, Hala, hala. For those who are. Hold on one second. So for those who are watching on replay. I've been playing the Simple Mind song during the mid roll which I have to cut out afterwards for copyright reasons. So if you're watching on replay and you want to see the mid roll, put a comment in the comments and let me know. And I I am dude. I live simply cyber core values support inclusion and empowerment and by having to cut out the mid roll, that's not very inclusive, is it? So just let me know. I'll do the best I can. It's. It's definitely something a balance that I'm dealing with. All right guys. Hey shout out and thank you to the stream sponsors, Threat Locker, Anti Siphon and Flare. Definitely appreciate them and all the support that they do. Again, links in the description below if you would like to help the channel. If you like what you're seeing up here, if you like what I'm doing and you want more of it, use the links below. I I like the stream sponsors personally. So worth checking out. All right guys, every single day of the week has a special segment and where's my Way Back Wednesday, bruh? Hold on one second, hold on one second. It's not this one, it's not this one, it's not that one, it's not that one. There it is. All right, every day of the week has a special segment and Wednesdays is way back Wednesday, we kind of kick it old school for you Gen Z people. You're living it for the first time. For some of us, we're reliving it. Guys, thank you to DJ B Sec and Dan Reardon, AKA the Haircut Fish, for helping with this week's Way Back Wednesday guys. Apparently way Back Wednesday, get ready to feel old. First of all, GameStop, right? I used to like going to GameStop, but now I do not like going to GameStop. But GameStop is officially applied retro classification to the PlayStation 3, Xbox 360 and Nintendo Wii U. Retro guys. You know, it's bad. Like I didn't even have a PlayStation 3. Like I was PlayStation 1 all day every day. But yeah, you're this old PlayStation 3, Xbox 360. Let me know in chat if you. If. Yeah, I never. I didn't have PlayStation 3 or Xbox 3 360. I was a PlayStation 1 guy. I wasn't even a PlayStation 1 guy. My brother owned a PlayStation. I used his. So anyways, shout out. Also GameStop. You know, I used to like GameStop. You go there, you dick. I'm. Oh my God. Sorry. You screw around in the five dollar Bin. You know what I'm saying? So, yes, Atari. Dennis Keith's got his Atari. I will tell you. Atari 2600 was a backup contestant for the Way Back Wednesday. Oh, man. This is where it was. You had an Atari 2600 shout out and chat. Got it. Dude, what an. What an awesome nerd thing. By the way, just really quickly looking at this, I remember this, but like, dude, like, they like, just. They basically had dip switches, right? Look at these switches, guy. Dude, I loved it. I loved it. By the way, for you Youngs, yes, that's black and white. That was an actual option at one point. All right, so thank you all so very much for Way Back Wednesday. I hope you enjoyed the segment. I, I really. I'm enjoying the Way Back Wednesday segment. I'm always open to feedback. Ross gave me some feedback at Zero Trust World on Worldwide Wednesday, which I appreciate. But right now, what I want you to do, thrills with Miriam and other first timers, just close your eyes and let the la la la la's wash over you. Let's go. Marcus Kyler, Alpha Sierra, wherever you are, let's go, La. When you walk and listen, if you're in your kitchen singing right now and just feeling it lean into that, you can do that. Enjoy yourself. Treat yourself. All right, let's finish.

B (41:47)

EU hits Iranian threat actors with sanctions. We've covered a number of cyber attacks from Iranian linked groups and now we're seeing an array of policy responses. The European Union issued new sanctions against the Iranian company Emnet pasargad back in 2023. Microsoft found the company stole and sold data from the French magazine Charlie Hebdo on illicit forums. These sanctions freeze assets of the company held at European institutions and bans EU businesses from interacting with them. The EU also issued sanctions against two Chinese firms. Integrity Technology Group was sanctioned for targeting critical infrastructure and selling information to Hack for Hire Services. And Axon Information Technology received sanctions for taking part in the Flax Typhoon attacks on EU institutions.

A (42:31)

