A

All right, Good morning, everyone. Welcome to the party. Today is Wednesday, May 13, 2026. Welcome to Simply Cybers daily Cyber Threat brief podcast. I'm your host, Dr. Gerald Ozier, coming to you hot from the Buffer Osier Flow Studio. Live and in large and in charge. I don't know, I was gonna say live and in charge and then realized that was not what I was trying to say. Good morning everybody. Hashtag teamsc. Good to see you all. I see Cosmic Cowboy Jesse Johnson in the chat already getting up early. You left coast, people. Great to see you. Special shout out to all y' all listening on Spotify. Went through yesterday, responded to all the comments on Spotify. There is a healthy team SC Spotify faction going on. So come on over to the YouTube channel. It is a good time over here if you can make it, but we're going to be going through the top cyber stories of the day. I'm going to take my 20 years of experience and go beyond the headlines to give you value, space. Tacos has got the coffee. I've got the coffee. Go grab your coffee because we're about to get into it. Let's get cooking. Yeah. Ah, yes. Good morning, everybody. I hope everybody's having a great week. Wednesdays is always but, you know, the middle of the week, the hump day, getting over the ledge. At least here in the United States, it's been a banger of a week. Just crushing, cruising. I hope you're mixing work and play. I know it's stressful out there right now. Economy's a bit rough, everything costs a. But a bit more gas is ridiculous. I filled up last night. $80. Oh my goodness. And I. I don't even drive like a big gas guzzling vehicle either. Jeepers creepers. So, you know, shout out and empathy out to all you guys. All right, so hey, what are we doing here? Listen, we got eight stories. I'm gonna rip them apart one by one. I haven't researched or prepped for any of the stories. Ain't nobody got time for that. So you're gonna be getting my rough, rugged, raw in the moment reaction alongside, excuse me, alongside, hundreds of simply cyber community members live and chat with us right now, right above my head. If you're watching on live video, shout out to the LinkedIn people watching live. Also, come on over to YouTube LinkedIn people, if you got thoughts, comments, tips, tricks, tools, whatever it is relative to the story or the conversation, drop it in chat. This is what community looks like, if you've been wondering it, if you've heard the terms. This is what it is. All right, so every day of the week has a special segment. And I'm pretty happy to report that on Wednesdays it is way back Wednesday, way back Wednesday. You know, I basically stopped developing culturally in 1998. A lot of us back there enjoy the good old days. So we'll look at a piece of technology, mobile. Windows Mobile has been mentioned, Sony Walkman, Laserdiscs. So we've covered it, you know, and today we'll, we'll do another one and just kind of see if everyone can get a little bit of the nostalgia vibes going on in there. If you're here for the first time, drop a hashtag. First timer. Hashtag first timer. If you will let us know that you are here for the first time. Why? Because I think it was Vincent Lawson. Yesterday was our first timer. Number one, I want you to know that you're welcome here, right? Like we, we as a community love growing and love welcoming new people. So as a nice little, you know, nod to that, we have a special sound effect. Welcome to the party, pal. As well as a custom emote that the squad members have. Cost nothing to be here. Cost nothing to be part of this community. All it takes is a little bit of good attitude and interest in the betterment of everyone and you are immediately a card carrying member. Hashtag Team sc. Now, I want to remind you, every single episode of the Daily Cyber Threat Brief is worth half a cpe. We are currently in beta testing. You are all beta testers. If you would like, say what's up in chat, grab a screenshot which is basically showing evidence that you're here on May 13th. You could say CPE the day of the show. Every episode has a unique identifier and file it away. Once a year, count up those screenshots, divide by two. Now, I mentioned we're beta testing right now. That's right. If you want, you can be part of the beta. I can't promise this will work. Cedric Miller, first timer. What's up, Cedric Miller? Welcome to the party, pal. Squad members, if you can help me, welcome Cedric. Sed. Ric. So, hey, on June 1st, the email will go out. So we're, we're beta testing for two weeks right here. But if you go to sim Cyber Threat Brief, simply cyber IO exclamation point, CPE in chat right now and Nightbot will drop the link for you. You can go in here. You just add your name and email address, check these two buttons if you're comfortable with them and hit Submit ATT Station and the end of the month you're going to get a custom email from me. With all of the days you were here, make sure you use the same name and email address or the system's not going to realize you're the same person. Like you can't be like just same name, same email address. All right? Also, you have to ATT like you're ethically binding yourself that you're honest here. Right? Hey, Van chica over on LinkedIn. Good to see you. And then you're granting me permission to email you? I gotta email you your cps and then if there's any like feature requests or anything like that, I'll email you. All right, so the CPEs are going. Guys, I'm super pumped for June 1st. I can't wait to see what this looks like. The first episode back. Everybody's going to be either dunking on me or straight up giving me high fives. I can't wait. And DJ bac, the brain behind it. Okay, let's make sure DJ B gets his flowers. Every single episode of the Daily Cyber Threat Brief, including this one, is sponsored. Thank you very much. Flare. Flare. Cyber Threat Intelligence Platform is offering a two week free trial. You sign up, they verify you're not a criminal and then you can get access to their platform for free, which is a steal for two weeks, which is more than enough time. What would you want to use their platform for? Listen, if you're responsible for information security, doesn't matter if you're a huge business, a mid sized business, whatever, they go out on the dark web, they go out into the cyber criminal underground, they pull all this information, you know, criminal telegram channels, info stealer log files, all of them, and they bring it back into their easy to search interface and you can look for your organization, your VIPs, even your own personal email stuff and find out if you've been compromised, find out if passwords are out there, find out all the things and then what does that do? That's intelligence. Intelligence allows you to take action, be more informed, reduce risk. You know that response phase of the NIST Cyber Security Framework. Response. Do you know what allows you to respond? Intelligence. So don't sleep on this, go to simply Cyber IO Flare. Check this out. Two weeks, man, for free. What, what more could you ask for? I got one other thing you could ask for. Training. That is awesome. Anti siphon training. Bringing the heat. They're making cyber security education affordable to everyone, regardless of financial position. And today at noon, pop open Your A tab and look at your calendar right now. Are you free at noon? Would you like to level up as a boss? Anti Siphons training is bringing you Elite Dennis. A very seasoned DEFCON Black badge winning social engineer, cyber security professional who's not only got a great attitude, she's incredibly good at her job. Which means she can help you be incredibly good at doing the work that she does. For one hour today, she's going to pull back the curtain, teach you how to build a bulletproof pretext. Also, as a defender, you can learn how to identify these bulletproof pretexts and intervene before bad happens. Go on down To Anti Siphon Training.com look at their upcoming calendar. There's still time to register for this anti cast. I'm telling you, I know Elite Dennis personally. She is a friend. She is very legit. You know what else is legit? Threat Locker Threadlocker has got an enterprise grade solution that does one thing incredibly well. Application allow listing that doesn't disrupt your business. If you want to make sure that your workforce isn't running binaries, PowerShell scripts, things that they're not supposed to run in your environment, well then I don't know if it does PowerShell scripts, but for sure it won't run binaries that it doesn't recognize on the endpoint in the cloud. And more Threat Lockers crushing it. So many enterprise fortune. You know there's Fortune 500 companies that are using it. Several people in chat are using it. Let's hear from Threat Locker and then it's time to get into the news. I want to give some love to the Daily Cyber Threat brief sponsor, Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threat locker.com daily cyber. All right, all right, all right guys. Just like Matthew McConaughey said, it's time to get into the news. So do me a favor. Everyone in chat, including you first timer Cedric. Cedric, you wouldn't know this, but listen, the plan is simple. All you gotta do is sit back. I hope you're sitting down right now, Cedric, because if you're not, don't sit back because then you'll fall over. I want you to sit back, relax and just everybody let the cool sounds of the hot news wash over you in an awesome wave. I'll see you at the mid roll for way back Wednesday. Let's go. From the CISO series, it's cybersecurity headlines.

