A

All right. Good morning, everybody. Welcome to Monday. Hey, listen. Welcome to Simply Cybers daily Cyber Threat Freak podcast. I'm your host, Dr. Gerald Ozier, coming to you live from the Buffer Osier Flow studio. And I can guarantee you in the next hour, me, you and the Simply Cyber community are going to be shredding the top cyber news stories of the day. Leveling everybody up. And given what you need to crush it this week at work or on the job hunt, sit back, relax. We got a great show for you. Let's cook. Ah, yes, that's right, everybody. Good morning. Got my big old coffee cup. I see space tacos has got hers. Good morning, everyone. How are you? I hope everybody did have a great weekend. For me, these last couple weekends have felt like three day weekends, which is crazy. Just I'm doing a little bit less than I normally do and, you know, it feels good, guys. Over the next hour, we're going to go through eight stories. Top news in the cyber industry of the day. Sometimes policy, sometimes career, sometimes, you know, threat actor. But the thing is, I don't know what it is. Do you know why? Because I don't research or prep for the show. Do you know why? Ain't nobody got time for that. That's right. Ain't nobody got time for that. So you're gonna like, literally, I'm gonna be finding out about these stories as you find out about them. So it'll be my honest initial reaction, breaking down the story itself. And then here's the real value. You could do these shows yourself. I mean, not this show. You could read an RSS feed. You could have AI take, you know, some type of like, news articles and break it down into like, you know, here's what you need to know. But the thing is, many of us, including myself, have been in the industry for decades. So because of that, there's a lot of nuances. There's a lot of, well, that's not exactly how it goes or it depends. And because of that, what I love to do is go beyond the headlines, give you those insights because I don't want you to have to learn it the hard way. I'd much rather share that information with you and help you get from A to B a lot faster than I did. We didn't have this when I was coming up, right? There wasn't YouTube University, there wasn't stuff like this. You just had to like, either be exposed to somebody toxic and try to figure out how to learn from them or just grind through it yourself. So that's the value prop of the day. We got you covered. Hey, Steve Raycraft. Getting that CPE action. Don't forget, guys, every single episode of the Daily Cyber Threat Brief is worth half a cpe. Now, you can say what's up? And chat and grab a screenshot like Brute just did. But many of you may already know, and if you don't, let me show you. We have a new feature here, Cyber Threat Brief. Simply Cyber IO, right? Hit exclamation point. CPE in chat right now. Nightbot. There you go. See, nightbot's got it on stream already. Across the top you see where it says cpe. Click on that, scroll down. Check this out. Today is May 18th. Episode 1134. All you got to do is drop in your name, Gerald Ozier, for example, and your email address. Make sure it's the same name and email address every day. Check these two boxes. If they apply. Yes, they have to apply. One is that you're saying you're ethical and two is allowing me to email you because I'm going to email you at the end of the month. A certificate of attendance with all the days that you showed up and then the total value of CPEs. This is a new capability that we've built out for the community. Doesn't cost you anything. You just got to show up, sign up, do the things. All I ask is that maybe you help some if it gives you value. Maybe you get inspired and deliver value to someone else, Right? Hook someone else out, lend a hand. Cyber Threat brief. Simply cyber IO. Get your CPEs here. I'm so, so, so excited about this functionality and I can't wait for June 1st when the emails go out again, shout out to DJ B who was the impetus for driver the driving for this. Guys, if you're here for the first time, drop a hashtag first timer in chat. Hashtag first timer in chat. We love welcoming our first timers, our newcomers. People are new to the community, people who just found us. Maybe you've heard of simply Cyber, but this is your first time checking us out. Maybe you heard about us at BSIDES Tampa that that conference was a banger. Shout out to everybody who was at BSIDES Tampa saw Daniel Lowry, Pat Gorman, Kathy chambers spoke James McQuigen, 35, 000ft FedEx tech grump. So many others were there. It was good times. I, I obviously I did not make it, but it's good that people FedEx of course FedEx was taking pictures. So if you're here for the first time, drop a hashtag first timer. So we can play the sound effect and the emote and give you all the love that you deserve. Letting you know that you are welcome here. Now, every single episode of the Daily Cyber Threat Brief is sponsored by. Before you roll your eyes, the sponsors are the ones who pay the bill. So I don't have to pay Gate Daily Cyber Threat Brief or anything. They allow me to, they pay the electrical for this light right here, right? If I didn't have sponsors, this is what the show would look like, right? Who wants this show? Hey, what's up everybody? Welcome to the Dark. I'm your host. You can't see me, right? No. The stream, the feed, the tech, the software, the hardware, all of it costs money. And I want to say thank you to the Stream sponsors for wanting to partner with Simply Cyber and bring this amazing program to life. Starting with Flare. Guys, Flare Cyber Threat Intelligence platform is a bomb. They go into the dark web, they go into those CD telegram channels and they pull back all that intelligence, all those insights, all those info stealer logs and make it absolutely accessible and queryable in their private, not private, but their, you know, patent database interface, right? I've used this platform, it is dynamite. I'm so excited that they are sponsors because I'm really, really stand by this product. Go to Simply Cyber IO Flare now and you can, you can basically request to get verified. You'd have to get verified before they'll give you access to this platform. But once you're verified, they'll give you two weeks free trial. Dude, the, the learning on ramp for this thing is very, very quick. Like it, it's like within an hour you know how to use this thing and you're flying around. Most importantly, you can find out if your organization, your users yourself are compromised and you just don't know it. It's the real, real Simply Cyber IO Flare. Go check it out. Now. Links are in the description below by the way also guys, so don't be shy, clicking on the links in the description does help the channel. So if you'd like to help the channel, click the links in the description. Anti siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position. And what are they bringing to you? Today is May 18th. Oh yeah, look at this. All you offensive security people, you want to learn how to bypass, evade and exploit like a red teamer? Oh yes sir. Yes sir. Red Siege Information Security. Tim Medine's company has some of the best in the industry on Offensive security. And for free. You can come and spend an hour with Corey Overstreet. Just become best friends. Yep. And learn to bypass, evade and exploit. Guys, this is how you can learn how to slip past defenses regardless of the environment. This is so cool. Come check it out now if you'd like. Also shout out to the blue teamers, attend this talk and learn how to protect yourself from the threat actors. Boom. All right. Hey. Holy crap. Wait a minute. What? Hold on. I'm trying to pause here before we talk about Threat Locker. We've got a big issue here. Marcus Kyler with the super chat says lost my job shortly after the stream on Friday. Leaning on my team SC family during this tough time. Hoping what I've done over the three and a half years will make a difference in the market. I appreciate y'. All. God damn, man. I'm sorry, Marcus. That sucks, dude. Yeah, guys, if you don't know, Marcus Kyler's been in the community for years. He's spoken at multiple simply cybercons. He's come to the meetups, he's done all the things. Marcus definitely drop in chat and and DM me what it the role you're looking for or the role you want? He's one of the good ones people, so. Yikes. That sucks, dude. All right, let's talk about Threat Locker two really quickly, guys. Threat Locker does application deny by default. Very difficult control to implement, but they have cracked the code on how to do it. Come check out how zero Threat Locker does this at the end point and now in the cloud. Brilliant bit of work. I'm telling you. When threat locker IPOs, they're gonna go. They're gonna go big man go gangbusters. Let's hear from Threat Locker and then into the news. I want to give some love to the Daily Cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker worldwide. Companies like JetBlue trust Threatlocker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com Daily Cyber. All right everybody. All right guys, it's that time. So do me a favor everyone. I need you to Sit back, relax. Let's let that cool sound to the hot news wash over all of us in an awesome way. I'll see you guys at the mid roll. Let's cook. From the CISO series, it's cybersecurity headlines.