All right, China, dude, don't mess with. Don't mess with sanctions. Okay? So essentially this company, eminent Pasar God, has been sanctioned and banned from doing business. I suppose with countries in the European Union, which is, you might be like, oh, big deal. But like, I mean, guys, if. If you can't do business with like an entire continent, effectively, that's problematic, right? Obviously, like overnight you just like lose a bunch of business. It looks like. They also sanctioned a Chinese company for a very similar reason. Department of justice in March 2025 indicted 12 people involved in These, this company, Cyber attack. Okay? So basically private sector companies are getting in on nation state backed activities. This is nothing, dude, this is nothing new, okay? Like, and I'm not even gonna like throw shade at, you know, America's perceived adversaries, right? So like, I'm not just gonna like dunk on Iran or, or Russia or China right now, although, but we can like the nsa, dude. In Nicole Pelroth's book. This Is How They Tell Me the World Ends. Hold on. Simply Cyber IO Books, if you want to get my reading list. This Is How They Tell Me the World Ends. Okay, this book right here, solid read. I can't recommend this book enough, okay? She reports, and this is a fact. People who work at the NSA that develop weapons, cyber weapons, okay, they don't get paid very well at the nsa. So what they do is they do their service, then they leave the NSA, they drive down the beltway about 10 minutes, they go to a strip mall, they rent one of the storefronts at the strip mall, and the three guys who are there continue to make cyber weapons and they sell them to the federal government for high dollars. Okay, so it's not news that a government reaches into the private sector for cyber capabilities. Look at NSO Group, okay? You know, if you want to like, throw it, throw an Israeli based one, okay? Again, I'm not trying to pick and choose like which countries are good or bad, but NSO Group is a Israeli based, you know, private company that makes spyware called Pegasus. And they're supposed to be for law enforcement only, but, oh, wouldn't you know, if you got money, you know, you can, like people have figured out ways to get Pegasus for non law enforcement use cases. Okay? So in the same thing can be said here in this example for China and Iran, European Union is sanctioned because Iran was using private sector companies to help execute cyber attacks on behalf of the country. Same with China, all right, and the Department of justice got involved. So this isn't new. It's basically these companies. There is enough evidence to support that they are actively involved. And one of the tools of power that first world countries have is economic sanctions, okay? If you look at, there's this thing called dime, there's, there's four ways and only four ways to influence through your national power, okay? Diplomacy, right? You know, we'll help you out. Like look at China's Silk and Belt Road initiative or whatever it is. That's diplomacy, okay? We'll build you an airport, you be friends with us. Number two is information, right? Which is where the cyber people live. Three is military, which we're seeing currently in many parts of the world. And four is economics. D I M E the dime dime. Diplomacy, information, military, economics. Those are the four levers of power that we have. And the economic one is a very effective. Look at North Korea, guy. North Korea's got to steal their money all over the place because they are sanctioned through the gills, right? So yeah, these, this Iranian company, these Chinese company economic sanctions, what does this mean for you? Nothing. Like, unless you were doing business with these companies, you're fine.

B (47:02)

Nexus dwelling for years in military networks, New researcher Palo Alto's Unit 42 found that a China nexus threat group breached the military networks in Southeast Asia as far back as 2020. This used at least two novel backdoor malware variants and a version of the GetPass credential stealing tool. The attackers used this access for highly targeted intelligence collection, looking for specific files on military capabilities, organizational structures and collaborative efforts with Western armed forces. The operators use multiple Dropbox accounts as dead drop resolvers, allowing them to post to legitimate services with embedded domains to hide activity. The researchers say the custom malware and focused approach indicate a highly sophisticated threat actor.

A (47:46)

