Dr. Gerald Ozer

All right, what's up everybody? Welcome to the party. Today is Friday. Ric Flair, guys. It's Friday, May 15, 2026. This is episode 1133 of your Simply Cyber Daily Cyber Threat Brief podcast. I AM your host, Dr. Gerald Ozer. Coming to you live in 3D from the buffer Oer Flow studio here in the Low country. We got a great show for you. If you are looking to stay current on the top cyber news stories of the day while engaging what some would argue is an absolute banger of a community, Simply Cyber, then you're in the right place because we're going to be shredding the top news stories. I'll be going beyond the headlines, giving insights. We'll have some laughs at the mid roll as James McQuicken dazzles us with his dad jokes and all that. And more is coming up. So stay tuned, get comfortable, get your coffee because we're in the lab and we're about to cook. All right, what's up everybody? Love it, love it, love it. Can't wait. Like, dude, this week I worked my butt off this week. I know many of you also worked your butt off this week. I feel like, yes, I'm going to work today on Friday and I know you are too, but I feel like, yeah, like let's go ahead and crush it. Start off right, obviously the coffee is flowing. I, you know, it may or may not be obvious to everybody. I went a little heavy handed on the scoops into the French press this morning and I got to tell you, I feel alive. The French, the French press is full blown, full tilt. Guys, what's up? Say hello in chat. If you are here for the first time, welcome to the party, pal. We got an absolute reckless episode for you today. It's going to be good. We'll keep it on the rails, but it'll be like one of those ones where the cart is like coming off, off, off, off, but not completely off. Almost like a 1930s Disney cartoon. The one with Mickey, Goofy and Mickey and Donald where they're like, you know, in the, the pull behind camper up in the, the ridges. Yeah, that's what I'm talking about. That's a deep cut Kool Aid, man. Guys, every episode we welcome first timers. So don't be shy. If you're here for the first time, say what's up? Drop a hashtag first timer in chat. Hashtag first timer in chat. We will welcome you with all the warmness and just now get over here and give me a hug. Don't Be weird about it. All right? Hashtag first timer in chat. You know what to do. Y' all squad members get that, get that John McLean emo cooking. You guys may want to line up your Kool Aid, man, and get that sorted out, because it's gonna be one of those days. Now, we do go through eight stories of the, of the day. I literally haven't even pulled them up yet. I'm coming in super hot, guys. Like sideways on two wheels kind of hot. And I don't even know what we're gonna be talking about. But that's okay. You know why? Because I don't research or prep for this show anyways. I'll give you one guess why. I'll wait for you. Oh, thanks. Time's up. Ain't nobody got time for that. It's because ain't nobody got time for that. We, we don't have time. Like, I'm not getting up at five in the morning to, like, read a bunch of news stories and then come in and be like, oh, look. Look at all these, like, hot, obscure ideas I have that I, I, I just came up on the fly. No, this is legit. If you've known me for a minute, you know, this is how we do the show. If you've ever talked to me in person, you know, this is how I operate. I, I'm just, I'm, I'm, I'm what the kids would call cooked chat. All right, so we're going to go through the eight stories now. One of the best parts about this show, besides the mods, can we squad members just give a little mod love, if you will? You gotta emote in the emo tray. This show doesn't happen out the mods every single episode. Love mod support. But listen, we can go, we're gonna go through the stories, but you can get an RSS feed. We've had that since 2003. You can get an email digest. You could have, you know, Claude, break it down for you. What I'm gonna give you and what this simply cyber community is going to give you up in this mother trucker is insights, wisdom, learned knowledge from having sat in the chair. Whether it's sock chair, CISO chair, pen tester chair, it doesn't matter. The reality is not exactly one to one. From what you read about in the textbooks and in academia, from what you've watched in a webinar, from what you, you know, heard at a conference, like, it's the real real. And what we do here is go beyond those headlines to Mine out value for you with the explicit intent of helping you become an indisposable asset to your company to be a unbelievable value on, on the market. And so you can be the CEO of you. I'm saying it a bunch of different words, but basically I want you to be in control of your career and dictate the terms of it. You got a toxic boss, no big deal. You can just go get another job because you'd be crushing it. You want to, you know, basically be the all star at work, no problem. You got the insights and knowledge from here. So that's what's up. Settle in, have a good time. I'm super excited now. Every single day of the week has a special segment and Fridays has long been James McQuiggin at 35,000ft. Dad jokes of the week. Now we will go through these. He texts me, I did accidentally see one of them last night because I didn't realize he was sending me the jokes. So normally I don't see them, but I did see the first one. Spoiler alert. I'd already heard that particular joke so it wasn't really ruined on me. But it's a good one, It's a classic one. All right, so stay tuned for that at the mid roll. Before we get into it though, let me say thank you so much to the stream sponsors, those who enable me to bring the show to you as well as like low key. They pay for my coffee, which is clearly working. Guys, if you want to take it to the next level with your cyber security program, may I suggest you give a little sniff, give an investigation, give a little looky here to Flare's cyber Threat intelligence platform. Flare is a product I've used and I love the people over there doing, dude, check it out. Like look at my shirt. My shirt is like a beige colored shirt. Got the Transformer Threat Hunter look on it. I am not taking this shirt into the muck and mud of the dark web. I'm not going into the seedy, most icely cantinas of the cyber criminal underground and getting myself filthy. Flair has conveniently done that for me. Flair goes onto these, you know, dark web forums, these cyber criminal telegram channels, pulling info stealer logs, all to bring it back and make it into a very easy to query data set which allows me the very easy technique of looking for my organization, looking for my domain names, looking for endpoints and finding out if they've been compromised. This is not hypothetical, this is like legit. A threat actor in Eastern Europe has, has your credentials you can find it in Flare and get in front of it. It's like detection before the actual impact is felt. If you want to check it out, I'm like, I. I cannot oversell this thing. Flare is doing a two week free trial right now. You can sign up after they verify you're not a criminal yourself. They will give you access. And two weeks is more than enough time to figure out if this is going to deliver value to your organization. Spoiler it is. You know what else delivers value? Anti siphon training. The group from Black Hills that's delivering high quality, cutting edge education to everyone, regardless of financial position. You want an example? Here we go. Wade Wells doing a threat actor profiling course. Four hours teaching you how to identify, profile and prioritize the threat actors most likely to come after you. That is direct value. You can protect your organization regardless of what it is. You're a manufacturer in Southeast Asia. Boom, we got you. You're a. A transportation company in H town, listening to the ghetto boys on your way into work. Boom, they got you. You're a big tech startup, Fintech using AI. Ding, ding ding ding ding. Wade has got you. So if you want to get this skill set a low price at $25, my guy, that's like you don't even have to. That's like you can write that off. Like everybody in the company has a P card value high enough for $25. And if you're self funding, 25 bucks, dude, maybe skip a lunch or something. I. I know skipping a meal sucks, but my point is, I'm trying to emphasize how low the cost is. Still time to sign up for this. This is today at noon. Actually it may be closed because it's day day of. But if you go to anti siphon training, live training course calendar, you can see all the things that are coming up on the stream. We'll be talking about Corey Overstreet next week. Red Siege's own bypass, evade and exploit. But more of that on next week. Finally, I'd love to talk about threat locker. Threat lockers. Enterprise grade super clean solution for application security. It's basically deny by default. If you're not on the list, you're not getting in the club. So simple as that. The velvet rope is here. Threat lockers. The bouncer. If you want to run on my cpu, you better be on the list. That's basically what threat lockers do. And they do it on the endpoint. Super. Well, they've moved into the cloud. They're crushing it. Let's Hear from Threat Locker and then get your sunblock because I'm going to melt your face with the news. I want to give some love to the daily Cyber Threat Brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threat locker.com Daily Cyber. Also really quickly, because I'm clearly Patrick Bman and my mask of sanity is about to slip up here, I do want to take a hot minute and say what is up to you. Simply Cyber community. Marcus Kyler TJ. We got folks over on LinkedIn like N Aundo, Hot Plate, GRC and the GRC mafia. Bringing the space tacos is probably going to go into lurker mode. Tech Grunt, bring in a guy named 303. Love it. LRAD. Hey, what's up? Good to see you. Ad tech and team solo guys, all the regulars. It's so great to see you. I really genuinely appreciate what you do, the value you bring to the community itself. It takes a village everybody. And I absolutely, genuinely appreciate it. Dean Grady just public speaking all over the place like a boss dude. It's good. Do me a favor. Everybody sit back, relax. Hold on. I forgot one critical thing. I forgot one critical thing. Whoop. Whoop. That's the sound of the police. Listen. Cyber Threat Brief. Every episode is worth half a cpe. What? Say what? Dude, check it out. Jeremy Drennan, who just did the CPE in the screenshot. Totally cool. But let me tell you guys right now, I built a website with a CPE capability baked into it. You go to the link that Nightbot just dropped. Cyberthreat brief IO cyberthreat brief simply cyber. On the top you'll see CPE book market. What is it, dude? Today's May 15 episode 1133. Okay, that makes sense. Put your name, be consistent day in and day out. So I would put Gerald Ozier. Put your email address, the one that you want to receive your certificate at the end of the month at. Check these two check boxes. One says that you're legitimate and ethical. The other one says I can email you. I don't even know if I need these things, but I just put them there. You know, it's better to over over protect than it is to just yolo it hit the button. On June 1, everybody's going to get an email capturing all the things they've done. This is a service, a courtesy of whatever you want to call it for the simply Cyber community. It's going to look more legit and authentic than a screenshot because it's going to be like it's going to have my name on it. It's going to look more official. So get your cpes here all right now. Now that you've lathered on the sunblock, let's get to work.

James McQuiggin

From the CISO series, it's cybersecurity headlines.

Steve Prentiss

These are the cybersecurity headlines for Friday, May 15, 2026. I'm Steve Prentiss. G7 countries release AI software bill of materials guidance agencies from the U.S. canada, Japan, Germany, France, Italy and the United Kingdom. The G7 along with European Union countries have now published the Software Bill of materials for AI. A software bill of materials, or SBoM is a detailed machine readable manifest that catalogs every component, library, dependency and module incorporated into a software product to provide full transparency into its composition. This document aims to, quote, help public and private sector organizations enhance transparency in their AI systems and supply chains, end quote. Making it easier to track vulnerabilities and reduce risks.

