A

All right, what's up, everybody? Welcome to the party. Dealing with a little restream issue. There we go. Now we're cooking, baby. All right. Sorry. I see Justin Gold busted my proverbial chops up in here. Good morning, everybody. Welcome to Simply Cyber's daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Dozier, coming to you live from the Buffer Ozer Flow studio. If. Oh, my God, guy. If you're looking to stay current on the top cyber news stories of the day while being entertained, educated, and taken for a ride with the Simply Cyber community, well, then you're in the right place, because that's what we're doing here every single day, 8am Eastern Time, Monday through Friday. We do take the weekends off and Memorial Day, FYI, as we get set up, guys, we got a great show for you. So do me a favor, sit back, relax, and get ready, because we are off and running on this beautiful two Tuesday morning. All right, now I'm dialed in. I'm locked in. As the Gen Z's like to say, locked in. All right, guys. Hey, what's cooking? Hope everybody's doing well. It's Tuesday. Feel Tuesday feels like the longest day of the week. I guess that's what it feels like. But guess what? Every day of the week has a special segment here. That's how we cook and how we keep on keeping on Tuesdays is Tidbits Tuesday with me. I'll share a little bit about myself. It's a podcast recommendation, slash, just vibing on things that people are into that no one talks about. So little teaser for you there. I feel like Phil Stafford's gonna shout to the skies when we get to that segment. Guys, every single day, we go through eight cyber stories of the day. We break them down, go through the headlines, give you what you need to be able to take action today. But I've got 20 plus years of experience. Many folks in the Simply Cyber community have a lot of experience. Experience. So we are going to go beyond those headlines and give you additional insights, additional value, additional ways to utilize that information for yourself. Because at the end of the day, I care about you less about your organization. Now, that's not to mean I don't care about your organization, but if I, you know, if it's your organization on one side and you on the other, and I can only grab one, I'm reaching for you. So that's what we do here. Trying to level you up to be the best cyber professional you can be so you're marketable. So you're the CEO of you. So you can take care of what you need to take care of. Because in 2026, my guy, no one's sticking around and getting the gold watch if you're picking up what I'm putting down. All right, guys, Now I do want to tell you, if you're here for the first time, drop a hashtag first timer in chat. Hashtag first timer in chat. Big fan of the first timers. We have a special sound effect, a special emote that we love. Welcoming the first timers. Code brew. Found it, guys. Based on popular demand, we have a my guy emote. My guy emo. Denzel Washington, Training Day has entered the chat. So if you'd like to play around with that, please do it. Hey, we got some first timers out shout showing up in chat. Pirate Kitty. Welcome to the party, pal. Love it. Pirate Kitty. Oh, open. OPSEC Charlie. Welcome to the party, pal. A lot of first timers up in here. OPSEC Charlie and Kitty, Kitty, kitty. Pirate Kitty. Love it. Pirate Kitty. Making me think of B sides. Tampa. You first timers, I hope you have a great time with the show today. Want to remind everybody, hey, you first timers, keep this in mind. Every episode of the Daily Cyber Threat Brief is worth half a cpe. Now, we were asking people to write it in chat, which is fine, but we've got something better for you. Put an exclamation point. CPE in chat. Built a website for you guys. Go ahead, put your name, full name, you know, Gerald Oer, Pirate Kitty, whatever. Drop your email address. Whatever the full name is that you put down is what's going to show up on your certificate of attendance. The email address is where it's going to get emailed. And you got to check these two boxes to give me permission that you're allow me to email you and that you own the the ethical obligation that you're not lying. Once you submit this on June 1st or the 1st of every month, I will email you a certificate with my name on it, all the things and a breakdown of all the days that you attended the Daily Cyber Threat Brief. This is a service that I provide to you as part of being part of the Simply Cyber community. So I'm very excited it's in beta. Also want to say shout out to Roswell uk. I'm a big fan of iterating. You guys know. You guys know for a fact I'm