Yeah, highly sophisticated. China's awesome. Okay, like, dude, if, if, like this is going to be a drink, by the way, like FedEx used to have the motto if it absolutely needs to be there overnight or something like that. That was like their slogan. In my opinion, if you absolutely need to have espionage done immediately, you call China. There's no, there's no one better. At least, at least that I'm aware of. America's very good at intelligence gathering for sure, so they're definitely good. But dude, China's so good at espionage. So good. All right, it's Apollo Alto Unit 42, who is also pretty good. I happen to know a couple people at PA42, so do you guys come on down to simply CyberCon 2026, Folly beach, you can meet some of these people. Not officially in a unit 42 capacity, but you know, simply CyberCon. Hey, registration's open now it's going to be lit. Lit, lit. All right, so check it out for real though. Unit 42 puts out great research. Okay, so if you see a report from unit 42, it's definitely, definitely legit and it's definitely worth your time. All right, so a Chinese state sponsored hacker has been in the southeast, the southeastern government, for years. Okay, Let's see. Dude, they've been in there for almost at least six years. Wow. Let's see what Else operational patience. Yes. Okay. They searched for and collected highly specific files concerning military capabilities Org structures, collaborative efforts with western armed forces. Exactly. Dude. This is a deep, deep seated, high level, you know, alleged Chinese government backed military operation for intelligence gathering. That's all this is. Guys like China wants to take Taiwan or, or claims Taiwan is their own. China is very concerned with the United States and the way they operate with South Korea, North Korea who is kind of a proxy for China or China and Russia is like very concerned with South Korea and the United States involvement in South Korea. Japan is right there, who is a ally of the United States and is kind of like constraining semiconductor technology exports to China. So China's all about like all of this, so it makes sense that they would be in there. Now another thing, really quickly, my guy, like did we not just watch China through salt Typhoon, Flax Typhoon, Volt typhoon, get into ISPs in the United States, telecommunication systems in the United States and not just like, you know, whatever like local surf, mobile or whatever like they were in, at Verizon, Sprint T Mobile, like they were in the big, big ones. They're very good at this. So the fact that they were there for six years. Yes. In fact I would argue, I would argue that someone in China today is getting their hands slapped and they're being given a very naughty, naughty, naughty because they, they tipped over, you know, something and, and revealed their existence. They've been in this network for six years and because they ran some dodgy powershell command, they set off an alarm and, and uncovered their presence there. So the operation is effectively blown. So someone's, you know, someone's probably getting yelled at at work. But anyways, again for me and you, okay. Ray W699 Dream Logic Al Although Dream Logic's in the Philippines, so this is somewhat relevant to her. But for the most part this isn't impacting many of us here day to day operations. But this is a great, great example of how, you know, nation state level espionage can happen. And the final thing, because again, thrills with mayhem. Our official first timer, Avatar today. Welcome to the party, pal. I want to remind everybody something. Okay, really quickly when we are talking about threats, right, like as a cyber professional, our job is to protect organizations from threats. The threats can manifest different ways, but usually they're the threats motivation or the threat actors. Motivation is what we have to account for. Now listen, when we're dealing with cyber criminals, it's often smash and grab, it's often jiggling doorknobs and Whenever they find an unlocked door, they push in and rob the house, right? So for cyber criminals, they might be noisy, right? Like we can hear them jiggling the door, we can hear them banging on the windows to see if they can get in the house. Okay. And if they can't get in, they go on to the next one. So controls work with nation state. Okay. And again, I'm sorry. Cyber criminals, their motivation is often financial. Straight cash, homie. Okay, so they're looking to get paid today. Can I rob this place and get paid today? No, next place. Because I've only got eight hours in, in, in the work day and I want to get paid today. So let's go, let's go, let's go. Nation state military campaigns they are given mission orders. You will break into this target, you will get this information, you will find out this plan and the military person, those are their mission orders. So if it takes a day, if it takes a week, if it takes a month, if it takes a year, it does not matter. It doesn't matter. They have time. They will slow cook this thing and they will get in, they will do their kill chain to whatever, whatever speed it takes in order to be in the environment, achieve the mission and hopefully go undetected. The entire thing with espionage is to go undetected. If you're doing espionage well, no one ever finds out about it. So just anyways. When you're thinking about threat actors and threat modeling and threat actor motivations and how you protect your organization, my guy, if you are worried about countries breaking into you, you should be. You should have a very mature cybersecurity program because the low hanging fruit isn't going to stop. Highly motivated, highly sophisticated threat actors. Thank you for coming to my TED talk.

B (54:32)

UK CMC looking to expand to the US the UK based nonprofit Cyber Monitoring center opened in February 2025 assessing the economic impacts of cyber incidents in the country with a 0 to 5 scale modeled after scales used for natural disasters. Think something like the Richter scale. This is based on evaluating the financial cost against the estimated affected population. This is complemented with an in depth report on the incident and financial ramifications. In 2025, CMC released analyses of the Mark and Spencer's retail attacks and the Jaguar Land Rover attacks. At a recent event in London, CMC head of operations Ruth Goodwin said establishing a US cyber monitoring center was on its roadmap for 2026 with plans to start issuing reports in 2027. Connie Group.

A (55:18)