Dr. Gerald Ozer

All right, I love this. You know, it's interesting. Like the timing of this is wild. I literally had a call yesterday with a company that is working on, not working on. I mean they did a full demo for me around S bombs. And dude, the big challenge with S by the way, S bombs are statement, not statement, software bill of materials. And it is a statement, an attestation of what is the software components making it up. A lot of people will make the comparison of an S bomb is like the nutrition facts on the side of a food product or a drink product laying out what are the ingredients in it. Now I've given multiple talks on this in the past, so maybe you've already seen this, but the, the, the, the, the rub or the challenge is that maybe you bought a product and they say, oh, we use these technologies, but those technologies are built on other software. So they don't like the S bom goes one layer deep. It doesn't go three, four, five layers deep. In a. A classic example, that kind of in my opinion was the match that lit the fuse on this entire mainstream oh my God. S bomb need was log 4J. Go back to December 2021 and watch what happened with log 4J. The entire Internet lost its mind because no one knew where this log 4J was baked into. Right? Like when I make a cake, you're looking at it, you cut it open, you're like, oh, this looks good. Was this German chocolate? And I'm like, oh yeah, it's delicious. Oh, that's frosting. It's cream cheese. Oh, yeah. But you don't see the flour, you don't see the sugar, you don't necessarily see the butter. And then like, okay, so I say there's butter in it. Well, what, what, what is in the butter? Where'd the butter come from? Okay, so that's what s bomb is now for AI I again, I appreciate this. This is a aware, by the way. This is an awareness control, not a defensive control. But the deal is AI everybody's vibe coding all the things, right? I, I've been vibe coding an application for the healthcare industry over the last two weeks or healthcare insurance industry, and it's been a good case study to understand like how vibe coders are doing their job and, and seeing what's not. And, and dude, I gotta tell you right now, yes, it's writing its own code, but it's also pulling in libraries and stuff like that. The developers have no idea what's in there. So they have an s bomb for the AI components is phenomenal. All right? Now they're going to make it machine readable, obviously, because it needs to be ingested by other solutions. It needs to have a standard. This is another thing when you're defining a protocol like this, and this is something that most people don't think about unless they've run into problems or they're old or, you know, you're into like, I don't know, bird watching. Like I am. Like there's. If you don't have a standardized protocol, then different vendors, different technologies cannot speak to each other. Okay? It's as simple as that. So like if everybody's got their own unique proprietary protocol, then nothing can inter operate, which is awful. Right? So the G7 is coming up with this. The U. S, Canada, Japan, Germany, France, Italy, the UK and the European Union have published s bomb guidance focusing in on AI. Now I hope this sentence means that they've all collectively agreed and released 1s bomb guidance, not, you know, seven different ones here. All right, so the document has seven main clusters, metadata models, key performance indicators, infrastructure properties system. Oh, so this is interesting. So this S bomb is like, security is just one element of the S bomb. Okay, All right. So this is interesting. The final thing I'll say is this looks like it's around the AI itself, like the LLMs or the tools themselves. Less about tools that have been built or software that's been built. That AI, like, was involved in the development of that software. You know what I mean? So, like, if you vibe code, a word processing application, this doesn't seem to be in scope of that. Very interesting. So here's the thing. Final thing I'll say on this. This is a. This is a great. This is great, guys. You know, I. I constantly say, like, oh, it's the Wild West. Like, everybody's doing AI all over the place. It's like, it's reckless Wild west type stuff. This is literally how this happens. So now we're continuing to move recklessly forward at breakneck paces, but people in leadership, for lack of a better term, are publishing guidance, best practice, standard protocols. So what's really happening here is, think of it, the Wild west is like this massive divergence over. Okay, I got my arms up. If you're listening on audio in kind of like a ymca, the Y vibe, okay? So when there's anything new technology, whatever, you don't try to solve for it immediately. You just kind of let it go wide and figure out best of breed or best of wins and kind of things like that. When you start seeing things like this guidance being released, what you're beginning to see is a convergence. And. And this is. This is classic. You diverge, diverge, diverge. And then you start pivoting and you start converging, converging, converging, like, so this is a great indicator that we're going towards the right direction of getting standards and best practices and agreement and alignment with everybody instead of it being wild. But this is just guidance, okay? Guidance means you can do it or not do it. It doesn't mean anything. It's not regulation, it's not legislation. It means it's freaking guidance, okay? But I like it and I think it's important. I think it's going to be coming, you know, I think it's going to be valuable and important. If you're looking for an example of how, like, you're like, okay, Jerry, that sounds great and all, but, like, convergence, divergence. What are you talking about? Like, some of you are too young to remember this, but the olds are going to remember when the. Not the Internet started, but like in the early days, like the mid-90s and stuff with networking protocols and standard architecture and stuff. There was like Noel and there was. What is it? Vines or whatever. There was like. Oh God. There was like, there was like an active directory one that was like something. Vines. I think. Net novel. Net Novel or something. Anyways, there was also TCP ip, but then there was a lot of like other in inter. Nonoperable protocols for network traffic and stuff. Now you look at 2026, it's TCP IP all day, every day. Yes, we have UDP, but for the most part nobody's trying to reinvent network protocols. We have converged and we're moving forward with a, A foundation. What. Can someone help me out with the, with, with that old, old technology that just died? No, yeah, it was Novell. But what was it? It was novel networks. I mean, what was it called? Yeah, novel network protocol. Ipx. Spx. You young. She ever heard of that? Probably not the old ipx. Like dude, there was at one point you could have a computer network not talking to another computer network. Right? It was insane insanity.

Steve Prentiss

Dell confirms its support assist software causes Windows Blue screen of death crashes. The company has confirmed that this support assist software is causing the crashes on some Windows systems. This follows a flood of user reports about random reboots that have been affecting Dell devices since Friday. Version 5.5.16.0 of the Dell Support Assist remediation service is responsible for this series of crashes and the company says it is working towards a resolution. An easy workaround, they say, is to simply disable the Dell Support Assist remediation service or uninstall it.

Dr. Gerald Ozer

All right, hold on one second. I'm just, I'm just dealing, I'm dealing with some things here. All right, so the fact that this is a assist tool that is causing denial of Surface attacks. The irony is not lost on me. It is, it is funny. But, but it could have been anything. It could have been Dell's firmware, it could have been Dell's, you know, like additional monitor support. Like it doesn't matter that it's the support assist tool causing the blue screen of death. In my opinion, it doesn't matter, right? Like I don't care that it's, that I care about my, my end points, my end users, my Carl's and accounting car not being able to do their job because they got a blue screen of death, the old bsod. So let's see what the deal is here. All right, so obviously Dell's working on it. So the, the, the workaround is Disabled the service or just fully uninstall it. Okay, when did this happen? A lot. Sometimes these stories are like a week old, and it's like, you know, I'm like, talking about, oh, like, you know, it's. The story's like, oh, we got a big Bruins Buffalo matchup coming up. And it's like, no, the Bruins lost, and Buffalo moved on like, two weeks ago with my guy. All right, so it. Okay, so there's two. Two things here. Looks like end users can uninstall this thing. I wouldn't recommend it. You do not want my Aunt Dorothea going into Windows settings and uninstalling things. Maybe you can write a script, a g. Like, not a GPO, but like a PowerShell script to reach into your environment and uninstall this thing. If you're not using it. If you're not using it, chances are you're not. I'm making a big assumption here, but Dell's going to patch it if. If anything. If anything. Okay, if you are a. A Dell shop. Okay, so what. Let me. Let me explain something really quickly. A lot of times when you work at a business or an organization, you'll be a Cisco shop, or you'll be a Dell shop or a IBM shop or whatever, Windows shop. It just means that a majority of your tech stack falls under that technology or that that company. It doesn't mean, if you're a Dell shop or an IBM shop, it doesn't mean that the executives aren't running around with MacBooks. They are. But. But my point is, like, it's just kind of a. It's a common nomenclature within I T, frankly, not just cyber security. So if you are a Dell shop, meaning you have some type of group license with a var like CDW or something like that, and you're supplying your workforce with Dell laptops or Dell, you know, computers, you know about it. Dell. Dell is a very popular one. Lenovo is another one. Right. Like, so you wouldn't. You wouldn't accidentally find out that you're a Dell shop. All right? You. You should know that. So if you are a Dell shop, you may want to forward this to your help desk manager, help desk supervisor, the help desk, whatever, and just say, hey, y' all want to make you aware of this in case you're getting some calls around blue screens of death. It could be this. That's it. Very, very nice. Very, very simple. You're not giving them orders like, hey, help desk, I need you to go. I don't know why I have to give the gruff voice, but I need you to go through all the endpoints and look, you can also in parallel share with Help Desk but also send it to your endpoint team or your IT team depending on the size of your organization and say hey guys, you know, just FYI, if we're not using this, we may want to remove it anyways. Just so we remove the threat of a blue screen of death for our end users and we reduce attack Surface. I don't know, let's be crazy.

Steve Prentiss

Dirty Frag 2 Electric Boogaloo oh you nasty Sequel arrives as Fragnesia following up on a story we covered on Tuesday, it appears the Linux kernel vulnerability called Dirty Frag, which itself was a follow up on the copy fail bug, is now returning as Fragnesia F R A G ne S I A a Linux kernel local Privilege escalation flaw. This flaw quote allows unprivileged users to gain root access by corrupting page cache memory and it now has its own CVE number. According to researcher Hyun Woo Kim, who discovered Dirty Frag, this Frag nisia bug emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities ransomware account.

Dr. Gerald Ozer

All right, okay, so check it out. Love the research that's going on. Dirty Frag, not to be confused with Dirty Mike and the boys who stole Big Lebowski's car.

Robert Wetstein

Yeah,

Dr. Gerald Ozer

is this Linux bug? Okay, so listen, if you've are, here's the thing. If you've already, if you're running Linux in your environments, then you, you very likely already knew about this because this is the third bug on this, like AI finding old old like you know, 15 plus year old bugs that can lead to full system compromise. It's gross. All right, now I need to amend something that I told you guys the other day. So I'm sorry. Really quick for call to action. If you work in an environment that has Linux servers, Linux systems or whatever, and, and you haven't already been on top of the Dirty Frag and the copy fail thing, these bugs that have been coming out now, you need to get involved. You need to get up to date on this. This is why you do daily cyber threat briefs. Because this is a thing that's very real, very present and very likely in your environment. There's tons of documentation out there on how to remediate this. So I'm not going to, you know, waste your time with that. I just take it for action to go look into this. Now the bigger thing, the bigger Picture that I want you to wrap your head around is the following. I've been saying this in, I feel strongly about this. We are in this new phase of cyber security and I think this phase is gonna. I'm predicting three to five years might be quicker, but I'm predicting three to five years where AI is going to be used to find bugs and vulnerabilities in old software. And when I say old, I mean software that's, you know, whatever. 30 years old all the way until last month. All right, like. Or really until right now, until we start using AI to help write secure code, which, which is. We're not really doing that right now because people are vibe coding all over the place without secure coding practices. Until we start using AI to start writing secure code, that's when the cutoff will happen. But until then, 30, 40 years of software, until the moment we start using AI to write secure code, that is the data set of software that will have tons of vulnerabilities because humans have been looking at it and humans are pretty good, but it takes a lot of time, lot of nuance. Lot of software isn't looked at. And when you have AI looking at software, it can look 24, 7, it can document and do all the things it can confirm exploitation. There is going to be an absolute field day. It's going to be like an inverted festival. It's going to be an opposite festival. It's. You're going to think it's like a blue black magic, the gathering enchantment card for the next three to five years. Because AI is going to be discovering all these bugs and it's going to be a foot race to get, to get them patched up because threat actors are going to get access to the bugs and then use AI to write exploits. So we've got our work cut out for us over the next three to five years. And by the way, if you've been wondering about the job market in, in cyber, I don't know, man. I think this, this is sad, but I think there's going to be a lot of fires, I. E. Exploits and compromises and more zero days and stuff. So they're gonna need more firefighters like you and I to put those fires out. Now let's amend that. I'm going to put an asterisk, a little updated note at the foot of this story. I didn't think about this, but it's true. So when you write a patch, a lot of this has happened in the past. But like when you write a patch to Fix a problem. The patch can introduce new problems. So it's very trivial for a threat actor to immediately analyze the patch to see if it has introduced new gaps, new flaws, new vulnerabilities, and then exploit that. And that's exactly what happened in this instance. So dirty frag was a problem, it got fixed. Ah, you gotta patch it. Ah, you gotta patch it. Researcher immediately looks at the patch and what changed found another new flaw because of that fragia. Ah, you gotta patch it. So it's not going to just be this finite number of softwares that have zero days that need to be patched. It's going to be the finite number of software with zero days that need to be patched. But plus the zero days and volumes that are going to be discovered from the patches. We're going to get into this like, doom loop of patch it, fix it, patch it, fix it, patch it, fix it.