B

These are the cybersecurity headlines for Monday, May 18, 2026. I'm Steve Prentice. Grafana GitHub token breach leads to extortion Attempt Grafana Labs has disclosed that an attacker gained unauthorized access to part of the company's GitHub environment after obtaining a compromised GitHub token. According to the company, the intruder downloaded portions of Grafana's source code and later attempted to extort the company. Grafana emphasized that the breach did not impact customers systems, hosted services, or personal data and that the stolen code did not contain production secrets. The company quickly revoked the exposed token, rotated credentials, and launched an internal investigation. The incident highlights the ongoing risk posed by leaked developer credentials and the growing focus cybercriminals are placing on software supply chain environments and source code repositories. Microsoft.

A

All right, so this, this is a, you know, a very obvious. Well, I shouldn't say obvious. This brings up a trend, an issue, and I'm gonna, I'm gonna lay the smackdown too, but before I'm done with this particular story. All right, so Grafana is a very popular. Like, I've heard it. I don't know exactly what they do, but I've heard it recently quite a bit. And it's just like, you know, okay, what is Grafana? Okay. Open source analytics and interactive data visualization web app. Okay, so Grafana makes infographics so hot that Hansel. So hot right now. Data visualization. Hold on, let's click on the images. Oh, behave. Look at this. Look at this dashboard. Oh, my God. Someone turned the air conditioner up. Wow. I mean, honestly, I'm being playful. Like, this is not that hot. Okay. But it is interesting. All right, so Grafana allows anyone to have cool dashboards. Eye candy for the VIPs, right? So their open source repository or their, excuse me, their software repo is kept on GitHub. By the way, I just want to tell everyone, like, personally, over the last 10 days, I actually got really into like part of my AI learning journey that I've been on right now. I've been spending a couple hours every day working through AI stuff. And I built like a full I vibe, coded like a full app and web app, and I'm using GitHub as the repo and private repos and cloudflare and all these other things. So like, this is like near and dear to me. Like now as far as kind of understanding. So you can make these GitHub repos private, which is great, but if someone gets a token and gets in there, they're accessing it. And of course, when it comes to security controls, if you're using GitHub, like that's a cloud system. So you, you may not even have visibility into the access of those GitHub repos when they happen, right? So if someone accesses your network, you get a notification, someone logs into vpn, you get notification, or you, you have a log entry at least where the GitHub one. I, I don't entirely know if anyone knows in chat, let me know. Like, can you configure? I, I never looked into it. Can you configure GitHub to like notify you? Right, because here's the thing, like I'm sure that they have federated authentication capabilities. GitHub's owned by Microsoft. But if you're doing a direct account on the platform itself, I don't quite know if you get the logging per se. Now there's two, there's two more things here that I want to point everybody out to. Okay, number one, number one, and this is important for all the GRC people, okay, number one, the company came out and said no product, no customer data was impacted, no secrets were compromised. Now for me and you, right, Kyle, Kyle was at BSides Tampa also I believe for me and Kyle and Sunny Allen and Phil Stafford and Marcus, Kyle for all of us, right, we're like, no kidding. Customer data wasn't impacted. This is just the source code of the software stack. But for business people, potential investors, other customers who want to use it, it is important to call out what was not impacted. Because if you don't specify what was not included, like explicitly, it allows people to have assumptions and be like, oh, like Grafana got hacked. Oh, we use Grafana. All our stuff screwed too. So from a, from a PR perspective, from a communications perspective, from a reputational management perspective, not just explaining what did get hacked, but qualifying what did not get hacked is valuable. And I mean your executives should know this. But, but if you're doing these tabletop exercises, if you're doing these tabletop x. No, I don't think Grafana is open source. If it was, I don't know how someone, I mean, then downloading it would have been not a, a problem. Make sure that you're, if you're doing these executive sessions that you include that concept for them. Finally, the third thing, and no one's gonna like this, but I'm about to say it. I was. I used to be a software developer, okay? And I've worked in many companies where there's software developers, you know, DevOps people, CICD pipelines. I've worked in some where they're incredibly rigid and incredibly thorough and incredibly professional, and I've worked in ones where they're incredibly loose. You know, they're basically. What's the guy from Fast Times at Ridgemont High? And I know you youngs are like, what is this guy talking about? Fast Times at Ridgemont High? This guy right here. Spicoli or whatever. This guy. Oh, yeah, hold on. If you're, if you're listening on audio only, I've brought up Spicoli, who I think is Sean Penn. Fast Times at Ridgemont High. This is like a, this is like our token developer, okay? And I, I'm not trying to dunk on developers. I'm just saying they want to be like, oh, man, I'm just chilling. I'm gonna start. I'm gonna start work at 11am so many tacos this weekend, bruh. Oh, don't tell me what to do, man. I'm, I'm a. I'm a developer. You let me dev, dude. Okay, well, here, guess what? The days of Spicoli are done, done, done, done, done, done. Hackers are targeting you. Threat actors are targeting you. You are soft target. You see this guy right here? Cool guy, you know, super chill. Everybody loves him at the party. But guess what? Threat actors know that this guy's got horrible OPSEC right here. Spicoli, you are an easy target. So what. What am I trying to say here, guys? You've. I'm not saying you come and, like, slap your developers around, but you've got to elevate their security levels and let them know, listen, you are the target. Our. Our CEO. Yeah, the CEO is awfully delicious as far as the target goes. But guess what, developers, you guys, because threat actors see you as soft, you're being targeted. And then. And my guy, okay, there are numerous instances of software developers being targeted. Grafana is open source. I'm. This is just coming across right now from DJ B Sec. Grafana is open source. Well, then what is the problem with downloading their code base? I, I, I'm confused then. Like, if it's open source, what the hell is. Did they download, like, the attack is that the threat actor downloaded the GitHub's environment's code base if it's open source. That's what open source means. It means the code base is open source. What am I missing? I'm sorry, maybe the coffee isn't flowing today. DJ B SEC is saying is open source, so I believe it. I just don't understand what the problem is. Okay, so Phil Stafford saying there's an enterprise portion. All right, So I guess everybody's right. Yay, we win. All right.

B

Spicoli rejects Azure vulnerability report and researcher disputes the decision A security researcher is accusing Microsoft of quietly fixing a serious Azure backup for Kubernetes vulnerability. After initially rejecting the report and declining to issue a CVE identifier, the researcher claimed the flaw could have allowed users with low level backup permissions to gain broader access within Azure Kubernetes service environments. Microsoft reportedly maintained that the behavior was expected and not a security vulnerability, despite evidence that changes were later made to the platform. The situation has sparked criticism from parts of the security community who argue that inconsistent disclosure and classification practices can make it harder for organizations to properly assess risk and prioritize defensive measures in cloud environments.