not. I'm a guy who believes in progress over perfection. Roswell UK gave me some feedback yesterday. He Said that when you put in your name and email and hit submit, it's not super clear that it did it. So I've changed what happens when you submit it. So go ahead and submit for your CPE and let me know what you think about the new, I guess, confirmation page. All right guys, we got first timers, we got CPEs. You know, I do want to say shout out and love to the stream sponsors because this CPE is hosted on cloudflare, which costs money. It's simply Cyber IO, which is a domain name I have to pay for sending the emails is not free. So how do I pay for all this? How come, how come I'm offering all this awesome free service to you guys? Because the stream sponsors enable me to do it. If you'd like to check out the stream sponsors, please use the links in the description below. It does go a long way to help support the channel. I'm not saying you have to do it, I'm just saying if you want to support the channel, it certainly helps by doing your part, right? Flare's cyber threat intelligence platform is bomb.com. they go on the dark web, they go into the cyber criminal telegram channels, they go into the info stealer logs, they go into all the dirty bits, get filthy dirt under their fingernails and then they come back to Flare headquarters, they drop it in their patent database, make it very easy to query and search for you. And then you can find all your users that are compromised, all your passwords that are compromised, API keys, session tokens, endpoints, domains, lookalike domains, threat actor chatter on upcoming attacks. This is gold. Like literal gold. If you have used this platform yourself, please sound off in chat. I know several of you have right now go to Simply Cyber IO Flare and you could sign up for a two week free trial, no questions asked. See what I'm talking about? I'm telling you, I've used this platform. It is awesome. Plus the people at Flare are pretty awesome as well. Simply Cyber now, if training's your bag and you want to get some skills, may I recommend Anti Siphon training? Anti Siphon training is disrupting the traditional cyber security training education by offering high quality, cutting edge education to everyone, regardless of financial position. And if you're free Tomorrow, Wednesday or May 20th between noon Eastern and 1 Eastern, well then come hang out with Corey Overstreet and many of the Simply Cyber community to learn how to bypass, evade and exploit as a red teamer. This will be a deep dive technical talk even if you don't want to be a Red Teamer. This is incredibly valuable from a defensive perspective to see how these threat actors or you know, lookalike threat actors. Corey's pretending to be a threat actor so we can level up our defenses. You can outperform those threat actors and detect them before it's bad. Of course the show starts at 11:30 with pre show banter. You can kick it with other like minded cyber professionals. If you didn't know if you like the Simply Cyber community and you like this vibe that's above my head and you didn't and you were looking for more community. The anti siphon streams are great. Black Hills Community very much similar to Simply Cybers Community. I would say Black Hills Information securities Community and Red Sieges Community are very similar in vibes to to Simply Cyber if you're looking for one. And then finally guys, Threat. Threat Locker, longtime sponsor of the platform. I am a huge fan not only of Threat Lockers Solution which is an application denied by default solution but also just genuinely appreciate the folks over there and what they do. I saw them at B sites Tampa representing they are from Florida so they're always supporting their locals which is another great sign and indicator of cool company. Let's hear from Threat Locker and then you first timers, Pirate Kitty, OPSEC Charlie. I'm going to melt your faces with the top cyber news. Let's go. I want to give some love to the daily cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threats Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right everybody, it's that time of day. Nintendo dudes are here. What's up, Nick? All right, everybody be cool. Nick's here. Georgia's own. All right. Hey, OPSEC Charlie, Pirate Kitty. Just to introduce you to what's going on here, I need you to do me a favor. Wherever you are, whatever you're doing, I need you to sit back, need you to relax and just let the cool sounds of the hot news wash over you in an awesome wave. I'll see you guys at the mid roll for tidbits Tuesday, let's get to work.