Steve Prentiss

Campaigns increasingly turn to threats of physical violence. According to a report from security firm Semperis, in as many as 40% of global ransomware attacks in 2025, the criminals in charge of the attacks of threatened to physically harm members of staff who refused to pay their ransom demand. This number is even higher in the US at 46%. This technique is made easy for hackers who often gain access to pii, allowing them to call individuals at work, quoting their home addresses, Social Security numbers and other types of personal data. In other cases, the violence is not threatened against people, but against machinery so, such as demonstrating their control by turning devices such as robots and conveyor belts on and off, actions that could easily lead to injuries or even death. In most cases. According to an FBI report, the hackers who make these threats are young, between 17 and 25 years old, and work for or are recruited by financially motivated gangs.

Dr. Gerald Ozer

Yeah, this is an unfortunate, disgusting trend and one to be mindful of. This one's going to hit personal, okay? Getting a phishing email and deleting it. Getting a phishing email and flagging is one thing. When you open your front door and there's a handwritten note on the doorstep that says, you know, email your credentials to this phone number, I'll burn your house down. Or hey, like, you know, I'm going to send an email from this address and I want you to, you know, send it a $500Amazon gift card or, or I'm going to c. Like c, capture your kid as he's walking to school to tomorrow. Like, that becomes very visceral, very unsettling, very unnerving, and the Threat actors know it. So. But by the way, I just want to point. So this is a trend, obviously. Not obviously, but it feels a lot more like throwback to, you know, ghetto neighborhoods where you've got the thug who comes in and be like, oh, it'd be awfully bad if someone broke up your, your corner store here and they start like smashing in the chip aisle and stuff like that. It, like, physical threatening is very terrorizing and very unsettling. Unfortunately, threat actors are doing it. I also want to point out that, you know, my immediate thought was like, oh, most people take, Most people take heart in thinking, oh, this is some Eastern European. It's not a big deal. This doesn't affect me or whatever. But the reality is, if you haven't been following, you know, gas is like 6 bucks a gallon on average, right? It's like 450 here in low country. It's 8 plus in California, people are getting laid off. Like, economic times are difficult, right? Especially for, you know, a certain demographic of the population or, you know, a segment of subsegment of the population. So what is, what is all the point of that? If a threat actor in Eastern Europe, you know, gets some type of gig economy thing going and says, hey, listen, I'll wire you a thousand dollars, you can pay your rent. All you got to do is print out this note and go put it on this house's doorstep. You don't have to be involved or anything. Just go put it on there. That's all you gotta do. I'll give you a thousand dollars. People are already doing Walmart runs, Amazon runs, Uber food or whatever, door dash. Like, the gig economy and the breakdown of the, the, the social norms of personal space have eroded. Having someone come up to your doorstep is not outrageous. Having someone stick it in your mailbox is not outrageous. And the threat actors are doing this. So I would actually see this trend to continue. The only thing about this that is somewhat, you know, whatever to me is if, if someone puts a. Like, are you really gonna go thinking through the threat actor? Right? If I was going to be a threat actor. Okay, like, all right, everybody, let's do a thought exercise. That's my, that's my flaming donkey threat actor voice. I haven't used it in a while. So you first timers shout out if I'm gonna commit crime. And I'm trying to make the most amount of money, right? I'm like, if I'm gonna commit crime. The whole point is I want to maximize my return, right? I'm not Trying to commit crime so I can buy, you know, whatever, I don't know, a can of soda, right. I'm, I'm trying to like, retire on this thing. So me targeting an individual, what's the most I'm gonna get, really? Right. So I really want to target organizations and businesses. And now you've got this extra layer of complexity. Because if I leave a note on someone's doorstep saying, oh, like, give me your personal stuff, like, that's a lot of work for a little return. If I say, oh, give me your corporate credentials or whatever, now you've got layers. Because, okay, like, hey, I fell for it. Here's my credentials. But like, at the same time, I'm going to tell it or whatever and they're going to intervene or I'm going to call the police, right? Because now it's like, it feels, in my opinion, less about you as an individual, isolated victim and more about your peace in a larger kind of enterprise level crime where you can feel like you're a participating member and have, you know, whatever, a support and whatnot. So we'll see if this trend continues. I think that this is at this time perhaps a little bit isolated. I do want to point out one final thing. All of these data breaches. Oh, you know, your, your email address and phone number got compromised. Oh, your name and date of birth got compromised. Here's a free identity theft protection. Dude, identity theft protection isn't going to do anything. If the threat actors have your home address and your name, name of your kids or whatever, they can use that information to execute this attack. And no amount of identity theft protection is going to stop it because they're not stealing your identity. They're weaponizing it to terrorize you. Thank you for coming to my TED Talk.

Steve Prentiss

Huge thanks to our sponsor, Doppel. Social engineering attacks look trustworthy. A routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Their AI native platform detects and disrupts attacks across every channel while training employees to recognize deepfakes and deception. They fight relentlessly to protect your business, brand and people. Doppel outpacing. What's next in social engineering? You can learn more@doppel.com that is D O P P E L dot com.

Dr. Gerald Ozer

Let's go. Feels like one of those days, guys. Feels like one of those days to let simple minds wash over us in an awesome way. Coffee is flowing. All right, guys, this is gonna be cut out from the replay. So, you know, for you all you're getting dynamite, dynamite Actually, you know what? We got the. That. Oh, I'm gonna do this. I want. I don't.

Robert Wetstein

Problems.

Dr. Gerald Ozer

I don't want. I don't want the people on replay to miss out on all the value. That is the jokes of the week. Hey, guys. Shout out to the stream sponsors. Thread locker, anti siphon flare for sponsoring the daily cyber threat brief. I love. I love doing this show. And it. It. It's not possible without the support of the sponsors. Links in the description below. Every single day of the week has a special segment. And what is that, dude? Spotify changed their logo. Guys, if you have Spotify on your mobile device, look at the logo. I don't like it. Ew. It looks like it went through, like, a Warhammer filter. I mean, Warhammer is cool, but, like, I don't know, dude. Like. All right, so, guys, every day of the week has a special segment. Fridays is dad jokes of the week. James Quiggin, 35, 000ft. The guy lives in seat 3B on Delta. He brings us dad jokes because he's awesome. Here we go. I have not reviewed these in advance, so you're getting my honest first takes on these things. Here we go, ladies and gentlemen. How much does a pirate pay for corn? How much does pirates pay for corn? It's a pretty flat rate, regardless of whatever port you pull into. It's a Buccaneer. Oh, all right, all right, dude, I. I did see that joke last night because of the preview. I love that joke. That is like a classic. Growing up, there was a golf course called the Buccaneer near my house. It was like a pitch and putt, you know, whatever, eight bucks up. What do you call a cow during an earthquake? A lot of earthquakes here in the low country, like, centered around Justin Gold's house. I don't know, conspiracy theory or not, but for the cows out there, we're calling them milkshakes, ladies and gentlemen, Milkshakes. I'm not a big. I'm not a big sugar sweets, guys, but I gotta tell you, every once in a while, I'll crush a milkshake. There's a place called Friendlies back in the Northeast. I don't think they're around anymore, but they used to have something called a fribble. You run across one of those, give it a shot milkshakes. The win. Why do geologists hate their jobs? You know, a lot of people might think that geologists hate their jobs because of the pay, the access to opportunities. Hollywood does do a good job of making geologists looks Cool. During the, you know, the eminent threat to, like, end of civilization because of some, you know, meteor type thing. But those are the only time I see geologists being cool. Did you know that most geologists hate their jobs because they get taken for granted? They get taken for granted. I'm not. James will have to come on and qualify that joke. Does that mean, like, the word granite? Like, granite did or granted, because most geologists have to get their work paid through federal grants. Not sure, but we'll allow it. All right, shout out. All right. They have to be granted. Okay, cool. All right, guys, I hope you enjoyed that very much. We're running low on time, so I'm gonna get back into the news. Let's go.

Steve Prentiss

UK moves to shield security researchers in cybercrime law rewrite. The British government announced on Wednesday its intention to rewrite key cybercrime laws after, quote, years of warnings that outdated legislation was hindering security researchers and weakening the country's cyber defenses, end quote. This rewrite would be an update of the Computer Misuse act of 1990, intended to address a long running complaint that its cybercrime law no longer reflects the realities of modern defensive security work. It was written before the rise of cloud computing, ransomware gangs, cryptocurrency, laundering, and the modern cybersecurity industry. Researchers and industry groups have argued for years that the law's broad unauthorized access provisions can create legal uncertainty around legitimate activities such as vulnerability research, penetration testing, and threat intelligence operations. End quote.

Dr. Gerald Ozer

All right. I mean, you can. You. This is one of those ones where you can read the headline and, you know, you know, the card does what the card says or read the card or whatever. Zach Hill will have to qualify that. There's a magic thing. Okay. Hey, Peacock, Load letter is talking about Banyan Vines. Thank you, Peacock. Yes. We got into the Wayback Machine. That's a Kool Aid, man. Drink Banyan Vines. If you've never heard of Banyan Vines, that makes my point that, like the convergence, the divergence, convergence of technology. Okay, so check it out. The UK they're, They're thinking about adjusting this law to basically make it safe for security researchers to do their job without fear of legal infraction or getting arrested or whatever. The UK all right. I don't know why it's taken them so long to do this. The UK has been in the last, I don't know, 12 months, has done more things that the United States did, you know, within the last three years than I've ever seen him before within the cyber space. And I'm not saying like, hey uk, like start, like stop, like get your own thing, like stop trying to make fetch happen. Like, I'm all about it, dude. The United States, because of NIST and cis, cisa, right? For those who want to dunk on those two have established very good standards, very good protocols, very good best practices around cyber security. And the UK has been doing the same things. Notably the UK just stood up. Like, I forget it's like a four letter acronym like the NCSC or whatever, but essentially it's, it's kind of like UK's SISA. The UK has started doing threat intelligence. The UK has started doing public private sector partnerships, all these things. And now the UK is doing another one. My guy. The 1986 Computer Fraud and Abuse act in the United States has long been the law that we would hold hackers accountable. And, and you know, basically when researchers started doing research, companies would threaten them with that law. And we have eased on that. Now we have bug bounty programs, responsible disclosure. Yes, if you hack someone like that woman did a couple years ago in Capital One up in Minnesota or Michigan where she just like went crazy and pulled a bunch of customer data for Capital One, yes, you can be held accountable and tried under that law, but for the most part we're pretty chill in the United States. If you have good intent on, you know, basically pen testing or doing reverse engineering and stuff like that, the UK is getting on board. So pip, pip, cheerio. Get your glass of Guinness and your tea and crumpet and, you know, get moving on this.

Steve Prentiss

Microsoft closes in on its own annual vulnerability record, adding to a story covered yesterday regarding Microsoft's EM Dash vulnerability tool. It should also be noted that last Tuesday. Patch. Tuesday, the company issued patches for more than 100 security vulnerabilities, putting it on pace to break its own annual record. Representatives acknowledged that AI tools are driving a surge in vulnerability discovery across the industry. Microsoft has already patched more than 500 vulnerabilities in 2026. And Tom Gallagher, vice president of engineering at Microsoft's Security Response center, said in a blog post the company expects releases to continue trending larger end quotes.