B

These are the cybersecurity headlines for Wednesday, May 13, 2026. I'm Rich Stroffelino. Instructure reaches an agreement with Shiny Hunters in things that won't come back to bite them later news. Instructure, the company that makes the edtech platform Canvas, said it reached an agreement with the group that breached their systems twice in two weeks. Shiny Hunters, the company said the group provided evidence that the stolen data from its systems was destroyed and and received assurance that Canvas customers would not be extorted. No word on any specific financial terms paid by Instructure or what meaningful assurance they could have possibly received. Shiny Hunters removed Instructure from its leak site.

A

All right. Hey, we got a first timer in the chat. Sleep deprived alpha mom, welcome to the party pal. And belated happy Mother's day. Sleep deprived alpha mom, welcome to the party, pal. Okay, so this is just a little bit of a follow up. Canvas got breached or Instructure, which is the company that owns Canvas, got breed Shiny Hunters in their meme style ransom notes or whatever you want to call it. Notifications. Shiny Hunters rooting systems since 2019 and then old school emoji. Wink. You gotta love it. I mean guys, this is their job. So they're, they're enjoying their work. They breached Instructure twice in two weeks. Obviously Instructure didn't fix the problem or they had another exploit around or they set up persistence or what? You know, it could have happened a couple different ways. What Shiny Hunters did I do want to say Mad Hat again, guys. I'm like lowkey. A huge Mad Hat super subscriber. Mad Hat has a video on this particular attack. He also, I, I've met Mad Hat, but I forget exactly what he does. But he clearly, if, if you listen to him, I assume he works for a managed detection and response company working with multiple clients going through IR because he sits on IR calls he's mentioned several times. Like a lot of times, you, you don't even know how initial infection happened. You're not guaranteed to get that. So don't make the assumption that once you uncover the, the problem, you can figure out how it went like, if you walk into your house after being on vacation and your house is flooded, you don't immediately know where the pipe burst. Right. But I mean, obviously if you do enough effort, you can find it. But it's kind of a comparison. So somebody at Instructure, an executive, by the way. Okay. Made the decision to pay. Now in the story, they just said the amount is unknown. For some reason I feel like I heard the amount and it was a lot, it was a lot of money. I don't know why I heard the amount and like they're reporting they don't know it. Does anyone know in chat, did someone hear, like it may have been reported out afterwards how much? I feel like it was like a lot of money. Hold on, what's in structures? I. We could take a guess here in structure. Annual revenue. Right. You can always use the annual revenue as an identifier. So in 2023 they made 530 million to 2022. 475. So they're growing about 20% year over year. So that's 2023. 20 would be 100 million. 630. 100. So 720, like if they're continuing to grow at the pace they are, they're about 700 million dollar business. Typically threat actors will ask about 3% of annual revenue. That's kind. 3 to 7% is kind of the back of the napkin math. In that instance, that would have been 7,236. So like $30 million would have been like not an unreasonable request. 25 million, $30 million. There are negotiations that go on now like it's a business deal. So I don't know where they landed, but I feel like I heard that. All right, so here's the tldr. Okay? This is a major news story. Don't, do not sleep on this, okay? Major news story that you can use as an opportunity to engage your leadership. This is a massive front page news story, which means there's two things going on here. Like, again, like I, I should have said this in the intro for you first timers here, right? Sleep deprived alpha mom and Cedric, first timers here and other first timers who are listening on replay. Yeah, Straight cash homies, right? So listen, here's the deal. The format of this show is I give you the news, okay? Because some people put this on Spotify, like, oh my God, this guy. There's a lot of fluff in here. Just give me the news that that's not what we're really doing here. It's an hour long program and it's an educational informational session that gives you both the current top news threat intelligence, but also additional insights and value. I've worked in the industry for 20 plus years. I went all the way up to the top of the mountain. And by the way, the view up there is not what you think it is, okay? Once you get to the top of the mountain you want to, you want to like hop back down one ledge and just let someone else operate up there. Spoiler alert. There's no keyboards on the top of the mountain. Okay? So anyways, let me give you the additional value. This story is mainstream news. This story is about a hundreds of millions of dollar business, right, Deciding to pay tens of millions of dollars. The when you start talking about money, the business starts listening. Okay, like AI being able to hack a 20 year old Linux bug called, you know, whatever, dirty frag. The executive team doesn't give a damn about that. Okay? Like you're not even going to get them in the elevator to listen to you about that. This, they will listen to this. They are seen in their own feeds on the Wall Street Journal, on page six on or whatever that is cnbc, right? This is why you need to strike while the iron's hot. You can say, hey listen, I want to run this month's quick 30 minute tabletop exercise on running through how we would re like Basically Instructure paid $70 million to not have their clients data leaked. I want to run a tabletop with the executive team or with leadership or whatever for 30 minutes and just walk through the decision making process that we would use in a similar situation and identify any. I wouldn't maybe not call it gaps, but any opp. This is like such a business executive power move. Don't say identify gaps because that makes the executive team feel like they have faults and they don't have any faults. They don't want to like Nope, nope, not here. So what you have to do is hey, I want to do this and identify opportunities for improvement on our current processes. Identify adjustments to make ourselves more efficient, more effective and more, you know, financially stable. Right? Throw the numbers in there and then once you get them on the hook there, run this scenario, guys, we get breached, they send out a note, we say that they didn't get us because our initial information says that they didn't get us. They breach us again and they start dropping proof of data compromise. What do we do? They gave us two days. All right, like what, what do we do? Like oh, just open it like that. Look at the. And by the way, another, like, final thing about this, another power move that you can use. And you've got to be very diplomatic when you do this, okay? But in any room, right? In any room, there's one person that's in charge, okay? Like, I know, like, I'm running this meeting and I'm in charge. That's not what I'm talking about. What I'm talking about is you sit down with the executive team, right? And the CEOs there, the CFO, the CIO, the CISO, the CRO, the CAO, the whatever, right? In some businesses, the CFO is the top dog. And I know the CEO runs things, but, like, it just. It's. It has to do with personality, it has to do with business function, right? So what I always recommend is ask the most important person or the most powerful person in the room kind of the first question, because they are what everybody's looking to for kind of decorum. And if you engage them once, it's a nod to respecting them and recognizing them as the top dog. And two, they'll start talking and engaging and then unlock everybody else. I'm telling you, it's. It's a bit of a more diplomatic move. Chief Financial Officer. Okay, looks like we got some gifted subs. Fleet is post in the third. Heck yeah, man. Thanks, fetus. Appreciate it. And by the way, if you are over on YouTube, Fleet is post in the third. We just gave out gifted subs. If you were on YouTube, you could have grabbed one. All right, let's keep going.

B

Shy Hulud campaign is back since its appearance last September, the campaign by Team PCP has undergone several iterations, all focused on supply chain attacks to steal developer credentials. This latest effort saw the group use valid OpenID Connect tokens to publish dozens of malicious packages for tanstack on npm before spreading to other projects such as Minstrel, AI, OpenSearch and UiPath. Since these used valid tokens, developers saw them as cryptographically authentic. Endor Labs highlights a novel trick used by the campaign. An orphan commit pushed to a Tanstack fork, making it accessible through GitHub's shared fork object storage. This commit was then referenced in the malicious dependencies. Once infected, the InfoStealer malware writes itself to VS code and Claude code autorun hooks, ensuring it persists even after uninstallation. The malware implements geofencing logic to prevent execution when Russian language settings are detected, and includes probabilistic recursive wipe commands if the environment appears to Be in Israel or Iran.