B

From the CISO series, it's cybersecurity headlines. These are the cybersecurity headlines for Tuesday, May 19, 2026. I'm Sarah Lane. Linus Torvalds not into AI bug hunters Linus Torvald says AI powered bug hunting tools are overwhelming the Linux kernel security mailing list with duplicate reports, making it almost entirely unmanageable. He says multiple researchers are using the same AI tools to uncover the same vulnerabilities, forcing maintainers to spend time redirecting reports or explaining the bugs were already fixed. Torvald said AI generated findings are useful only when paired with meaningful contributions like patches and technical analysis. Criticizing drive by reports that add little value beyond what Automated tools already surface

A

711 okay, so Linus Torvalds, listen, the guy invented Linux or developed Linux, so he does have a name in the space. But I mean whatever, if you don't know Linus Torvalds, you should know the name. He's like one of those just names of kind of not figureheads but notable personnel within the it, you know, history books if you will. Like Cliff Stole the Cuckoo's Egg, Robert Morris and the Morris Worm. Marlon Mar. What is it? Is it Marlon Marlin? Spike the the privacy advocate who's behind Signal or with Signal? Linus is one of those. All right, here we go. Get your, your Denzel Washington's dialed up. Okay everybody. Linus, my guy. AI powered bug hunters. Yes. Dude, I've been saying this. I know Linus doesn't tune into the show, but I've been saying this for weeks and I'm going to continue to bang the drum because I feel like this is, this is the new normal. AI has made it incred like has lowered the barrier to entry for people to find bugs again. I own a business so I don't know if you guys are getting all these emails as well but, but if I get emails all the time, like, like 10 a day of people who are like oh, I want to like I can help you write, you know, social media posts, I can help you make a copy. I can help you develop a website. I can like it's like yeah, like all of these like things that AI can do pretty easily is leading to this saturation in market of people who don't really know exactly what they're doing but have watched a YouTube video on how to start a 10 figure business and overnight and, and with zero effort. Right. Passive income. This is kind of the similar now AI is finding real bugs, and Linus. I do feel like Linus is being a little bit. I mean, it's easy for me to say this, but I feel like he's being a little like, come on, bro. Like, here's my thing. If you're getting a list of entirely unmanageable volume of vulnerabilities that are real vulnerabilities, by the way, because. Because he said that they're duplicates. Because the tools are finding the same thing. So, like, I run it, Dan runs it, Carrie runs it. We all come up with the same thing, we all submit it, we all think we're going to get paid. Here's my thing. Number one. Like, I hate to be this guy, but, like, how about you try using AI to help cull that list? How about you use AI to find duplicate entries, Sort them by submission date, auto reply to all the ones. Excuse me, what a dad sneeze, huh? Sort them by submission date and all the ones that are after the first one, auto, send an email and say, this has already been submitted, and then close the ticket. I don't know. That sounds. Again, if I can come up with something, anybody can, because I'm not the sharpest stick in the. In the. Well, no, not sharpest stick. I'm not the sharpest knife in the toolbox or. Or in the kitchen drawer or whatever, right? I'm just a dude who can see this, right? So, first of all, there you go. Second of all, for saying, like, oh, these aren't meaningful findings because it doesn't come with a patch, or whatever, dude. Like, okay, if I find a bug, okay, I'm just gonna shoot holes in Linus's argument. If I can find a bug, why is it my responsibility to find a patch for it, too? I don't know the entire kernel. I. I don't know dependencies. I don't know priorities. I don't know if this is vestigial legacy code that just makes sense to surgically remove than it is to come up with some clever workaround patch. So as far as, like, doesn't come with a patch. Ah, you got to patch it. I would push back and say that that is not my job. Okay, now maybe I'm wrong. You security researchers in the chat, anyone here who has a CVE associated with their, you know, professional profile, did you provide the patch? No. I mean, I find findings all the time when I do audits, and I can offer recommendations, but I don't fix the problem. So, anyways, again, again, if you've Been looking for evidence to support the thing that I've been screaming about for weeks now and I'm gonna. Dude, I'm telling you right now, I will continue talking about this. I'll have to get a shirt made or stickers made or something. It might be the year 2026's simply cyber's thing is like it. We are in the nuclear winter of. Of vulnerabilities. Here's another example. All right.

B

Not good with ransom demand. 711 confirmed a data breach after the Shiny Hunters group claimed it stole more than 600,000 Salesforce records containing personal and corporate data. The company said attackers access systems used to store application documents. Though it hasn't disclosed the total number of affected individuals, Shiny Hunters allegedly tried to extort the company before offering the stolen data for $250,000. Shiny Hunters has increasingly targeted Salesforce environments through phishing attacks, third party integrations and configuration weaknesses rather than flaws in Salesforce itself. Mina.