A

Final I hate this crap, dude. So Microsoft Azure has a critical bug, okay, where a security researcher was able to access cluster admin level permissions from a lower privilege backup contributor role. So this is a privilege escalation vulnerability, right? If we're, if we're qualifying this privesque. So you'd already have to get the backup contributor role, but this is pretty gnarly. Okay, you're able to go from backup contributor to cluster admin, which is a role I've never even heard of before, frankly. But obviously it doesn't sound good, right? With Azure, I don't know about you guys, but with, with Azure they invented like so many new roles that it's a bit overwhelming. I always get overwhelmed by the, the different roles inside of the Microsoft ecosystem. But the problem is this dude provided this information. I, I'm assuming here that he was able to demonstrate it and it was a valid vulnerability and then Microsoft come back and says no, no, no, it's good. This has happened multiple times, by the way, where a true finding is disclosed to a vendor and they say no, no, there's no issue here. And then they go ahead and fix it. Now, from a security perspective, a security researcher perspective, this deincentivizes researchers from spending time looking for bugs on these platforms. Because this security researcher, whether he, I don't know if he was going for money or not, but like it takes time, energy and effort, right? And to not be paid for that work is a pain. It's a pain point, right? Like, not to mention to me, dude, security researcher, vulnerability, discovery bug bounty. Like I, I don't understand why businesses aren't all in on this. You could have a thousand people looking for bugs in your code and you only have to pay the one person that finds a bug. So all that other research you don't have to pay for from a business perspective, it's awesome, right? Oh my God. We got this huge workforce and we only have to pay for results. I'll take two. Great cash homie. But the problem is when you don't pay this, like, honestly guys, this kind of comes across to me the same as like when you pay a ransomware threat actor the ransom and then they don't give you the keys. It's like, like you've left a terrible taste in my mouth and I'm not happy to, to add insult to injury, Cert, Which is there's like a AU cert, a EU cert. There's like a cert. It's like emergency response team. I forget what the C stands for. Maybe cyber security. But don't quote, quote me on that. CERT has agreed that this is a problem and they want information out there to people and Microsoft's still kind of sticking their face in the sand. So I don't know. It's not good. The problem is it. It's obviously a problem. Microsoft replied and said they concluded that it's not a vulnerability but expected behavior that requires pre existing admin privs within the customer's environment. Therefore no product changes were made. Oh God, that's gross. So Microsoft is saying, oh, you already need admin privs in the environment already. So according to Microsoft having backup contributor role, you are allowed to be a cluster admin. That's kind of how I read this one. Now after this dudes released this finding and Microsoft shut it down. When you try to exploit it the same way, you get an error saying the trusted access role binding is missing or has gotten removed. So this is just, this is just awful, dude. So basically what it appears is this guy submitted a finding, it is legit. Everybody believes it's legit, but Microsoft said no it's not. And then Microsoft fixed it. Fixed it, dude, I don't know if this was a straight cash homie decision, but Microsoft in general is pretty good about security. I feel like whoever, the human, whoever like received this one and had to make the decision, I think they're to blame on this one. I I'm, I'm, I, I'll side with the security researcher most of the time.

B

Builder flaw actively exploited to steal payment data Researchers are warning that a critical Vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious payment skimming code into WooCommerce checkout pages. The flaw affects more than 40,000 websites using the plugin and allows attackers to insert fake Google Tag Manager scripts that steal customer credit card information during checkout. Security experts say attackers are moving quickly to exploit unpatched systems, making immediate updates essential. Developers have released version 3.15.0.3 to address the issue, and administrators are being urged to inspect checkout pages for unauthorized scripts.

A

Cisa all right, there you go. So this is pretty straightforward, actionable information. It's 2026 and WordPress issues still exist. You thought you were going to get away from it, but you're writing. So here's the TLDR. If you are running WordPress in your environment, you should know. Now, you may not know about these plugins and I don't know if there's an easy way to query your environment to see, but the Funnel Builder plugin you need, you need two things. You need Funnel Builder and then you need the WooCommerce checkout. All right, so I think these are two different like plugins. We've heard of WooCommerce in the past. It's had some issues in the past, but effectively threat actors are getting back to 2015 crime where they're stealing credit card numbers, you know, in all the details, zip code, CVE or CBB or whatever it is. So you need to find out if you're running the Funnel Builder now, like, just like anything that's being actively exploited, you should remember this as a best practice when. And you drop this in a job interview too. Anytime there's active exploitation, you have to do two things. Well, three things. One, you have to figure out if you're, if it's in your environment, yes or no. Okay, Obviously. But if it is in your environment, you have to do two things. Number one, you have to get the situation under control. Either remediate the vulnerability or mitigate the risk down. If you cannot remediate the vulnerability or patch it. Right. You got to patch it. Ah, you got to patch it. Okay, so once you Upgrade to version 3, 5, 1 or whatever they said here, Funnel Builders newest version that's not exploitable, you have effectively put the fire out. Okay, now the second part. And some people sleep on this, so don't Sleep on this one. The second part you have to do is, is go look to see if you are actively exploited. Right? So it's like putting the fire out and then looking to see if there's any fire damage, smoke damage, anything to. To inside your house, AKA your. Your application that you're building or your. Your storefront or whatever. Because just because you stopped the problem doesn't mean that you were previously exploited and you have, you know, problems that you got to deal with. Right? So I. I don't know why this metaphor comes to my mind, but it's like having a hole in the bottom of a flower bag. You know, when flour gets everywhere, it's like, ugh. So hole in the bottom of a flower bag. Do you have flour in your pantry? Yes or no? So do you have funnel builder in your environment? Yes or no? Yes, I do have a flower bag in my pantry. Again, just bear with me. So then active exploitation is. Threat actors are know. Basically t taking the flour bag and shaking it around in the pantry. Okay. So first of all, you got to get in the pantry and you got to patch the bag, duct tape the bottom of it. Done. Then you got to look at the floor and see if you got flour all over the place, because that's a hot mess that needs to be cleared up. Same thing. Just remember, fix the problem, then look backwards and make sure that you don't have an ongoing active problem because of that original problem.

B

Orders federal agencies to patch Cisco SD1 bug immediately. CISA has ordered all US federal civilian agencies to immediately patch the critical Cisco Catalyst sd.

A

All right, hey, quick shout out to Roswell uk who's giving like transactional steps here. So if you're listening, I mean, if you're with us live right now, Roswell you@Roswell UK. Another reason to come if you can make it to the live over on YouTube like very explicit steps. Roswell UK. Great assist there, man. Thank you.

B

One vulnerability that is already being actively exploited. The flaw allows unauthenticated remote attackers to gain elevated access to affected systems and has been added to the kev. Cisco has released patches and has warned that the vulnerability represents a serious risk to organizations relying on SD1 infrastructure. Federal agencies were given a tight remediation deadline under an emergency directive, reflecting concern that attackers could use the flaw to gain persistent access into government networks.