Okay, all right, so the UK all right. I'm gonna do my best not to dunk on this. Okay? So the UK has been going buck wild, okay? Buck wild with cyber security initiatives. They have, like a national cyber center. They're doing, like, public services. They're providing. I think they're providing, like, you know, kind of IR services. Like the UK as a government has been going he ham on cyber security the last year. Now they've come up with this modeling scale. I don't know what this US expansion thing is. Maybe to include cyber attacks of US expansion. Here's my thing. They have a zero to five category. So, like, they're trying to treat cyber attacks like national natural disasters, right? There's an earthquake in the Midlands and Lake Murray is shaking, and it's a 2.5. Oh, my God. And then there's like a cat. I mean, is the Richter scale go to 5? I thought the Richter scale went like to 10. Let me see this really quickly. Yeah. The Richter scale goes to nine. My guy. Okay, why am I keep saying my guy? Like, I need to. I need to calm down with that. Jeepers creepers. All right, so anyways, they're having a scale, all right, so we as professionals can say, oh, like, watch out, this is a Cat 4 cyber attack. Two things. Number one. Number one, I. I don't like this. Okay? So let's just get that out there. Number one, when we talk about hurricanes, right? We often talk about, hey, there's an impending Cat 4 hurricane. You know, batten down the hatches and get out of town. When there's an earthquake, it's after the fact, so we can talk about it, but it's not really that good. This is post attack. What was the category? Right? Oh, my God. It was a Cat four. Watch out. Okay, so affected population. I'm down for. Okay, I like affected population. How big was this attack? Good. Now financial impact. Okay, I guess here's my thing. What is the objective of this, right? Is the objective of this to get law enforcement involved, to hold people accountable? Because, oh, it was a Cat 5. It had a billion dollars in damage and it affected 90% of people. Like, the Change Healthcare attack back in 2025 was devastating. Devastating. Okay, But. But for me, if I'm a. Let's just say, for example, I'm a $2 million business and I have five employees and I get hit with ransomware or I just get absolutely hosed, all my machines get wiped, right? Whatever. Whatever the impact is, and I am unable to recover and my business goes out of business. That is devastating for me. Five families, six families, including my own, negatively impacted. Right? People lose their jobs. My clients, my customers lose their services. Maybe it's a small town. It's like the center of the community, right? We were a factory that employed 90% of the town, right? In. In Midlands Kansas or whatever. An entire community impacted. That's not going to show up on this scale. You see what I'm saying? Like, I. The reason I don't like this is because this allows the big boys and the big girls to be able to talk about how big their attack was. But I feel like this loses context for smaller, you know, targets or whatever. So anyways, I, I guess I don't get what the, what the, the deal is with this thing. And maybe, maybe, maybe I'm wrong. Maybe I'm mistaken. We'll see. We'll see how it goes, right? We'll see if this gets adopted. That's the end of the day. Okay, so at the end of the day, we're giving cyber attacks some type of scale so we can communicate how bad a cyber attack was. Okay, that's it. Let's see if it gets adopted by the industry. All right? There's plenty of. There's plenty of metrics and measurements that have not been adopted by cyber security. Go look at CVSS version 4. It's too complicated. People don't use it.

B (59:42)

Targeting Kakao Talk, the South Korean threat intel firm Genion spotted a new campaign by the North Korea linked group Connie. This targets victims with a spear phishing email that appears as a notice for appointment as a North Korean human rights lecturer. This contains a malicious LNK file that installs the End Rat Trojan, enabling remote access and extended dwell time on infected systems. The attackers then use this to exfiltrate system data and access the Kakaotalk app to spread further malware to contacts. These secondary attacks don't just spray and pray to the entire contact list, but seem targeted at specific individuals.

A (60:18)

All right, so a couple things. Number one, I'm looking at chat right now. You guys are hilarious with the My Guy thing. Number two, New Dist. So K N E W D I S T at New Dist says you just don't get it. My Guy. Now, I don't know if you're saying My guy for fun or if you're saying I don't get this CMMC category or CMC UK category thing. And I'm not one of these podcasters who's just gonna, like, bully people in chat because I have a platform. But. But I'm I'm serious. Interested in personal and professional development. So if you are talking about this and that. I don't get this. Please explain it in chat in the value. I would love to understand if I was wrong about this, and it is super valuable, but on my initial take, again, I don't research or prep for these shows. Ain't nobody got time for that. All right, so number two, this infographic. Oh, my. Okay. Hey, thrills with mayhem, first timers here. Let me introduce you to something that we do occasionally because this is. Excuse me, I need a moment. Oh, infographs, dude. Good infographs. So good. Oh, my God. My God. We're gonna have to end the show early. All right, so look at some APT is deploying a rat, a remote access tool through phishing, and they're using cacao talk. When they said cacao, by the way, I thought they said Takal, which is one of Method Man's first album. Solo album after Wu Tang To Cal. Such a good album. Let's see what they do. They do spear phishing. Spear phishing is an attack that's targeted. Instead of casting a wide net, you're targeting a very specific individual, which gives them remote access to the machine. Okay, so they send an archive, which then has an LNK file in it, whatever. And then the person has to have Kakaotalk installed on their PC, which they then weaponize to download second stage payloads. This seems, like, really complicated for no reason. Oh, it's North Korea. That's why. All right, Let's see. I'm assuming Kakaotalk is very popular in South Korea, right? So Kakaotalk user base. Let's see how many people use this thing. 53 million active users. 97 market share in South Korea. Okay, so this makes sense. Okay. For here in the United States. I'm like, what are we doing here? 97% of user base in South Korea is using this. This is a perfect example of threat actors developing attacks for massive attack. Surface and repurpose. Okay, so to what end? I don't really know. After they had successfully fish and get on the box, they then establish persistence, which is pretty standard stuff. All right. The attack's notable because it abuses the trust with compromised victims to deceive and ensnare additional targets. Okay, so this is actually a throwback to. Oh, my gosh, behave. All right, so the threat actor is controlling the cacao talk on the victim machine and sending out all sorts of things. Essentially, this is like sending a telegram message with a PDF. We actually saw this In. I'm going to take you in the Wayback Machine, okay? This. If you're running cacao talk or you're. You are in South Korea, you should definitely educate your end users about this risk of cacao talk. Okay? Period. Full stop. Also, all the. All the best practices around email security, because if you prevent the spearfish from being delivered successfully, you'll be fine. I want to just take you on the Wayback Machine really quickly and look at this. Melissa virus. The Melissa virus back in 1999 spread via Outlook. And it like, I know that this is Wayback Machine, but basically, this spread wicked fast because it would send the virus to everybody in your contact list. And once everybody in your contact list got it, then you would turn around and the new infected people would send it to all the people in their contact list. So Melissa virus spread wicked fast. If you were around in 99 and you remember this like you were working in it at the time, you probably have PTSD from this event. Another one that was very similar was the Code Red worm, although I think that moved through SQL Server. Oh, it exploited at Microsoft is. Yeah, Code Red was another one that was like, gross. All right, Anyways, if you're running Kakaotalk, educate end users. Otherwise, just be aware that, you know, it's a common attack technique to just target technology that is definitely going to be on your victim's machines.