A

Wow. Okay. A lot going on there. Hey, shout out to a guy named 303. Yeah, a guy named 303 for the gifted subs. Thanks for the gifted subs. Appreciate it. So the gifted subs are flowing today. I love it, I love it, I love it. Thanks guys. First of all, appreciate the support but more importantly appreciate you enabling other members of the community to get access to the sweet, sweet emotes in the emote tray. Shy hallude. Yes. Not to be confused with Shia LaBeouf as Dan Reardon pointed out but. But both equally crazy. This seems like a Russian backed state threat actor more sophisticated than not. Compromising supply chain NPM packages and PI PI libraries. Now the reporter Rich got really deep into the technical elements about how this executes. Basically what I would say is if you're vibe coding, if you're using Claude code, I think you mentioned cursor as well, and you're pulling into these package libraries again, NPM pypy, you may accidentally pull some of these. Now what they say here is this particular campaign has had multiple iterations, some of exposing hundreds of thousands of developer secrets automatically generated in GitHub repos. Now again, I don't know if you can generate secrets in GitHub versus just store them. So I have some secrets stored in my GitHub private repos. Bearded it dad coming in hot. Thanks Dakota. Gifted Subs 10 Gifted Subs It's a team SC kind of day today. All right, so somebody told me before I came on, I read it this morning in a DM that like shy hallude campaign was open source too, which means a lot of like very much similar to what happened with me, right Botnet. Like a lot of people could be getting into it. Oh, this is great. DJ B dropping IOCs for us in a second. I'll share that. All right, so what do you need to know about this? First of all, if you live in Russia, Israel or Iran, you won't get attacked by this. It has a self. This is another indicator of sophisticated malware. It checks to see where it is geographically. And if it is in Iran, Russia or Israel, it will delete itself effectively. Which is interesting because I. I suppose it's not wanting to get involved with the Iranian Israel situation. Russia's been, it appears to me, you know, just some schlub over here watching from the gym. You know what? Bearded it dad. Get those gains. Yeah boy. All right. Hey, listen, you got to think about this too from like un for better or worse, especially in Younger in your career. Right. And I'm speaking as myself, so this may resonate with you or may not. When I was younger in my career, I was like, very technical and like, loved, loved being in the weeds and like, oh, who cares? Like if it's coming from Russia or China or Pakistan or Djibouti, who cares? It's malware and I need to stop it. Okay. Now that I'm older, these things do matter. And let me explain why. So Russia, if, from my perspective, is using Iran as a proxy against United States. If you look at the geopolitical landscape, you know, Russia's trying to reclaim its great, you know, dominance from, from the Soviet Union era and having like, you know, lots of countries, which is why it's doing what it's doing in Ukraine. It doesn't want to directly engage United States who has a direct war with Iran right now. So Russia's doing it through a proxy. So by Russia making this malware, allegedly, although it would all intents and purposes appear to be Russian based, they don't want to attack Iran because they don't want to basically, like, they don't want to walk through that backyard and step in dog poop. Basically, like Iran, Israel, United States situation going on. That's like somebody else's backyard full of dog poop. Right? They do not want to walk through that and get it all wedged up into their shell toes. So they just walk around the yard. They make the malware delete itself if it gets in there. Okay. And then of course, best practice, they delete if it's attacking Russian because they don't want that. I do want to point out really quick, hold on one second. All right, so this is, this news article is being provided here by DJ Bac as the one to use. Here we go. 170 plus packages hit. You can use this to identify which packages were affected. You can see them all right here. So you know, I would basically, to me, this goes out here. I know here, I'm gonna drop this link in chat. This is a list, a deep detailed list of Shy HUD impacted guys as, as if you work in SecOps if, or you're a, you know, ad tech. If you're a team solo, like you're a one person business, not one person business. You're a small cyber security shop where you're expected to do more with less use this article, it's got all the specific NPM namespaces that are impacted and all the packages that are impacted, the PI PI packages impacted. So you can see basically yes or no, were you potentially exposed? And then they give you very clean recommended actions. Number one, rotate your keys and add to fa. My guy, if you don't have MFA on your stuff right now, wth, I won't even swear in acronym format. Come on guy, you gotta do better than that. Put 2fa on your GitHub. Put 2fa on your 11 labs. Put 2fa on your PI, PI, your NPM, your email, your financials, your, your Netflix, like everything 2fa. All the things, dudes. All right, so check for GitHub repos containing the chailood. Here we go again. Related strings. Conveniently, this threat actor has put in a text string that makes it easy to search for. Not a great move for sophisticated malware, but one that we can key on as defenders. They do have an infection analysis right here that allows you to along with screenshots showing how you can determine if you've been impacted. They do have some domain names and IP addresses that you can look for in your firewall logs. So. Pretty serious, guys. This is a nice piece of, I mean, not nice in the sense that I like it. It's a piece of malware that's well built. It's hitting many people. This is one that you should do two things with. Number one, one, you sh. If you are running a business that can in any way be in scope of this, this is a great opportunity to number one, connect with your engineers and developers. Number two, go threat hunting in your environment. Number three, figure out where all this like PI, PI, npm, cicd, pipelines, vibe coding. Figure out where all of it's going in your environment. Awareness is important guys, because if it's not like say you do all that work and none of this applies today, whatever it is tomorrow, because this is a major attack vector, you'll. You'll already have established those communication channels and know exactly who to go to. Number two, this is great. In a job interview like right now, dudes, if you are working, right, like say okay, so like I'm a ciso, right? And if I'm hiring or Fleet is posting, the third is hiring or Robert Wetstein is hiring or whoever is hiring, right, like you're going to a job interview later today because they're hiring. If you work in cyber security, you are fully aware that these supply chain PI, PI, npm, GitHub, repo attack vectors are happening. They've been happening for months. If not, you know, I guess, you know, whatever, six to 12 months. This is front and center and the person interviewing you, the guy or lady across from the table knows this. So if you're being interviewed and you bring up stuff like this, you are clearly up to date and very aware of what the real threats are that are actually concerning the person who's interviewing you. It's the thing that's giving them tummy troubles. You can be the human Pepto Bismol. You can be the talcum powder that is talcum powder, the thing that does makes your stomach feel better. Or is that like gold bonds that make a rash feel better. Whatever. You can be the mollifying, soothing agent that makes this thing not their nightmare. Okay? So don't sleep on that.

B

OpenAI launches Daybreak. This new cybersecurity initiative uses OpenAI's codec security and several GPT 5.5 to create an editable threat model for a repository. With an emphasis on real world attack paths and high impact code. It will then test vulnerabilities in a sandbox and propose mitigations and full out fixes. Daybreak isn't generally available yet. On its launch site, users can request a vulnerability scan or contact sales to request access. Like the mythos rollout, OpenAI says it's working with industry and government partners to get ready to deploy these kinds of cyber capable models.