A

All right, we got some funny comments in here about not my job. Lucky number seven says right now I have no co workers, so every job is my job. True, true. All right. So 7 11. You know the name is synonymous with convenience stores. I think their original hours was 7am to 11pm hence the name. But that might be a urban legend, but they use Salesforce. I. I had no idea. I would never think of 711 as having 600,000 Salesforce records. Now Shiny Hunters is a tour de force. I've predicted that Shiny Hunters will be taken down by law enforcement, regulators. It's my 2026 prediction. Sales shiny Hunters will go down. They're just too brazen and too, just too, I don't want to say effective, but they're going after all the big names. And the reality is, dude, I'm a, I'm a plebeian in the grand scheme of things for sure, but I don't know it. My guy. Like in my experience, right in my 46 years on this earth, people with money typically like people with real money, right? Like wealthy, real wealthy people. They typically have power and influence. And when enough of them get bothered by something, they go to the people who have power and influence themselves and they say, I don't like this. Take care of it. And then all of a sudden it becomes a priority and Shiny Hunters is pissing off a lot of powerful people. All right, we got a comment in chat here. Jsec21 says first time commenting, but I've been watching for a while. Just landed a role as associate security engineer after two years In I t did Gerald's Elastic SIM Lab two years ago and been on GO ever since. Dude, first of all, J Sec first comment. Thanks for commenting. Second of all, two years with the team, Simply Cyber Community member. And of course, finally, our favorite sound effect on the channel. And squad members, drop those wrecking balls. Jseck, congratulations on the security engineer role. Hell yeah. And guys, just so you know, Pirate Kitty, Opsec Charlie, Let me just point something out. The reason it's half a CP is because half the show is not about instructor led webinar. Half the show is about news, half the show is about community. A lot of people will comment. Not a lot of people, but some people comment in the chat. Like, oh my God, guy, it's a. It's a brief. Or why the hell are you spending all this time doing other stuff? Because guess what? We show up every day and if all we did was work, work, work, we would be a cog in a machine. And that's not how I'm rolling. I'm rolling deep with community, with experiences, with stories, with. With just like good times. Because our job is incredibly serious and has dire repercussions if we f up. So I'm not going to live with my head, like, dragging my head down in the gutter talking about, oh my God, no, we live it. And when things like this happen, my man J sex scoring jobs, we celebrate it. Because that's what community does. We support each other, we include each other and we empower each other. And that's the core values here at Simply Cyber. So again, I'm yelling at a straw man that isn't even in chat right now. But I just want everybody to know it's not just about the news. Yes, we show up, we do the work, but we also celebrate each other. And that's what's up. All right, so Shiny Hunters is, in my opinion, going to get slammed. Dude, listen, they, like Shiny Hunters, attacked Medtronic, Vercel Wind Resorts, Vimeo, Canvas, which was the instructure attack. Okay? Like, they are going for whales, straight whales. This story here has very little details in it, But they're going to be getting done, getting down. Nothing really here, you know, whatever. 711 will have to clean up and send out personal identity theft protection emails. Can I just point something else that I love right here? Two main residents were impacted. Listen, it's been a minute. So we talked about it. Opsec Charlie, Pirate Kitty. You may not know this, but the state of Maine is essentially like GDPR in the United States. Like I don't know who, I don't know who pissed off Maine, but the main attorney general. I bring him up every once in a while. This guy right here, his smile is infectious. Look at this guy right here, Aaron Fry. I'm showing Aaron Fry's picture on stream right now. If you're listening on audio only, which we do have Spotify and Apple podcasts, this guy right here is the personification of privacy rights for citizens in the United States anytime, any main citizen. Yes, ME, LL Bean, lobster. The White Mountains, I think are up there. The Kanga Mangas I think are up there. Anytime one main citizen gets impacted anywhere, Maine comes from the top rope and drops the people's elbow on that business. Two Maine residents involved, and this thing's breaking news. I love it. Maine. Keep doing you, boo.