A

All right, this is pretty serious for sure. You got to patch it. Ah, you got to patch it. Now, all of this information is specifically around federal agencies, United States federal agencies patching and CISA coming in and telling that. But, but this applies to us too, okay? So don't, don't sleep, don't sleep on this one. Like, don't look at this and be like, oh, this doesn't affect me. Two things to pick up. Number one, Cisco SD wan. There is zero question if you're running this in your environment. You know it, okay? There's no way. You don't. You don't casually roll out Cisco SD wan. I've said this last week. Like, you know, you'll be like in Aruba shop, a window shop, a Cisco shop or whatever shop. Real Bilbo is a fortinet shop. Lol. Okay? So you know, if you have Cisco sdwan, finally, I gotta point out, dude, Cisco SD WAN is like legit enterprise grade. Like basically enterprise network capabilities. Okay? So like, it is a very important piece of technology that allows you to almost have one cohesive control plane or mesh over all of your facilities and remote sites and everything in one kind of like organized network mesh. All right? So if someone can exploit it and get in you, you're in deep crap. Okay? This isn't like, oh, like, listen, that woo commerce funnel thing a minute ago, that's bad. But that's kind of like isolated to your website. This is like your entire enterprise network could get pwned. Like, you do not want this one to add emphasis to this one, to underline it bold font and then increase the font size two or three levels, right? Just so it's like really jumping off the page. The fact that the federal agencies are being directed to have this fixed by. It says Sunday, so I have to assume they meant yesterday. Hold on. When. What day did this come out? What day did this. Hold on. Cease's emergency directive came. Oh, what the hell? Hold on one second. Hold on. This is kind of like trashy. So that. Listen, the emergency directive that links in the story is from February 25, 2026. All of a sudden I'm feeling a lot like a I. So I don't research or prep for these shows, right? So you're seeing me work through my workflows in real time. Okay? So this emergency directive is the additional guidance that you need to do. Where's the. Listen, I want to know when cisa released this because what I'm. What I'm about to say is it csa emergency directive south dakota. Yeah, these are all from. All right, here's the thing. I guess I. All right, so it looks like maybe this is increased in emphasis because of active exploitation now and the addition of A vulnerability. All right, here's what I was going to say. All right, I was going to say when you tell a federal agency that they need to move quickly on patching like 72 hours, that is incredibly fast for a Federal Agency. The U.S. federal government moves at a glacial pace a lot of times and honestly they have massive infrastructure. They're huge, huge networks, huge, huge environments. So to me I thought, okay, like the fact that they're giving them like three days is insane. This must mean it's very easy to exploit. And a nation state threat actor like China for example is going wholesale yard, you know, yard working on all of these SDWANs. Like hey, we're calling in everybody on the weekend. Get your, get your pack of lunch because we're going to be going, you know, hard in the paint on exploiting all these networks. But, but dude, the vulnerability has been out for three months. Like I don't know. All right, here's all I'll say about this one. The Cisco has released the patch. They released the patch on May 14th. So just a couple days ago. I am quite confused about this story. Like I don't know if it must be a different vulnerability. All right, the security advisory provides details and fix information for vulner was discovered and was disclosed in February 2026. Okay, so. Again looking at this one, either Cisco, it either was so complicated a problem that it took Cisco three months to figure out how to patch it or it wasn't a priority until active exploitation happened and now it is. Okay, so now that I've kind of like unless unwound this Christmas tree light not this. The. The answer is simple. Okay? You got to patch it. Ah, you gotta patch it. Simple as that. Go patch your stuff. Cisco sdwan is not something you want to sleep on. Guys, you listen. Unless you want to work next weekend, unless you want to work next week and get this patch. Connect your networking team. Everywhere I've ever worked, the networking people are, are. They know what's up, they're hardworking, they want to get it done. I've never listen and this is just a personal experience and I'm not trying to glaze the, the networking engineers out there, but everywhere I've ever worked, the networking people were like legit. And I don't just mean like they knew what they were doing. They usually don't want to like mess around and fluff around. Like they just. What is it? Let's do it. Let's go. Packets are flowing, let's go. I've always respected networking people in all the places I've worked. All right,

B

huge thanks to our sponsor, Threat Locker. Threadlocker is extending Zero Trust beyond Endpoint control with their recent release of Zero Trust Network access and Zero Trust Cloud access. Access isn't based on credentials alone. It requires the right user, the right device and the right conditions. Because as we've seen in recent large scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With Threat Locker, nothing is exposed and access is limited to exactly what's needed. Learn more and start your free trial today at threatlocker.com/ciso. Yeah, Microsoft. Warren.

A

All right everybody, we are at the mid roll. Thank you so much for being here. I hope everybody's having a great show. I certainly am, thank you. I've been trying to work through the some of these stories. It's like my guy, am I right? All right, we gotta get a my guy emote. I've decided it's we gotta eat one of the existing emotes and then bring it. Guys, I want to say thank you to the stream sponsors Thread Locker Anti Siphon flare. Please remember links are in the description below. It does go a long way to help. Every single day of the week has a special segment and two Mondays. Today's is Simply Cyber's Community Member of the Weekday, which basically means I get to recognize one member of the Simply Cyber community, bring attention to them, their contributions, their efforts. Threat Locker does sponsor that you might be like what's that mean? Listen, Threat Locker, great company. They are the a main sponsor of the podcast, but they also sponsor the Community Member of the Week which basically what does this mean? It translates to I get to give a $100Amazon gift card to whoever wants it. Also remind me about the Simply Cyber shop. I've got a big update on that one as well. Ask me at Cyber Career Hotline if you remember. I've got a huge update on that one. But anyways the like so we kind of jump around. There was a lot of options. I know B sides Tampa happened this weekend. It was really good. But I'd like to call attention to this week's Simply Cyber Community Member of the Week, Marcus Kyler. Guys, Marcus Kyler has been in the the community for years and years and years providing mentorship guidance. He's got his own My Digital Pastor Content channel where he's putting out content trying to help people level up. He got married. During his time with Simply Cyber he's flown into the low country and given talks. He shows up at the DEFCON meetups and stuff. Dude, the guy is just someone who gives and gives of himself. Even. Even, you know, being willing to share or wanting to share with our community about his job and the situation going on there. So Marcus Kyler, first of all love having you in the community. Thank you for all you do. Even if he is a Detroit Lions fan, we look past that. Everybody but Marcus Kyler orig the OG of the year of the Yeet crew. So give a shout out to Marcus Kyler if you will. Marcus. Thank you for all you do. Ladies and gentlemen, you're simply cyber community member of the week. All right, let's crack on. Roseph

B

Soft warns of Exchange Server 0 day under active attack. Microsoft is warning organizations to immediately apply mitigations for a newly disclosed Exchange Server zero day that is already. Already being exploited in the wild. The CVE numbered flaw affects Exchange Server Subscription Edition along with exchange 2016 and 2019. Researchers say the spoofing and cross site scripting issue could allow attackers to compromise enterprise email environments. The vulnerability surfaced only days after Microsoft's May Patch Tuesday updates, which notably contained no reported zero days at release time. Pwn to own.

A

Wow, that's a first ever. Like the headlines about Exchange on Prem issue. But Patch Tuesday had 00 days in it. That's wild. I never heard of that before. All right, so check it out. It's been a minute. I thought we had put this thing to bed, but apparently not. Exchange on Prem has a zero day being exploited in the wild. Okay, so it's very straightforward. Ah, you gotta patch it. You gotta patch it. This thing can lead to total compromise. Guys, please. If you can migrate to Exchange on Prem. If you have Azure in your environment, a hybrid environment, whatever. Most people have made this migration at this point. If you have to run Exchange on Prem. Oh, okay. I feel like. Do you know the movie Summer Rental with John Candy? Okay, and this is an incredibly obscure deep cut, but the movie Summer Rental with John Candy at the end, he does like a. A regatta boat race and he's like the everyday man or whatever. He does a regatta boat race and he runs in. He runs this regatta in a pirate ship. Okay, okay. And I know in the movie it worked. Okay, this isn't exactly it. If you're. If you're watching on stream right now, it's a pirate ship. Okay, all right, hold on. Okay. Anyways, this is like Exchange on Prem. Okay, you can do it. It will float. But, but, but, but, but why? You don't need to do you don't need this. Okay, Exchange on prem. Yeah, look at this. This right here is Exchange. Exchange Online. You got like the Russian oligarch, money, super yacht kind of thing. Okay, listen, when you run Exchange in Azure, like I'm having like a brain fart right now. I've said it like twice already and now for some reason I can't remember what the name of Exchange in Azure is Exchange Protection Online. Anyways, when you run it, guess what, Microsoft maintains it. A lot of the attack surface isn't there. Yes, you manage the phishing policies and all that other stuff, but you don't have this vestigial pirate ship Exchange server on your network. And I get that some people need it or whatever, but there is zero days coming out all over the place. All right. It does affect Exchange on Outlook web access, the owa, which is definitely the Internet facing, you know, kind of element of Exchange, allowing your people to, to check their email. Right? So. All right, a permanent patch isn't available. They did release mitigation options, but it looks like this link in the story does not click, which is annoying. Okay, looks like none of them click. Hold on one second now. There we go. Nope, looks like I can't do anything. All right. Two dozen flaws exist in the CSA Known exploited vulnerability catalog for Exchange Server. All right, here's the tldr. Today you need to patch your Exchange server if it's vulnerable. Number two, you need to have a plan to migrate off of it or, or have a, you know, red bleep beep bleeping phone that's right there for you to pick up and call the Exchange administrator because just Exchange. Exchange is critical, but it has so many flaws it can like it's been a minute since we've seen them, but in my opinion, you gotta, you gotta either make a plan to migrate or practice putting fires out with Exchange.