A

All right, all right, all right. Hey, check this out, by the way. I want to get in on this action. I have gifted subs I want to give out. Here we go. Yeah, I want to be part of it. No, no, hey, listen, I'm not only the president, I'm also a member. That's a throwback to Hair Club for Men, the OG Hair Club for Men stuff. I like doing gifted subs. I like being. I like, I'm a member of this community too. I don't just stand up here and not deep fake, you know. All right, listen, whoever gets the gifted subs, welcome to the party, pal. Welcome to the party, pal. All right, so Mythos has been the big thing. Open AI launched this defensive or the cyber tool. People are crapping their pants. And I gotta tell you, from a business perspective, this is. This was like, dude, our whole industry was thirsty, if I can use that term correctly. Gen Z, our whole industry was thirsty for some relief from a defender perspective. So open AI is launching something called Daybreak. By the way, I love that they're branding all these things. I'm a huge fan of branding vulnerabilities and branding all the things AI powered, vulnerability detection and patch validation. Okay, now I. We're gonna get deep in the weeds on this one. All right? So hey, if you don't care about GRC or you don't care about vulnerability management, you may want to go take a lap or go get your coffee refill or something because I'm about to go deep for GRC Mafia. All right? Vulnerability management is what? Vulnerability management falls squarely into the GRC space. Okay? Vulnerability management is one of the most apathy inducing roles in cyber security. Do you know why? Because we as vulnerability management analysts get to see all the problems, all the warts, all the gaps, all the issues, but we also don't get to fix them. We get to tell the application owner, the system owner, the project manager, the executive, the manager, the vendor about the problem and they get to fix it. Which if you've worked in a, a corporate world for a second, you're not their priority. Do you know how many times we had a massive, massive critical mission? A mission critical application in an environment I was working in where we could only bring it down once a month for three hours on a week, Saturday night, 3 to 6am and I would say we've got this massive patch. We gotta patch it. Oh my God, we gotta patch it. Ah, you gotta patch it. And they're like, don't worry, Jerry, we'll do it in the next patch cycle. And I'm like, all right, I feel great. Thank you. And then I come to work on Monday and I'm like, how did the patching go? And they're like, well, we patched all the new features and then we ran out of time, so we'll get you on the next one. And then I like, I like, grew my hair like a Chia Pet. So I could literally rip my hair out of my head and scream. That is what's up. That's why vulnerability management analysts are, you know, you should take their shoelaces. Okay? Don't let vulnerable give vulnerability management analysts Velcro shoes. No shoelaces for them. I know that's a little dark. Now, what is Daybreak going to do for us? Well, if you look at the. Yeah, thank you. If you look at the. Here we go. This is all day, every day. If you're. If you're listening on audio, I'm showing this AI version of Skeletor. Freaking out with my head superimposed on it. This is how I feel doing vulnerability management analyst or vulnerability management work. Now here's the deal, yo. What this tool is going to be able to do is exactly what we've been seeing security researchers do. It's going to be able to look at an environment, maybe at the source code, I'm not entirely sure, and tell you where there's vulnerabilities. Now, they say in the title here, patch validation, which I'm all about. If you look at the OpenAI, Twitter or X post, it shows it. Find a vulnerability and then patch the vulnerability. My guy, you cannot have AI patching your things. All right? In my opinion, you can't just, you can't just hit an easy button that says go find vulnerabilities, then patch them, then report back if they've. If they're validated. Validated meaning check again and see that it's closed. You can do that if you are an absolute Wild west six gun shooting YOLO master. And that's what you want to do. But in my opinion, hitting patch all the things is an absolute. You, you are signing yourself up for a weekend of unpaid work. All right? So we'll see how this thing goes. This is obviously a big marketing thing. Daybreak. A lot of open AI employees cashed out their stock. Again, always look at the business side of things, by the way. They really do influence what's going on in the operation side of cyber security. I'm here for it, though. Guys. I've been saying. This is the last thing I'll say about this. I've been saying this, I've been saying this for, you know, maybe a year. We need to use AI to defend, like threat actors are going to use AI to find old vulnerabilities, write exploits, operationalize the kill chain quickly. So finding zero days before they're even, you know, found and exploiting them, reversing patches within hours of publication. The only way we're going to be able to survive reasonably is with AI helping us on the defense side. So thank you, OpenAI. I would be stunned, stunned if Anthropic doesn't release something like I was going to say in the next month, but these two companies go neck and neck. So if Anthropic didn't release something in the next, you know, week OR 2. Here, DJ B Sec is providing a quote here. It says it starts from the premise that the next era of cyber defense should be built into software from the beginning. Not only finding patching bugs, but. But being resilient to them by design. Yeah. All right, Last thing I'm going to say. Steal this, by the way. Steal this. If you want for a job interview. We're going to go through a period of time where basically starting now, we have a backlog of, of software, right? 20 years of software. So AI is going to be able to find all the bugs and all the problems and all the software that's been deployed over the last 20 years, which is a lot. Okay, but all the software starting like today, and I'm being simplified here, but all the software starting today will. We will be using AI to, to kind of limit the number of vulnerabilities that are introduced during development and design and architecture and all that other crap. So going forward, software is more secure. So by the. So eventually that finite set of software that was written between 20 years ago and today, eventually we'll get all sorted out and sussed out. So during this period of time, that's the problem we're looking at. But at some point, like, the code will be much more secure. And then, you know, we'll be. We'll be in a better position. I do want to point out really quickly, vulnerabilities are not exclusively software bugs. Okay? Vulnerabilities can be misconfigurations. Vulnerabilities can be process issues. Vulnerabilities can be, Carl, reusing passwords across systems. Vulnerabilities can manifest in many ways. All right? So don't, you know, you can chain vulnerabilities together for a bigger kind of vulnerability. So don't, don't think that AI snaps its fingers and vulnerability management analysts are saved from being, you know, like, going

B

through anguish on the regular members exporting surveillance tech. According to export records obtained through Freedom of Information requests by Human Rights Watch, 6 European Union member countries have exported surveillance tech to countries with previous records of human rights abuses. Bulgaria, the Czech Republic, Denmark, Finland and Poland sold surveillance technologies to over two dozen countries with documented cases of repressing activists and journalists. This may only represent a subset of the countries involved in the practice, as France, Germany, Greece, Italy and Spain declined to share any export data. The data obtained by Human Rights Watch does not specify the names of the companies exporting the tech. The EU introduced regulations in 2021 to heavily regulate the export of surveillance technologies.

A

All right, there you go, guys. It's all straight cash, homie. Spyware is big business, man. You could sell them for like a million dollars in install. The. The margins on that are huge. You know what I mean? I charge like 100 bucks. 150 bucks for access to like an entire GRC course, right? They're charging a million dollars per use. The markup is gigantic. Okay? So when you're dealing with millions of dollars, right, people in power want access to this Kind of technology. People in power want money so they're going to do these things. Okay, so bunch of spyware getting exported to humans rights abusers. Not good. Not good. Okay, here's the reality and then I'm just going to go on to the mid roll. Number one. Spyware is incredibly powerful, but there are use cases for it. A lot of times it is mentioned as law enforcement. But you know what? Cash talks, baby. So if you're able to get enough money in front of someone or you know, a sales guy is financially incentivized because he gets a huge commission for making sales, they will look the other way. Hey buddy, just tell me your law enforcement and I'll sell it to you. Even though you're an oppressive authoritarian regime that's going to use it to route out civil dissidents and then make those people disappear. But it's okay because I'm going to get 20% commission and I've got my eye on a jet ski, you know what I'm saying? It's disgusting. But follow the money, you know what I mean?

B

And now a huge thanks to our sponsor for today. Doppel Social engineering attacks look trustworthy. A routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Their AI native platform detects and disrupt attacks across every channel while training employees to recognize deepfakes and deception. They fight relentlessly to protect your business, business brand and people. Doppel outpacing what's next in social engineering? Learn more at doppel.com that'S-O-P-P-E-L.com the government giveth and taketh away AI models.

A

All right, all right, all right. Hey, what's up everybody? We're at the mid roll. I want to say holla to you. Thanks for being here everyone. Appreciate it for you first time or sleep deprived Alpha mom Cedric, how's the show going? Let us know in chat. I I love being inclusive and supportive. Again, shout out to guy named 303fleetus Dakota bearded it dad. Such, such a great community. I love this community. Thanks guys for making every day an absolute delight to come to work. Shout out to the sponsors who enable me to keep the lights on. Threat locker, anti siphon and flare. Definitely appreciate you. Every single day of the week has a special segment and I want to say shout out to the throwback but I hadn't prepared for this one but this just popped in my mind. Didn't have one myself but let's get into it guys. Way back Wednesday. Sound off in chat if you had a Tamagotchi Tomigachi, the original. I mean, I feel like this has been rebooted a few times, but Tamagotchi, like, Bob's Burgers did an episode on this where Gene was, like, in love with his Tamagotchi. I'm a huge Bob's Burgers fan, by the way. If you didn't know Brooklyn nine nine and Bob's Burgers, definitely good stuff. So shout out to Tamagotchi if you nurtured one of these things. Guys, I'm so old that I had home economics in high school, and. And I got a egg, and I had to pretend that I was like, a parent to an egg, and I had to have, like, a spouse and, like, me and. Me and my baby mama, I guess. I mean, they didn't say we were married, but, you know, I had one. You had one. Like, we had to share the baby. I think it had an alarm on it, so it would go off and you'd have to, like, feed it or something like that. Anyways, I just. A little. Little walk down memory lane for everybody. Cedric Miller says I got my comptia Sec plus associates. Any job wreck. All right. Hey, Cedric Miller, I love the question. Listen, secretly Cedric Miller, since you're here for the first time, you wouldn't know this. We actually have a secret hidden show at the end of this show called Cyber Career Hotline. I'm showing the promo card right now on stream. Cedric, you asked that question right as I start Cyber Career Hotline, and I will make it the first thing that I answer. This is a hidden Easter egg AMA show that happens every episode. But for all the people out there who love themselves some Tamagotchi, welcome. And this was your way back Wednesday. All right, let's get back into the news.

