A

Let's do that. How's that? I bear, I guarantee you that's that fixed the problem. Yeah. Welcome to the party, pal. Go ahead and check that out. Let us know and you can hear me in the audio. All right, guys. Hey, let's do this really quickly.

B

Ready?

A

We're gonna do that. All right. What's up, everybody? Welcome back to the show. We turned it off and on again and now we are live with the daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Oer, coming to you live from Zero Trust World alongside my friend James McQuiggin in the B hole chair. Kimberly can fix it on audio and Kathy Chambers producing behind the camera. Thank you very much, Kathy. Live on stage, guys. If you're looking to stay current on the top cyber security news stories of the day while being actively engaged and entertained by a panel of cyber professionals and you live as part of the show, well, then you're in the right place because we are going to be breaking down the top cyber stories over the next eight hours. I mean, eight hours. Jesus. The next eight stories in the next hour. Eight hours would be a shift. I love cyber, but that might be a bit much for me too. We're going to be doing that so really quick. This is the Friday of Zero Trust World live in Orlando. Great conference. It's been several days of amazing conversations. Just off stage here, we have several simply cyber community members that will be joining us during the panel for Jawjacking. But we are all about good times. They want to say, hey, listen, if you're a sales engineer learning about cyber so you can better understand how to serve your clients, if you are a practitioner who is learning how to better engage, if you're a solo operator looking for camaraderie and fraternity around other professionals, whatever your story is, why ever you're here with us, you are welcome here and you will always be welcome here. Unless you like, know, I don't know, do something ridiculous and. And then you have to be asked to leave. But for the most part, everybody's welcome here. Supportive, inclusive, that's what it's about. So let me know if you are here for the first time. Drop a first timer in chat. Hashtag first timer in chat. Let us know. As always. Now, every day of the week has a special segment and today is Friday, so we will be doing James McQuiggin's dad jokes of the week at James McQuiggin at 35,000ft dropping dad jokes. And he is live with us right now. Although I've been informed right before going live that I will be reading the jokes today, and James will be scrutinizing me from three feet away. So that's how that will be going. Now, I want you to know really quickly, Michael Nolan, Mara Levy, Milo Goldberg is a first timer. Hey, do we have welcome to the party on the soundboard now? No. Okay. All right. Hey, really quickly, if we can just welcome some first timers to chat. I see Luca Lima, first timer. Welcome to the party, pal. We see my low.

C

Goldberg.

A

Welcome to the party. Let's go. Full welcome, Milo, to the party. Welcome, Luca Lima, to the party. I wish we had the sound effect, dude. Welcome to the party, pal. Welcome to the party, pal. Yeah, there we go. And you regulars, I see TJ in chat. Thanks, tj. Zmif, if your name is in green and you have a badge next to you because you're a squad member, do drop that John McLean emote from Milo and Luca. Let them know that we appreciate them being here today with us, and I hope you guys come back tomorrow. Now, Luca and Milo, let me tell you something that you may not know. Every single episode of the Daily Cyber Threat Brief is worth half a cpe. Let me say that slower. Every single episode of the Daily Cyber Threat Brief is worth half a cpe. So how does that work? If you have a cybersecurity certification and you need to maintain it, it's simple as this. Say what's up? In chat, you appear directly in the show, like, past James's face. Okay, See Mara Levy saying hi. It's lavincia saying it. Welcome to the party, pal. Say what's up? Grab a screenshot with your your name on stream. And what will happen is you'll have a piece of evidence, a screenshot that shows you are here. It's essentially like your. If you were registered, it's like a certificate of being here. File it away once a year, count the number of screenshots. You can earn up to 120 cps, which is like four times what you would ever need in a year, normally. So it's the easiest way to do it. Maybe during Jawjack, and I can ask people their thoughts about earning CPEs that, you know, doing things you don't want to do. Not. Not to say you have to, like, go down a dark alley and do some weird stuff with weird people. I'm talking about, like, you just. You have to attend a webinar and some technology you're not interested in. It stinks. All right, Brown coyote with the CPE stamp. I like it. Get those CPEs. Rogue cybers in the house. Coming to us live. Brian Bushwood. Love it. Good to see you. BW5542, Greg Near. Guys, thanks for being with us all this week at Zero Trust World. All right, Luca Lima has a sec. Plus they need to renew soon. Well, welcome to the party, pal. Luca Lima, take a Screenshot, get those CPEs and let's party. Now, every single day of the week, we do the Daily Cyber Threat Brief. But I have to tell you, we are a sponsored show. That's how we afford all this cool gear and be able to come to these cool conferences and do the show. So let me take a minute and say thank you to the stream sponsors. As always, the stream sponsors links are in the description below. Kimberly can fix it, makes that happen. If you are wanting to learn how to hack AI, by the way, like, apparently Kathy Chambers dropped this knowledge bomb on me Yesterday. Apparently like 1% of the population uses AI. Kathy. Is that a fact? 1%. Okay, I can't hear you. Oh, 86 don't use AI. So I guess 14 do use AI. Okay, so we are in an echo chamber telling each other how we're all using AI, but apparently most of us aren't. So if you want to learn how to hack AI and just be like a next level ninja, you can do it for free for very low money. $25 today at noon. So you could do the show, do the jawjacking, get a bite to eat and then go do some AI learning. Super sick. I'll drop a link in chat. Anti siphon training is teaching today how to hack AI LLM applications. Don't miss this opportunity. I'll drop a link in chat. I just did. James, it looks like you were about to say something.

C

I was gonna say, after we do jawjacking, listen to our good friend of the show, Mr. Daniel Lowry. Isn't he on at 10:00? Clock?

A

Is Daniel Lowry confirmed? Okay, so Daniel Lowry confirmed at 10. So we basically, Luca Lima, Milo Goldberg squad members, we basically set your entire agenda for the day. So you could just sit back, relax, and then just continue to relax right up until 1pm Eastern time today. Love myself some Daniel Lowry. Missed that guy. All right. Not that he disappeared. He's just busy. All right, I also want to say shout out to Flare. Flare Threat Intelligence Platform. They are the ones who do the Flare Academy. But did you know if you go to Simply Cyber IO Flare now, you can check out Flare's full threat intelligence platform. Like the entire thing. No freemium model, none of that crap for two weeks, which is about 13 days and 23 hours longer than you would need to understand that it is an awesome platform. 100% dark web trawling, info stealer, trawling, nasty telegram, channel crawling, threat intelligence platform, and then all put into a database with a really, really snappy user interface for querying that data. So use it. Figure out if your company is actively compromised and your defensive tooling did not detect it, or if Carl in accounting accidentally gave up his creds. Carl.

C

Carl.

A

Yeah. Our audio engineers. There we go. Go to Simply Cyber IO Flare now to check out your two week free trial. All right. And then finally, a quick word from Threat Locker, the ones who are hosting us here at Zero Trust World. They do have a deny by default approach to application security. They made a big announcement yesterday on Zero Trust World talking about their new capability going beyond the ed point and protecting essentially identity. Right. I'm pretty sure that's what it was. I was. I didn't get to attend the talk, but. So let's hear more from them and then get ready to have your face melted. Milo Goldberg, do me a favor. Take your socks off. Luca Lima, remove your hat because we're going to blow your shoes off and your socks off. We're going to knock your hair back. It's just going to be out of control. Okay? You know that Memorex commercial from the 80s? If you don't Google it, that's going to be you. All right, so let's go. I want to give some love to the daily Cyber Threat brief sponsor, Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right. I love it.

C

I love it.

A

I love it. It sounds like DJ B. Sex audio. Engineering from afar and helping Kimberly can fix it.

D

Huh?

A

Oh, no, I. Okay, well, all right. It's all good. It's all good. Hey. All right, so we're about to get into it, so do me a favor. Everyone in Chat if you know what we're doing here, drop it in chat. But what I need you to do is I need you to sit back. In fact, James, can you demonstrate for the people at home what we need you to do? We need you to sit back. That's perfect. James, we need you to relax. And then I need you to let the cool sounds of the hot news spicy wash over all of us in an awesome wave. All right folks, let's get ready to do some work and then we will be doing dad jokes at the mid roll. See you guys then. Security sales lives and dies and hold on, it's Friday, guys. Fridays are made for, you know, things like this. Okay, let's go.

C

From the CISO series, it's cyber security headlines.

E

These are the cyber security headlines for Friday, March 6, 2026. I'm Steve Prentiss. Apple blocks ByteDance Chinese apps. These technical restrictions will stop iOS users in the US from downloading other apps from TikTok parent company ByteDance. This procedure actually started in January in which US based iPhone users with Chinese app store accounts began reporting obstacles when trying to download apps developed by ByteDance. Wired has confirmed that, quote, even with a valid Chinese app Store account, downloading or updating a ByteDance owned Chinese app is blocked on Apple devices located in the United States.

C

End quote.

E

Neither Apple nor ByteDance nor the new entity controlling TikTok's US operations, TikTok USDS joint venture, responded to Wired's request for comment.

A

Okay, so not a cyber story. So let's get that out of the way. Out of the way. David Spark is here too, so we can, we can have a word with him. So, okay, so check it out. I'm, I'm a big old, you know, I, I like, I like government, okay? Like, I'm not a, I'm not a, it's important to have, I'm not an anarchist, okay? But like, I do think I kind of edge a little bit more libertarian like in this, this is not a cyber story. So we will give it a moment to breathe. But what is like, who are you to say, like, you know what I mean? This isn't malicious. It's not, you know, drugs or something like that. This isn't like stopping a drug dealer from selling drugs to children or putting out poisons or something like that. This is a software company trying to make money and Apple is stopping it. So to me, if there was ever a kind of a case of like antitrust, like, you know what I mean? Like, imagine if Windows was like, you're not allowed to install CrowdStrike on us anymore. Like that would be completely absurd. So especially, and I'm not saying like I have no love one way or the other for Bite Dance, like whatever, I don't care. But like it's a business, they're making product people love and they, they actually are playing by the rules.