B (65:56)

Remember to subscribe to the CISO series.

A (65:58)

All right, there we go. All right, we did the thing. Couple minutes over. Thank you for granting me grace to go a few minutes over on all the stories. I was definitely feeling myself today. Guys, don't go anywhere because we are going to be pivoting over to Jawjacking. Hey, for you first timers, like Thrills with Miriam and other first timers, drop it in chat. What'd you think of the show? Did you like it? You're gonna come back tomorrow. Did you already turn off because you're like, this guy's a lunatic. Let me know in chat. It's kind of a biased opinion, though, because if you're still here, you must have liked it, right? Unless you're spiteful watching, which is a thing. All right, we're going to continue to deliver value. Where's my Jawjacking link? There we go. We're going to continue to do value. I'm gonna go to 9:30am answering all your questions. I'm Jerry from Simply Cyber. Don't go anywhere. I got you covered. Ever wonder what it takes to break into cyber security? Join us Every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. Hey, what's up, everybody? Welcome to Jawjacking. I'm your host, the smokey voice. Jerry Guy. What's up, everybody? I'm Jerry Guy, your host for Jawjacking. We are going to answer all your questions in the next 21 minutes. Many of you might be coming from that other podcast, Simply Cyber's daily Cyber Threat Brief, hosted by say it with me, that nerd, Dr. Gerald Ozier. Bro, can you calm down about the infographs? That guy, my guy. You're not Gen Z. Get back in your own swim lane, you Xennial. But for real, though, if you have any questions, drop them in chat with a queue. I am here to help you. I'm not here to talk about socks. I'm here to talk about how to level up your career in cyber security. I want to answer all the questions. Let's go. Is it Friday yet? I feel you, Kyle. Code Brew, has Karn officially been sent out to pasture? No, Karn is still there, but I haven't been talking to him. Open Claw is fine, but I don't know, man. I find I. I'm, like, spending more time messing with him than not messing with him for my money. Code Brew, Claude. Cowork, Claude. Code and skills are much more powerful. I was trying to do something with Open Claw to have him give me, like, a daily digest. Not just like, what's the news of the day, but like, here are things you should work on today and here's like, communications that you should do. But I don't know, man. All right, Christopher, Lycia is going to land a job one day. Yes, you are. Yes, you are. Christopher, does NIST837 and this CSF work in conjunction with one another? Mariah Green asks. Yes, in a way. So NIST837 is the risk management framework, and it shows you how you can approach having conversations at managing well, having conversations about risk at work, up and down the stack. A lot of times, at the most, people who look at 837 kind of focus on the information system level instead of like the strategic board level, which is fine. And you are at the information level, Mariah, you're looking at kind of the six phases of like, what, what. What is the data that you are protecting, what is the applications you're protecting? And then what level is that map to? And Then what controls in 53 map to that level and then you know, are they implemented? Do you test? Is someone approved? It's good to go. What I would say is NIST Cybersecurity Framework is a much more practical operational approach to cybersecurity as a capability at an organization. So NIST CSF actually looks at identifying and protecting like so setting up all the controls of all the things and then being ready to detect, respond and recover. So to me, NIST CSF is like how you operationalize it. NIST RMF is a different way to approach it, I suppose. But NIST RMF is, is much more around like implementing controls and making sure that they work, Which CSF does do. I feel like CSF is kind of like more a living, breathing cyber program and how you are handling information security and how you can look downstream and do lessons learned. Why didn't this work? Or why did it take us so long to detect this thing? NIST are837RMF is much more around like we're putting these controls in place because this data is here. We're good, right? And obviously it is an iterative approach where you review. I guess what I would say is you wouldn't use them in conjunction. To answer your question, you wouldn't, you would not use them in conjunction with each other, but you could, you could use them in conjunction with one another. In this way you could look at NIST Cyber Security Framework to determine what controls you should be implementing. Because NIST CSF actually says the controls in NIST853 that you should implement. However, you can use RMF to say, well, we actually have really sensitive information, so we're going to choose the high baseline for these systems specifically and get those additional controls to manage that risk. So it is quite complicated. I wouldn't try to do it this way. I would almost argue that this would be like if you were a very mature cyber security program and you were looking to get very granular around additional controls for very specific