B

Models. Last week, the US Commerce Department announced that it reached an agreement with Google, XAI, and Microsoft to test these models for security vulnerabilities on their system ahead of their general release. However, this week, the U.S. commerce Department removed that announcement from its site. No word from the department on why the change was made. If this materially affects any deal or. They just took down the announcement. In related news, the Pentagon announced it's deploying Anthropic's Mythos model to look for vulnerabilities across the US government. According to DoD Chief Technology Officer Emil Michael, the Pentagon still plans to remove anthropic products from its work in the coming months, but said that Mythos represented a national security moment.

A

Yeah, so I Guess Pete Hegseth and his big. You anthropic. You bend the knee or you don't get access to government money. That didn't work out because we. It's too powerful, man. You can't. Like, I get that you can have like a little bit of a pissing match and try to be the, you know, the. The alpha dog or whatever, but the technology is so powerful. Like, they haven't. Like, they just said that it's still being used, and now they're testing Mythos like, whatever, dude. You can flex all you want. At the end of the day, if. When it comes to national security and power and using the most advanced technologies we have, yeah, we're going to use them all right? So this story, in my opinion, is a lot of smoke, not a lot of fire. Microsoft, Google and Xai have been testing Mythos. I think they might be testing open AI cyber model as well. And they had published some details of their findings on their website, and it's been deleted. Now, the Internet doesn't forget, so this information may be accessible through Wayback Machine or some other mechanisms. But you might be thinking, oh, my God, what kind of. What kind of nonsense did they find? What kind of COVID up is this? Justin Gold is. Got his murder board going, looking across all of his conspiracy theories. Hold on one second. Conspiracy. Anytime something like this happens, okay? Literally something like this happens. This is. This is what happens in my mind, okay? And for those who don't know, I. I think about Justin Gold probably more than I should. This is Justin Gold. For those watching, not watching, it's the always sunny in Philadelphia guy with the murder board or whatever, talking about all these things, trying to find connections and stuff. Here's what I think we covered in yesterday's news on this program, that the government, Department of Commerce is trying to own the responsibility of reviewing these models and providing guidance to. To the, you know, the public, to us. Well, the department or the Director of National security and the nsa. I might be getting that wrong, but that the. The NSA said, no, no, this is national security. This is very powerful technology. NSA should own this. So here's what I think is happening. I think the Department of Commerce pulled this information because I think that they don't want to tip their hand about. They don't want to tip their hand to the NSA about what they're doing and what they're finding and all the things. I feel like this is like, not spiteful, but it's like not letting. Did you ever go, like, in school, have that kid who like, basically did the bare minimum and then would just like follow you like, oh, here's what I did. And they're like, immediately, oh, I did the same thing. It's like, yeah, nice job, Kevin. You kind of mailed it in. All right, so anyways, I think that's what's happening here. I don't think they, there's, here's my logic behind this. If they had discovered something so mind blowing, so earth shattering, so unbelievable that it would disrupt the fabric of society, they wouldn't have published it in the first place. Do you not, do you think that they're just set to auto publish there? No, they had a bunch of people review it, you know, get it. All right. And then publish it. So I, I really think this is a pissing match between whoever's in charge of commerce and whoever's in charge at nsa. So that's what's up. If you have thoughts on this, drop them in chat.

B

Android gets intrusion logging. Google announced a new feature for Android developed in partnership with Amnesty International called intrusion logging. This is a feature of Android Advanced protection mode and is designed to provide logs specifically made for forensic investigations. These logs will record security incidents such as unlocking physical access to a device and the installation or removal of spyware at launch. This is only available on Android 16 and only on Pixel devices. Amnesty International frames this as the first major vendor to proactively address the challenge of detecting advanced attacks on device.

A

Good, good. Expose them. Turn the, Turn the light on in the closet and let those cockroaches run, baby. When you're selling spyware and you're selling it to authoritarian regimes so they can find investigative journalists, so they can find dissidents, so they can find people who have social lifestyles that do not agree with the mainstream and not to call out. I'm going to call out. This doesn't mean every Egyptian adheres to this. It's just well documented that in, at least in the early 2000s, I don't know if it's changed or not. In Egypt. If you're a man and you're into men, that's not okay. Like that's, that's considered illegal. And they can use spyware to identify these people and round them up and throw them in jail just for their, their personal preferences. Right. And if you think I'm making that up, let me show you. Because I feel like that was a pretty bold thing for me to say, to not have the receipts on that one, Let's. Okay, here we go. BBC article from 2023 how Egyptian police hunt LGBT people on dating apps. I'll just leave it as an exercise for you. I just wanted to provide that because I didn't want you to think I was pulling stuff out of my butt and trying to start some here. Okay. So anyways, Google, I guess kind of feeling them their old vibes of do no evil is working with Amnesty International to help bring light to these things. I hope that this works out, man. Forensic detection, sophisticated threats I would assume this has to do with Android devices, not Google search, but hey, it's a step in the right direction. Okay. If you're interested in, you know, human rights violations, civil liberties, those type if that's, you know, your passion or where you work. This story is definitely something worth discussing. Spyware. For far too long it's just been going wherever it wants because people in power were able to get it where they need to, but it's just software. Honestly, Apple is in a position to do something similar to this. Okay, Apple makes the iPhone. Apple has the hardening feature that makes it difficult for spyware to get on your device. But they could possibly also team up with Amnesty International if they wanted to

B

Cross platform end to end Encrypted RCS arrives on mobile Apple and Google announced a beta rollout of end to end encrypted rich communication services, or RCS messaging. The rollout implements the GSM Association's RCS Universal Profile 3.0. This will be available on iOS 26.5 and the latest version of Google Messages. Although availability still relies on carrier activation, Encrypted messages will show a lock icon in chat. This feature will be enabled by default, with Apple committing to applying encryption to existing RCS threats as well. Up until Now, Android and iOS have each had native end to end messaging, but this didn't extend cross platform.

A

All right, so there's two things here to note. Number one, messaging apps Whether you have a policy or not, lots of people use messaging apps to communicate. I know physicians that text their patients. Not HIPAA compliant sensitive information being sent. You know, I've said forever. I love signal. I, I use signal. Signal is pretty, pretty solid. But if you're using imessage to imessage, it's been encrypted end to end. If you do Android to Android, it's encrypted end to end. And then if you ever text somebody, if you have a group chat where you make fun of the person for having a green bubble and let's be honest, I do that, I don't know if they're gonna have a green bubble anymore. But from a cyber security perspective, you can't or I'm sorry, you can't complain. My bad, sorry. You can't complain because now the conversations are encrypted. Well done from the office of I don't know who was asking for this, but super pumped that they did. Now this is an Apple rolling out this so I, I. The one question I would have is if this is an Apple initiated conversation to Android is encrypted. Okay. Does it work the other way around? Right? Like if an Android initiates the conversation, is it encrypted? I would assume yes. But you know what happens when you make assumptions. If you're big into protocols, right? If you have a hardbound copy of TCP IP Illustrated Volume 3, like some of us do, you may be interested in this. If you're interested in confidentiality and secure communications, this could be interesting to you. For everyone else, like just know that you've got an extra level of encryption here and you can keep on moving forward. The nice thing is, here's the thing. I'm not quite sure how often this was being attacked, right? Like maybe some eavesdropping maybe. But I'm not sure how often the lack of encryption end to end was being compromised. I do, I do want to say this doesn't impact like if you the what do they call those frigging things? The Stingrays? Is that what they call them? This doesn't change a lot of attacks on mobile devices. This like you can still get a text message from a van down by the river that's got a stingray built in the back. That's kind of a hot attack right now. You could still be fished and socially engineered. A threat actor can senua oh you have an outstanding toll do or an outstanding ticket or you miss jury duty and you're going to go to jail. You can still get those messages. Okay? It's just going to be encrypted.