Dr. Gerald Ozer

All right, really quick, really quick. Before we get into. Well, hold on, I'll just talk about this for a hot second, guys. This should come as no surprise. Like at this point, I feel like I've made a very compelling case for you to confidently move forward and say these things. The number of vulnerabilities that are going to be documented and reported are going to exponentially grow we're looking at a logarithmic curve because AI is discovering them at reckless speeds and because there is an entire 25 year backlog of software that has tons of vulnerabilities that AI is going to be discovered that have just been sitting there that no human has discovered. NIST is already reported that they are not going to be enriching a lot of vulnerabilities any longer because of the sheer volume of it. Obviously they need AI to help them do that. This is another one. Microsoft is on pace to break their annual vulnerability record. Hello. If I had to guess. Okay, this is just a hot take. Get your tin foil hat here. Microsoft's gonna break it this year and next year 2027 is going to break 2026s. I'm not ready to say 28 will break 27, but dudes, we're talking logarithmic growth here. I wish my 401k had log rhythmic growth. It doesn't. But this is. The AI is going to do this. This is yet another disruptive factor of living in an AI era. We're not getting away from AI. It is here. You have to adopt it bit. Software companies, researchers, everyone needs to use AI to help write secure code in order to begin to put a line in the sand of, okay, everything after this date and everything after this point was at least hardened by AI. So all the things in the technical debt bucket we can work through and solve and then move on. All right, now, really quickly about this story, the tinfoil, not tinfoil hat, but I want to give you a real time look in. How we doing on time? We're all right. All right. For those listening on audio only, I'm showing the meme of Vince McMahon walking out of the back room down to the ringside with like strutting like he's Conor McGregor. Really quick, I saw Slim Daddy 9 in chat saying you talking Banyan Vines. What do you know about that time? I went into. I was in a Netware V215 and 312 back then. What do you know about that time? So, and when I read that Slim Daddy 9, this is, this is what I saw you as Vince McMahon coming out of the back. Talk about talking about Banyan Vines, like coming ringside talking Netware. So thanks for that. That was a lot of fun.

Steve Prentiss

Kong Tookie hackers use Microsoft Teams for corporate breaches. Initial access broker Kong Tookie has quote moved to Microsoft Teams for social engineering attacks taking as little as five minutes to gain persistent access to corporate networks. End quote, this is done by tricking users into pasting a PowerShell command that delivers a remote access Trojan. Initial access brokers like Kong took then sell company network access to ransomware operators who use it to deploy file theft and data encrypting malware. A central element to this campaign is cybercriminals using teams to reach out to company employees, pretending to be it and help desk staff.

Dr. Gerald Ozer

All right, dudes, first of all, King Kong Tookie. Okay, I'm gonna, I'm gonna, I'm gonna use that. That sounds like a VR game, like targeting like 10 year olds. All right, all right, so a bunch of things here to wrap your head around. Hey, y', all, everyone who works in grc, allow me to write your next awareness training memo. First of all, hey, we all use teams. We all hate teams. Criminals are pretending they're it and they're using teams. If you get a note from someone on team saying they're from it, call it Help Desk. Confirm it. Don't believe them. Be an A hole. No. Next. If you do somehow believe that it's Carl from the help desk because you've worked with them before. Let me show you what a click fix attack is. Dude, I thought we had put this fire out. This is like a smoldering ember that you just like walk away and then the entire forest catches fire again. Click fix attacks. Attacks are basically captures, right? Oh, hey, prove you're a human. Move this puzzle piece. Tell me how many fire hydrants you see. The. The capture says open a command, run prompt and hit control V and hit enter. That'll prove you're human. People are just running through this and it's running PowerShell. You can disable PowerShell for non privileged users on endpoints. If you want to go that route in your environment, you can educate your end users not to run PowerShell. You can look for PowerShell execution on endpoints, running commands that reach out outside the network. This one is running to Dropbox. But don't. Don't make your detection so brittle or your rule for blocking so brittle that it's Dropbox. Because you can use, you know, whatever Google, you know, drive mega upload, if that's still a thing. So anything. There's a. There is a defense and D capability here, but clearly this threat actor is having success. The campaign is active right now. They are making their username look legitimate because they're using Unicode white space tricks to make it so, you know, it's a unique name, but it'll appear to be real from the, the end user's perspective just guys, the deal is you have to validate in some out of bound way, out of band way. And, and finally guys, like if this is a bigger problem for your organization because like you're a large organization, help desk is 30 people or it's like a follow the sun model or you outsource help desk or something and you don't have these kind of capabilities. I mean this might be for the larger organizations this, the click fix problem is a real one. They're using teams today, but they can use email, they can text message. The, the, the communication vehicle is, is a variable. You need to get in front of this because it is highly successful and threat actors are getting corporate user accounts in five minutes. And by the way, once they get in, they're definitely registering a another device to the multi factor authentication. That's like another common thing. That way they can just log in again once they get your creds and your MFA is completely bypassed. This is gross. Get it fixed.

Steve Prentiss

AI hallucinations are creating real security risks. AI hallucinations are introducing serious security risks into critical infrastructure decision making by exploiting human trafficking trust through highly confident yet incorrect outputs. This highlights a major weakness in AI. Specifically, it lacks a mechanism to recognize uncertainty, instead generating a most probable response based on patterns in its training data. According to the Artificial Analysis Organization's AA OmniScience benchmark, 36 out of 40 AI models tested were found to be more likely to provide a confidential incorrect answer than a correct one on difficult questions, end quote. As AI takes on a larger role in cybersecurity operations, organizations, quote, must treat every AI generated response as a potential vulnerability until a human has verified it, end quote. A Link to the AA OmniScience report is available in the show Notes to this episode.

Dr. Gerald Ozer

Okay, first of all, you see the word omniscience here. If you play Magic the Gathering, you either are like, oh, that's nice, or you like broke out into a cold sweat. Super powerful card. Just quick shout out to the magic crew. Listen. AI Hallucinating AI has gotten better in 2023, AI was hallucinating all the, all the time, but they're saying it's still happening. You have to have some confidence or don't treat AI output as like, you know, gospel. For lack of a better term. You do. They said treat each AI output as a vulnerability. That seems a bit of a stretch. They also said you have to investigate every AI output. My guy, I don't know if you've been using AI but like you're getting 3, 400 outputs a day. It is not remotely scalable to investigate every AI, every AI output. Like at that point you might as well just not use AI because you're going to be doing all the work anyway. So I, I think that there's something in the middle here, right? If you're talking to AI and you're giving it super complicated requests with very little context, very little additional references and resources, whatever, it is not, and it's not an AI that's specifically trained on that specific area, right. Then the level of confidence you should have in their responses is lower. It's a confidence level low, medium, high. Can, you know, certain. So if it's an AI that's trained on pharmaceuticals, right, it's, it knows all the pharmaceuticals and all the things and you ask it like, what's a dosage for this thing? Then you can have pretty high confidence. If it's a general LLM that's, you know, basically trained on the Internet and you ask it for a dosage of some medicine. You're, you're, you know, I don't know about you, but I'm not taking that amount. So that to me that's a very easy explanation and case use case of like why hallucinations could happen and where you'd want to be careful with them. I mean you can fact check these things. My thing is you're probably going to want purpose built AIs for purpose built things. If you're doing general like vibe coding or whatever your general. Hey, like can you help me draft an email to my boss asking for a raise? That's fine. It's not going to hallucinate where it's like dear boss, I think you're the best. I would like $1 million. Like AI is not going to do that stupid. But you know, like again, specific needs are specific. Also, I would recommend you don't trust AI as a full scent. These organizations that are just straight up laying off people and replacing them with AI are they're in for a rude awakening. Okay?

Robert Wetstein

You are so dumb.

Dr. Gerald Ozer

You are really dumb.

Robert Wetstein

For real.

Dr. Gerald Ozer

And you might think, oh, why you? Well, I don't know if you have your own opinions. I have opinions. But here's the deal. Number one, you can't like there's o. There's always nuanced situations that a human's going to be able to suss out and, and figure out a solution, a workaround to make it work. Secondly, and I've said this before, and then we'll end the show, dude. Right now, the cost of AI and the usage of AI, number one, if you go enterprise, people are getting bills at the end of the month and they're like, holy crap. Number two, a lot of these AI models are being subsidized by venture capitalist investors at some point. Trust me, VCs, Gordon Geckos, they are not in it for philanthropy. They're in it for straight cash, homie. Great cash, homie. So at some point, they're going to pull that rug out and you're going to be left with this incredible dependency on AI. We fired everybody because AI is 24, 7 and doesn't ask for lunch breaks. That's awesome. AI just tripled in cost. So I'm super pumped that now your expense is higher than it was when you had freaking humans. And good luck hiring them. All right, guys, here we go. Wow, what a day today has been. Friday, May 15, 2026. It's episode 1133 of Simply Cybers Daily Cyber Threat. The Loki Secret Crank episode. I did not drink crank, but I felt like I am still lit up like a Christmas tree right now. My guy. Wow. I just took the last slug of coffee, which had a bunch of coffee grounds in it, and I think I just basically did the equivalent of like a went skiing if you're picking up what I'm putting down. So, wow, this has been the sand. This has been the Simply Cyber Daily Cyber Threat Brief podcast. I was your host, Dr. Gerald Dozier. If you can stick around, we got a great bonus show for you. It is called Cyber Career Hotline, and on Fridays we do a panel. So we're going to be bringing. The panel is all in the room right now. We've got a great group, probably a hundred plus years of cyber security career experience. Bring your questions, we'll bring answers. I'm Jerry, your chat. Until next time, stay secure. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. All right, everybody. Welcome to Cyber Career Hotline. I am your host, Dr. Gerald Ozer. No, wait, wait. Hey, what's up? It's Jerry Guy coming in. Hot off the heels of the Daily Cyber Threat Brief Podcast, that nerd talking about AI and vulnerability management. Can you calm down with that, guys? On Fridays, we run a panel to give you even more value than you thought was possible. Without further ado, I'm just going to bring them in. Just come staggering in, ladies and gentlemen, you know Ms. Fleet is posting. I call him Fleetus post in the third. What up Fleetus?

Fleetus

Happy Friday everyone.

Dr. Gerald Ozer

I love it. App State Zone. Here we go. Next on the block is. What is it? Bow tie cyber security guy. I always get it wrong. Robert Wetstein.

Robert Wetstein

Both I Scaredy guy. What's up Jerry?

Dr. Gerald Ozer

I love it. Bow tie security guy. If you haven't seen his simply cyber fire sites it is gone quasi viral in our area. So go check that out if you're looking for sick mentorship. And of course none other than the dad joke himself. The guy who made the the poor joke about the geologist. Ladies and gentlemen, James the Quicken at 35000ft.

James McQuiggin

The poor joke or the way I got told? Oh, I think, I'm not sure if that goes up there with you know, Indiana Jones and Raiders of the Lost Ark and Temple of Doom, but that's another story.

Dr. Gerald Ozer

I think Phil Stafford was right. I think the autocorrect sorted it out. But ladies and gentlemen, it's people. All I need you to do is ask a question and we'll get you answers. Just a quick around the horn. Deep experience across every factor of cyber security. Currently an executive at a Fortune 500 company, Fleetus SoC knowledge and running programs now in manufacturing space. James McQuiggin, GRC extraordinaire. 25 plus years big on public speaking, VC. So work and awareness training. And of course I'm Jerry. I do a bevy of things including being like a live wire. Guys, just gotta tell you the amount of coffee I drank today was not different than the amount of coffee I normally drink. But holy crap, it has been a thing today. I'm, I'm looking in chat right now. I literally see no comments in chat so I'll just have to I guess ask. Like I won't be able to bring them up because I've got a hot

Robert Wetstein

take on the social engineering thing that we were chatting about.

Dr. Gerald Ozer

While I find some things, Restream is being a pain.

Robert Wetstein

So. So we were both talking kind of in chat when the social engineering thing goes on and the, the specific thing is users, everyone thinks that the user is actively clicking on these attacks and things like that, but it's actually their submind that's doing this. Like if you think about when you're, when you drive home on that same route you take every day and you don't realize kind of how you got there, that's the same reaction that clicks on that. You're like submind is doing the task for you because it's muscle memory. I always try to tell people in all the trainings your users are going to click because it's not the user actively thinking I'm going to click this. It's a conditioned response. It was just something funny that we were talking about in chat. I think you definitely agreed with that too, right Vladis?