D

Right.

A

The US made them set up a subs subsidiary with and keep the data on in the United States. Right. Oracle, they got that big deal with Oracle and now they're still like, nah, nah. So.

C

Well, I thought it was interesting because even if you have an authorized app store credentials for China to use the Chinese app store, even if you're in the U.S. they're blocking it. So geofencing at its prime, prime example of how geofencing works. They know your location services. It's like, oh, nope, you're not going to be able to install it. So it's certainly interesting in what they're doing and the control they have over it.

A

Yeah. And I mean it's, I mean this is what happens. I mean I think Apple, I mean I use Apple iPhone. I think Apple iPhones are great. But when you have this like much of a market share, you can make these decisions and have massive influence. That's. I mean, I guess the one thing I would say here is that like Bite Dance is large enough to kind of endure a storm like this. Like if this was like a small business, you'd absolutely crush them. It'd be over.

C

Yeah.

A

So anyways, not a cyber story. So let's keep going. And if you have any thoughts in chat that are apolitical and constructive to the conversation, you're welcome to drop them in chat.

E

Google says 900 days were exploited in attacks last year. A report from the Google Threat Intelligence Group says that it tracked these 90 zero day exploited vulnerabilities throughout 2025 and almost half of them were in enterprise software and appliances. This is 15% more than 2024, but lower than the record 1000 days tracked in 2023. 47 of the vulnerabilities targeted end user platforms and 43 targeted enterprise products. The report says, quote, the most targeted enterprise systems were security appliances, network infrastructure, VPNs and virtualization platforms. As these provide privileged network access and often lack EDR monitoring, end quote.

A

Okay, so Google Threat Intelligence dropping kind of a statistical report, which I always enjoy. This infographic isn't going to get. There's nothing moving okay on this. Look at it. I mean like a, whatever this is like a, a Gen Z donut chart.

C

I was gonna say it's a big fat zero.

A

Okay, okay, so what, what can we do with this information? I will say that Google threat intelligence is a great outfit. I like what they do. Anytime that like to me, anytime like a Fortune 100 company releases information like, like statistical reporting, it's, it's usually pretty solid. Right. So Microsoft has a huge footprint. So their threat intelligence Verizon data breach incident are huge footprint. You know, if you have a smaller, you know, tech startup that releases a report, it's typically heavily skewed and biased to reveal the biggest problem is like what their pro solution solves. Right. Obviously. So in this instance they're talking about 900 days in 2025. That's you know, down from a little bit. Yeah. And by the way, in full disclosure, this is 900 days that they're aware of. Right. Like there could be other zero days exploited that they don't know. So there's always that kind of asterisk on it. Most of the attacks are on enterprise apps, you know, and it runs the whole gambit from privilege escalation to just remote code execution, et cetera. So it's going to be all those. James, a quick couple notes from the report. 47. So about half of them targeted end user platforms, 43 targeted enterprise products. So that's the distribution.

B

Right?

A

Half targeted end users, half targeted enterprise products. Any, any thoughts about that? I mean it's not, to me it's right down the middle.

C

It doesn't show. It's, it's great info to have. You know, it's good to know for your organization, make sure you're protected and you know, the 90, hopefully they've got all the updates out for it. But again, these are the devices, the targets of these, these are the devices that are protecting your network. So hopefully you're protecting them, keeping them up to date. They mentioned not a lot of EDR solutions connected to them. So hey, maybe something to consider to look at. Monitor the, the protective devices, make sure that they're protecting you. And of course with entrain end user devices, it's all about the training.

A

Yeah. And it's, it is a great point that James makes here is that you know there's this term defense in depth. Right. You probably learned about it in your security plus, like day four of your security plus boot camp. It's not just a cute term that we throw around in the industry. What it really is is it's, it's, it's how you manage risk. Right. So like if you can't put an EDR on a network appliance, that doesn't mean you just like, oh well yeah, you don't YOLO it and just run naked and be like, ah, we'll be all right. Who's gonna hack a network device? You, you. You put monitoring behind it, you put detections around it. You look at it in a different way. We have like NIST853. A lot of people get this confused. NIST Special Pub 853 is a phone book of controls, right? It's all the controls you can have. You can pick any of them to reduce risk. Choosing the right ones is what, why GRC people get paid big money. But, but just know that, oh, you can't put an EDR on it. Guess what? Just no, go find controls that can work. That's the job. That's what security architecture is. All right. I don't know why I got so frothed up about that one, but use the risk. Yeah. All right, let's keep cooking y'. All.

E

Iran Intelligence backdoored U S Bank, airport and software outfit networks According to threat hunting teams from Symantec and Carbon Black, an Iranian cyber crew believed to be part of the Iranian minist Ministry of Intelligence and Security has been embedded in the networks of multiple US companies including a bank, a software firm, an airport and non governmental organizations in the US and Canada since the beginning of February. The activity, which has ramped up in recent days is connected to muddy water which has been carrying out cyber campaigns on behalf of the Iranian intel agency since approximately 2018.

A

Okay, so muddy water, threat actor. They're kind of like the, Whenever you hear about Iranian based threat actors doing anything of any kind of like material substance, it's muddy water. They're, they're big enough that they're in the Miter attack framework under like an actual group. So you can go look up their ttps again. Iran is facing existential threat of like, like complete eradication, right? So there, as I said this every day, I'll continue to say this, it's of my opinion that they're going to throw everything. There's no reason to save anything in the, in, in holding or whatever the, you know, there's no reason to keep the, the, the reserves back like this. It's, this is your one, this is like Eminem and 8 mile. Like you, you got one shot, right? You puking mom's spaghetti up, you throw all the things you got against the wall. So I'm not surprised that they're exercising muddy water. Now, obviously, I. You had to suspect that Iran, I mean, this happened in February. These, these kind of like, you know, strikes or whatever. They were doing diplomatic conversations. They were doing the same thing we were doing. They were like, moving and shucking and jiving and positioning themselves in the event that things went sideways, which they did. So there's no for. For people in chat right now. Right. Cheddarbob, the Phil Staffords, the Marcus Kylos of the world. There's nothing you can go look at. Muddy Waters, ttps. But, like, the chances of a publishing company in Spartanburg, South Carolina, or Chase bank getting hit, to me are, like, equal. Like, Chase is a much desirable target, obviously. But, like, thank you. Iran is just like swinging a. A pillowcase full of pool balls and just running through a crowd. Like, whoever they hit, they hit. So I don't think there's necessarily anyone who needs to, like, do an uptick of threat modeling to account for muddy water specifically targeting them. Now, if you are, let's say you're like, maturity level two, like this CSF two, two and a half. Like, you've got a solid program and all your basic hygiene stuff are there. Please don't go sci high in chat. I just. I hate that word so bad. Now, you could, you could run a. Technically, you could run a tabletop exercise using Miter attacks, TTPS against muddy water to see how your organization would hold up if you were looking for, like, an idea to. To. To do something. Especially because, like, Iran right now is, like, so hot right now. Do we have so hot right now? Okay. It's so hot, right? James, can I get it? So hot right now.

C

It's so hot right now.

A

Okay. All right. So, like, so you could, you could easily get your executive team on board because it's in the mainstream news, right, that they would. They would be like, oh, yeah, we should protect from Iran. Right? So there's something to do with that. But, yeah, I mean, way to go. I mean, not like, again, I'm not pro or anti, whatever. I'm just saying, like, way to. Way to use all the things, including muddy water. James, you got something?

C

They're playing all their cards. Yeah. I mean, any nation state, they're basically staging. They are, you know, setting themselves up. They're in the infra, getting in the infrastructure, getting into the different systems. And then when they need to, they're pulling the trigger and firing away. So for organizations, it's not a matter of sitting there going, okay, when are we going to get targeted? It's a matter of can you detect it if it's inside your network now, so the threat hunting or the fronting. There you go. Wade Wells, you know, being able to look inside your network and look for, you know, to see if they're already in there. And Juno, do you know what you're looking for?

A

All right, let's keep cooking, y'. All. I do want to say. Oh, there's Chatterbob. Zmif Mar. Levy's up in the house. I love it. Good to see you. GRC guardrail. Let's keep going.

E

Nominee Planky exits Coast Guard position. Following up on a story we covered last July. Sean Planky, the Department of Homeland Security senior advisor and presidential nominee to lead SISA, was, quote, escorted out of the U.S. coast Guard headquarters late Monday and has had his access badge removed, according to sources familiar with the matter, end quote. He has apparently left his role at the dhs, though, quote, circumstances behind the sudden move remain unclear, end quote. This follows a hold that was placed on his nomination for CESA's leadership late last year. But despite this, a White House official has reaffirmed that Planky is the nominee to lead CESA despite his removal and referred questions about his removal from the Coast Guard position to the dhs.

C

And this is a cyber story why?

A

Maybe because of the CESA thing. We're gonna. It looks like we're gonna have an extended jawjacking session today as we speed run through these stories that are like, all right, so I mean, it's unfortunate

C

that there's nobody at the head of csa because ceases are one of the big cyber security organizations that we need in the government. And if there's nobody running it, and they changed DHS yesterday, so there's a lot of. It's very fluid inside our government.

A

Yeah, there was a lot of changes yesterday. You know what? I. I can, I can. You want to see a magic trick? This is me pulling something out of this story. Okay, here is something that a lot of people know about, but then there's like a dimension that they miss. When you terminate employees, this dude was terminated. Okay. And when you terminate someone in this capacity, it sounds like HR management, everybody was on board. When this guy gets to work today, we're going to ask him, you know, we're gonna. We're gonna send him a 15 minute meeting invite with no prior knowledge about it, which is, by the way, that's a clear indicator to anyone that they're about to get fired.