B

Runs first of its kind cybercrime op. Interpol said countries across the Middle east and North Africa, known as Mena M E N A carried out the region's first large scale coordinated cybercrime crackdown dubbed Operation Rams Ramz between October of 2025 and February of 2026. The operation involved 13 countries targeting phishing campaigns, malware infrastructure, and online scams, resulting in 201 arrests, the identification of 3,867 victims, and the seizure of 53 servers. Authorities also shared nearly 8,000 intelligence records during the operation Tanstack.

A

All right, so this is awesome. I don't understand mods. Can you pull this story up? Is there like, like, where, where, where? Like, I get that it's the Middle East, North Africa region that ran this particular attack. Excuse me, not attack. This like a law enforcement operation, but like it says, it included 13 countries. What 13 countries? Are they targeting countries in that region or are they just a law enforcement body driving it? I. I want to know because where. What countries were impacted is important because, you know, if it's like Cambodia, like, yeah, that's. It's a human, civil. Human civil liberties crisis in Cambodia right now. But, but we've been doing that. If this is like Ghana, Nigeria, Angola, now we're talking something totally different because those areas have been kind of left alone to go. Go ham with these type of things. So first of all, law enforcement. All right, so first of all, law enforcement. Go, go get after 201 arrests. Yes, sir. Get some. Right? 3, 800 victims, which is gross. 53. Server sees it. So here's what I'm getting. Okay, here we go. Roswell uk, who's always with the assist here. Hold on. Okay, Roswell uk, those countries Are participating in the MENA region threat actor group. But I want to know what, like who was, who was it, who was, what countries were impacted? Okay, Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon, Libya, Morocco, Oman, Palestine, Qatar, Tunisia, uae. Holy crap. Dude, so they went like, they, they straight up, like took the butter knife and spread butter across the entire slice of bread. Dude, Morocco is like top left of Africa and UAE is far right of Middle East. So dude, none shall pass. Like Gandalf went full ball rock on this one. I love it. Oh, we got some photos here from Interpol. Here we go. Who brought that? Dan Reardon with the assist here. So check it out. 8, 000 pieces of data and intel were disseminated among participating countries. Operation highlights include Moroccan authority sees computer, smartphones, external hard drives. Interpol work closely with group ib Kaspersky Shadow Server Foundation Team Simu Trend AI to track illegal activities. Jordanian police pinpointed the location of a computer being used to run financial fraud. Investigators in Oman identified a server in a private residence contain sensitive information. Dude, this was like a massive coordinated takedown. I, I love that. Okay, so first of all, this is a region of the country that has not really been hyper focused from a coordinated law enforcement takedown perspective. We have seen many coordinated takedowns in the United States as well as like Southeast Asia, you know, think you know, Thailand, Cambodia, Vietnam, Philippines, you know, Indonesia, South Korea. So that's always been there. But crime, crime doesn't really care about bound geographical boundaries. They'll just take on where they can. Now I want to point out Oman, Jordan, Morocco, like those regions, as far as I know, do not have bulletproof hosting. So these criminals or alleged criminals were basically running at risk of, of a takedown going down. There's two things I want to take away from this story as a practice. Well, first, three things. One, as a practitioner, this doesn't really impact you day in and day out. These people were attacking. It was like financial fraud scams, phishing, malware, threats. I suspect that they were attacking individuals more than they were attacking businesses. They said 3, 800 victims were identified. They didn't say businesses were identified. So it feels, although the term victim can be used interchangeably, I feel like this was individual attacks. So for your organization, I think you're okay. Number two, this kind of shines a light on that North Africa, Middle east region as far as crime, cybercrime being a thing. Now, we've known about romance scams and business email romance scams and alike. Saudi prince scams, Nigerian prince scams. We've known about those for years, but it's been more of a a noum nat kind of problem than it's been a big problem. They arrested 200 individuals and they confiscated a bunch of equipment, which means they took out the brain power as well as the infrastructure. So this is going to have a very crippling effect on that level of crime, which is great for us. We already have enough fires to put out. Thank you, you know, international law enforcement, for reducing the amount of work that we have to do so we can focus on bigger priorities. Love this. I hope that they Darknet Diaries does a video or an episode on this takedown operation. Rams R A M Z please. Los Angeles fans. Todd, was it? Todd McVeigh. Todd McShay. Todd McVeigh. What's the coach of the Rams coach? Rams. Sean McVeigh. All you Sean McVeigh fans, calm down. It's R A M Z. All right, let's keep going.