data or very specific applications. Okay, good question though. Great question, not trivial. Let's see. Not a question. I'll be at rsa. You've thought, you've thought me a lot this past year, so I would like to buy you a beer. Okay, let's go. I will tell you really quickly, if simply Cyber Meetup is going to happen at RSA, it will be on Monday the 23rd. Monday, September 23, in the evening at Irish Bank. Again, this is not super formal. I'm not, I'm not Super. I. I've got a lot going on at RSA and I'm only going to be there for a little while because I'm trying to get back. My son's birthday is very important to me and I want to be here for it. So this is where here. Pending confirmation, this is where simply Cyber Meetup will be on Monday night, September 23rd. The Irish Bank. It's like in an alley. Look at this. Oh, so good. This is like my jam. Okay. So I will communicate with people. I will be able to firm it up on Monday. Okay. And highly. Okay, let me tell you this. There is like a 99 chance that I'm gonna eat dinner at this place and have a couple beers. Like a very, very, very high chance. So, you know, if, if people can be there. Awesome. All right. All right. Would you consider working in. I am to be super technical? Yeah, I mean, it depends. I mean if you're doing implementations of like single sign on and like active directory integrations and if you're getting into like, you know, applications, like ERP applications which are like, you know, big financial applications and you're getting deep into like provisioning how like a user account is provisioned and what they have access to. If you're getting into Entra ID and you're doing conditional access, yeah, it is technical. I would argue. I would argue to be good at iam. It is a technical role. You mentioned Substack a while back. Did you end up starting one? No, I didn't. Cyber Risk, which I do know people who are using Substack and enjoy it. I. I have, I have tried a couple different. I've. I've made some. I have tried to do some things I've just realized, like in order to do the things I do well, I can't spread myself too thin. So no, I haven't used substack, but I do know people who do use Sub stack and it looks like a great platform. How is Jen Easterly and Pete H? I don't know. I don't know if you mean Pete Hegseth. Is he doing something with Jenny Easterly? Jenny still former director of cesa. I'm looking right now if there's something. Yeah, I don't see anything about that. So I'm not sure what you're referring to. Dream Logic. Where can I learn NIST framework? Oh, well, I got a video for it. I mean, I would say download it and read it for sure would be step one. But like, let me show you. I've got NIST CSF 2 Simply Cyber. Here we go. Here we go. Yeah, I got this video right here. Take a look at this security framework. Look it. How do I use it? I'm about to answer that question for you, Soul Shine. I got a video for it. Here we go. By the way, I love this thumbnail. This video did not perform well. Look at. Oh, I guess it's got 775 likes. 18,000 views. It didn't perform well at the beginning. Soul. Sharon, I'm going to drop a link in chat here. I don't know why Soul Shine didn't come up when I'm doing the symbol, but whatever. Here is learn NIST CSF. And anyone in chat who wants to learn NIST CSF and what it is and how to use it, use that link right there. Okay, I'm gonna pin. I'm gonna pin it. Pin. All right, here we go. I got a PhD offer, and I'm confused that I should take it. Is it valuable now with all the AI out there? I mean, it depends. I mean, I got a video for that, too. Hold on one second. Simply cyber PhD truths. It's one of the first videos I ever made. Oh, my God. Where's this video? Here it is. I got a video for you on that one. PhD, truth. This is six years ago. This is old Jerry wanted to earn your PhD. Look at this. Who remembers this day? Wow. I got a. I got a link for you on this one. Copy. Hold on. Do I have a meeting? Hold on a second. Nope. All right. Hey, so I got a video here. Who asked that question? Ishin Pathic. PhD. Truth. I'm gonna answer your question right here, okay? Check it out. Watch this video and you'll get a deeper answer. But here's the thing. You should absolutely, in my opinion, you should absolutely only get a PhD if you are truly passionate about whatever the topic is the PhD is in. And you are a. You're like a lifelong learner. You are thirsty for knowledge. I would not get a PhD to unlock a job. I would not get a PhD to unlock additional salary. I got a PhD. My salary didn't increase, and I didn't get any promotion at work. If anything, I got more work, right? So. And, Ishin, a PhD is incredibly hard, okay? And I'm not saying that because I have one. And I want you to be like, look at me. Like, literally, it is. The. The classes and coursework is fine. That's no big deal. If you have a master's degree, the coursework is easy, okay? I mean, it's not easy, but it's, it's, it's accessible. The dissertation, that is very emotionally exhausting. I will say with AI nowadays, it's probably a lot easier to like go through PDFs and mine out information. But when I did it, it was very hard. Okay. So anyways, yeah, if you can go get a PhD, go do it. If for the