C

Ah, right.

A

And so once he gets there, they terminate his Access. They shut everything down. They disable all his swipe access and he's off. He's off and done. Right? This is what happens when people get fired and everybody's like, on edge, hyper edgy or whatever. You should still do this. When people voluntarily terminate, someone goes on to another job, you know, James. Oh, I don't want to say James. Like, let's say, well, James, I guess you're on the couch.

C

I'm on the couch.

A

James McQuiggin has been with the company 35 years. He gets his gold watch and we throw a little going away party and then he sails off into the sunset on a cruise ship. Terminate his access. Right? Like instantly. Treat him like, this is my thing. You should treat all employees like they're all been getting fired and like the most. Like, throw them out like DJ Jazzy Jeff on Fresh Prince of Bel Air. Right. Just out the front door. Because if you treat it that way, you will consistently remove access and stop things. Because remember this, guys. Okay, here's my thing. It's not even about James coming into the organization after the fact. It's this persistent access that doesn't get disabled. And then threat actor gets James's creds. James isn't actively logging in, so he's not going to see any anomalous behavior, but a threat actor gets it and now they're able to move and, you know, and of course, James looks like a normal user because he's got all the permissions and all the things and it would take a human to go, oh, James, like, retired two months ago. Like, why is he, like, got a file that was recently updated, right? Like, you're. That's a really, really brittle, crappy control. You don't want that. What you should do is practice great cyber hygiene and just disable access like you're supposed to. All right?

C

Have your policies, have your procedures, have your audits.

A

Yeah, like, thank you. Grc.

C

Yep.

A

James, any thoughts around access and termination or anything so we can pull up from the nosedive that is the selection of stories?

C

Well, yeah, I mean, you've. So many times I've heard stories where people were termed on Friday and they didn't. They didn't revoke their access till Monday morning. And they've gone in over the weekend and still got access to everything. I can speak from personal experience, literally after I was let go from my last employer, not within 10 minutes, my access was shut down. And. And what surprised me was Also the apps. Slack 1 password. They disabled everything. So they had a Great process in place for, for the exit of their employees.

A

Yeah, no, they're doing it well there. It's probably because you work there and that probably was. And we were banging the drum on. Do it well.

C

Yeah, the people that work there.

A

Good.

C

Top notch.

A

Folks. I also want to take this opportunity to help, to help you as an individual. Okay. And, and TJ and Ross like to, to help everybody individually. Okay. When you work at an organization, be very mindful and very deliberate if you are setting up things to set them up. If they're being set up under corporate accounts, be mindful of that. Right? So if you set up, I don't know, like let's say you set up a YouTube channel, right? You're making some content and you just casually had used your Google Workspace account not thinking because like, yeah, I'm just screwing around or whatever, I'm just going to mess around. And then it kind of gets traction and you start making your portfolio there. Who cares? You have access. When you get terminated and they disable that access, you will lose access to that YouTube channel or that application or that blog site or whatever it is, that application, right? Like let's say you use cap cutter Adobe Premiere and you're doing all sorts of crazy edits and like your, your boss doesn't care that you use it for personal stuff too. You're going yolo and then you lose access to that whole thing. I guarantee you with 100% certainty, I will bet you money that matters. If you go to your boss or whoever, hr, and you're like, hey, can I just get in there real quick and grab my stuff? They're gonna be like, they're not even gonna reply to you. Nope, go ahead if you want. Catch me outside. How about that? All right. Kim really wanted to drop a catchy outside. How about that? So anyways, protect yourself, yo. If. If you personally have been, you know, left a job or whatever and then discovered after the fact that you lost access to something, let us know in chat. Because it's a real thing and it's. It sucks. It does. It sucks if you, if you experience it firsthand. So I guess I'm asking people in chat to like share their trauma.

C

I. I've got lots of drama to share.

A

All right, let's keep going.

C

There we go.

E

Huge thanks to our sponsor, Adaptive Security. This episode is brought to you by Adaptive Security, the first security awareness platform built to stop a AI powered social engineering security training fails when it's generic. Adaptive's platform personalizes training and runs Deep fake simulations across email, sms, voice and video. And with Adaptive's AI content creator, you can drop in a breaking threat or compliance doc and instantly turn it into interactive multilingual training. No designers and no delays. Learn more@adaptivesecurity.com those are the two words. Adaptive security. Together, together dot com.

A

All right, let's go.

C

All right.

A

It's really loud. All right, that sounds good. Hey, chat, let us know if the volume of my voice is good. And we've just got like a nice soft seat. Simple Minds, don't you forget about me cooking in the background. We're putting Simple Minds on the back burner, letting it kind of simmer. Let those. Let those flavors marry together while we do the mid roll. Guys, I want to say shout out to all of you, thank you. Thank you so much. Thank you. Ross and T.J. and FedEx and Christopher and Kathy, simply cyber community members who are just off camera. And of course, yeah, of course, Kimberly and James here on stage with us. It takes. It takes a village. Y' all even called Mrs. Ozier right before the show and got her involved in the. In the situation. Michael Fink said he needed this music this morning. I love it. Oh, is Alpha Sierra here? Oh, okay.

C

Okay.

A

So, hey, shout out to the stream sponsors Threat locker, Anti siphon and Flare. Thank you very much. Now, guys, this is the best part. Every single day of the week has a special segment. And Fridays is none other than this guy on the couch next to me is James McQuigging at 35, 000ft. Joke of the week. Now he's got a database of dad jokes, as he likes to put it. And he gives us, just like Dan Reardon gives us memes every Thursday, James gives us jokes. And I'm going to read him. James, anything. Anything you want to preface before I do this?

C

Nope. Have at it, buddy.

A

All right, here we go. First, first joke from James. What do you call a steak that tells jokes? Okay, and this is from a community member. Carrie submitted this one.

C

Thanks, Gary.

A

What do you call a steak that tells jokes? A rib tickler. All right, who can you wear. Oh, oh. Why can you wear a turned over canoe on your head? Why? Why can you wear a turned over canoe on your head? Oh, my God. Because it's capsized.

C

It's cap sized.

A

I don't even know if that gets a Nelson grow. All right, James wants to know, why do alligators hate fast food, especially here in Florida? Why do alligators hate fast food here in Florida? Alligator capital of the world. Well, the Reason alligators hate fast food is because they're harder to catch.

C

Yep.

A

I don't get it.

C

They're harder. Fast food. Alligators. Fast food. It's hard to catch.

A

Oh, all right.

C

Fast.

A

All right.

C

I guess when I ask when I have to explain it when I guess you have to.

A

All right, James, Drop. So let's do a live. James, give us another one like piping hot. Just. Just whip. Serve one up right now.

C

Serve one up right now. On the spot. Gosh, I hate it when people put me on the spot for this, so. Well, you know, I gotta go with a. A tried and true one. What's. You know, for all of our listeners that are out there, we have a lot of women that listen to your show, which is amazing, but. And I'm sure they're all very security minded, but does anybody know the name of the most secure woman in the world? Shut up, FedEx. FedEx is off camera here waving because he knows the answer.

A

The most.

C

The name of the most secure woman in the world. I know, Jerry, you're probably thinking of Jen Easterly, you know, one of your favorites.

A

Yeah, yeah.

C

But no, the name of the most. The name of the most secure woman in the world. Her name. It's Emma. Emma Fay.

A

Oh, my God. All right. Okay. Roswell uk. Oh, hold on, hold on.

C

Oh, Roswell uk Got one.

A

Yeah, hold on, because we're about to drop. La la. Roswell says I got an A on my origami assignment when I turned my paper into my teacher.

C

Ah, there you go.

A

All right. Hey, get ready to pump the music, guys. We got the. La la la. Let this wash over you in an awesome wave.

C

I don't have any Dalmatians to be put on the spot.

A

All right, dude. So many good jokes in chat too, you guys.

C

Yep.

A

I love it. All right, guys, 8:37. Let's finish strong, shall we?

C

Let's do it.

E

Checkpoint announces Secure AI Advisory Service for enterprise Adoption. This new advisory service aims to address the challenges of regulatory scrutiny, scrutiny and operational risks as, quote, AI systems expand across hybrid networks, cloud environments, and digital workspaces, end quote. Named the Secure AI Advisory Service, it is delivered through checkpoint's Cyber Resilience and Response Unit, known as CPR act. Checkpoint says the new service, quote, integrates governance into the broader security lifecycle, linking intelligence, readiness, detection and response capabilities, end quote. In alignment with frameworks such as the EU AI Act, GDPR, ISO 42001, and the NIST AI Risk Management Framework.

C

Press press releases and government stories today.

A

Yeah. Hey, Listen, this is like, okay, listen, if you're new to industry or you're just, like, you're just. You haven't had your coffee yet this morning. Like, this all day is a. This is like a billboard. Like, like, vendor launches new service. Like, what, What? That's not news. That's a, that's a, that's a, that's a press release. Like, there's no unsubscribe button at the bottom of the story. Like, that's, that's like what we're talking about here. Okay, so let me, let me again, save this story and give you guys value. All right, listen, they have an AI advisory service. If you aren't thinking about how to implement AI at your organization or what governance and policies are at your organization and you need help, there are frameworks out there. MIT's got an AI framework. NIST has got an AI framework. They mentioned ISO, CISRC.

C

No, WASP, Cloud Security Alliance. OWASP has got them.