B

Berlin hackers exploit Windows 11 and Edge.

A

Thank you, Exchange Online.

B

At the opening day of the PWN to own Berlin 2026, COMPET security researchers earned more than $523,000 after successfully demonstrating 24 unique zero day exploits against widely used technologies including Windows 11 and Microsoft Edge. The event showcased how rapidly attackers and researchers alike are discovering vulnerabilities in modern operating systems and browsers. Several exploits targeted privilege escalation and sandbox escapes, while others demonstrated remote code execution capabilities. Researchers discover 18

A

all right, dude, this is so sick. All right, so pwn to own. If you haven't heard of it, pwn to own it. I believe it originally started in Vancouver but now they have like multiple internationally. So basically a group of like very talented security researchers get an opportunity to basically sit down and find a bunch of zero days. Like finding zero days is not trivial. And then to find 47 of them is crazy. And we're talking real money. This is like to me, this Pone to Own is kind of like the Olympics of security research work. And they're getting real money, dude. Over a million dollars was given out over the weekend. $1.3 million from May 14 to May 16. If you're wondering why it's called pwned to own. Back when it first started, it was hardware and it would be like the newest iPhone, the newest Google Pixel or whatever, the newest Dell laptop. And if you were able to pwn it, I. E. Get sysadmin privs on it, you got to keep it. Right. So that was kind of. That's where the own part comes from. You got to keep the hardware, so. Which was kind of a cool like. Badge of honor, right? Because you'd have the newest iPhone before it came out. This gives me, you know, if anything this, this gives me heart that, you know, AI isn't fully ready to take all the things. It didn't really get into the details. I don't know if these security researchers are using AI as part of their workflows, but yeah, love it. If you're a security researcher or you're into security research, the Pwn to own contest is definitely where it's at. Yep. You could see here they actually have like a cool little YouTube video. Yeah, like a hype video here for Pone to own. This is super cool. Let me share this y'. All. I like. Did I copy it? Yeah, here we go. Pon Own looks like a hype video. Go check it out. I'm sure it'll give you greater details. Basically this is just a contest for nerds. That's it. And I love it, dude. A million dollars. Like let's go. Like this goes back to this Microsoft Azure story where security researcher found a bug and Microsoft didn't give him money. Like you're not incentivizing people to find problems that criminals and nation states could find later on. But when you reward them $1.3 million, you are going to get the best and the brightest.

B

Wanting to contribute year old NGINX vulnerability. The researchers made the discovery in the popular open source web server nginx. That is nginx. That can lead to denial of service attacks and under certain conditions, possible remote code execution. The flaw was Reportedly identified using an autonomous AI driven scanning system capable of analyzing legacy code for hidden weaknesses. Researchers say the discovery demonstrates how older widely trusted infrastructure software may still contain exploitable bugs that had escaped earlier scrutiny. Nginx remains one of the world's most commonly deployed web servers, meaning any serious vulnerability has potentially massive downstream impact across cloud services, websites and enterprise applications.

A

Have a good day, Devin. All right, guys, listen, this is what I'm talking about. If you've been with the channel for, you know, a minute, this is, I'm like banging the drum on this one. I, I swear to God, this, I. This is a vital observation that is going to impact all of us. 18 year old vulnerability in a. One of the most widespread deployed pieces of software out there right now has an 18 year old vulnerability that was discovered using AI. Again, please. Mark tape. We are go. We are entering this like we're entering this phase of crap storm where AI is going to be able to look back over the last 20, 25 years of software and find so many bugs that were not found by humans because AI is better at finding them, frankly. And at some point we're going to use AI to write secure code going forward. But in that window between 25 years ago and the day that we start writing code securely with AI, there is a huge, huge, huge Raiders of the Lost Ark sized warehouse of software that is going to be full of bugs. And this is, dude, right here, this story right here, this is like the first couple raindrops, you know like when like you like, you look out and you see a couple raindrops hitting the pavement or a couple raindrops hitting the window and you're like, oh, looks like a storm's coming. The storm is coming. I'm telling you right now. Do me a favor. You. You have to do the following, okay? Acid inventory. Oh my God, Jerry. Asset inventory. So lame. So boring. GRC people. You suck. Yeah, well, guess what? The bill is coming due, guy. You need to know what software you have in your environment and you need to be able to have a great relationships and open lines of communication with your engineers, your IT counterparts, application owners, and the business. Because those couple raindrops is about to turn into one of those downpours that you have to pull over on the highway under an overpass with your flashers on and just wait it out. This is going to turn into a nightmare. Okay? Not Ingenics. 18 year old vulnerability. This is a symptom. This is a harbinger. This is like the Silver Surfer coming in and Galactus is the 25 years of vulnerabilities that are about to rain down on us. Believe me, you're gonna be like, oh my God, Jerry, calm your, calm yourself down. And then in like a month, two months, six months, you're gonna be like, damn, Jerry was right. Okay? I don't normally feel so confident and, and spit hot fire like this, like I'm dialon. But listen, I'm telling you, I swear to God, this is, this is a pending train wreck that you still have time to put your seat belt on.

B

CISA urges critical infrastructure to prepare for long term isolation. The agency is advising infrastructure operators to prepare for the possibility of operating independently from IT systems and third party vendors for weeks or even months during a major cyber conflict. The guidance is driven largely by concern over persistent threats from Chinese state linked groups such as Salt Typhoon and Volt Typhoon. CISA plans to conduct targeted resilience assessments focused on ensuring utilities and infrastructure operators can continue delivering essential services even if disconnected from external networks. The agency says organizations should strengthen operational technology resilience and rehearse manual recovery procedures, reflecting growing fears that future cyber conflicts may deliberately target interconnected infrastructure deployment dependencies. If you have some.