B

West Pharmaceutical still recovering from Ransomware According to filings with the U.S. securities and Exchange Commission, the pharma giant West Pharmaceutical Services suffered a ransomware attack on May 4, causing a proactive shutdown and isolation of affected on premise infrastructure. This caused a temporary disruption to the company's business operations globally. As of this recording, core enterprise systems and processes around shipping, receiving and manufacturing have restarted at some locations, but the company does not yet have a complete timeline for a full restore. No known ransomware group has claimed responsibility for the attack, which may indicate that A ransom was paid. It's unclear what data was stolen and how many people might have been impacted.

A

All right, hey, before we get into this. Oh, baby, itching to learn at it chain. So it's the word itching, but it is capitalized squad members, if you will, if you're new here. All right. Sleep deprived alpha mom, Cedric. First timers, second timers, right? Anytime anyone gets a job, we celebrate the living crap out of it. We have a special sound effect for it. We don't use it often lately, which sucks. But itching to learn. Accepted an offer for his first or her first security role in threat and vulnerability management. Sorry to set you up with my apathetic statement about vulnerability management earlier in this episode, but the community has helped me so much. Went from server to tech support to security analyst in one and a half years. God is good. Wrecking ball. Way to go, man. Congratulations. All right, so west pharmaceutical, big old, you know, big pharma again. I mean, I love, listen, I love big pharmer because like I love a lot of medicines that are out there. I love modern medicine. I, I, you know, if you want to like be anti vax and you know, just shun modern medicine, that's you, you do you. But for me, I'll take it all. I love science, dude. Develop all of the things I'd like to live longer and have a better quality of life. So they got hit with a ransomware attack which encrypted all their files. I feel like data exile happens more often than data encryption. But this group got hit. They are publicly traded, so they're a little bit bigger. Unit 42 got in for MDR and IR, so nice job. They've hired kind of a big boy. Mandiant's the biggest boy. But Palo Alto's unit 42 is solid. Let's look at how much this company makes annual revenue. West Pharmaceutical annual revenue. Oh, Holy crap, dude. $3 billion last year. Okay, they can afford Palo Alto unit 42. That's what I got to say about that. So a couple things. Number one, if you work in pharma, definitely pay attention. This doesn't necessarily mean that pharma is being targeted. You got to think pharmaceutical is kind of like a manufacturing company. They have clean rooms and well defined processes. But at the end of the day, they are manufacturing drugs. Right? So manufacturing is hot as far as a target.

B

That Hansel so hot right now.

A

So you should already have had this on your radar. I do know some pharmaceutical companies that are still living like it's 1995, and don't believe that cyber is a thing. I, I just actually like literally opened a telegram channel and texted my friend, my good friend, this story because he works at a pharma company and I know he can use this information. So share those things. The, the, the lesson learned here, I would say, is this took the entire company offline globally. All right, so what's the lesson learned here? Listen, when you are doing your very first tabletop exercise, don't make it a four hour or full day thing. You're going to lose people in it. But when you do your first tabletop exercise, use ransomware as the attack vector and use your data as encrypted. Okay? Do two things. One, first time you do it, just focus on how to get the backups restored. Okay? Assume you could restore the backups and like, what goes on there. The second time you do it, you. And like, you could do it the first time, but I feel like you really need to focus in these sessions. The second time you should focus on or, or you can flip flop these. What order do systems need to come up? The entire organization is taken down globally, okay? This happened to Land Rover, Jaguar, like six months ago. If you have facilities in Brazil, Norway, Atlanta, right? They've all got systems. What order do they need to come up? This isn't a video game where you push a button and everything comes up at the same time. A lot of times systems have dependencies on other systems, and certain things have to happen in certain orders, and if you don't know what those are, you might waste time restoring a backup to a system that you have to bring back down because it went up in the wrong order. And backups, dude. Or my guy, they take time, dude. Like in a video game, you push restore backup and it happens. Or in a lab environment, restore backup and it just happens. In real life, it can take 12, 14, 18 hours, depending if you're restoring, like an ERP solution, you better pack a lunch because you're not leaving anytime soon. So definitely use that as insight. Okay? And by the way, the files are encrypted. You're not decrypting that without a key, and there's no guarantee you're getting that key. All right?

B

GEMS suspends account signups. The standard package manager for Ruby, creatively named RubyGems, announced it's dealing with a major malicious attack. This has impacted hundreds of packages, although those are mostly targeting rubygems itself, but some carry active exploits. As a result, it temporarily suspended new account signups. No word on who is behind the attack. The company securing RubyGems men IO said it will release more details once it contains the attack.