A

Yeah, I mean, there's, there's a bunch. And you don't have to pay for them. Okay. Like now, I mean, if you don't have the bandwidth or human resources to be able to do it, then, yeah, bring it in. But, dude, AI is so new right now. No one knows what the hell they're doing with it. Right. And you're not going to get like Jeffrey Hinton, like the godfather of AI to come in and, like, do things for you. So play with AI. Figure it out. You know, like I'm telling you right now, it's definitely a different paradigm. And I, I mentioned this before yesterday. I believe you should be thinking about moving into using AI very similar to, like, when we went from on prem to cloud. Now, using AI is not cloud. It's not. You're not virtualizing anything. I'm just saying, like, a lot of people. And I'm. I'm old. James is older. Older. Okay. I'm just being played. And a lot of. We lived through it, right? And many of you in chat lived through it. Cheddar Bob, you probably lived through it. Phil Stafford probably lived through it. Like, people were like, oh, it's just, it's just a data center. And someone. It's just my computer.

C

Somebody else's computer. Yeah.

A

And it's not. Hey, what's up, Gino? So, like, listen, going from on prem to virtualized services in the cloud, we was not a lift and shift. It was not infrastructure in the cloud. It was like a different paradigm of how you do things. And there were a lot of really skinned knees and, you know, just problems at the beginning when people started doing it because they were doing it wrong. If you're treating AI like it's just another user, right? Agentic AI, just another user in your environment, or you're using AI apps and it's just like, oh, it's just another app. It's like Microsoft Word. You're. You're going to get torched by AI and unfortunately, the speed of AI is wicked fast. Right. So you're going to not just get torched, you're going to, it's going to be like exceedingly damaging for you. So you have to be getting on board with like Understanding AI AI advisory. There's actually a, this isn't even a plug. Like I'm. There's a Google AI Essentials course or something. It. It came through. It's like 45 bucks. I think I'm probably gonna take it. Like I'm screwing around with AI, but it would be nice to get like a nice foundation and then report back to you guys whether or not it's worth looking into.

C

There are free ones. Yeah, there's.

A

Yeah, there might be some free ones. I, again, I haven't really done much research on it. UPENN has a online aisle.

C

I'm working on one right now.

A

Yeah. So, James, thoughts around AI?

C

Okay, there you go, Kimberly.

A

I love it. Kimberly. On the AI or audio engineering.

C

There we go. Yeah. No, you hit on the head, Jerry. AI is moving so much faster than any other technology that we've been, we've experienced over the last ever. And because it's moving so fast, it's difficult to keep up with it. Compliance wise, policy wise. Technology. The technology is moving fast and organizations, you know, are just struggling to try to keep their arms around it. You know, years ago you had 18 months, now we got less than six or seven. So having a product like this. Okay, great. But there are frameworks out there, there's guides that are out there. There's plenty of YouTube videos that talk about it as well. But it's a matter of getting your policy straight in your organization, having the governance around it, not just being your checkbox compliance, but actively going through and deciding where AI can help you, what's the problem you want to solve and move forward with it.

A

Yeah, and really quick. Just a reminder on the Simply Cyber Discord server, you can do exclamation point discord in chat right now and you'll get a link to it. There is an AI channel and like that channel in the Discord Server is exclusively for having conversations like this. And Phil Stafford and John V are two of the kind of leading voices of AI in our community, the simply cyber community. And they're very, very, you know, super interested in helping people understand and work on that stuff. So don't, don't miss those opportunities. Tech grunts chiming in saying CompTIA's AI Essentials is a good course to take to learn the fundamentals. Zmif said, I probably already know the fundamentals. Oh, and also one other. Thank you, haircut fish. One other thing to be mindful of, this stuff is so new that the people who are teaching the course may have a limited understanding of it as well. Somebody put that in chat and I think that's a good point.

C

So you got to look at it, how old the course is. You know, if you're looking at something from three or four years ago, the technology has changed so much as well. So, yeah, depending what you're looking for and what you're trying to do.

A

Yeah, that's a, that's a wonderful point, James.

C

Yeah, I mean you can get your foundation.

E

Hundreds of Iranian hacking attempts hit surveillance.

A

What's that?

C

Keep going.

E

Another story from Checkpoint. According to researchers from that company, multiple Iranian hacking crews have been targeting Internet connected surveillance cameras across Israel and other Middle Eastern countries since the start of the war there on February 28. These have been described as attempts to exploit a handful of bugs in IP cameras made by two manufacturers, hikvision and Dahua. The countries targeted include Israel, Qatar, Bahrain, Kuwait, the United Arab Emirates, Cyprus and Lebanon. HHS updates free.

A

Okay. Yeah. I mean, okay, so first of all, surveillance cameras, IoT devices, they're typically pretty, I don't want to say easy to attack, but a lot of times they have default configurations, a lot of times they have default username and password. They're just plugged in. They start working and, and unfortunately vendors design them that way deliberately because my, you know, they want people to have a good experience, a good onboarding, plug it in and it just works, it lights up and does the thing. Unfortunately for people like us, it does the thing in an incredibly insecure way. And end user, you know, opens their phone and sees picture and they're like, good to go. So Iran is scanning the Internet, Obviously because of ASNs or autonomous system network IDs, you can, you can identify what IPS would be within the Israel range. Okay, so that's another thing that I guess I've never really said that people should know about. Like the Internet is basically a Network of networks, okay? And because of that you can say, oh, any IPv4 address out there can be 0.0. And again, DJ B Sec, don't put me on blast. I'm doing this as like a quick and dirty. It can be 0.0.0.0 to 255. 255, 255, 255. I'm fully aware there are RFC 1918 IP addresses. I'm fully aware of 127001. I'm fully aware of Broadcast Domain IP. So please do not put me on blast. Chat, okay? My point is it's not like an Israel IP address could be 1.1.2 and then Google in, in Mountain View is 1.1.3. Right? Like there's like, there's buckets on the Internet. So you can. Basically what I'm trying to say is Iran can say like, oh, we're gonna focus our search over in this area and get these things. Plus you can go into Shodan right now and sort by country. In fact, I might even do that as an exercise later in the show. You could sort by country of what Shodan is found and find these things. So again, Iran, existential threat, doing all the things they say hacking attempts. This has always been a thing. And chat, I want you to chime in on this. If you log into a misconfigured device that has default creds, is that hacking? Because like that's what they're talking about, logging into a device with a, with a credential that just wasn't changed at the fact from the factory. Is that hacking? Now, James, thoughts on this story or. Or that question?

C

Yeah, I mean, you know, depending on what your definition of hacking, it's certainly something that's unauthorized access is what it is. They're logging into a vice that they're not supposed to. Usually there's a banner that pops up. But if you've got IoT device, if you're using these cameras, whether you're over on the other side of the world, whether you're here in North America, South America, you know, you want to make sure you're changing those configurations. You don't want to just have the default credentials. Default configurations, plug and play is always a great thing. But in these cases, if these things, they're connected to the Internet, I mean, this is one of the assignments that I give to my students is the fact that they've got to go out and search for web cameras that are out online using Shodan. And you know, these two are popular cameras. So, yeah, it doesn't surprise me that what the Iran is doing with regards to, hey, they've got all the cameras. This is probably part of what the stage stuff. They've already had kind of like what we talked about already. And now essentially, you know, they're going, all right, we've got the cameras, let's go find out where they all are. You know, and they could also be using them to log in and just kind of monitor too, as well as look to see if there are other people there if they're going to launch any strikes. I mean, I'm getting morbid on this, but you know, they could be using it for a further intelligence gathering if they can activate a camera and look through it and see what's going on in that location. That's huge. They've got eyes and ears everywhere. Or eyes everywhere.

A

Yeah, no, that's a really great point. Recon is the first step of any kill chain, either kinetic or cyber. So for sure. Interesting. I tried to bring up insectcam.org which is like my go to site for all the insecure webcams on the Internet and it's not loading right now, so I don't know. Yeah, no, no, it's interesting. I wonder if it's down or if it's, you know, it's been involved in some type of, you know, situation, so. Update to follow on that

E

risk tool to help hospitals assess cybersecurity exposure. The Department of Health and Human Services unveiled the tool yesterday. It is intended to help healthcare facilities assess their cybersecurity risks, quote, elevating the emphasis on those threats to the kind produced by weather conditions and other dangers, end quote. Developed through the Administration for Strategic Preparedness and Response, the solution comes in the form of an update to the Risk Identification and site criticality toolkit that is risk 2.0 to include a specific focus on cybersecurity. The model walks users through a series of questions and measures them against the influential nist Cybersecurity Framework 2.0 as well as the HHS's own voluntary cybersecurity performance goals.

A

Okay, so I mean, this is cool. I'll take it, I'll take it. This is a free tool. I like it. So here's what you got to know. First of all, I worked in healthcare for like five, five plus years. It is an awesome industry to work in in a cyber security capability if you like hard challenges and professional development, because you are absolutely getting, you're dealing with like clinical staff that speak a different language. You're dealing with biomedical devices that you can't touch. You're dealing with vendors remoting in hyper specialized equipment, patient safety concerns that trump any of your security concerns. Data, bit like sensitive data all over the place. It's wicked awesome environment. Now HHS is the agency in the United States that's responsible for health care. Healthcare. Healthcare is a clinic, excuse me, a critical infrastructure. Per, you know, the United States executive order by Obama on defining critical infrastructures. There's like 18 critical infrastructures. Healthcare is one of them. And basically this HHS tool, they're just, it's a tool that already exists around with site preparedness. Here's the deal, like let's you see these in these like these like docudrama TV shows where there's like some type of massive problem and they gotta like move all the patients, right? Like if you're gonna move all the patients from like hospital A to hospital B, because you're going to have to evacuate because it's like there's bombs dropping or something like that, right? Or there's an earthquake. Like you can't just be like, hey, I know you're in labor right now, but get up and like let's go right like that, you can't do that. Or like, oh, I know you're like actively being like fed drugs to keep you alive or you have a tube down your throat keeping you breathing. Like you can't be like, stop being lazy, get up, we're walking, right? So like there has to be a way to do it. There has to be a coordinated way to do it. And that's what this preparedness element is too. So they're just adding cyber to it. It's not necessarily a cyber standalone piece. Now what I like about this is when you work in healthcare, at least in the United States, there's two main things. One is clinical care of patients and second is how much money is this hospital making, especially in the US right now. It's all about the Benjamins, right? Do we have a straight cash homie?