Fleetus

Yeah, I was going to say most of the time when you're used to using unified communication so team Slack signal, whatever you're, you immediately just click the notification because you're assuming it's a trusted correspondent because in theory you're on your corporate instance and I'm using air quotes because a lot of corporations don't always set up trusted connections so they allow external. Microsoft has done well in the last few years well to put a banner. This is an external context. But if you're to Robert's point, if I'm just clicking over because I'm typing, I see a notification, I miss that banner. Just like James and I have talked many times we put external banners on emails like 20 years ago to tell you this was an external email. It's like 10, probably 15. When you put your email gateways in, we started ignoring them because they would auto scroll past them. So you never saw the banner that this was an external email. So it's the same thing with teams Slack signal discord.

James McQuiggin

It's more like. It's also like banner fatigue as well. You're constantly used to seeing the banner and it's the same thing. You're like, yeah, okay, all right. I mean one of the things I always talk about is change the colors, change the font, mix it up, make it so that they catch it and go oh, it changed. You know, and it's like oh right, yeah, bring it to the forefront.

Robert Wetstein

Yeah. It was one of those things where when we investigated users who have been compromised, even when the attacker was able to bypass two factor, the user had let them in. The user was just like, oh, a two factor prompt. I must, it must be delayed. It must be, you know, must have been from when I logged in earlier. Except. And that happens really, really commonly.

Dr. Gerald Ozer

We got a whole bunch of questions coming in. I love it. Artemis Hex says what kind of work actually moves the needle for hiring beyond certs, I've been doing detection rule submissions and analysis write ups but curious what else translates. Robert, please go ahead. This is for Artemis Hex.

Robert Wetstein

Yeah, so I mean the, the biggest thing that moves the needle is your network. There's just so many people looking for work right now. It's not an. It's not a matter of what you know or how smart you are or how many certs you have. With the exception of being an AI expert and a machine learning expert, those are the only jobs that are really actively looking for people in. Most of us don't have someone in our network who's been doing AI for several years, but every one of us on this call right now has at least 10 or 15 friends who are looking for work. And the first thing we're going to do when somebody, when we open a roll is we're going to say, who do we know that can fill this? Who does our team know that can fill this? Who is coming from internal and then maybe one or two people from the outside. So it's just, it's not you. It's just you've got to get out there, you've got to network, you've got to build a brand. You know, James and I have talked about this a bunch and I'm sure Felitis agrees. Like you have to kind of put yourself out there and submit conference talks if you're uncomfortable talking. Get used to talking and get more comfortable being uncomfortable because that's where the opportunities are going to come from. They're not gonna look at a resume and be like, wow, this person blew my socks off. I try to go through the hundreds of resumes that I get as a hiring manager and I get through maybe around three or 400 of them and then I pick two people from there and it's, it's pretty much like whose summary seemed more interesting and it sucks. But that's the reality of the job market right now. My entry level roles are getting 50% of the people who are applying having five to 10 years of experience. Are you seeing similar fleetus?

Fleetus

Yeah, very much the same. The last role we tried to fill, it flooded us within an hour. Yes, a lot of those are bots. So again, James and I have talked about this. The HR firewall is terrible. ATS systems are bad. Half the time if I don't know to look for you, I don't see you. So someone has to tell me to go find you. So there's been many organizations that I've worked with, I've worked for, for and consulted with where the ATS system kicks out highly qualified candidates over something trivial like a formatting mistake or PDF. The PDF was corrupt for its editor, only its editor, it couldn't read it, it couldn't scrape it. So the best thing, and I'll add a little Bit more to Robert. It's not who you know, it's when you know them. Because if I. If I just spoke with you, you're top of mind. I'm going to refer you if I haven't talked to you in six months, I may remember you and I may think about you, but if I just heard your talk, you just broke bread with me over dinner. You're going to be the top person I say, hey, go talk to James. James just had a talk about this. James and I just broke bread on this. He'd be a good candidate to speak with and it's easier that way. Even if you're not a public speaker, put up content. Get good at writing. You can publish on a blog, you can publish on LinkedIn. You can put your own newsletter out. Get a distro. Mailchimp is cheap. You can blast your friends with content that they can easily share. Don't spam them. But you can, you can let people opt in or opt out. Just like I mean Jerry does this all the time with Simply Cyber. We get a daily digest on Monday. Like we subscribe to a Monday digest for Simply Cyber.

Dr. Gerald Ozer

That's right. I love it.

James McQuiggin

I thought that was going to be don't do what Jerry does. And I'm thinking spam all your friends

Dr. Gerald Ozer

than what I do. It's.

Fleetus

It's opt in, not opt out. You always want to opt in, not opt out.

Dr. Gerald Ozer

What I do is not sustainable. It's insane what I do.

Robert Wetstein

Mortals.

Dr. Gerald Ozer

Yeah. Robert and I have a call later today to talk about how Robert can turn into a. A manufacturing machine. I love it. I love it. All right. Hey, really quick cyber risk which asked about my shirt. I haven't worn this. This is a throwback to like early 90s Saturday morning cartoons. Threat Hunter. It is a cat. Kind of like a.

James McQuiggin

It's like the.

Robert Wetstein

Yeah, looks like Heman.

James McQuiggin

Yeah.

Dr. Gerald Ozer

I think this is AC Hunter shirt. I think you could only get this at Wild West Hacking Fest last year. It was kind of a one off but it. Oh wait, hold on. Yeah, it is a active counter measures.

Fleetus

Oh cool.

Dr. Gerald Ozer

All right.

James McQuiggin

It's a Thrunter shirt.

Dr. Gerald Ozer

What's that?

James McQuiggin

It's a thrunter shirt.

Dr. Gerald Ozer

Let's see. Elliot, Matice wants to know what your favorite dad joke is, James.

James McQuiggin

Yeah, I saw that. I dropped the comment in in chat and said asking me what my favorite dad joke is like asking me who's my favorite daughter. Yeah, it's just there's. I can't answer that. There's just so many different ones. So many favorites that are out there. So.

Dr. Gerald Ozer

Yeah, okay, no problem.

Robert Wetstein

The last one to get a laugh is probably your favorite, right?

James McQuiggin

They all get laughs. What are you talking about?

Fleetus

Or to keep with change. To keep with James. Is the, the one that, the first one that made me an apparent.

James McQuiggin

Yeah, that's a full grown one right there.

Dr. Gerald Ozer

There was a story at the end of today's daily Cyber Threat brief about AI hallucinations and how that's a risk to organizations still in 2026. Cyber risk which asked the question and by the way, cyber risk, which puts the phone emote before her questions, which I love because of the cyber Career hotline. What's the best way to address AI hallucinations in enterprise? AI policy. We've been talking about AI policy for a minute. Robert, why don't you start on this one? Simply because you are executive at a. Fortunately it's a large org, so really

Robert Wetstein

most of the things that people are putting AI in, at least in my experience, are very purpose built which limit the ability to hallucinate. Making sure that you're building it on a database or a large language model that like if you're building like a, a help desk bot or a chat bot, making sure it only has access to what it needs and no more. Because that's where when you corrupt your own data source, you can get a lot more. AI starts to think different things and then ensure that your prompts and all of those basic things can't be done by the end user. The end user can't take advantage of prompt injection or other things. So making sure that you have a actual pin test test done of that app to make sure you can't trick it into hallucinating. Because we've seen that with some of the pen tests we've done where we were able to convince it to do other things. But really that's it for right now. What Jerry talked about earlier is things are growing at such a rapid pace and our infrastructure is growing at a flat pace. So I think we're going to hit this plateau where AI can no longer grow. And like Jerry said, like the amount of money that you're spending now is not going to be the amount of money that you're spending three years from now. I would estimate a 5 to 10x multiplier.

Dr. Gerald Ozer

Yeah, it's like a, it's like a ticking time bomb. It's like a powder keg. Everybody like, I mean dude, the easiest way to make money if you're a business that's for profit to get your get a huge addicted base of people and then increase like look at that.

Robert Wetstein

Jerry, who else has this model? Is it drug dealers?

Dr. Gerald Ozer

I know. First one's free. Come on in. Is working now. We got a bunch of questions. Fleetus, this one's for you. Memorial Day approaching. You ever had to work cyber incident over a long holiday weekend?

Fleetus

It's not have I, it's how many have I worked over long holidays.

Dr. Gerald Ozer

Let's go with that.

Fleetus

So the, the first one was similar to kind of like our stories today. We had an acquisition, we had an office that was allowed to split tunnel. So the VPN was on, but there was split tunneling turned on. And the user had ran a job, went home. And the next thing we know, we're seeing a spiking activity on a certain vlan. And this was like going into Easter weekend. So this is like they worked the Friday they started off, they made a change on production change on Friday. Don't make changes on Friday no matter what. Don't make a production change on a Friday. It's just not worth it. And they left their creds out there. Well, their creds was compromised. They started trying to do lateral movement. Luckily for us, there's no one in the building. It's easy. We can just isolate the vlan. But you have to do that on Good Friday and then you're reading out your executives on Saturday and you're missing Easter lunch or Easter dinner because you're still trying to write the corrective action of how this happened and how it wasn't caught during the due diligence that we had an entire building that was able to go out side of our security controls did not navigate our security control. So the network security didn't pick it up, the proxy didn't pick it up. Nothing was picking up this traffic. Luckily the endpoint got us. So that's why depth and defense is beautiful. But you don't like in the kill chain when it hits the endpoint. Like you don't want it that far in before you catch it. I mean it's fine. Like we were joking in our chat earlier, these click fix. My controls have stopped. I don't like that there's. My controls are stopping them, but my controls are stopping the paste into a powershell because they're not allowed to run it, it's not able to execute or when they click it, they tried to navigate. They can't get there because we've blocked that site due to low fidelity or CASB, etc. So yeah, the other ones again, I worked SolarWinds. That wasn't a long weekend. I mean that wasn't a holiday. It was a long weekend. Solar Winds is not fun. No, I had to, I wasn't impacted by Move it, but I had to do a lot of communications over Move it because every customer under the sun wanted to know what Move it was like. So you don't get to sit still when big events come out. You, you turn into a politician and a communicator real quickly when exploits hit the wild.

Dr. Gerald Ozer

Yeah, soft skills. Don't, don't sleep on them. James. Yeah, it's kind of interesting because the person's also named James. I didn't catch that. He's been getting rejected due to lack of, not due to lack of knowledge, but because he's able to articulate what he's saying. He's a blue collar worker from the South. What can he do? Or what buzzwords to study? He basically wants to know how to communicate more effectively in interviews. Thoughts?

James McQuiggin

Yeah, you know, communication is one of the key items. It's, you know, as we call people call soft skills, I like to say professional development. For me, I would be practicing those questions. Be thoughtful in your responses. Don't feel like you've got to rush and get a response out because you know, they want to see how quickly you can answer. For me, a lot of it comes down to just kind of slowing down your pace when you're trying to come up with that explanation. One of the biggest things that helped me when it came to communication, of course, being able to think on your feet. Going to Toastmasters and their improv, their tabletop exercises helps you think on your feet very quickly in coming up with those different type of responses. Buzzwords are fine, but you better be able to explain that buzzwords in layman terms. Unless it's a common buzzword like vpn. Most people think VPN is that tool that connects me to my office, this. But do people really understand what it is? So make sure that if you want to use buzzwords that you be able to properly explain them. Sometimes it's easier just explaining it in layman's terms. Other times. The other thing I can think of is when you have the questions, ones that tripped you up, go home and write a response. Either type it up or handwrite it. That way it gets you thinking more of what your response should be and then have that. I won't say fully rehearsed so that it sounds like you've memorized it. But then that way Your communication, your enunciation, your delivery comes out a lot smoother and a lot easier for you and hopefully get you over that hurdle.