A

All right, so we're over time right now, so I'll be really quick about this. If you're new, you may not even know what Ruby is. For a hot minute there, everybody in tech got like, super, super stoned and then was like, oh, Ruby on Rails, it's. It's the future, man. Oh, it's so cool. Get some Ruby. Yeah, even metasploit was built on Ruby and then, like, it kind of went away. I don't know, maybe I'm wrong, maybe I live in a bubble, but, like, I feel like Ruby was the hottest thing ever, and then it was not the hottest thing ever. So if you're running Ruby, you got Ruby in your environment. You should know about it because, like, you wouldn't just like you wouldn't accidentally have Ruby in your environment. So this Ruby Gems thing looks like it is a kind of a cradle or a harness to allow you to engage with Ruby packages. Sounds like it absolutely got totally bamboozled and it's just pulling down massive amounts of malware. Here we go. 120 malicious packages have been pulled from Ruby Gems. Adding to the attack targeted the registry itself. Ruby Central's Marty Hot said Ruby Gems was responding to a coordinated spam publishing campaign. The bot accounts responsible have been blocked or removed. So Ruby Gems has cleaned this up, but you may have pulled these payloads down and you are absolutely hot Mess Express. I don't have time to go through the details. I'll drop a link in chat real quickly here. If you're with us live, if you're on LinkedIn or watching on replay or listening on audio only, you can find out about this by googling Ruby Gems malicious packages uploaded. Okay, now, the story says they suspended new signups for sure, but I don't care about not being able to sign up for Ruby Gems. I care about my active account pulling down malicious payloads. You know what I'm saying? Okay. All right, let's go, let's go. All right. Hey. It's the Simply Cyber's daily cyber threat brief podcast. It was your host, Dr. Gerald Ozier. If sleep deprived, Alpha mom and Cedric are still in chat. They were our first timers today. Drop a call, take 5 seconds if you would sleep deprived Alpha mom or Cedric, and let us know what you thought. Did you enjoy the show? Did you like the community? Did you think it sucks? Be honest. I want honest feedback. You know what I Can't. If I get, you know, kerfuffle from feedback, it doesn't help the show, it doesn't help the community. Don't go anywhere unless you have to. If you got a meeting or something, get on out of here. But if you're pumping iron like Dakota, or you're on the elliptical like Nick Barker, or you're pretending to work right now at your desk and you're in lurker mode, but you're listening to the show, stay with us because we're going for Cyber Career hotline. Phone lines are open. You got a question? I got an answer. If I don't have an answer, I probably know someone that does. Let's go level you up as a professional. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. All right, what's up, everybody? My name is Jerry Guy, coming to you from the Cyber Korea hotline. Some of you might be joining us from the simply Cyber Daily Cyber threat brief hosted by that nerd, Dr. Gerald Ozier. Oh, my God. Can that guy calm down about threatened vulnerability management? Like, dude, chill out. I'm joking. It's me. This is Cyber Career Hotline. Very simple. Put your questions in chat and I will answer them. I can't do one on one mentoring, but I can give half an hour every day to this community. There was a question earlier from Cedric. I think your s. Cedric, can you put that question in chat? You. You mentioned like some certs and some accomplishments and you wanted direction. Put it in. Put it in chat. Let me know. Oh, tj, I love dude. I love this guy. I love tj. He says he doesn't have time to waste. That's why he's here. My guy. If you guys don't know tj, he is an absolute delight. Find the true too. Catch him at a conference. I want to say shout out really quickly. I have a post coming out hopefully. Today, Simply Cybercon, our annual conference got our first sponsor, Tyler Ramsby and the hack Smarter team silver sponsorship, $2,000. He's gonna have his logo on the shirts and this website. But thank you, Tyler Ramsby, for supporting the cause. Simply Cybercon is a non profit. We're not trying to make money, but you know, food costs money, hotels cost money. So thank you very much for the sponsorship. Drop your questions in Chad. Here we go. What email survey does Mario use? That sounds like a joke. I don't know. Yeah, Marcus, Kyler, I don't know why I was going by you there for a minute. I was kind of doing that email. Use it. I mean, Mario's email is Yahoo. I love it. How do you mitigate against insider threats? JT Gorman asks. All right, very good. This is a great question because it is challenging. You don't want to be like, eyeballing everybody at work like they're a criminal. It's bad for morale. The best way to mitigate against insider threat is through detection engineering. Right? So two things. One, you know, Arleigh Emery said it best in Full Metal Jacket. And this is a bit of a Kool Aid man emote. If you've never seen Full Metal Jacket, I strongly recommending watching the first half the boot camp part of it. It's phenomenal cinema. In that movie, during boot camp, all of the boots or whatever you call those guys, recruits, they all have foot lockers, and every foot locker has a lock on it. A lock. Now, one of the people in the movie did not put a lock on his foot locker or he didn't lock it. And because he didn't lock it, Arleigh Emery dumped all his stuff out and found a jelly donut. It's a big thing. Okay, but what's the point? They have the locks on the foot lockers to prevent theft. So the thing is, with insider threats, if you remove the opportunity, then there is no chance for an insider threat. Right? So like a motivated insider threat actor may find a way around, but an opportunistic insider threat will move along. What do I mean by that? Let's make this a concrete example. Let's say you have a. Oh, my God. Here's a great one. This is a real example. Let's say that you work at a. Let's say you work at a financial management company, JP Morgan, you know, Goldman Sachs or whatever. Okay, so you have lots of clients who are celebrities, right? Maybe you have, I don't know, give me a celebrity like Michael Jordan. Okay, let's say Michael Jordan has financial relationships with Goldman Sachs or whatever. And you want to know where Michael Jordan's address is because you want to Google Maps his house and see what it looks like. Or you want Michael Jordan's phone number because you want to text him and be like, hey, man, huge fan. Love what you do. Can I talk to you for a second? Okay. Now, if I try to Google, if I try to go into Goldman Sachs and pull up Michael Jordan's account and it won't allow me to do it because he's not one of my accounts, I'm prevented from doing that. And like basically the company is protected from an insider threat action of compromising that data because technically I'm not allowed to see it, right? Like, like the computers will not let me see that. So I'm protected from an opportunistic threat. Now if I'm a motivated threat actor, well then maybe I assign Michael Jordan as my account and then I access it. Well, now the problem has happened. So now here's where you need not just protection controls, but detection controls. Maybe for VIPs, you have a running daily audit of who accesses the account. And maybe if it's always Dream logic is Michael Jordan's account manager. So and if it's Dream logic, just don't, don't capture it. But if it's anyone else, if it's Marcus Kyler, if it's Luke Canfield, do notify me. And then we take some action. This happens all the time. A lot of people get fired for doing that. Okay, so protection controls don't allow opportunistic threats detection controls. Are they accessing things? Can do you see massive data exfil, Right. Do you see someone who doesn't Normally send out 15 gigs of data? All of a sudden sending out 15 gigs of data? All right, hopefully that helped everybody. I think that that's a great. A good question and fun to answer. What certification would you recommend to get familiar with GRC and the actual work? If you want the Isaca CISA is pretty solid for the audit work. That's what I would recommend if you. If you're looking for a certification, if you're looking to figure out what the actual work looks like. Disclaimer. This is my course, but the Simply Cyber Academy's GRC Analyst Masterclass comprehensively goes through all the work that you would do as a GRC analyst. It's literally why I built the course because there was nothing out there to answer the question you just asked. So I built the course and you can ask get somebody else to tell you if they like the course or not because I obviously have a financial incentive, which means my opinion is, you know, I shouldn't say it's not trusted, but you know, ask an independent person. Berlinda, good morning. Having to relocate to find a job in grc. The trend to do nowadays to be successful. I don't know if it's the trend necessarily. Return to office is quite popular. I will tell you that I moved to Washington D.C. in my career in order to move my career forward. I I literally was dating my wife at the time. And I told her, like, we lived in Massachusetts. And I told her, hey, listen, I, like, I have to go move to dc. I only need to be there for a year, but it will. It will set us up. Like, this is how bold this is. Like, whatever. A little tidbits Tuesday on me. Some of you already know this story. Many of you don't. When I was, like, when I first met my wife, like, literally when I saw her, I knew I was gonna marry her. Like, I. I can't explain it. It was like a bolt of lightning. I can't explain it in a way that would ever make sense to anyone. The second I was introduced to my wife, they brought her around. They said, oh, this is Nadine. She just started working here. I looked at her, immediately knew I was gonna marry her. So, like, whatever, we dated or I flirted with her a whole bunch or whatever. But I. I took her to lunch.

B

We.