B

Ways Invitation Only Pull Requests Tanstack is considering making pull requests invitation only. And after that supply chain attack from last week tied to the Shai Hulud worm compromised its GitHub Actions workflows, attackers exploited a feature to run malicious code through automated CI pipelines, poisoning a shared cache across the repository. Tanstack has removed the vulnerable workflow pattern, disabled shared caches, strengthened dependency and authentication protections, and adopted new safeguards in the Node JS package manager pnpm

A

all right, so okay, this is an access control story all day. So like, yes, we're talking open source software and supply chain CICD pipelines. Oh my God. GitHub actions. At the end of the day, my GRC brethren, this is access control all day, every day. And I might say AC6. Hold on. Least privilege is what I'm going for. AC oh, hold on. Not Armored Core 6 fires of Rubicon. Jesus, crimey AC6. Oh, least privilege. I'm going to give myself a W. All right, listen all day long, this is AC6 and I want to say shout out to the people at Tanstack for doing lessons learned and trying to introduce any changes to improve the risk profile of this business. So here's the deal. Tanstack was apparently allowing people to submit pull requests and get code committed. There was a GitHub Actions misconfiguration again. I've recently been dabbling with GitHub and Claude Cowork and I wrote a. I wrote a SaaS app that's in beta right now. I have three beta users in my SaaS app and actions are basically like GitHub actions are basically like scheduled tasks that can run if you didn't know. I can give you a perfect example. At the end of the day, every day after the show ends, okay, Our show, this show right here, as I'm talking, a transcript is being developed, okay? So once the show ends at 10:30am Eastern time, a GitHub action runs and takes my entire transcript, all the things I'm saying, right? And runs through it and then breaks it down. I don't know if you guys have seen this. See the daily cyber threat brief from yesterday and it, it gives you at a glance the top stories, each story, and then what happened, why it matters, and what to do based on what I've been saying. And then, you know, the key takeaways for you, okay? And you'll notice that today's story is here, but it only has the YouTube description right now because it hasn't been overwritten by the analysis from the transcript of the things I'm saying right now. Very cool, right? That's what GitHub Actions are. Okay, Just to give you a concrete example. So what Tanstack is saying now is the shy Hallude worm has poisoned the, the pipeline and people using Tanstack are getting malware introduced into their pipeline. Okay? So what they're talking now is they say, weighing the nuclear option on unsolicited contributions by introducing invitation only pull request access. What ends up happening is you've introduced a blocker, you've introduced a gate, okay? And this, like, this is a great option. Now I. What I would say is you can, I think you could use AI to automate a little bit where like, okay, someone introduces a pull request, the code that they're introducing in the pull request is going to be in the pull request. So you could use AI to analyze that pull request and see if it is malicious or not. And then, you know, if, if it's definitely not malicious. High confidence, auto submit, commit it. If it is malicious, decline it, delete them. If it's unknown, have a human look at it. Just to cut down on the volume that a human would have to analyze that. That's why they're calling it the nuclear option, because it's going to slow down the progress. I want to point everything out, something out to everybody. It's been a minute since I've said this in a while. Oh, my God, Zach Hill's here. Everybody be cool. Be cool. What's up, Zach? Big fan of Zach Hill. I T Career questions. Listen, here's the reality in A lot of instances. Think of a slider, right? A think of a two dimensional, you know, line, right? Like a straight line and there's a, a slider bar on it, right? So on one end of the slider is usability, speed and one end is security, right? So if something's incredibly secure, super secure, well then it's not very useful, right? If I take your computer, unplug it, put it in a treasure chest, wrap the treasure chest in chains and throw it over the side of a boat over the Marianas Trench, all the Davy Jones's locker, well, guess what? That hard drive is super secure. No one's going to get into that hard drive. Your crypto wallet is secure. Guess what? It's also incredibly not usable. It is almost borderline non functional. Now let's do it the other way. You put your crypto wallet out on the open Internet on a GitHub repo that's open, anyone can access it. The, the private key is right there. Now guess what? Anytime you want to use your wallet, it's super easy, you just push a button. There it is. The problem is it's incredibly insecure because everyone can get it and you're going to get robbed instantly. So our job is to find something in the middle. This is an example where right now they allow anyone to, to submit code pull requests to the software base, but because it's being exploited, they're going to have to introduce security which is going to reduce usability, performance, flexibility, speed. Right? That, that's the problem. And that's why they're calling it the nuclear option, because people have gotten you like the sheer volume of what they've been doing is going to decline. And by the way, this is an, for those who are younger or new to industry or whatever, when we talk about the difference between IT and cybersecurity, this is one of those examples. So a CISO reporting to a cio you might be like, what's the big deal? Well, the problem is that there's conflict there because the CIO is typically responsible for managing uptime and performance, right? We in cybersecurity don't give a dang on about performance. We care. Is it working? Is it secure? Is it available? Is it confidential? Is the data what it's supposed to be? Integrity, right? The old CIA triad, it is like, are packets flowing? Can our end users access the app when they need to? Right? So by, by, by introducing this AC6 least privilege invite only code commit functionality, you're actually going to be degrading performance and actually increasing overall human interaction and and work because you're going to have to have humans intervene again. That's why I think AI should be reviewing it. But there you go. Like yes, the shy hulude thing is bad. GitHub Actions of auto commits is being exploited. You should be mindful of this shy hud shy hulude worm if you're interviewing for jobs because it is a great example of open source software compromises leading to wider spread supply chain attacks. But at the end of the day, I also want you to understand why introducing this invite only code commit is a problem for them, not us.