D

Straight cash homie.

A

Thank you, thank you, thank you, Kimberly. So the fact that they're putting cyber security into this, this, this to me has a lot of parallels to like the CISO getting access to the board, instead of it being the CIO asking the CISO for updates and then going into the board meeting, we are continuing to chip away as being seen as like a critical piece of what's going on here. Not a, not a bolt on piece of it. So, so that's what this is. If you work in healthcare, I would recommend using this. Most healthcare organizations of any size will have somebody who's called, oh my God. Enterprise risk management. This became like very popular like five, six years ago. But there'll be an enterprise risk management manager and it's usually like a senior kind of like executive director level role. And they're looking across the entire landscape of the healthcare system and understanding all the different risks. Like is there going to be a protest because we have a special patient here who's like in the news or is there going to be some type of. If we suffer like a hurricane, what's the deal? So cyber security would be there. So if you're in charge of cyber or you work in cyber and healthcare at a smaller organization, this is an opportunity, this is a door opener where you can, instead of just bitching or sorry, instead of just bringing problems to your team, you can say, hey, like listen, they've brought this tool, like I'm gonna, I've reviewed it, like this is how we can implement it. Let me help you help like solve this problem. So a great little tool. I like it. There's a link in the story. James, thoughts?

C

Yeah, just real quick. You were talking about hospitals and executives and enterprise. I'm looking at this as the smaller doctor offices and smaller businesses that don't have CISOs, that don't have a lot of cyber security people. This can at least give them some sort of, you know, guide of where they are and what they need to do overall with regards to the security of their organization. I'd be interesting to check it out and I have several friends of mine who are consultants that work in healthcare that might get a kick out of this. So glad to see it. And like you said, it's packaged in with some other things, but certainly something that can help those small medical practices, dental healthcare, so forth.

A

I love it. I love it. And Roswell UK says boards love site criticality scores. You know what I'm gonna KPI, I'm gonna extrapolate that a little bit further for, from Roswell's thought. Like boards, executive teams, they love, they love a number. They love a number, right? Like you, you can't go talk to these people about really in depth stuffs. That's why the enterprise risk manager you could go and talk to about like, hey, I can help you do your job better. But like when you're reporting out, you definitely want to keep it like a single number or a single color. And if you can have trend data, oh, now we're now we're like, you know, pants off kind of situation. So get on, get on board with that.

C

If Dr. Jared, if. No, I was gonna say if Dr. Gerald Ozer ever gets on a board of directors, the tip that will be shared with the world is have a really nice infograph.

A

Oh my God. Yeah. Yeah.

E

Pleads guilty. Following up on a story we covered mid February, 43 year old Russian national Eveshini Petitskin has pleaded guilty in a US Court to charges stemming from his role in the Phobos ransomware operation. He was arrested in South Korea in June 2024 and now faces up to 20 years in prison. Sentencing is scheduled for July 15. Petitsin appears to have been part of the administration team which offered malware and infrastructure that affiliates could use to target victims and obtain ransom. Pay quotes, end quotes.

C

Mount up.

A

There we go. Get your chief Wiggums out there. You, U. S. Law enforcement's dropping the hammer again. This guy got arrested a while ago. Unfortunately, you know, the justice system, I guess it would matter to me if I was being arrested. I'd be happy that the justice system took its time. But like, unfortunately, sometimes you get arrested, it's like three, four years until you're found guilty even though it's like obvious to everybody that you were the one who did it. Phobos ransomware was a blight on society. 2019, 2020. They were hammering everyone. You can see that. They hit a thousand organizations in 2019 and made over $16 million in ransomware payments, which is for, for a thousand organizations, that's not very high, like $16 million. I mean again, if you gave me

C

early days of them trying to figure it because they're playing with crypto at that point. Point.

A

And yeah, yeah, yeah. Shouldn't have, shouldn't have sold, shouldn't have converted. I'm a crypto evangelist. I love it, love it, love it. I love it, I love it, I love it. Okay, so that's an old one. So if you're, if you're a long timer with the community, you know, it's been a minute since I, we, we played the fin frock one. In fact, I think there's a fin frog emote. Where is it, where is it, where is it? I don't, oh yeah, there it is, guys. Yeah. If you've been wondering what that emote is in the tray. There you go. It is that. So anyways, this guy got arrested in South Korea. He's gonna go to jail for 20 years. Good. I, I hope, I hope it's an unpleasant 20 years for you, buddy. And he's 47, so he'll be 67 when he gets out. I hope he stored some money away because that's, that's a rough time of year to start. Start trying to find a job as a, as an ex con, you know, in the United States or whatever. Here's my thing. Pro tip. Okay.

C

Don't get caught.

A

No, I mean, sure, don't get caught. But more importantly, if you're going to commit crime, stop going to countries that extradite to the US what are you doing?

B

You are so dumb.

A

Thank you. Kimberly. Kimberly. But like, it's too bad that Zero Trust world ends today because if we kept going, like, Kimberly would be like the, the keyboard is from sticks with like two sound boards anyways. Yeah. So if you go to a country that does extradition, the US Will find you. They're like Liam Nielsen from Taken. They're just waiting for you to go step on, you know, like land that they can get you on. Especially if you're like this high profile a person. So.

C

Especially with Phobos. Yeah, they're kind of setting the mark on ransomware as a service and now there's almost like ransomware as a service. As a service where you're able to go ahead and. Yeah, you just provide. You show up with email addresses and they give you everything else and off you go.

A

Yeah. You know, it's funny too is Luke Canfield dropped this in chat and I don't even know if he meant this as a joke or not. He put Euro Disney has been the downfall of many a bad man. It's a good point. Like I, I often think of criminals as just like the arch villain criminal that you see in a TV show where like they don't have a family, they don't have a life. They're just like all about being evil all the time and working in like non descript office buildings. And in reality, you know, they're making money but they, you know, if they have kids, if they've got a spouse, that's like upside their head about like you're always working or whatever and they want to go on vacation and spend all that glorious money that they had, maybe they, you know, I could see how they make those choices. It's just, dude, when you decide to become a criminal, like you are making some life choices that you know you're gonna have to live with.

C

Yep. There are consequences to the actions.

A

100 now remember.

E

Two subs.

A

No. Guess what? Get ready to turn down all right. Hey, it's 8:58, so I'm gonna just outro for two minutes so we can get Nick Barker on the phone and let him know that we nailed it. Guys, it has been a glorious week here at Zero Trust World. Super pumped live doing the show live, which is. I mean, I always do it live, obviously, but like live on a studio set with, you know, professional lighting and having co hosts. We're going to be doing Jawjacking in just a few minutes, which is a 30 minute AMA. And it's not Ask Me Anything, it's Ask Us Anything. So an aua. Guess we're gonna get a new acronym an hour. So come on down, hang out, have some fun. If you are a regular, you know, share your thoughts in chat. I hope you guys enjoyed it. Thank you so very much, guys. Really, really genuinely appreciate all of you dropping your knowledge. I'm Jerry, he's James. Until next time, stay secure, but don't go anywhere because we're doing Jawjacking. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking. Hey, what's up, everybody? We are at Zero Trust World doing Jawjacking. This is a 30 minute ask us anything and it's a panel form, so we have collectively, you know, maybe 80 to 100 years of professional cyber security experience. So we have experience that goes beyond the invent of electricity up on this panel. And it's going to be a banger as we get sorted out with our headphones and our microphones. Let's run down the panel. Some of you recognize some of these panelists, and some of them look new. I'm actually super pumped. I actually met Robert this week at zero. Oh, Kimberly, that was perfect. I switched and you waved as you walked off. It's good. All right, hold on one second. There we go. Here is the panel. So let's go ahead and go down the panel, introduce, chat. What I would like you to do is just pay attention because I'm going to ask each panelist to kind of share just a little bit of, like, what industry or what experience they have. That way, if you have specific questions, you can say, Robert, what are your thoughts on this? Or FedEx, as someone who works in healthcare, whatever, right? The whole point of this is for you to get as much value out of this conversation as possible. We're not up here because we want to hear ourselves talk. We're here to help you. James. Please start first and then let's go down the panel.

C

We're not here to hear ourselves talk. That's all I've been hearing all day. I know now. So I'm James McQuiggin at 35, 000ft. Thank you very much for the moniker there, Jerry. Let's see, two plus decades in work. Cyber security, I t six years security awareness, thought leadership with. With no before 18 years with a little German company called Siemens. Did everything from networking to grc, product security, incident response, industrial control systems, all that good stuff. Now kind of doing my own thing and you know, telling dad jokes everywhere I can go.

A

I love it. Thank you.

B

James Robert, ethical hacker. I've been hacking since I was about probably 14 years old. So I've been doing this for a bit. I worked for Disney for about 20 years. I built out their anti phishing and social engineering program as well as their mobile and IoT program. Now I work for a major Fortune 500 running there. Pen testing and vulnerability management.

A

That's cool. And you're a bit of a maker, right?

B

I am 100. Yeah. I build replica movie props, all kinds of stuff in my workshop.

A

Right.

B

That keeps me sane.

A

There you go. So if you have questions around, I would assume like 3D printing and soldering and all those things, Robert can, can certainly help you. And he makes custom, he's not wearing it right now, but he had a kind of a custom bow tie.

C

Yeah, yeah, Bow tie. Security guy.