A

We weren't really even, like, seriously dating at this time. I took her to lunch and said, hey, listen, I have to move to D.C. okay? We were at a Pizzeria Uno. I remember it right. I got the deep dish because, you know, calories, who cares? I was 20. Whatever. I said, I have to move to D.C. for 13 months. But listen, I want you to know I'm gonna marry you. And in order to be able to provide for you and our family, I need to do this for my career now, because it's going to set me up for later. And the cool thing is, she didn't freak out or be like, oh, my God, Psycho Stage 4. Clinger up in here. She said, okay, I hear you. I understand. Go do what you got to do for us. And I said, all right. Let's cook, baby. So Berlinda having a move, it's an investment in yourself. I know it can suck, but honestly, a lot of amenities, a lot of things aren't regional anymore. So it can be. It can be an adventure. So I. I wouldn't discount it. All right, best part of defcon. Hope B sides. What should be prioritized by first timers at this conference? Great question. Soap flavored. I mean, for me, best part of DEF CON is the simply cyber meetup on Friday night of defcon. We do that every year. What I would say, the easy answer and, like, it's the definite first answer, is the networking. The con talks are recorded often and you can watch them if you really want to. The networking is the best part and the most valuable part. I would Argue of any conference. So what do you do? How do you, how do you prioritize as a first timer? Well, soap flavored, like on the Simply Cyber Discord server, for example, or wherever, say, hey, I'm going to defcon. Who else is going, want to meet up? Hey, I'm going to B sides, you know, Charleston or B sides Greenville or B sides, whatever. Who else is going? If you can pre establish a little bit of a network before you get there, you can meet people in real life for the first time. You can have like a crew to roll with. It's way easier when you have a cruel to roll with and roll alone. Because every person that you like, let's say I said I'm going to B Sides, Greenville, who's going to be there? And Devin, Grady, Brent, Code Brew, and casually Joseph are like, we're all going. I'm like, sweet, I'd love to meet up with you. So then we meet up. Here's the best part. So Flavored Code Brew knows people I don't know, Devin knows people I don't know, and Joseph knows people I don't know. And he. They're going to introduce me to those people. So now I've got a bigger network and they get to know me. And I'm telling you, in 2026, the job market, all those things, the quality of life, your career, networking and relationships are arguably more important than technical skills at this point. That's how valuable it is. All right, let's keep cooking here. Oh, hey, Cyber Risk, which, not a question, but she's worked in Insider threat for 10 plus years. So cyber Risk, which I'm actually going to start referring to you as our resident insider threat expert. Kind of the way that like Michelle and Dennis are the residential OSN people and Phil and John are our resident AI people. If that's okay with you, let me know. Yeah, black hat, DEFCON. Yeah, black hat's the corporate one, DEFCON's the community one. Although I will say DEFCON has gotten more and more expensive over the years. I'm a big fan of the conference center though. I hate having to walk between buildings. All right, continuing to look through chat. This is Cyber Career Hotline. I'm. You ask questions, I give them answers. All right. All right, let's see. It was love at first sight. Data Dragon. It was. I'll. I tell that story all the time. Ask my wife. You can get her un. Un. Filtered opinion on it. Okay. All right, let's see what else? How do you like it in D.C. i'm born and raised and like to know other people's perspective about it. Well, I was kind of an idiot. Truly original. So I. I got an apartment in Rockville and I worked at Pentagon, so. And I was. Because I could have taken the. The tube or the tea or the mobile or whatever. I forget what they call the subway in D.C. in Boston, we call it the T. But, like, I could have taken that. But as I just mentioned, I left my girlfriend, my wife now, and it was like dating long distance is. Is a load of crap. It's very difficult. So I would actually drive to Pentagon every day and I would call her and I would talk to her while she was getting ready for work in the morning. So it was, you know, the value of driving every day. Gave me 45 minute conversation with her, which was great. The traffic sucked in D.C. i will tell you, I did really enjoy. One thing I really liked about D.C. is like, the neighborhoods. You can go to any neighborhood and find amazing food. There's so many different cultures in D.C. so if you want, like, Indian food, like legit Indian food, you can get it. You want Ethiopian food, Moroccan food, you know, whatever cuisine you want is. There's, like a legit one there. Plus, you know, lots of great, like, sports bars and. And, you know, those kind of experiences. All right. Also pretty good concerts. Went to a couple concerts there. Will you be attending Black Hat? Yes, I will be at Black Hat. Ray. W. I. I get. Here's. Here's the reality. If you guys don't know. I've been going to Black Hat and DEFCON for, like, Jesus, like, 17 years. Maybe at this point I'd have to go back and look. But I get to Black Hat on Monday, and then I leave on Saturday, Continuing to look through chat. If you got questions, put them in chat with the queue. This is what we do. Delivering value to you guys. I'm scrubbing through chat right now, looking for questions with Q. I am caught up on chat. Cool. All right, all right. Hey, really quick call out. Jared, cyber ops veteran, wants to know who's going to B sides, Tampa. Sound off in chat. I do. I know Daniel Lowry always goes to B sides, Tampa, Jarrett. So maybe, you know, connect with him. B side Stamp is very cool. I love their artwork. A lot of. A lot of. Oh, my God. What do they call it? Uh, retro synthwave. Hey, since we're all caught up on questions. Oh, gosh, hold on. Questions coming in. So that anyone going to Dragon Con in Atlanta? No, I won't be going to Dragon Con. If I went to anything, I'd go to Magic Con in Atlanta. But I don't think it's gonna work out for me. I know Mad Destroyer wants me to go. I just have a lot going on in the fall and I feel at some point I feel like I'm neglecting my family. And I don't like that feeling. Roswell says, how's the new course coming along? It's not coming along very well. Besides Harrisburg, who's going there? Let us know in chat. CQCKC says, what's your preferred way to present a monthly threat report to a suite in the AV console? Excel. Oh, my God. No, no, no, no. You definitely can't show them in the Cons in the AV console. They. They can't. Here's what I would do. I haven't done this yet, but this is what I would do. I would take as much raw telemetry as you can out of it. And then, you know what, whatever the, what's the narrative you're trying to tell them, right? Like, oh, hey, we've got, you know, we need budget for mfa or we need, like, we, you don't want to be like, oh, we patch this many things. You've got to make it about high numbers, trend data. But all I'm trying to tell you is Google Notebook LM is it you can use. If you have access to Google Workspace or even Google, you can use Google Notebook lm. It is awesome at creating infographics and slide decks. So that's what I would do. And by the way, if you're going to create a slides for executive C suite, like two slides, maybe they. You. If you're going to use Excel, you better make a pivot table and, and make graphs. They need graphs, they need trend data, they need visuals. You need to be able to tell a compelling story, not. Not detailed data points. Okay. If you want, if you want, you could have some additional slides that are deeper in the weeds. Almost like double clicking down into something that you could provide if they ask questions. But what you want to tell them is kind of a higher level situation. You say threat report. I mean, honestly, I would also include threat intelligence. So like, say you work in a pharmaceutical company. That story about that big pharma company getting hit, I would include that. Oh, like, hey, here's what's happening to our competitors. Here's what's happening in our industry. Get. Bring that visibility to them. Keep it financially impacted. See you later. Space tacos. All right. Continuing to look through chat Haircut Fish will be at B side Terraceburg. A lot of people boogieing out of here. I hear you. Get on out of here. Do you know anyone, the Cyber Marlin says, do you know anyone in the of the cyber conference in Miami called Eco Party? I do not. I've never heard of Eco Party. If anyone knows at Eco Party, please message at Marlin J right now and let him. Let him know. All right, we got a mom in Chad. Happy belated Mother's Day. Artemis Hex. She says she's a Gen X single mom, a twin boy stuck in my state for a while. Good thing is there's a lot of national defense companies in Connecticut, so hoping to get in that field. Let's go. All right, this is Cyber Career hotline. I got three more minutes to give you guys. If you got questions, drop them in chat. All right. All right, guys, what else? I guess since we got a hot minute, let me just share a couple things with you. If you're interested, simply Cybercon, that's our annual conference. I'm not saying tickets are going fast, but tickets are selling and we only have 100 tickets total. So if you're interested in coming out to the conference, it is in person. Conference simply CyberCon, November 8th and 9th, Folly Beach. It's going to be something special. Also, if you're interested in speaking, the CFP is open. It is very competitive. We only have 11 slots. Because I'm doing something different this year, I'm leaning more into community. There will be 11 talks. There will be also some workshops and some panels that everybody can attend. But if you're interested in the cfp, go ahead and check it out there. All right. All right. Any more talks here? I mean, any more questions? What do you have against BSides312 in Chicago this Saturday night that you have avoided? My question twice. Okay. All right, Sima, I have nothing against bsides312. I'm just so you're aware, you know, I'm producing, hosting, and I have a lot going on. So missing a question does happen from time to time. So don't take it personal. If you're going to be in Chicago this Saturday, B sides 312 is going to be there. Love Chicago. I had an awesome weekend in Chicago years and years ago. So big fan of Chicago in the summer. It is pretty cold in the winter, but if you're going to B sites, 312sound off at. Alexa Cohen can and can connect with you. Sean says second round interview IT guy role with director and HR and data Guy best tips to sell myself. GRC is my goal, but not the opportunity. Okay. I t Guy role. Yeah, what. I mean, I guess what's the. I don't know what sector it is, but I mean, obvious. Let's see. How would you sell an IT guy role? I mean, I guess I would make sure, you know, obviously qualify your IT capabilities but you know, speak about, you know, understanding like the business and working with the. The business on delivering on whatever the mission is. Right. So as an IT person, you're kind of focused on making sure that apps and systems are available and delivering on whatever the mission is that they're trying to do, including, you know, business continuity, business resiliency, those things. So I mean, obviously I wouldn't. If GRC is the goal but not the opportunity, I wouldn't lean too heavily in that. I. You might want to mention that you are, you know, you do have interest and. What's the word I want to use? You have a disposition for cyber security. So when you're doing IT stuff, you are mindful of protecting the business as well. So, you know, I'm thinking about vulnerability management and making sure that we patch but don't break things. I'm thinking about ensuring multi factor authentication on all the things. I'm, I'm one, you know, IT guy. You're responsible for the network and I'm mindful of our external facing attack surface. IT guy. Hey, I know that we're going to work with third parties for cloud services and maybe federated authentication. So I'm mindful of what those look like. So yeah, that's what I would say. IT guy. Anybody in chat who's got tips on I T Guy role and crushing the interview, let me know. My focus has always been more on cyber. I was a software engineer and then got into cyber. Bruise and hack says the CFP closes July 31st. Yep, that's when it closes. All right guys, looks like we are caught up on time guys. I want to say thank you all so very much for being here. Genuinely appreciate you. Hope you got value. First timers. I hope you come back tomorrow. Okay, hold on one second. Rob says, how do you fill out the CPE form when watching on replay? If you are watching on replay on the same day, you fill it out just the same. There is no way to retroactively fill out CPEs. So if you are watching, if you watched yesterday's show today, you can't get credit through the CPE format. It's a constraint of the platform. All right, I gotta get out of here. I got work to do. Guys, I want to say thank you so very much. Be well, and until next time, stay secure.