A

All right, so a couple weeks ago, CISA advised critical infrastructure organizations to plan for being able to operate down. Now they're going to be doing assessments allowing you, seeing how you behave when you're disconnected from IT networks. All right, here's, here's what happened. Let me, let me, let me read between the lines for you, okay? We have been trying for years to harden OT and ics, right? There's like a lot of IT that's being overlaid with ot. So it is like computers, networks, things that we use normally, right? Day in, day out. OT is operational technologies, right? Think of like opening a flap to vent gas or mixing lye into water to clean it. Like, but only a certain amount, okay? Like operational technology, kind of interfaces of cyber physical systems, a robot on an assembly line, okay? Those are really incredibly specialized technologies that require specialized knowledge, okay. And they're expensive. Often and for, for years and years and years they weren't really integrated with it. So they just kind of went off and did their own thing. Now they are integrated and threat actors are well aware of it. China notably has spent a lot of time, energy and effort getting into all those things. And we at the United States federal level have been trying to get critical infrastructure to take it seriously and do things. Here's my hot take on this one. Somebody in, you know, authority finally said all Right. The freaking not getting it. It's not going to change. So let's go with the nuclear option. Let's start planning for just unplugging it. When, when you're dealing with an active incident, you do have the option to unplug the network. Unplug the Internet. Okay. By unplugging the Internet your remote based threat actors can no longer access resources internally. Their persistence Mechanisms don't work. C2 doesn't work. None of that crap works. You are also not on the Internet, which means you can't do work. Right. A lot of times that's what they're suggesting here. All right guys. Uncle, you obviously can't fix it. So what we're trying to do is you need to operate without IT access. Let's do that. Okay. For weeks to months. Basically blast yourself back into the stone age because that's the best we can do. Which is so annoying and so frustrating. As an advanced civilization you'd think we would be able to get this figured out, but instead we can't. So we're just going to go ahead and unplug it. And that's our like literally our response plan to a nation state threat actor on our like water system is to unplug it. I do want to point out critical infrastructure is, they're using this term quite generically. Critical infrastructure includes water, dams, agriculture. What's up? Kathy Chambers, right. Our resident agro cyber expert. But it in those things are kind of energy, those are kind of obvious. Okay. Like those things we should, it's, it's clear what the physical system is. But critical infrastructure also includes communications, financial sector, health care. So guess what, you're not going to unplug the financial sector from the Internet. Good luck with that my guy. So I think that they're using the term a little loosely, but whatevs. All right, Hala, Hala. Holla. Guys, we did it. Fastest hour in cyber. I was your host, Dr. Gerald Ozier here at Simply Cyber's daily cyber threat brief. Don't forget, get your cpes exclamation point CPE and chat. To be delivered a URL to this website, you have to do it the day of. You if you're watching on replay and it's like May 25th and you're watching the May 18th episode, you don't get credit. You can't get the credit. It's. You have to do it the day of. All right. And hey, the big reveal the day I get held accountable is June 1st when the emails go out. But I'm Jerry from Simply Cyber. Thank you all so very much. I hope you got value from the show. Come back tomorrow. Bring a friend. Shout out to Marcus Kyler, our community member of the week. Now, guys, you might be like, oh, man, that was such a great show. It's not over. We got more value for you. Welcome to the Cyber Career Hotline. Stay tuned. You got questions, I got answers. We're gonna dig into it in just a hot minute. If you got to get out of here, have a great Monday. Till next time. Stay secure. I'm Dr. Gerald Oer. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it. All right, all right, all right. Holla, everybody. Welcome to Cyber Career Hotline. 30 minutes AMA. You ask. You got questions. You ask them with a Q in the front, and I will answer them. I'm your host, Jerry Guy, not to be confused with that nerd, Dr. Gerald Oer, my guy. AI is going to find vulnerabilities, dude. Get a hobby. All right, so check it out. What do we got here? Questions in chat with a queue. I answer them because it's all about good times. Reminder, Simply Cyber Con CFP is open. Also, Simply Cybercon registration is open. Get early bird pricing now. Also, also, I'm gonna be. I talked to Code Brew about this over the weekend. I need to schedule a Simply Cybercon, like, whatever organizer meeting, knowledge share thing I got. I. I locked down a second sponsor this week, weekend, and they had, like, a particular ask, which I do want to deliver on, but I just got to figure out the best way to deliver it with everybody. Where's the freaking questions? If you got a question, put it in chat with a Q. I am here for you to answer the questions. James Quickens in chat. What's up, James? If you are at Bsides Tampa, holler at you. I do want to say shout out to FedEx. I saw a team photo with the Simply Cyber flag on the Discord server, so that's super dope. All right. Hey, here we go. Request lines are open. Phone lines are open. JT Gorman says, hey, Jerry, I have a round table with the CEO of my company later today. What would be a good question to ask? Oh, I do have to understand. I. You know, it depends. Like, I don't understand. Like, what's the. What is the agenda for the round table? Is it. Is it like an open forum, like a town hall, where you get to ask the CEO what, Like, whatever you want because you could ask, you know, I, I don't know, like what? See the CEO. The questions you should be asking the CEO is like, what's the direction of the company? You know, where, where are we go. Like where are we going as a company? If honestly. Okay, so J.T. gorman, here's what I would ask. How is the CEO seen? Like how, how does the CEO believe AI is going to impact your specific business? That's what I would ask. Right? It's, it's much less can I get budget for software. It's more like, hey, AI is disrupting. This is exactly how I would ask it. Hey, thanks for taking my question. AI is such a disruptive technology and I'm sure at the executive level you all have been giving it strong consideration. How are you seeing AI disrupting and being integrated at this company in the next six to 12 months? That's what I would ask. That's a totally appropriate question for a CEO. Do you have a volunteer sign up for Simply Cybercon? No Trikin, not yet. But I will say there is a Simply Cybercon Discord server. Everybody, if you go to simply cybercon.org simply cybercon.org is the official con website and down the bottom there's a Discord server link. You can see it on stream right now. Join the Discord. Start asking for there. Any. Any kind of communication will be done through the Discord server. So if we do volunteer sign ups, it will be there. It's a new employee roundtable. Okay. Yeah, I mean I. I would ask about AI striving to learn. Hey Gerald, take my pen test plus what's the last class of my degree? What should one do right after finishing the last class to get ahead? Well, congratulations on finishing your cl. Your course or your class. I know that was a great WGU experience. Well, I guess what should you do right after finishing the last class to get ahead? I mean if you're not already doing it. I would definitely be networking with within the class. Within your. The other people in your class who are overachievers and you should be developing relationships with them. WGU has a very strong alumni network, so I would definitely tap into that. They have a Discord server that's like invite only. I tried to get into it after I came and spoke to WGU a few times but they didn't give me access, which is fine. So relationship building and networking within that WGU community also. I mean, I don't know what you want to do. So like whatever area you want to focus on, like pen Testing, talk, whatever. I, I would, I would, you know, be focusing on that right now. Guys, I strongly believe that your network and your relationships and your personal branding is as important, if not more important than your technical skills right now. Roswell says love the CPE form, but can we have a longer confirm or separate confirm page? After entering details, it just quickly flash passed and lands back at the empty form, which could be confusing. Yeah, well, Roswell uk, there is like. When you do put it in here, When you put it in, there is actually a banner that pops up that says, you successfully did it. But I'll look into it. I'll look into it. All right, I. I saw Kyle ask the. Oh, here we go. Curious if there's pre conference activities. Trying to book my flight so I don't miss