D

Security guard and, and dungeon master. No.

B

Oh yeah. I mean I definitely am an avid DND gamer.

A

You play Magic the Gathering?

B

Of course.

A

Yes. Okay, and that does it for today's show.

B

We're gonna, we've all got our commander decks here. We're gonna be back in a bit.

A

Yeah, I love it. FedEx, what do you got?

D

Well, Federico, FedEx been in I, I, I, I guess I just realized I've been almost 19 years in the industry. Done a little bit of hardware, security, OT security, physical hardware installation, done some non profits on insurance and most recently healthcare. So yeah.

A

All right, there we go. So as the questions come in, I will flag them and direct them to the panel. I very much enjoy the facilitating capability. So first question coming in is from the real Kyle. Kyle. He was here with us yesterday on the couch. Kyle, it was great to get to know you here at Zero Trust World. He asks for the panel and I'll start with FedEx, work our way down towards me. What are some of your key takeaways from Zero Trust World?

D

All right, so Zero Trust World, really great conference, really great information. Honestly they focusing a lot on ctna. They're focusing on identity and we know identity and CTNA is the most important thing that we can handle right now. So you know, hide your kids, hide your wife and make sure that you kiss our daughter unlocks. Because threat actors are going to keep knocking on your doors and if you let the door open, you get an opportunity, they're going to come in and steal your valuable. So Zero Trust, where it's going to be all about identity and ctna.

A

There you go.

B

Yeah, no, and I would say also just the, the networking has been unbelievable. Like you can meet with tons of different companies, you can talk with all kinds of different experts, you hear talks from, you know, nerds on the Internet like me, as well as multiple other people from our industry. You know, just talking about our passion and what we love.

C

Yeah, I think for me with Zero Trust World it's, it's, I'm going to echo the networking aspect but also the hacking labs, they've got a new certification, the Cyber Hero certification. They've got so a lot of great opportunities to be able to continually learn with regards to Zero Trust, with regards to allowing whitelist or applied allow listing with, with what regards to what Threat Locker has. I mean I working at, at know before when we would have our big user conferences or any organization that does their own user conference is a great way to be able to really drill down into the product and talk with the people that are actually hands on keyboard putting it together for you. So always take that opportunity. If you're using that application and they have that user conference, go talk to the people, go talk to the tech staff, get your questions answered and then the networking is just, you know, cherry on top.

A

Yeah, the networking has been good. One of the I guess takeaways which is kind of meta to the whole event is that you know, this is Threat Lockers conference, Zero Trust World. So it's like Threat Locker Con basically. But for me I've been to a couple events in the past when you go to like Black Hat or I don't even want to say rsa but when you go to like B sides or these conferences, you know there's a vendor area but it's very much the conference is like core practitioners, all that. And when you go to a vendor conference it's, it's much more like you're basically going through a cur. Like a guided experience. Like, it's like an Epcot ride where, like, you're just being shown all the problems that their pro. Their solution fixes. And zero trust. World's not that way. I don't feel like I'm at a vendor conference, right?

B

Not at all. Yeah, no, that's rare. Honestly, I didn't know what to expect. This is my first year. Threat Locker is a sponsor of my podcast and stuff like that, so I was like, yeah, I'll come out and see what it's all about. I fully expected it to be a Threat Locker show, but they really showcase a lot of the vendors. They. They allow people to talk with differing opinions. It was really awesome.

A

Yeah, it was. It was well done. And. And, like, I don't want to say they didn't spare any expense, but, like, there's nothing. There's nothing cheap feeling about it. Right? It's not. It's not stupid. There isn't like a gold fountain or something ridiculous. But, like, it's not. It's. There's good food. There's, like, they have, like, two lunches. That way, if you're, like, in a session and you miss it, you can get fed and it just. It's cool. I like it. It's. I'm optimistic that this can be done this way.

D

And to be honest with you, sometimes I'm going to a. To see somebody, and I ended up getting stuck on the hallway talking to other people, meeting new practitioners. I mean, I got the opportunity to actually admit Marcus Hutchins yesterday and actually talk to him. I mean, the guy that stopped the ransom win of 2017, like a legend right there. And he. He took the time to actually talk about. You know, we talk and discuss personal life. And I was like, wow, this guy. But first of all, he's super tall. I was like, a little.

A

He's way taller than you.

D

I think. I felt like, wow, I am. I am little other than that. But, I mean, it was a great person to talk to. So what happened was that I missed some of the talks. Guess what? I went into their app, I went into the recording, and watch

B

was just

D

awesome that I can actually still be present in the conference and talk to people.

B

I mean, security is one of the only fields where you can, like, go up TO professionals with 20 years of experience and be like, hey, let's chat. And a lot of us will make time. I know people are always like, well, you've been doing this forever. Why do you do it? Well, because I want other people to keep Doing it like this is a hard field. We need all the help we can get. And if we're not willing to, you know, the elders, so to speak, willing to help the younger generation.

D

I feel young.

B

The point.

C

You are, you are young.

D

I can't grow a white beard like

C

you guys, us gray beards over here.

A

Yeah. But you know, and I will say too, like, there used to be like a real toxicity in our industry. Like it used to like go watch the, the 1995 movie Hackers.

C

Yeah.

A

And just like if you, if you pay attention, like the group was, was, what was that kid's name? Joey.

B

Joey.

A

Joey. Like they were like basically hazing him and making him prove himself. That's why he like broke into the Gibson was so like he could be validated as one of the people who could be at the table. And like, that's just a microcosm of like how that industry used to be. Like you either were like leap or you sucked. And, and like you could never walk up to someone because they'd be like, get out of here, bruh. And, and now like to, to Robert's point, like, it's very, like you can sit down at any table and be like, hey, what's going on? And like get talking. And it's, it's, it's very nice. I, I, I, you know, it's a, it's a bigger editorial on our industry at large.

B

Totally. And one of the funny things is a lot of us are very anti social. Very much had to learn these social skills. You know, myself being neurodivergent, like, I didn't just learn how to talk and use soft skills. It was a ton of work and effort and it's one of the most important skills you can get for all your listeners. If you're not working on your soft skills, that's what's going to get you a job.

C

Work on those professional development skills 100%.

D

Create your network. I said it yesterday. Your network is a network.

C

Yep.

A

Yeah, I, I didn't realize you were or introverted or what. Like you and I had a nice conversation.

B

I'm, I'm really good at faking. Being an extrovert. No. Yeah.

C

An ambivert.

A

Right?

B

Yeah. I have Audi hd, which is a combination of autism and adhd. So it's, it's a lot sometimes. Like yesterday was a lot for me because I did three hours of podcast and I did my presentation in front of a huge stage. Yeah, I was drained. I literally ran to my hotel and I was like, I'm done with you.

A

Let me. I got a question for you then. And again, like, like, we're here at the event, so maybe it'll be biased, but like, you, you spoke at Zero Trust World. We're all talking about the attendee experience as a speaker. Because I speak at event. Like, we all have spoken. Like, how is it as. How do they treat you as a speaker?

B

Awesome. I mean, they put me and my entire family actually up for. For the whole week in the hotel, which has been awesome. So I can just. I literally come down from my hotel, knock out the conference stuff, then go back and just relax and kind of take it easy. They have a media room for, for talent, so you. You can get snacks all day. They've got all kinds of huge snack buffet laid out so you can grab like some peanut M and M's or whatever you may need.

A

All right, I'll check that out.

C

Speaker rooms are the place to hang out.

D

We need to go see what this is.

A

Yeah, can we just all like, hand off your speaker badge?

B

The red badge?

D

I mean, James and I are dress almost like a lie. So we can be your bodyguards.

A

You know? Exactly.

B

I'll just. Back there with me.

A

I don't know if you guys ever did that, but like you walking into an event where you need a badge, like, you hold the badge up and then you hand it to the person behind you.

B

Professional social engineer.

A

Of course.

B

I've done that bruise.

A

And Hex wants to know, Robert, what's the name of your podcast and how can they reach it?

B

Oh, yeah, a bow tie security Guy After Dark. It's a. It's a podcast where I literally just talk to professionals and talk about their career. It's not super technical. We talk about what it takes to. To get into the field of cyber. It's really designed for new people to give them the experience of what the job is really like. We talk about the mental health aspects of it. We're. It's a very open conversation and there's a lot of talk about neurodiversity and kind of how to handle that and also what superpower that is in our field.

C

Sure.

A

Just quick shout out since I can see chat and the panel can't. A lot of people in chat hashtag Team adhd. So there's a lot. There's a lot going on in chat right now.

D

I have medication for that.

B

I would say the field attracts that type of mentality. Like as ADHD people, we're like collectors of hobbies. Like, that's why I've done basically every job in security. I was like, I'm going to try security architecture now I'm going to do security engineering. Oh, let me try to do, you know, incident response.

D

And I think that's also the reason why we like to see those puzzles and find those needles and we get so concentrated so well at doing investigation. Like you said last month, it is a drug.

A

We.

B

Well, I mean it is, right? So as we're doing these things, we're feeding our dopamine and we're all kind of addicts to dopamine. We love that dopamine hit that our brains don't produce. And when we're doing an incident investigation or something like that, it's amazing.

A

Yes sir. Yes sir. Sean Burns wants to know, with all the years of experience, do you each have a favorite area going to you first, James. Do you each have a favorite area of cyber or technology to work with and has it changed over the years?

C

Well, right now the hot. This handle is so hot right now. For me it's been AI. I mean the last three years I've been doing presentations on AI starting with gen AI and then that's, that's built up at Gentech and now I've been doing a whole lot of synthetic media. So for me it's, it's learning every day with regards to AI. Prior to that the passion was education, security awareness. I love going to talk to with people about cyber security, educating them, making them aware, giving them that aha moment. They're like oh, I need to turn off such and such a setting and or whatever else or that's how they hack kind of a thing. So for me it's an education. Has it changed a lot that just the topics are constantly changing and AI is changing every day?