Dr. Gerald Ozer

Yeah. And we have a lot of questions to get to, so I don't want to go around the horn on all these, but I do want to share one thing because this is something that I dealt with personally. So I would just say James, and I'm not making any assumptions about how you speak or, you know, what you like to say. Well, yeah, but, but, but keep in mind, you know, you could still stay true to yourself. So don't think you're selling out, but keep in mind where you are and what you're doing. Like, you're, you're at a, basically a professional business meeting. That's what the interview is. You're not at the bar on Friday night. Like, for example, like, if you know me personally, I actually do cuss a bit more than you would think I do. But because my stream is professional and I'm trying to deliver a very specific formatted, you know, program for everybody, I don't cuss. In fact, I, I, I, I try very hard not to. So that's just an example. It's like, well, I'm not gonna not be me. And I swear all the time. No, it's like you just got to be mindful of those things. And again, I'm not assuming that's what you're doing. I'm not saying blue collar workers are longshoremen swearing all over the place. I'm just saying be mindful. Right. And you don't have to fill the air with words. Right. Like, you can, you can just say what you need to say.

Robert Wetstein

Yeah. James, reach out to me on LinkedIn. I'll, I'll set up some time with you and we'll do a mock interview and I'll, I'll help you with that.

James McQuiggin

Yes, definitely do that. Do not pass that up.

Fleetus

And I'll extend, I'll extend the same offer as I put something in chat. I coach people all the time to research the company. So you sound like an employee. Employee. You want to sound like an employee when you talk to me. The more you know about my company, the more you can address what I'm doing, what I'm doing using my lingo. The walls come down much quicker as a hiring manager because you sound like,

Robert Wetstein

oh yeah, use chat, GPT too. To get the questions in advance. What are the common questions for this job? This job title? Majority of hiring managers do not know how to interview. So the first thing they do is go into chat GPT and ask what questions to ask. Like highly technical hiring managers are very slim and very rare. So learning to dumb things down and, and to a point, like you're talking to a kid to keep it simple is critical.

Dr. Gerald Ozer

Slim Daddy 9. This is the like netware, like Vince McMahon walking 35 years, taken a very traditional path. Help desk to Network, admin to VMware, Enterprise Wi Fi, AWS Solution, Pro Sec Plus. He basically wants to become a cloud security engineer, architect. What are your thoughts, Robert?

Robert Wetstein

Yeah, again, there are very few jobs and thousands of people, so go out network, volunteer at local security events. Don't go as a guest volunteer, meet people, hang out, go to your local security events that are in your area. That's the opportunity you're going to get. And then really just practice and play and break stuff.

Steve Prentiss

Right.

Dr. Gerald Ozer

All right, thank you. We just had a little blip here on, on Restream. I don't know. Nerman's saying that the Super Chat doesn't work. I. I don't know. Wade Wells mentioned the other day he was trying to Super Chat and it wasn't working. So we're doing the best we can here. This is a question from yesterday. How is Tech Winter shaping the industry right now? Does anybody know what Tech Winter is?

Robert Wetstein

Never heard of it.

Dr. Gerald Ozer

All right. Hey, Keenan. If that's how you pronounce it, Keenan, can you qualify or ex or just define. We're all Googling.

Robert Wetstein

I can see everyone.

James McQuiggin

I remember the AI Winter, but that was because, you know, we didn't have the technology available. So as a Tech Winter, I'm thinking, is it a downturn in. Is it a downturn in development? So, yeah, I was kind of curious.

Dr. Gerald Ozer

Yeah, I. I don't know. I don't want to answer the question that's not being asked, but TJ asked about Framework, a modular laptop. It looks like nobody on the panel has experience with this. If you know what Framework is, maybe you've used it, beta tested it. Can you ping at find the true 2 in chat? Also really quick. James had mentioned Toastmasters a minute ago. Not Toastmasters, but in every way an effort to be similar. On the Simply Cyber Discord server, we actually do have a public speaking monthly group that does a lot of the same things that's run by Chris Hidalgo and. Oh, my God, I'm blanking on. We just become best friends. Yep. Other Chris. Oh, it looks like Super Chats are working here. James McQuiggin. Thank you, James. All right. Hey, we got a big one. Here. Straw Hat sec throwing the gauntlet down.

James McQuiggin

Bring it.

Dr. Gerald Ozer

Left his job yesterday as a changer. Been studying cyber for a year and a half. Studying the SEC plus right. Exam by the end of the month. Looking for entry level role. Any tips? All right, well, Fledus, it's been a minute since we heard from you. What do you got?

Fleetus

Yeah, so we covered it a little bit ago and I've talked to Straw Hat Sack a few times here. So I'll, I'll speak to this again. Just continue to network and keep. I want to see your face, I want to hear your voice. Either physically hear your voice or written. So keep your voice out there. I know you started your YouTube channel, you were putting out some material. Continue to build on that and go to your local is or your IC2, your Osaka your go to your local chapters, find who's meeting and when they're meeting and just show up. Like Robert, he said volunteer, do a lightning talk or just be an active member. Be a voice in the the local community that you're serving in because that's probably where you're gonna get your start. If not, use this community. We're, we're global here. A lot of us are in the US but find us and say, hey, what do you know of that's hybrid or remote? I've sent many people job descriptions and I will continue to extend my cards. Most of us on this panel don't burn our cards. But I will introduce you to networks like look at my LinkedIn. If I have a contact at that company, tell me, I'll do an intro either in LinkedIn or an email or text, whatever you want. But after I do that intro, this is the caveat for anyone not just Straw hat.

Dr. Gerald Ozer

Please follow up.

Fleetus

Please be professional. To Jerry's point earlier, don't let me burn a card for someone who doesn't show up to the interview prepared or isn't responsive to the recruiter because then my brand is now up for grabs. Luckily, my friends know that I'm just trying to help mentor people, but still be professional.

Dr. Gerald Ozer

I love it. Great. Great answer. Thank you and good luck. Straw Hat Sack, I can't wait to wrecking ball for you. Excuse me. Lee Mueller says one of my clients likes to disable AD accounts when someone leaves. Can you talk about any risks associated with leaving accounts in disabled state instead of fully deleting? Now, James McQuiggin, VC. So here at his own company. James, you come in for a consult and get this question. What are you telling the client?

James McQuiggin

You know it's kind of interesting because for me, you know, I disabling the AD accounts, I'm trying to think of what are the dangers of not of deleting it. And for me there's a lot. There could be data, there could be ip, there could be stuff sitting in those accounts or on those shared drives that belong to the organization they may have created. And so it's sitting there. So disabling it prevents the user from logging in and gaining access. My thinking is leave them disabled but you know, maybe after a year you delete them, do a review and see what ones be deleted. But I don't, I'm trying to wrap my head around the, the need to delete it. Maybe one of the other guys or somebody.

Fleetus

I will say most compliance require you to leave it.

James McQuiggin

Yeah, you gotta have it.

Robert Wetstein

That was my thing too.

Fleetus

It's a compliance requirement requirement to leave it there for X amount of days for either. I mean sometimes they're on legal hold, sometimes there's a discovery case or litigations going on, sometimes there's an HR component where they need access to the data because there's a termination that they're trying to investigate or an insider risk, etc. So there's a lot of like policy reasons to disable and then there's reasons because of where the employee works. Let's just say they're eu. There's EU laws I have to to do. And then from the risk point of view, you just want to keep your help desk from turning the account back on, especially if they're disabled for an HR reason. That's the biggest reason I run into is my ops team or my help desk will run a report and say, oh, we need to turn this account back on and don't engage security or hr. And all of a sudden you re enable an account that needed to be disabled for an HR policy, not a cyber policy. Right, and that gets you in trouble.

Robert Wetstein

Yeah, clear defined processes for turning an account back on is really the key here. Like don't allow it to be turned back on from a disabled state without secondary approvals.

Dr. Gerald Ozer

I don't know of any viable explanation to delete account fully. Like disabling it gives you all the advantages.

Robert Wetstein

Deleting it too runs into a lot of issues of breaking workflows, breaking access, things like it doesn't work very well. Like you said, set a time limit. Normally it's 90 days to a year depending.

Dr. Gerald Ozer

It doesn't take that much, you know, hard drive space for an account. Yeah, hey guys, I Wanna, I got a special surprise for everybody. We have another panelist joining the show. So if you stuck around for the second half of the show, you are in luck. Ladies and gentlemen, first time on the panel here at Cyber Career Hotline. He is the main host at Enterprise Security Weekly, and he's also a really great guy. Ladies and gentlemen, Adrian Santa Bria. Adrian, hold on, where are you? All right. James Robert and Fleetus have been on the panel before several times, so the community does know them. For those who don't have the opportunity, can you just give us 30 seconds on like where your area of focus is so people can direct the questions to you? That would be most appropriate.

Adrian Santa Bria

Sure. So, yeah, I've, I've at some point very intentionally became a generalist. So I did a little bit of everything on the enterprise side, spent a decade, was chief incident handler, you know, built, you know, secure development workflows and, and all that documentation. Built the first SIM, built SecOps, you know, did all the forensics works, copying hard drives and stuff like that. Was a pen tester, was a PCI qsa, was an industry analyst. So completely hands off. Just wrote about the industry for, for a number of years when he, Nath, hired me into 451 and that was, that was a lovely experience. Started my own consulting firm which got acquired by a vendor and then spent, I think did six startups where I was head of product or product marketing at those organizations. And I've been doing my own thing like Jerry here for uh, this is my third year being solo. Just about half my income comes from being in front of camera and the other half comes from advising enterprises.

Dr. Gerald Ozer

Yep. And I gotta tell you guys, I have personally spent time with Adrian at conferences and you're an absolute delight. You're, you're a great.

Adrian Santa Bria

I'm a real person.

James McQuiggin

He's a real person.

Dr. Gerald Ozer

Real boy. Thank you for.

Adrian Santa Bria

I'm not an AI agent.

Dr. Gerald Ozer

Let's throw you directly into fire, shall we?

Adrian Santa Bria

Sure.

Dr. Gerald Ozer

Itching to learn. Wants to know any threat hunting tips or resources. How can you AI effectively in thread hunting?

Adrian Santa Bria

Yeah, the AI bit, you know, I, I, I think, yeah, I, I, so one thing that's become clear with AI, especially after Mythos was released, is that it'll do something. It'll burn tokens and do something if you tell it to do something, but if you know where it should be looking, you know, and, and so this applies equally to threat hunting as it does to finding discovering vulnerabilities and things like it really does take an expert you know, you really do have to have a good idea already of where the attacker is going to be. So if you go to thedfirreport.com somewhere like that, there are tons of details on what attackers do. And one of my rules is attackers don't roll out of bed and say how can I challenge myself today? Right? They're going to do the same thing that worked yesterday, which is the same thing that worked last week, which is the same thing thing that probably worked five years ago.

Dr. Gerald Ozer

Right.

Adrian Santa Bria

So yeah, there's attackers do attacker things and some of these resources, some of these industry reports, the DFIR report will even sell you like the, the actual threat hunting resources, the actual detection engineering files for your platform that work with your sim or your soar or whatever you're using, they will sell you that YAML. But it's all in there for free. In their blog post that they put about, about once a month that they really go into attacker Craig Tradecraft. One particular bit of it once a month. And you can, you can apply that really well. So once you know those things, you know, then I think you can, you can use AI to, you know, maybe you need it to generate scripts, maybe you need it to generate the, the configurations, the, you know, the actual detections and things like that. If you're, if you're not that good at whatever language you're writing those in. I think it can help in a number of places there, James, but you gotta, you gotta know, you gotta point it in the right direction before you pull the trigger.

Dr. Gerald Ozer

James, what do you think about this?