reasons I said. Oh, Phil Stafford flexing with his agents. I like it. Phil, what's your opinion on Google Cyber Cert? I guess today's the day that we have. I've got a video for that. Check it out. All right, here we go. I got a video for it. What's your opinion? Google Cyber Serve full review500,000 videos what's up everybody? Now listen, this is a paid video. So Google paid me. Look at this thing. Ooh, look at this. This guy right here. Hey, nice. I like that little algorithm pickup. So Google paid me to do this, but I did do an honest, objective review. So I'm going to drop a link to this. This is like a 15. How long is this 10 minute video? So I can give you a 10 minute answer. Dallo Marble. Okay. At Dallo. I don't know why it's not allowing me to do this Google Cyber search. And I'm going to answer your question too. Okay, Like I'm fair. I'm going to answer your question fully. The Google Cyber Security certificate is. Is good. If you have no prior knowledge about I T or networking or anything like that, the Google Cyber Cert is good. It gives you a very, very introductory foundation on some topics. You would know programming, SQL, networking, you know, stuff like that. I do not think a Google Cyber cert by itself will get you a job. Okay. Hey, Steve McMichael's in the chat. What's up, Steve? Love myself some Steve McMichael. 837. Are you referring to a system owner? Yeah, system owner. They, they review it, but like, usually the system owner doesn't understand. They're a business person. They don't understand tech usually. Let's see. Continuing to look through chat for questions. Ooh, Code Brew is talking about a open claw competitor. Maybe Karn's gonna get a new back end. Oh my God, Becky, look at Karn's back end. Oh, cool. Christopher Lycia is doing his thing. Unstitch. Becoming a squad member. Holla, Ms. CSF 2.0. Yep. You want to get into 2.0? They added. They basically beefed out the respond and recover functions and added the governance one, the respond and recover functions in this CSF 1.0 were absolute hot garbage. So I'm glad that they fixed that. By the way, fun fact, since we're Talking about NIST RMF, I actually interviewed to be part of NIST, part of the group who wrote the RMF. Like when I got my PhD. That's one job that you have to have a PhD PhD to do. I interview with them and for whatever reason I. I have a problem with the NIST rmf. Specifically between the implementation and like between the audit of controls and then the authorization authorizing official sign off. They don't have you do a risk assessment explicitly. And I was like interviewing with the team and I was like, I like I have a big problem in this rmf. And I told them and the woman who wrote that was in the meeting. She's like, she. She got very offended. I didn't. I didn't get the job. That. Which is fine on retrospect. I didn't want the job. Okay, continuing to look through chat. If you have a question, put it in chat with a see. Okay. Our lady of Cyber. Yes, Jenny Slay Random skills. Do people typically bring their spouses to O2 UFO state cons? I don't know what otufo stay cons means, but what I will say is I brought my spouse to Black Hat defcon last year. I asked her if she would like to go to Deadwood. I think we might make it work. Where Mrs. Ozier comes to Deadwood this year, which I'm super excited about. I love my wife and I. I hate leaving my family when I go on travel and stuff like that. So like to bring them is like so cool. Any thoughts on Nemo Claw? I don't know what Nemo Claw is, so I do not have thoughts. Where's Dr. A with the teleprompter? Cause your. Because your knowledge is flowing. Oh, thank you. Frameworks are boring. Sorry. That's. That's okay. Choctaw, you know what? Frameworks are best practices implemented and institutionalized so we don't have to make mistakes. That's what frameworks are. Frameworks allow for common communication. Frameworks allow for scalability. Frameworks allow for planning. I agree they can be boring. I also think they're incredibly valuable. Hey, Julius bell over on LinkedIn says love this show. Julius, thank you. That's so cool, man. Thank you. Let's see. Continuing to look through chat here. Justin Gold J Crypto's in the chat here. Real Bilbo is going to Be with me in San Francisco. We'll get a lot of those. A lot of B roll of me and Bilbo. Still trying to figure out what path to tell a recent grab with an AI engineering degree to go down. Oh wow. AI engineering degree. Dude, if I was an AI, if I had an AI degree, I would either a go work for like one of these. Like try to get a job with like Open AI or Anthropic. One of those or two. Just start your own business. Right. AI can allow you to scale. Dude, look at the guy who started Open Claw. He was a one person unicorn and he got acquired by Open AI, I think, or Anthropic. Whatever it was, he got paid out. Yeah, the dissertation can make or break you for sure. I was fortunate. I had my employer pay for my PhD winning. Marcus Kyler says the lit review was the most timec consuming part of his dissertation. Yeah, the lit review is brutal. That's what I was talking about with all the PDFs and just. I don't even want to like I. I can't, Marcus. I. I like. I don't want to relive