B

Yeah, for me it's got to be social engineering. People hacking was. Is literally my favorite second to that would be incident response. I loved working incident response. If you're somebody who has a neurodiversity, don't work in incident response because you will burn yourself to the ground. It becomes, you become very obsessive with that. And then as I've gotten older, it's really just been about educating and helping people. So you know, that's what I do. I do a lot of mentoring. Anybody watching, listening, feel free to reach out. I'm happy to mentor. I don't charge for it either. I'm not going to, you know, nickel and dime you to give you advice. I'm trying to help you. There's some great programs that do charge, such as your program and. But there's so much out there that's free too. Like not everybody has the cash. We know that.

C

I can, I can attest to the fact that I have talked with Robert regarding my resume, regarding my career, where I was going when I had my position eliminated. And it was certainly worth the time and effort and I greatly appreciate it saying it out there publicly for everybody. Definitely check out bow tie guy for good tips. He's got plenty of videos on YouTube. Sorry Jerry, I'm not taking away from your show. But he's got plenty of great tips and information on his YouTube channel regarding resume building, interview tips. Go check it out. If you are looking for kind of security guy. Security guy. I mean, Jerry wrote a book on, in interviewing or no, you've written a book on career development. So check out Jerry's book and then check out.

D

And again, Jerry has. It's so affordable too because you're now paying thousands and thousands of dollars.

A

Oh yeah, yeah.

D

I mean something simply cyber academy. So that's what, that, that's what makes it so open to anybody right now.

A

Yeah, and a bunch of the courses are free too. Like there's some paid, there's some free. So you know, you, you offer a

B

ton of stuff for free, which is what I love about someplace.

A

Yeah, yeah.

B

So thank you.

A

Thanks Robert.

D

That's exactly what I say. Like there is. We don't have that, that 20 years ago, 19 years ago, that hurdle that we had when we started in, in this thing, right. We had to know somebody or get somebody to give us the opportunity to.

C

We were going to boot campus.

D

We just could not get it. Now the information is available. So that's the great part about how the industry has changed a lot.

B

I mean, I work with a non profit called Ginger Hacker Initiative.

C

And yeah, we know Ginger Hacker and

B

we, we pay for certs. So like if you don't have money, let us know. You can you, you can apply for our grants and all that stuff. So it's a lot of great opportunities that you know hackerier.org and there's a great discord program and stuff too, which is awesome. Where a lot of new people in technology and new people in cyber kind of chat. It's, it's a great place.

A

FedEx favorite area in cyber. And has it changed over the years?

D

It has, it definitely has. I, I started doing like I say, I started in actual hard work like network hardware. And it has gone to a little bit investigations that I definitely love the AI So I'm doing. In fact, I'm actually enrolled for a class next week again with Jason Harris on his AI course.

A

Oh.

D

And I already take his class about two to three times. And I can tell you that every time I take the class there's something new because it's just changing so much.

A

Yeah. He keeps that course updated. That. Is it the red, blue, purple.

D

No, it's attacking AI next week. And it's actually, I can say because it changed so much and like we already know what happened in the last month with AI with corn and actual cloud bot and all this other stuff. Like it's changing so fast that you had to keep up and keep up. Now. I myself don't even have a personal AI in my own home or run my own model and all that stuff I actually probably use as just to say, hey, rewrite this in proper English because those who know me know that I speak in Spanglish.

A

No, I love it. I love it. And just real quick for me, I grew. I started off as a software engineer and I love cyber. I love cyber so very much. But I will tell you, when you are troubleshooting code and you get it to run correctly, it is incredibly satisfying. It's like, it, it. Oh, it's. It's so good. Yeah, you know what I'm talking about 100.

B

Especially when you've, when you can't figure out what that small little area that you missed was and then all of a sudden you kind of find out, oh, I forgot to close that comment semicolon or whatever. Yeah, Java, it gets me every time.

A

Anyways, I, I don't really do a lot of software engineering anymore and of course with AI like you just, like you can buy code, you just tell it what to do and it does it. But I will tell you that it is very delicious and like, I can't explain the. How it hits when. When code does run. Oh yeah, I do want to take a hot minute really quickly. So. Robert Dizzerins in chat. Robert at Robert so get ready Squad members love on this one. He shares. So excited to share that I've just landed a new role as a Chief Information Security officer. I'm excited to learn and grow into this role and look forward and welcome any advice that anyone can share. Robert, congratulations. So awesome. Yeah, man, it's my favorite sound effect to play on the entire show. And dude, a ceso role is awesome. I hope you love it. I'm not trying to discourage you. I will tell you my dream was cso and then When I became one,

B

I was like, yeah, there's a lot of responsibility there.

A

Yeah. It's like looking into the sun.

D

You guys are telling me that I should know. Yeah, Caesar. Because I want to be one one day. But I'm also scared of the.

A

I mean, it depends on what you enjoy. It's just like when you're a ciso, your hands come away from the keyboard significantly. When you're a ciso, you're talking a lot of, like, budgets and strategic objectives,

D

and then I get boring, and then I will go back to working at Sock because I wanted.

A

Yeah, yeah. And Robert. Robert actually said that the quiet part out loud is a lot of politics and, like, Game of Thrones very much.

B

Like, that's one of the big things. Like, I. I'm an executive now at a Fortune 5. And a lot of that is a lot of your job is just navigating the politics, ensuring that you're not upsetting the right person who may be able to help you get things done in the future. It's. It's a lot of relationship building, and that's where those soft skills that you've learned early on become absolutely critical in any sort of leadership role.

A

Yeah. 100. And I will say, Robert, I'm not trying to discourage you. It is a wicked fun job because my. My favorite part is built, like, as a. As a builder. Right. As a maker, like, you get to either build from scratch or fix a cyber security program. And that, to me, is so good. Oh, well.

B

And there's also. No. Especially if you're entering into a program that's, like, at the bottom or is just learned, like, there's no failure. Right. You can only go up. You've really just got to invest in the right tools, the right people, and. And focus on the right things.

D

So failure is also good when taken properly. No.

B

Yeah, yeah, I understand. Threat lockers. Failure is not an option. My life motto is failure is always an option. Because it's my greatest teacher. It's always been my greatest teacher.

A

Yeah.

B

You either win or you learn 100%.

A

Yeah.

D

There's no total failure. You're always learning.

B

Always, always. Even. Even when you bomb that interview or something. Right. Like, I remember when I was going through job interviews, they were like, how do you manage budgets? And I was like, I. I don't know. Spreadsheets. And I. I just bombed it so hard. But when they asked that question. Question when it mattered, I crushed it.

A

You're like, I am a pivot table master.

B

I, I straight up was like, oh, well, I utilize this strategy and blah, blah, blah. And they're like, oh, wow, this guy really knows his stuff. Yes. Because he failed miserably previously.

A

All right, so I have a, a fun question for the panel. Okay. I, I always. This is a question I ask when I interview people for hiring them. Okay. So if you've worked in IT for more than six months, you, you absolutely have at least one like, like, like one bad thing. Like, like you screwed something up pretty badly. So you all have worked in IT for a very long time. So like share with us to the best you can, Robert. Starting with you, like, what's your. And I'll share mine first. Really, like at high speed. So I was doing software product. I was doing software coding in production, which that's not a good move. And then I was like writing direct database queries in Perl in the source code. So like I'm doing the control part in the application layer part. And I didn't join a SQL where clause.

B

Oh no.

A

And the database like the query just ran and I brought production down. Now the good thing is I was IT and the software engineer. So I turned into Steve Carell from that meme where he's getting applauded for like saving us from the downtime. But in reality I caused the downtime. But that was a nightmare because like once the query is running on the database, this is like production data. You can't just stop the query because it's updating people's balances. This is for a business. Holy crap, dude. I think I like, I definitely like sweat through my clothes that day, Robert.

B

Oh. One of the biggest things I did when I was at Disney was I had taken some intelligence that we got from a three letter organization and I'd gone through and validated mostly IPs night they were related to a C2 attack. And I went and I blocked them across the entire company. Well, several of those were related to social media and I broke all of Facebook and all of Twitter. So people were very angry because a lot of research, a lot of people like looking for bands and other things that, you know, at the music groups, they couldn't do their job, but everyone thought it was a company thing. So they went to their bosses yelling, I need this for work. And, and then it was a, it was a bad day. My boss was like, did you block these IPs? And I was like, well, this organization gave them to me. He's like, did you validate them? I did. Well, they're related to something that they shouldn't be. And you know, you blocked all of Twitter or Facebook. It was. It was a rough day.

A

That is a rough day. That's a great one. Robert tedx, you got one for us?

D

Yeah, I mean, saying that's close to yours. Live production. I work for the nonprofit. We did a live production. I mean, when it was live, was live. And don't push the code. Don't. Don't do updates. Don't make sure your updates are done before or make sure that machine actually power cycle before you start doing production. And test you and test it because it's not fun. When your boss is telling you, so what is happening? You're like, should I be like, it wasn't me? Or it was like, always own it.

B

Oh, I own it.

D

And that's the best thing. That was really hard to understand.

B

Yeah.

D

When I made a mistake, I owned the mistake. But I actually was a great lesson to know that if I own the mistake, I'm. I'm taking. I'm taking the responsibility of what I did. But people are actually sometimes more okay

B

with it because, you know, if you own it, a good leader will respect that and will educate you and will train you. If your leader comes down at you screaming and. And kind of causing a huge. It's probably not.

D

It might not be the organization you want to work for, but at the end of the day, yeah, I learned my lesson. I understood what it needs to be done. And guess what? It didn't never happen again.