James McQuiggin

Yeah, so the threat hunting tips or resources? I'm gonna look focus on that aspect. Wednesday when I did the. Sorry, plug in the other group that's out there but the anti Siphon. Anticast we had Leith Dennis on but one of the people on the pre show banter with Sydney Marone, she's a threat hunter. That's her full time job is threat hunting. She's even got the word front or thrunted tattooed on her forum. But she's got a, she's on LinkedIn but she's also got a website with a bunch of resources called Thor. As in the, the Greek, the Nordic God, you know, God of thunder. Thorcollective.com she's got a bunch of resources and stuff. And then of course can't forget Wade Wells. He loves the term fronting. Just ask him just as much as Fleetus does, but definitely Wade Wells. Sydney Barone. Check those two folks out. Uh, those are from my network people that I've had the pleasure of meeting, uh, getting to know. But Thor Collective Wade through security, I think is Wade Wells is site check for those two folks. Hopefully that helps you out.

Dr. Gerald Ozer

Yeah, I dropped a link towards the, to the Thor Collective.

James McQuiggin

Cool.

Dr. Gerald Ozer

Oh my God. So this is an interesting question. John wants to know how long, how much experience should you have before you give out advice? Robert, I feel like you will jump on that one.

Robert Wetstein

I will none. If you know something and can help someone and you've done the research, help. I can't tell you how much I love when my mentees are now mentoring and sharing the knowledge I've shared with them. It's why I do it. Right. So if you can help someone and you know that you're like 99 sure you're accurate and correct, that's good enough. Because a lot of times people just need someone to kind of chat with and kind of bounce ideas off of. Mentoring is very much a two way street. A lot of people are like, oh, thank you so much for everything you give. If I can ever help you, let me know. And I'm like, you are helping me. I'm working on soft skills. I'm working on learning about different people and how they respond to feedback. You know, all the different things that I get from my mentees is, is invaluable. So if you have the time, even if you've only been in the industry for a little bit and you can help someone do so. I always say that instead of helping yourself, help others and it'll just pay back. Like I, I've seen it. The reason I'm sitting here is specifically because I just started helping other people when I got laid off. And then it led to me meeting Jerry at a conference and led to me speaking at a huge conference. Like all of those things are just about putting good out there and then good coming back.

Dr. Gerald Ozer

Adrian, there was a question a little while ago from Ken Kenyan or Keenan. It said, and I think this question's perfect for you given just your sheer like vision over the landscape. He said, how is tech winner shaping the industry right now? And William Bailey provided what I think is a pretty good definition here. A prolonged period of slowdown, reduced investment, cost cutting tech industry. Can you kind of tell us what you're seeing and what your thoughts are around right now in industry? And if there is tech winner, what is it doing?

Adrian Santa Bria

Yeah, yeah, definitely. So, so this is something we're actually going to talk about on one of these fireside chats that, that you do. Jerry. Sorry you're talking, but I can't hear you.

Dr. Gerald Ozer

Yeah, no, go for it.

Adrian Santa Bria

Oh, okay, maybe you weren't. Sorry. I've got the YouTube stream over here, so I can throw in the chat. So I'm. I'm seeing things delayed. I looked over there. I thought you were talking right now. Now, but you were asking the question. Yeah, so Tech Winter, I think, is very much manufactured. Any company above, like, a couple thousand people, they have no idea what those people do or how productive those people are. Like, no company I've ever worked in has a really good grasp on what productivity looks like. That's why when everybody went to work from home, managers freaked out because their only measure for productivity was whether they saw in the office warming up a seat, right? Like, that doesn't mean you're being productive to the fact that you show up. You know, I. I can attest I've had many co workers that show up, keep that seat warm, do absolutely nothing of value, right? So not understanding that, you know, these layoffs, like, they're always ready to do layoffs, you know, there's always people there that. But, you know, like Cloudflare doing 1100 layoffs earlier this week. I'm really challenged to think that, you know, they really replaced everything that each of these people did with AI, you know, so I'm still calling BS anytime you see, you know, more than 100 people replaced by AI, you know, just think about that. Think about everything that you do day in and day out in your job and the amount of time it would take, like, across 1100 people, that must be like 40, 50 different types of jobs, right? And even within departments, everybody's job is a little bit different. It would take hundreds of thousands of hours of sitting next to that person, understanding what they do, you know, seeing if you could automate it, codifying it. So, you know, you can have AI do tasks, but you can't really have it do jobs at this point because it requires you to understand what that job is, and most companies just don't. So I, I think, you know, take AI out of it altogether. You know, these are just layoffs, right? Like, and we see economic. You know, if you look back through history, you know, there are always these points where, you know, the market pushes them to, to do layoffs and, and then they'll hire back again. You know, so I forget what the name of the paradox is. You know, every. We get a new technology, like, initially, everybody freaks out about it, you know, you know, creating a huge rise in, in unemployment. But then it actually does the opposite. Right. You know, we, we use a lot more of it, but I, I, I think this is going to be a rough year for companies. Already we've seen some, you know, publicly state that they burned through their AI budget in the first quarter of the year.

Fleetus

Right.

Adrian Santa Bria

You know, AI is just getting more and more expensive and these products are designed to just burn tokens. And you know, James, you, you saw my LinkedIn post where I was complaining about like everything is going consumption based, you know, no more flat subscriptions anymore. If you've got AI built into any product, they're going to charge you for what you're actually using and they're going to design it to use as much as possible. Right. You're letting the AI choose the model, you know, whether it's cheap or expensive or something like that. So it's, I, I think even with the layoffs, companies are gonna run over on, on most of their budgets trying to use AI.

Robert Wetstein

Well, I mean Cloudflare also opened a ton of internships shortly after all the layoffs. So you know, do with that, with what you will, you know,

James McQuiggin

but I

Fleetus

mean on that same point, like you've seen the, the rent cycle to agent's point, like they'll fire them or lay them off, retitle the role just a little bit and refill it. Put it in a slightly different apartment and call it a win. And hate to say this many companies, Q3, Q4, I'm going to lay you off and then I'm going to rehire you in Q1 just so I can close my books out. And it's a bad practice but the companies continue to do it so their year end numbers look good and then they'll rehire a different role in January and February.

Adrian Santa Bria

But you know what happens when you lay off a bunch of smart people. Some of those people start their own companies and they will hire people.

Fleetus

They walk out with your intellect and if you didn't copyright it correctly, they start up a smaller business and steal your customers.

Adrian Santa Bria

And, and if, if you like, there's no better time to start your own company at this point. There are people running software companies who don't know how software works. Right. You know, they're entirely leaning on AI to do that stuff for them. So yeah, you know, the world's your oyster at this point. So a lot of people are, are, you know that, that were laid out from Cloudflare, you will, from this one layoff you'll probably see at least two dozen new companies easily and they'll need to hire people.

Robert Wetstein

I. I would say a lot of us too are getting tired of the end stability within our network and, and the job itself. You know, cyber is. Technology is no longer a stable career path. It's something you need to plan for a layoff that's just part of the life now.

Dr. Gerald Ozer

Yeah, I mean I say it all the time. So Adrian, you haven't been worn down by me, hearing me say this but like tech skills, hard skills, you know those used to really be like the driver, like oh I understand Paul Palo Alto or whatever or I have ccna and now it's like it's much more about soft skills and relationships and like the tech skills. Yeah, they have to be there but that's like checked at the final gate. So investing in personal branding, soft skills, these type of things are just invaluable right now in this current market.

Adrian Santa Bria

Yeah.

Fleetus

To pull the thread that like all these new startups are happening because of AI and agent's point. Like I could quickly find a software engineer to come in and back me up once I get the product to market. Yes, they're going to rewrite it but I've already got customers. I've already convinced someone to buy my AI garbage and I'm calling it garbage because they haven't taken the time to put logging security and API. I'm having this discussion with the C level right now that you can't just vibe code something and put it in prod when it's a socks app. Just I'll leave it there. So. But you can. There are people who pretty much write an LMS right now to cam like because of Canvas's outage. They're pushing their own LMS right now now and learning management system because of the, the Canvas breach and they're selling it to small schools right now. I've seen it.

Dr. Gerald Ozer

There is going to be some fallout later on like not, not even because. So you know, I know a lot of people have been doing it here on the panel and in chat but like over the last two weeks I have been vibe coding a medical insurance related app. Okay. It's like designed for brokers and it does something very, very similar specific for them. And like I, I used to be a software engineer. I understand what's going on but like you literally just tell the AI like I want a button here or we should be able to delete accounts and it's like so like if you lose that session or you haven't been capturing context offline or anything when, when someone Comes in, they're like, hey, like, we had a problem. Can you fix it? And you, like, you just ask AI and it starts dorking up all your things. You're. You're gonna have no idea how to un. Unf. Frankly, your situation and your whole thing is going to collapse in on itself. It's. It's crazy that people are just yoloing it.

Adrian Santa Bria

Yeah, but that's, that's where we're at, right? Like, that's what companies are expecting. So I, I threw Mobitar. I don't know if that's how you say his name. He's got some great takes. And one of his, his takes is, you know what? You, you may need to fake it a little bit. You know, even though you think AI is BS and it's just going to make a mess of things. You know, you go into that interview, you're like, Yeah, I can 10x myself with AI

Robert Wetstein

100.

Adrian Santa Bria

Yeah.

Dr. Gerald Ozer

And who. Oh, I see it in chat. The. It's a YouTube chat. Okay, I'll bring it up. Please continue.

Adrian Santa Bria

Yeah, so particularly his latest video that he released a day ago. The AI layoffs end in 12 months. And I know why. That, that's the one you should go watch. And he, he gives, he gives some good advice because he is every bit as, as, you know, like, like, he knows AI is ridiculous. There's a bubble here, it's going to burst. But at the same time, you know, that's just where companies are at at this point. They are just fully dialed into this and they really want to believe that it's going to recreate their business, a better, more efficient business. And yeah, actually have the AI skills. Right. Like, spend some time with it, spend some money on it, learn it. Because again, companies don't know how to track productivity. So for all they know, you're 100xing yourself with AI. And that's something we have to think about a lot too. Even when you're in the role, how do you make your work visible? Like, there's a lot of people who do great work who get laid off because nobody ever knew that they were doing it right. So you got to constantly be thinking about, you know, like, like, is there a weekly report that I send? You know, like even kind of the mundane stuff, like if you, if you automate something, if you do something cool, make sure somebody knows that you're doing that stuff. Make sure it's visible.

Fleetus

Yeah, I, I've told my team that because we've, we've, we've Started shrinking audience for certain meetings and they're like, well I no longer get visibility with the people in their head who can lay them off. And I'm like, that's not a problem. To Adrian's point, like I, I push what you're doing. I show the reports, I show your stuff. I say we, I don't take credit for all my, what my team is building because this person, I'll call him Bob for anatomy, produced this report. Sally wrote this automation. My team is now doing this, we are now able to do that. And yes, end of the day I could say Bob and Sally, bye. But they didn't lose their visibility because they're no longer in a meeting and we got to get past that. And Adrian made a good point like you got to sometimes be a little self centered and say look what I did today. Because at some point, especially if you're remote, they don't see you anymore. To Robert's point, there's not a button, a seat, there's not Adrian, there's not a button a seat. I have to periodically here for you to sound the horn. Look at my shiny new toy. Look at my new report. Look at my new detection rule. Look what I published. Or again going to my mentor. Publish something to the web so your future employer sees what you did even if your current employer doesn't care.

Adrian Santa Bria

Yeah. Build a portfolio.

Steve Prentiss

Yeah.

Robert Wetstein

Yep.