B

Huge thanks to our sponsor ThreatLocker. ThreatLocker is extending zero Trust beyond Endpoint control with their recent release of Zero Trust network access and Zero Trust cloud access. Access isn't based on credentials alone. It requires the right user, the right device and the right conditions. Because as we've seen in recent large scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With Threat Locker, nothing is exposed and access is limited to exactly what's needed. Learn more and start your free trial today@threatlocker.com CCEL all right, all right, all right.

A

New info, here we go. Let's do this. All right guys. Hey, really quick. Welcome to the Mid roll. I, I mentioned Davy Jones's locker, so Dan Reardon has developed this meme already. It's an older one, but he threw it in chat. I wanted to share with you guys just for a laugh. It's. It's me as Jack Sparrow, I think. All right guys. Hey, welcome to the Mid roll OPSEC Charlie Pirate Kitty. Hopefully you're enjoying the show. Let us know in chat if you are. Just hit that comment. And by the way, OPSEC Charlie Pirate Kitty. First timers today.

C

Welcome to the party.

A

If you're not enjoying the show, let us know. There's no, no one's going to like flame you if you have a. A minority opinion on something. Okay? We are a very welcoming, inclusive, supportive community. Everyone's entitled to their opinion as long as they're respectful, right? Hey, shout out to the stream sponsors Threat Locker, Anti Siphon and Flare. Genuinely appreciate you guys allowing me to bring the heat every day of the week as a special segment. And Tuesdays is Tidbits Tuesday where I share a little bit about myself and we just see if we vibe on it. Okay. It can range from I hate sour cream to you know, I, I'm, I'm a dad and, and like, you know, whatever got into like I got a beach cruiser recently and it's like, you know, therapy for me. All right, I got a good one today because this just happened. Now for the ladies in chat, I typically don't drive a line down the gender space because women, men, whatever, everybody just we're all cyber pros, right? But I, I feel like I don't know if women are super into history. I know men traditionally or stereotypically are into history. I want to share this with everybody. So I, I do love some history and something happened this morning that was exciting. But my main tidbits Tuesday is if you don't know about hardcore history. Oh my God. Hardcore History by Dan Carlin is super awesome. Here we go. I want to just give a shout out to Hardcore History. This guy, he has a six part 24 hour audio podcast on Japan's role in World War II called Supernova in the East. That was my on ramp to Dan Carlin. He's also got a like a 8 hour, 10 hour Vikings during the, the Germanic period. That is awesome. It just the. This man knows so much. It's mostly military history but it's so good, so good. So if you like, if you like history, please do yourself a favor. Hardcore history Dan Carlin. I will tell you the way that I enjoy it is I, I haven't had to do this in a while but like if you have to like paint a room, right, like six hours of painting, throw it on, you will lose track of everything. Dan Carlin is awesome and he's got a great voice by the way. I don't know, this is a super niche cut but his voice sounds like Tech Ricky's cut. Shout out to Tech Ricky. He may or may not be Dan Carlin. Now the reason I brought this up is because I, I came across this yesterday. I came across this this morning. Chloe versus history. This is an AI thing. I saw her on you LinkedIn this morning and I'm here for it. To me this is like an amazing use of AI. So this woman right here I think is fake. I think she's an AI generated but she does these history videos where she's basically like a vlogger traveling vlogs but she goes back in time. So this is the one I watched. Okay, really quickly, 1 million views. See how she like looks like a vlogger but