that. It's like I feel like the trauma starting to bubble to the surface. Straw hat sex says Google Cyber search. Great for foundations but can't get you the job. Agree. Do you have a video of the hot garbage? No, I did not film the interview. That woman was super pissed. Let's see. Oh yeah, that's right. Kyle. Kyle, that is right. Jerry is mentioned as a resource on this. That's true. Hey, Steve McMichael, if Steve's still in chat, can you DM me or signal me the link to that CSF thing that we did? Oh my God. I'll bring it up on stream. Kind of fun. Little fun fact. I've got signal open now. Steve, so what's your favorite office chair? I don't really have one. I would like to replace my office chair. Honestly though, because it's like flaking. I don't have one. I know that there's like a company that makes pretty cool ones. I don't know. Hey, if anyone's got an office chair recommendation in chat, let me know. Because I sit in a chair quite often. I would like one that's like a smaller form factor. The Buffer Osier Flow Studio might look big on camera, but it is not big. Will your wife be playing magic at Deadwood? No, absolutely not. My wife. My Dan. Mrs. Ozier is definitely like nerd. Oh my God. Do you know where I can go to Do a mock interview. I mean you can use AI. I've got a video for that. How? Wait, hold on one second. I do have a video for that. Do I have time? Oh, it's 9:30. Check this out. Nick Neck beard. Neck beard. I've got a video for that. Hold on one second. Playlist. You get to see all my private playlist too. Here it is. Now this is Chat gp. Are you brand new to cyber security or just starting out? Maybe this is Chachi BT Neck beard. But you can use this for a anthropic Claude and stuff right here. Job interview secrets. By the way, this entire playlist shows you how to get an interview. Like how to get your resume seen. Then how to get an interview, how to crush the interview. And then when you get hired or you get the job offer, how to negotiate your job offer to get more money. But this one right here is how to use AI to do a mock interview and get feedback. Okay, so let me share that and then I'm going to share another one with you. Mock interview. Okay. Okay, Mock interview. And then I'm going to show you this on Simply Cyber. Depending on the job you have or the job you're looking for, I want to let everyone know that we have these video series happening right now where I, I ask a job interview question of three different skill levels. So this one's all around pen testing. We have another one that we did for grc. So each video is one job interview question. But in the video I asked the question and then I have someone who has is an aspiring, you know, cyber security GRC analyst. This is Shamira Gonzalez, someone who's been doing it for a few years, Jesse Johnson, aka the Cosmic Cowboy. And then someone who's been doing GRC for 12 years, Erica McDuffie. And I, I asked them the same interview question and then we break down their responses. So not only can you do a mock interview, Neck beard, but these videos help you understand what a good response is and what to avoid doing in job interviews. We've done it for GRC and we are rolling out the videos now for pen testing. So over the next couple weeks the pen testing ones will come out and I'm filming hopefully this week the final part of the sock analyst ones. So I think this video series is super awesome. I hope you do too. Tell a friend. All right, I'm gonna speed run the questions now because I gotta go. It's 9:30. When will you be in San Francisco? I will be there Sunday, Monday and Tuesday. This coming week. And that's it. I will not be there in April. John, what do you think about the new Comptia Sec AI plus cert? I don't know anything about it. It's probably fine. Oh, hold on really quickly. Steven. Michael has sent me this thing. Is this it? Let me see really quickly. No, no, no, Steve, the. Steve, the. No, the NIST page with the GitHub repo. All right, hold on one second. I'm looking through chat. I'm trying to speed run all this. Okay. Steel case Leap or steel case of me? I guess that's a chair we should look at. I'll look into it. Thank you. Code Brew. I take Code Brews recommendations seriously. Oh, by the way, first person to register for simply CyberCon. Well, I don't want to name anybody. I'm sorry. I was going to, but now I'm wondering. Oh, $2,000. My. My guy. I don't know if I can spend two GS on a. On a chair. That sounds. That sounds. That sounds excessive. Let's see. Continue to look through chat so I can get locked up here. All right, we are caught up on questions. Hey, guys, I hope. Wait, I'm sorry. Oh, my God. I said I would show you this NIST GitHub, repo, simply cyber, see if I can find it. I think this is it. Hold on a second. All right, I don't see the link, so we'll. We'll show it on stream where the application is hosted on nist. I gotta get out of here, guys. Be well. Thank you so very much, everyone, for all you do. I hope you had a great show, great jawjacking, great Daily Cyber Threat Brief. Go forth and crush it. I'm Jerry from Simply Cyber. We'll be back tomorrow at 8:00am Eastern Time for the Daily Cyber Threat Brief. Until next time, stay secure. Yeah.