Dr. Gerald Ozer

If your boss says you're the best and like oh like I love what you do like nobody else in the world knows that. And when you need to go find another job, your boss is absolutely not going to help you find one. I promise you that. That's a fact. Real quick. Nerman, who I love. I'm a big fan of Nerman. He's long time community member, very supportive. He's asked this question, I asked the panel, they didn't know is anyone integrated Codex into their local AI agent and what's your opinion on this approach? I didn't use Codex. I don't think anyone on the panel has familiar with Codex. James Okan did mention check out AI Chase or Chase AI on socials. They've been doing things with Codex on Claude Nerman and if anyone in chat has anything that they can share with Nerman on this topic, please share it. Nick Dixon says he's. What's this say? Is it advantageous to have tech experience to work in grc? If so, is pursuing the the CCNA a good roi? Now this is wildly interesting because when I was coming up again gray in the hair like my Panel. It used to be like SEC plus. CCNA was like, you needed those things and we got away from it. Fleetus, why don't you talk about this one? Because you lit up like a Christmas tree. Yeah.

Fleetus

So this one is important right now for so many reasons. We gotta get past GRC as just the auditor who's just doing checklists and screenshots. GRC is no longer about can I read a spreadsheet? Can I produce a spirit screenshot? Can I write a report? It's now what, engineering. Yes, I said engineering. Can I bring into this field, what is my python skills? What is my terraform skills? Can I do cicd? Do I understand the network stack to your point right here? So I can audit from layer two up. Can I know what a layer seven application actually is? What a layer five, Layer three? What does that communication look like? To Jared's point? Yes, the SEC plus was great because you knew the inch for the cissp. Now I'm asking you to be a GRC engineer and I'm shameless. Plug working on a tactical GRC workshop for Continuum Con. I haven't got it around this.

Steve Prentiss

Exactly.

Fleetus

How do I pull from the mitre, ATT and ck? When I map this, how do I write a memo that's going to be tactical enough that it's going to draw attention? Or heaven forbid I give a JSON file to my auditor. Hey, auditor, go parse this JSON file because this is how I pushed it. Or here's my YAML file. I'm no longer giving you a screenshot because it's serverless.

Dr. Gerald Ozer

Yeah, GRC engineering is definitely the way. I mean, CCNA is not necessarily going to get you there. I don't know if a ccna. CCNA is like very specific about understanding how to configure Cisco network networks, right? Like routing calls and stuff. It's not, it's. It's not really GSC engineering. So I don't think a cc. If it were me, if you were my son or Nick, I would say I would spend those cycles working on something else other than ccna. There's a lot of different technical things you can get for grc. I think like the knowledge you get in Network plus is probably sufficient to understand how a network works and what an IP address is and stuff like that. And then going deeper into GRC engineering. Also I'm going to be having a video coming out. I haven't developed it yet, but coming out, that's going to have practical labs on learning GRC engineering. Since this is like a hot topic that's like very mysterious to a lot of people right now on what is GRC engineering. So I'm going to be doing that shout out to James. This was a while ago, but James, thanks for the super chat. Definitely appreciate it. People look for Jimmy Coleman Jr. On LinkedIn.

Fleetus

Another one is AJ Yawns GRC for AWS. If you want to read something, he's got tips right inside the book that you can copy and paste into a tenant and actually practice these skills directly in the book. And no A.J.

Dr. Gerald Ozer

very well.

Fleetus

So I just figured I knew his book was behind me.

Dr. Gerald Ozer

Yeah, AJ is a really great guy. He's definitely one for the peoples as far as like you know, the simply cyber ethos and mission. Adrian, please reach into your bag of tricks and answer the question. How long does it take to become an IR person?

Adrian Santa Bria

Yeah. After you go through one real ir, you're an IR person. Yeah. You may have, you may have gone through one personally, right? Like, like if, if you fall into an info stealer or something like that and you gotta redo all your stuff. Yeah. I mean it's, it's. So I, I actually went. Very few things in my career weren't completely self learned. Right. But one of them, where I actually went more the formal route was I got my GCIH from SANS back in October 2025, something like that. 2024 or 2004? 2005, sorry. From Ed Scotus. And, and I, I really use those resources. I, I kept that, that first book around for a time. Long, long time. It was a lot of, lot of really useful stuff in that course. But, but yeah, it's one of those things that's just practice. Like you get better every time you do it. So yeah, it, it's, it's really a journey. Like, like once you see different things, you realize you, you have to prepare differently so you get a little bit better each time. Not every incident is the same. Like back in my day, most of the incidents I handled settled were HR stuff or you know, like, like none of them were breaches. Right. Like I, I had several I had to hand off to Secret service or FBI or postal inspectors. You know that those are all crimes. They, they weren't breaches, they're, they're all internal threats. So there's a lot of stuff that you never read about, you never see because the company never has to talk about it because it wasn't uh, an external threat where somebody was just stealing anything or, or trying to ransom.

Dr. Gerald Ozer

I Love it. Thank you so much, Pocket Pixels. I hope that answers the question. Guys, we've got about four minutes left. I do want to give an opportunity since these panelists gave us so much of their time, so you can find out more. I'll just start really quick if you want more. Adrian, he's going to be my guest on Simply Cyber Firesides on July 9th. It's a Thursday at 4:30pm I'll market the crap out of it since it's like two months away, but he's going to be coming on and the title of the talk just to wet your palate is AI is not coming for your job. Right. Is that what we agreed on, Adrian?

Adrian Santa Bria

Yeah, yeah, yeah.

Dr. Gerald Ozer

Adrian's got the hottest blistering surface of the sun takes on this topic. You're going to love it. James, let's go around the horn. Share with us. Where can people get some James McQuiggin or what's going on that you would like to share with the community?

James McQuiggin

So heading down to Tampa tomorrow for B Sides Tampa. Very excited of that. Gonna see some great presentations. The one that I am really, really looking forward to is seeing our very own, the awesome, the amazing Kathy Chambers doing her first presentation in front of a group. I know it's going to be amazing. She's going to be fantastic. She just needs to get up and just pretend she's talking to one or two people. Don't be worried about who's also her first one. I believe it's her first one. Yeah, I know she's nervous and that's okay, Kathy, because if you're not nervous, you're not breathing and you're gonna kill it. It's gonna be a lot of fun. Just be yourself up there and have an awesome time. So that's my pep talk for you. Do the superwoman pose before you go on stage. They're gonna kill it.

Dr. Gerald Ozer

So.

James McQuiggin

And I will be at Secret Con at the beginning of June.

Dr. Gerald Ozer

All right, there you go. And she's right now at Kathy Chambers Media B Sides Tampa. Get yourself some James McQuiggin Fleetus. What do we got, dude?

Fleetus

So reviving the channel, I should have something, I believe scheduled to come out this afternoon. I'm putting out a decent amount of stuff around human in the loop, AI based content in the last little bit, as well as pulling in some GRC topics. As I alluded, I will be doing a Continuum Con talk on tactical grc. Still working on that workshop. That's the first week in June. I don't have that link in front of me or I would share it. And then if you're in the Charlotte area or virtually hit me up, I'm happy to do mark interviews. I'm happy to help with network. Robert and I both love giving back to this community, so we're in the discord too. So feel free just to reach out. That's where my value proposition and I will answer a questionnaire that I want to answer earlier. Everyone should be a mentor. Everyone should be a mentee because your life experiences is what adds value as soon as you walk into the room. That targeted question question made me a better speaker. The way you ask a question sometimes is just your perspective is always what I need from that reverse mentorship. You asking a question is going to make me a better practitioner, better father, better husband, better person, just in general. So continue to ask questions and find a mentor and be a mentee.

Dr. Gerald Ozer

Speaking of Robert Aki, Bow tie cyber guy or cyber security guy? I get it wrong. I don't even know. I got to write it down. Robert, where can we get some more

Robert Wetstein

of you, Bowtie security guy on YouTube. I'm relatively new to YouTube. Most of my content has been on LinkedIn for many years, so I'm trying to plug that a little bit more. I just put out a video too, specifically on surviving the cyber market. And I go through kind of what you need to do, how you need to grow your brand, and I kind of break all that out. And then I've also done some hot takes on AI and kind of similar things where companies are not thinking about what the future of AI looks like or the cost. But feel free to connect with me too. Exactly. Like FL said, we're happy to chat and there's no charge to this. So if you want a mentor, you need somebody. If you go to my playlist, Jerry too. I built a bunch of playlists for people who are looking for jobs. If you're looking for just kind of real talk about what cyber is, each one of those has different playlist for kind of what you're trying to do and what you're trying to accomplish. So anything I could do to help, feel free.

Dr. Gerald Ozer

Awesome. Thank you. And then our newest panelist, and soon to become Old Favor, Old Friend, Old favor friend. Adrian. Adrian. Where can some people get some more of you until July 9th comes around?

Adrian Santa Bria

Yeah. So my substack is defenders initiative.com which is also the name of my. My company. And you know, we're so all my hot takes on things, you know that that's aside from LinkedIn, that's, that's where they go. So if you subscribe to that, I would be forever grateful. And, and there's going to be a lot more. We've got at least half a dozen breach analyses in the pipe in the pipeline. I hired an intern just to go through all my breach notes from, from the last 10 years and to go through all these different breach reports where we get all these juicy details. Somebody was asking earlier, like threat hunting, like, like, you know, how do you use AI? How do you get those details? You know, this is going to be one of those sources. We're going to show exactly which call out which controls failed, why those controls failed. And, and yeah, there's going to be a lot of good stuff on there. Also, my destroyed by breach is now a website. Used to be just a Google Google sheet. And it is. I was kind of embarrassed that for the last seven years it was just a Google sheet and journalists were referencing it and, and things like that. So thanks to AI, it is now our proper website. I don't think it would have ever happened.

Dr. Gerald Ozer

The Google Drive.

Robert Wetstein

Yep.

Adrian Santa Bria

Yeah, so it's just destroyed by breach.com.

Dr. Gerald Ozer

okay.

Fleetus

Yeah.

Adrian Santa Bria

And the Google Drive. So the Google. This website is actually populating directly from that Google Sheet. So I'm still using the Google Sheet to do the data entry piece of it. And every 10 minutes when I change something on the Google Sheet, it shows up on the website.

Dr. Gerald Ozer

I gotta tell you, I don't typically play the sound effects during the panels,

Adrian Santa Bria

but that Hansel's so hot right now,

Dr. Gerald Ozer

if you know me for a minute, dude, I love some infographics. And this is just like visual data metrics.

Adrian Santa Bria

Like you can click each of those and it'll expand and tell you more about the breach. And eventually though, I'll write up stories about each of these breaches because some of them are really interesting stories. But the whole reason why I did this is there's this myth that companies go out of business because of breaches all the time. Look, cybersecurity is important, but we don't have to make stuff up to make it more important. Right. You know, and the truth is it's extremely rare that a company goes out of business because of a breach. But it does happen. Most of them are not large companies and they, they just didn't have the resources to. To survive.

Robert Wetstein

Some of these, yeah, I mean, look at Stryker. I mean they were absolutely record profits.

Adrian Santa Bria

Record profits after over 200000 devices wiped. That is impressive.

Robert Wetstein

I mean, honestly, like, that's some magic ball stuff right there. It's like, shake that magic eight ball and go. Could this happen? Never.

Adrian Santa Bria

Yeah.

Dr. Gerald Ozer

I love it. Guys, I want to say thank you so very much to the entire panel. Adrian, jumping in here midstream. James, Robert, Fletus, go check out all their stuff. I've dropped it all in. Chad, if you're watching on replay, I mean, I showed it on stream. You can find it easy. Just type in their name and then YouTube or type in Defenders initiative and. And hit enter. I do want to say really quickly, there's a pin comment where if you still want the party to continue, many of us are going to head over to Daniel Lowry's irl. He just started a minute ago. Very similar to Cyber Career Hotline. Helping people, community. It's all about good times. Big fan of Daniel Lowry and all the work he does. He'll also be guest hosting Daily Cyber Threat Brief at the end of June for a little bit. So just a little bit of a teaser there. On behalf of the entire panel chat, thank you very much. I hope you guys all have a wonderful weekend. I'm Jerry, and until next time, stay secure.