A

All right, James, what's yours?

C

So mine has to do with a power plant.

A

Oh, boy.

C

In the sense of I made the control room go dark. In the sense that we were hooking up. We were doing. We had a monitoring system for the power plant, and we hooked up the firewall, and I was pushing the configuration through on the firewall that was connected to the control system into our monitoring system. And when I pushed the configuration, all the screens in the control room froze. Nothing was updating. And they went to my colleague who was there on site, and they were like, hey, did you guys do something? Did you push something? Everything's frozen. And my colleague tells me, and I'm working remote on it, and I'm looking, I'm like, no, I just pushed the config. Big works. It's good. And then I looked at the config and I reversed the network address. Translation, the nat traversal.

B

Oh, no.

C

So what was supposed to talk to my system or their systems were now all talking to my device and. And not getting any updates.

B

Lovely.

C

And the only way to fix it all was I had to go to another department at, at work, at Siemens, talk to those guys. They had to log into each machine remotely reboot it after I made my fix and basically, yeah, for an hour they couldn't see the, the plant operating. So it was, it was kind of scary. So my lesson learned was, you know, always check the config.

D

So it's always DNS.

C

It's always DNS.

B

Always DNS. I mean like I worked incident response for many years. Anytime something drastically went down, the networking team would get on and then magically it would start working. They'd be like, try it again. I'm like, oh, wow, it's working now. Oh, I guess it's not network then. I'm like, that seems really odd.

A

Yeah, yeah, yeah, that's funny. Yeah, the networking team, they always. The firewall is a firewall or always.

D

We can always ask the AI. I mean Amazon literally say, hey, our last two audits because the AI just delete the code.

B

No, just blame the AI.

D

Yeah, we can blame the AI now.

B

I love that. Actually, did you see the Supreme Court basically was just like, you know, what if it was AI art? No copyright rules. It's all good. Like that's wild to me.

A

So Kyle, the real Kyle. Kyle coming in and we've got a couple more minutes here for Jawjacking. So if you have any questions that you want answered, put them in chat with a queue and we will get your answers also if you want. You know, we just shared our, our, our challenges and, and you know, kind of owned it. So nobody's perfect. If you do need to talk to someone who's perfect, Kathy Chambers Media has chimed in and chat that she never's made mistake. So she's. If you need to talk to someone.

B

No, she said that all the time.

A

I know, it's just a lot.

B

It's just.

C

Yeah, she's awesome.

D

She's like, can't we all be Kathy Media Chambers?

A

Yeah, yeah.

D

That's the way I keep saying it. I guess I keep saying it wrong.

A

She's the media. Yeah. So, hey, the real Kyle. Kyle asks, you know, what are some career cyber career related quotes or sayings that you like something that's maybe stuck with you throughout your career that has provided inspiration. I'll share mine first. And you know, maybe, maybe what we're about to share sticks with you and stays with you and helps inspire you. Mine. I actually was telling Kathy just before we went on stream and you all got to witness it live. So it comes from my wife, actually, my wife Nadine. It black hat. Last year I was filming some stuff and I was like, the. The camera was kept. Like I was trying to set up the shot right, and the camera kept doing like this auto focus thing. And I was actually going to be interviewing CEO of Threat Locker. And I. I want it to be perfect. Like, I'm a. I'm a perfectionist. I like high quality things. I think things that I do represent me, so I want to do it the way I want to do it. And it was like a hot mess. And I was like flipping out and I was shaking and I was like getting angry and irritable and all this other stuff. My wife pulls me aside, she's like, dude, just relax. She's like, nobody here knows anything about cameras or audio. Nobody knows. Like, whatever you do, they think is the thing that you're supposed to be doing. So you being all over the place, it's not instilling confidence. Like no one. Like no one knows except you that there's a problem right now. So just be chill, be cool, and just work through it. And I'm like, okay. And then I thought about. I'm like, she's absolutely right. So, like, we started the show. I don't know if you guys caught it. We started the show and the audio was all jacked up. You know what I didn't do? Lose my mind. I was just like, all right, we're gonna. We're gonna. We're gonna. We're gonna cruise.

C

We'll get through this.

A

We got it.

D

A show. A simply cyber show that. That's. No live. Especially like this one that doesn't have an audio issue. Is it really a show?

A

Yeah, I know, I know. So anyway, shout out to Mrs. Ozier for that kind of. I. I think about what. That. I think about it all the time. Yes. Thank you, Robert. Saying or quote or something that's kind of stuck with you.

B

Embrace the uncomfortable.

A

Good one.

B

A lot of my social anxiety and a lot of things and embracing each other, apparently.

C

Embrace the uncomfortable.

D

So I am uncomfortable.

B

Yeah. But it really comes down to just going where if you're uncomfortable, you're learning. If you're not, you're not learning kind of period. And then the other one I love is don't set yourself on fire to warm someone else.

C

Oh, wow.

B

I. I think that one's really kind of a beautiful saying. And. And then the last one is one of my favorites is by Theodore Roosevelt, which is comparison is the theft of Joy. So like whenever you're looking at other people in cyber looking people who have things that you want, you don't know the whole picture. And there's really no reason to compare yourself to anyone.

D

You know, you bring something really beautiful. Because I said it recently, I was feeling imposter syndrome because I walked through it. There's a lot of people that are smarter than me. I mean, like I say, 19 plus something years in the industry. I walked into this job and these people are doing amazing thing. And I'm like, why?

C

Why?

D

I'm not doing that.

B

I joined Incident Response at Disney with prior DoD members and I'm like this punk kid with a high school education and I'm like, I want to be a hacker. It was, it was a rough life. I feel it so difficult.

D

So, so then, then I remember somebody say, hey, you know, you, you, you know what, you know, you can learn the other thing.

B

Yeah, well, just.

D

And, and also go to stay humble, right? Yes. Go touch the grass. Cyber is a lifelong learning procedure.

C

Yep. We're always learning every day.

B

And you're never going to have it completely licked. And when you don't know something, just say you don't know. That's one of the most important things in an interview. Anyone watching this, if you don't know, just say you don't know. If you try to fake it, we know when you're faking it, no matter how good you think you are.

C

Yeah, for me, I was gonna say, for me, one of the. The sayings that I have comes from a dear friend who worked at Disney, ironically. And it was plan the work and work the plan. And that has been certainly the case for me over the last two months. The other one comes from another, a boss of mine years ago, and it was the month the Dunlap mantra is what I called it. And there were three things, and it was attention to detail, situational awareness, and discipline to process.

B

Yeah, that's huge.

C

And those three things have kind of been what I've lived for, what I've worked towards over my career.

D

One that I mentioned yesterday. Oh, that's for the job you want, not for the one you have now. That doesn't mean that you cannot wear a T shirt or a hoodie, because I gotta tell you, my job is

B

like, you're judging him.

A

I'm the boss of me.

D

Not exactly, but I'm saying my job. We can go wear hoodies and we can. And I can be as much as relaxed as possible. But then I also see my c. I I see my c. So I see my director wearing a jacket. I'm like, maybe one day I want to be that. I want to inspire that too. I want to have that confidence. I want to feel good about myself too.

B

You know, most of the amazing.

D

Be amazing. How good you feel. Sometimes when you dress out nicely in front of the mirror, it gives confidence.

A

I, I used to put on a. Like if I was gonna do a phone interview, I would put on a suit. No one's gonna see. This is before telcon interviews. But I would put it on because it made me feel more like professional.

B

Yeah. It gets you in the right mindset. It's like smiling when you talk. Right. You can, you can hear those tones back then.

A

Yeah.

D

Or you can buy a really cool T shirts like they're nerdy cool.

B

I've got a lot of nerd.

A

I love it. I love it. Hey, so we're, we're right at time. Couple minutes over. Let's do maybe 20 seconds. We'll go around the panel. Pump. Promote something. Pump something.

C

James Aquigan gonna be at cyphercon beginning of April with Michelle Khan in Chicago.

A

If you're going to Cypher, Wisconsin.

C

Milwaukee.

A

Oh, it's in Milwaukee.

C

Yeah, cyphercon's in Milwaukee.

A

All right, Careful. I heard that they serve asparagus at lunch in Milwaukee, which means that the, the bathroom, it's a, it's a. Just be careful. All right. No, there it is. Yeah, yeah. All right, so Cyphercon Milwaukee, meet with James McQuiggin at 35000ft. FedEx hit me up.

D

You know, get connected, local B size because that's where the real network happening. And if you are going to be in besides Tampa or besides Orlando stampede, come find me. And if we're not connected, find me on LinkedIn as well.

B

Yeah, bow tie security guy. All one word. It's where I put all my content out across every platform. You can also search any of the podcast things and check out Bowtie security guy After Dark.

A

Bowtie Security Guy After Dark. As always, I'm Jerry Ozier with Simply Cyber. I do have a quick call to action for the community. Phil Stafford, Elliot Matice specifically. But anyone in the San Francisco area, I have a special need for rsa. I have some work that I can't do, but I'm trying to help a friend out. Just some video shots. You don't have to be on camera or anything like that. And you have to make like, like an Instagram reel short. And it, it does. It's a paid gig for a couple thousand. So if that's interesting, connect with me on the Discord server in the General Channel, preferably your local to San Francisco, because you're not going to get paid to fly out there or sleep there. So that's that. Connect with me as always. Thanks, everybody. I hope you have a wonderful weekend. Remember, Daniel Lowry, IRL is at 10am Eastern Time if you want to giddy up on that. Thank you to the panel. Robert FedEx and James, shout out to Kathy behind the camera and Kimberly can fix it on AV Engineering coming to you or closing out live from Zero Trust World 26. We'll be back in the Buffer Osier Flow studio on Monday. Until next time, stay secure.