out last year. All right, so Elliot's talking about Simply Cybercon. Listen, let me share this with you. November 2026 calendar. Okay, so look at this really quickly, everybody. This is a calendar. And for those listening on audio only, I'm looking at a calendar of November 2026. Simply CyberCon is November 8th and 9th, okay? Which is the second week. Sunday and Monday. B Sides Charleston is Saturday the 7th. Now, I'm not Simply Cybercon is not affiliated with B Sides Charleston, but we are like sister organizations or brother organizations, meaning we tell people about their conference, they tell people about ours. We share tips, tricks and everything like that. So if you would like to go to besides Charleston, Elliott, it is that day. If you are, if you've been. I mean, we haven't picked speakers yet, but a lot of people will come in on Saturday and Saturday night there'll be a lot of pre conference activities. Typically there will be. I mean there. There most certainly will be a speaker dinner number one. And number two, there will be like a reception at the conf. At the conference place because it's at a hotel. I've already talked to the conference organ. I'm the conference organizer. What an idiot. I've talked to the hotel and like my handler there, and we're going to have a space for reception, which basically means like pre conference happy hour. You don't have to drink booze if you don't want to, but like, there'll be an entire like little soiree kind of thing. That's the best I can do right now. You won't miss anything. There's nothing day of on Saturday specifically, except B Sides Charleston. And then of course, Sunday and Monday. I'm taking care of all the things. All right, great question. Kyle did ask, I saw it, I don't know where it is now, but I did see the question about the shop. For the longest time, guys, for the longest time, Simply Cyber's merch shop, where is it? And I said, oh, it's 20 off right now. I don't really do anything with this right now. If you want Simply Cyber merch is 20 off. This is just, I don't really promote merch or try to push it or anything like that. If you want it, cool. If you don't, cool, I don't. It's not, it's not like germane to the way that I fund Simply Cyber. It's just a cool thing to have. But 20 is the biggest discount that they do ever do this platform. So if you want. But here's the thing, this platform is kind of cool and I've got the Joe Hudson picture and the, the cool mixtape thing and all that. But I was giving away merch for the community member of the week. But it became very onerous to do because I would have to, I would announce like Marcus Kyler won and then I would have to hunt down Marcus Kyler. Then I would have to get Marcus Kyler's top size, get Marcus Kyler's address, then go onto the platform, order the stuff myself to put it on the company credit card, then mail it, then con. And it was all, it was all just too much. I couldn't do it. We're getting a new platform through a different company and that company, like I can just give you a coupon code to go buy whatever you want in the shop and they've got nicer stuff. So anyways, like the merch is about to get elevated again. I don't, I don't, I'm, I'm not pushing the merch. It's not like, like just if you want it, it's going to be nice stuff. I'm excited about it. It's been an area that I've wanted to improve upon for a while. Hansel says I have a background in accounting and willing to transition to GRC. Got the CC by SC2SEC plus and SISA designation. Hell yeah. What will be the road map for making the transition? My guy? You're already there. All I would say now is, you know, get familiar with NIST. CSF would be great. NIST 853 Tac A, which is how you would do the assessment of security controls. I mean, if you have a cisa, you already know how to do that. I mean, that's like that you, you're, you are set up for that. I would start, I would start publishing content on LinkedIn about different, you know, GRC stuff. And then I would, if it were me, Hansel, I would look for cmmc Readiness Assessment, Auditor Jobs, cmm. Charlie, Michael, Michael, Charlie. Look for that because that's exploding right now and that's a great on ramp for GRC audit. Jared says, how can someone get a Simply Cyber Flag? Are they for sale? No, they're not for sale. But I will tell you, I'll tell you this and I'll tell everybody this. If anyone wants like, if they like. I don't know how to set up a poll or something here, I'm gonna set a poll up. Please, please answer this honestly. All right? Please answer this honestly. Would you want a Simply Cyber Flag for I think 20 bucks? I think they're 20 bucks a piece. Maybe. Like I listen for the Merchant and the flat. I, I don't, I'm not trying to make money off of it. So it's not like if I buy a thousand, I can buy them for $5 and sell them at $20. No, I just, like, I don't care about that. That's. I mo. For those who don't know. The way that I fund all of this is through sponsors. Right? Like, I try not to charge you guys anything. That's why the classes at Simply Cyber Academy are priced so low. That's why the merch is so like almost a pass through the businesses. The threat lockers, the flares, the Ciscos, the, the, the anti siphons. Like that's where the money comes from. So. But I think the flags are 20 bucks. The thing is, I have a couple in this drawer back here. I'm willing to buy like 25 of them and bring them to Simply Cybercon and just sell them. Just let me know. Jazzy Jazz is Simply Cybercon in person or online too? Yes. So what we always do is we stream the, the talks at Simply Cybercon. We stream the talks now. The talks. The Simply Cybercon format is different this year I am continuing to level up Simply Cybercon and make it an experience. I want it to be a lot like wild west hack infest. So this year it will be. You show up, I feed you breakfast. Breakfast to lunch is talks and that'll be streamed live like it always has. We eat lunch together from lunch to dinner time. It's like workshop panels and wild card stuff. Now I can make that streamed. I just don't know how good it'll be streamed, but we will stream it. And then after dinner, it's like activities and that will not be streamed. Hey, Gerald. Tomorrow I take my. Okay, we already talked about that. Good luck. Striving to learn. Carrie says I'm taking the data analytics pro cert on Corsair. Is there a way one's done to get a job with logistics? I, I don't know, Carrie. I'm more of a cyber guy. I, I don't know about data and logistics, but hopefully, you know, here's what I would do with something like this, Carrie. I would look at the data analytics professional cert, look at open jobs that are asking for that certificate and, and see what those jobs map to. Also the, the landing page, the thing, the marketing, the thing. Selling this course should highlight what jobs this course will set you up for. So that's what I would, that's what I would do, Carrie. Yeah, Roswell says he sees the banner now. Yeah, no, no, it's, it's good, dude. Like, I'm not saying you're wrong. It's good, it's good end user feedback. I will basically I'll go code in something more, more obvious. You know what I mean? Maybe a pop up, I don't know. Yep. Code Brew and Tech Ricky with the unofficial welcoming committee last year. Yeah, I definitely appreciate that, Brent. And yeah, we could definitely do that. Oh, oh, by the way, another thing that I'm working on is, shoot, I gotta do this today. Code Brew pointed out we're also looking at like obvious the ticket is simply Cybercon's 40 bucks, but that we're, we're looking at having like boosters or backers. So it would, it would be, you'd basically be like an individual sponsor for the conference. And we're looking at how to make that rewarding for you. So like, I haven't done all the, the things yet, but like a booster or backer would be like you buy a simply Cybercon ticket for like $150, and then in addition to the ticket, you get something special, like you get a special shirt or you get to go to the speaker dinner or something. I, I don't know yet what it is, but we're looking into that too. Only because some people have expressed interest in wanting to support more of the conference and, and just be real, dude. If we're feeding you breakfast, lunch and dinner three, two days in a row and the ticket's $40, like the food is gonna be, you know, the food. Last year it was like $117. Per person expense and I think the tickets were like 25. All right, all right, thank you, Pocket Pixels. Giving me some love, saying I'm not an idiot. I think I self selected I was an idiot and she was picking me up. Roswell uk. Sandy appreciates the merch. Thank you, Roswell uk. Trust me, listen, I would rather give merch out than the Amazon gift card. There was some like, some anger within the community when I suggested pivoting to that. That's why we went back to the Amazon gift card because people got upset. But I think the merch is cool. I'm gonna end the poll right now. 59 people voted, 68 would like the flag. So what is that about 40 people? 40 people said they would buy a flag at Simply Cybercon. All right, well I'll, I'll tell you what guys. I'll buy a bunch of flags and it'll be first come, first serve. But I really hope I don't go home with like 35 flags. I, I don't want to. The reason that I use the shop for the merch and everything is because I don't want a warehouse of gear. Assembly. Cyber flag giveaway, possibly. You know what, the flag, that's another example. Like those backer boosters. The flag would be something that a backer booster would get. That's like a, that's like an easy one. Oh, a lot of people are asking for those flags. Hey, FedEx. Okay. Yeah. I didn't realize there was such a demand for the flag. I'm, I'm absolutely happy to get these flags to y'. All. Okay. In fact, I'll order. I'll tell you what, today when I sit down in my workstation, I'll order 40 flags. I think I have like five in there right now. I'll order 40 flags. Simply cyber snapback caps would be cool. Okay. All right. All right. It's 9:22. This is Cyber Career hotline. Definitely looking forward. People got questions, put them in chat here. Now says Gerald. How do I network as an introvert? I want to talk, but I don't know how to even start a conversation. And I know I need to network. I went to a conference and I wanted to start and I just sat there. Okay, here now I feel you. I do. I'll just tell you so. And I don't feel like I'm speaking out of turn. Mara Levy came up to me at a conference. Mara Levy is a self identified introvert and she had a, she has a bunch of stickers and she walked up and she handed me a sticker and she's like, hi, I'm Mara. Here's a sticker. I'm like, oh, great, this is cool. Stickers. Like, I actually made it. I'm like, oh, that's great. And then we start talking. So Mara Levy uses giving someone a sticker as an icebreaker. Everybody loves stickers in cyber security. It's an easy way to initiate the conversation because and psychologically you're giving them a gift. So now they're like the law of reciprocity kind of goes. Not that they're going to hand you a sticker back, but now they're gonna be like, hey, what's up? Another one here. Now like, if someone's wearing a, a shirt, right, say they're wearing a Red Canary shirt or a Magic the Gathering shirt, right? Or whatever. Maybe there's an opportunity there for like, hey, like, especially like, be honest. So be like, hey, cool shirt. Is that Red Canary? Where'd you get that shirt? Yeah, it's Red Canary. Like, I actually was at Wild West Hack and Festival and they had a booth there and I picked up this shirt. Oh, that's interesting. I, I haven't been to Wild West Hacking Fest. Like, do you like that conference? Like ask questions. Another thing, like, I know you're introverted, but one thing to note, and this is not, this is not to be rude or not to to be whatever, but like people love talking about themselves. Like, this is like a well known human trait. People love talking about themselves. So if you ask open ended questions about them, they will talk, right? Let them do the talking. So hopefully that helps also here. Now another great opportunity is to start talking on the Discord server, right? Discord. Your face isn't there. The barrier to entry socially is lower. And then be like, hey, I'm going to B sides Tampa this weekend or I'm going to simply Cybercon this week. Who's gonna be there? Find a couple people. That way, when you go to the conference in real life, you already have established a relationship or at least a, an ice break with these people and you could start talking that way. If you would for adhere. Now can you add here now in chat, share your favorite tip for breaking the ice at a conference. All right, Low pros in the low country wants to keep an eye out on the Discord server. Thank you so much. Low Pro would love to have you there. What's the flag look like? Check this out. So this is actually a great opportunity here. Well, two things, two things. One, Dan Rear. Dan Reardon has decided that this is going to be the My guy emote. I'll have to do this today. This is the My guy emote. You can. We're gonna have Denzel. My man, my guy. We're gonna have this one coming up in the squad emote soon. So stay tuned for that. But I want to show you this. Where is it? Where is the photo, James? Oh, there it is. Here's what the flag looks like. High Cipher. This is the team photo at Simply at B sides Tampa. Right? There were more there that missed the flight. I mean, missed the team photo initially. But this is the flag right here in the middle. And this is shout out to the B side stamp. Also, FedEx brought his daughter. Simply Cyber community is inclusive, guys. Remember, the core values here are threefold. Support, inclusion, empowerment. If you can't get down with that, I. I'm usually super chill. If you can't get down with support, inclusion and empowerment, go find another community. Because that is the core values that we do here. But anyways, this is the team photo. Love it. Oh, by the way, Kyle's right there. Kyle. Kyle. The real Kyle. Kyle is right there. All right. Continue to look through chat. Gibbot says Dr. Ozier, just to thank you for support on my job interview questions. I had the interview Friday and the director says an offer is coming this week. No wrecking ball, but we're close. My guy. Yes, sir. All right, hold on. The regulators was a misfire. I just got so excited. Hell yeah, dude. Hell yeah. Hey, dude, you got the job. You know, we were just part of the experience for you. Part of the journey. I'm so happy. Give. What? Come back and share it. I would love. I would love to play a wrecking ball. Gib. What? So hard. Hold on. Let me check my schedule, make sure I don't have a 9:30 I gotta drop for. Nope, I got a 10. Oh, wait, hold on. I'm sorry. Ryan says were you hanging out with some Southies over the weekend? The Boston XM seems stronger than normal today. Yeah, I know, I know. It actually is kind of coming out. I don't know what. What it is. I don't know what it is. Maybe I'm. Relax. Hey, Jerry, I got a new job as a compliance manager thanks to your GRC Master class. Heck, I'm telling you guys, I'm telling you, I can't promise you a job. But that GRC Master class, I literally purpose built for this reason. F. If I wasn't so. If I wasn't so clean Mouthed on stream. If we were in person, Tim Ferrari, right now, I would be dropping F bombs, like in the best way possible. Hell yeah, dude. Oh, so good. Pocket Pixel says, don't put stickers on your laptops. I feel like, I feel like. Hold on one second. Like, I don't know where the, you know that monkey meme where he's like got his eyes going sideways? I feel like that's me. I've got laptops. I've got stickers on my laptop, stickers on my water bottles. All right, see, looking in chat here, Kai Cipher says if you're at DEFCON and someone's got like 10 years worth of badges hanging from their neck, ask what's. Which is their favorite. Oh, yeah, there you go. It's perfect. Continuing to look through chat. If you got questions, put them in chat with a queue. Soul Shine, can you make baby size shirts? Yes, the new shop actually does have baby sized shirts. All right, I'll. Continuing to look through chat here, come here. For the Boston accent, how do you become a simply cyber mender? I'm new here, so Robert Greenberg, first of all, welcome to the party, pal. Welcome to the party, pal. Second of all, Robert, you have to do it over on YouTube. So Robert, if you go to Simply Cyber IO slash. I mean, I'm sorry, well, Simply Cyber IO stream, or you go to YouTube.com/at Simply Cyber. So Robert, come. Come over to this. This is the Simply Cyber YouTube channel. Come to it. And then you see how it says live right here. That's us. This is us right now. It's very Inception like, but once you're here, then you can join the squad members. It's like two or five bucks a month. Again, it's deliberately designed not to be prohibitively expensive. And then you get all the cool stuff, dude. All right, Looking through Chad here. Oh, crap, we're at time. All right, I'm gonna speed run the rest of the questions. How's the bill? Oh, my God, Nicos. I don't know. I don't know, man. I don't know. I. I know I should do that vulnerability management class. I've. I've already recorded it. All right. I don't have a good eta. I'm sorry. It's like one of my biggest fails. Jazzy Jazz, what's the difference between healthcare it and government? How do they have a cyber analyst in healthcare? Or is it outsourced? Oh, yeah, larger healthcare organizations. Listen, larger healthcare organizations will have their own cyber security department. Smaller ones will not, because they'll just have an MSP doing their IT and likely not have cyber security. If you're interested in learning more. Jazzy jazz. My entire dissertation, the five chapter 200 page book I wrote to get my PhD is literally on why small healthcare businesses suck at cyber security. So that's. That's what's up. All right, continuing to scan. Okay, we're caught up. All right guys, I gotta get out of here. This has been Cyber career hotline. Thank you so very much. I. I appreciate. I tried to answer everyone's question. I know that we did a lot of simply cybercon stuff and I appreciate that. Rozzo uk. I'll see if I can make that pop up window thing a little bit more obvious and I'll order those flags today. Guys, I'm Jerry, your chat till next time. See you tomorrow. Stay secure.