she's actually in 1536 in a tutor Tudor England. She's like gone into a, a tavern to get her room. It, it's, it's awesome. It is absolutely awesome. It's a travel vlog, but she's in history. I don't know man, if she's going viral or not, but I. I love it. So that's my tidbits. Tuesday, Dan Carlin, hardcore history and now Chloe versus history. Whether she's real or not, I don't even care because it's awesome content and from the little I watched, she is telling factual information. All right guys, let's slide back into the news and finish strong. We got the cyber career hotline coming up at the end.

B

Computer New info Stealer campaign gets bigger Researchers at OX Security say copies of that leaked Shai Hulud malware are being used in various malicious NPM packages targeting developers noting for typo, squatted or fake packages that stole credentials, cloud configuration files, crypto wallet data and other sensitive information. With one package also adding infected Systems to a DDoS botnet. The malware appears to be a largely unmodified copy of Shai Hulud's leaked source code, which was previously linked to the Team PCP hacking group and recent supply chain attacks against Node JS ecosystems. The infected packages were downloaded more than 2600 times and developers are urged to remove them and rotate compromised credentials and

A

API keys us all right, so a couple things here. Number one, yes, the shy Hallude worm malware was published open source, which means anybody, any, you know, jack wagon can download it. Any script kitty can download it. Any advanced, sophisticated nation state threat actor can download it. It's a. It's an effective piece of malware. It is working. And guess what? If you can buy a heat and serve pouch of Chana masala or you can make it for four hours at home in a pot, you know, it's easy to go. Just grab the pouch, throw it in the microwave for 60 seconds. That's what's going on here. Why invent or write your own malware when you can download something that's working hyper effectively and just manipulate it or add to it so that that's what's happening. So two, two things. Number one, the story does have C2. Excuse me. The story has IOC indicator of compromised details including the C2 server and a couple other functionality it is attacking. It looks like GitHub repos. So you'll want to rotate secrets like API keys and stuff like that. Certificates if they're in there, Tokens, not tokens, credentials. You can see that people are weaponizing it to get info, stealing to do distributed denial of service, botnet to get cred and cloud configuration stealing. Okay so it's all there. Here's what I want to tell you. Okay? This is the tldr. Like, yes, shy hallude is like currently a rash. All right, like, fine, go. You, you want to put some ointment on it. You want to go look in your environment to see if you've got any shy hallude situations going on. Work with your developers, your code, your coders, your researchers, get those credentials rotated and educate them on not downloading, you know, like being careful what they download. Now here is the bigger picture again. Like, I'm gonna feel like a. When I saw that this shy hulude code was published on open source, like GitHub repos, like where anyone could download it immediately, immediately my first thought was, and this was a couple days ago, my first thought was, oh, Jesus. People need to start protecting broadly from the shy hallude malware. Not because it's super effective, but because when you think of, when you, when we think of risk, right, Grc people unite. Likelihood and impact are the two variables in a risk calculation. And when shy halun malware gets open sourced, the likelihood value goes way up. This happened exactly the same way with the Mirai botnet years ago. Mirai bought. Net, I think it was 2015, some jokers in Rutgers University shout out to the grease trucks over Princeton, got released their source code. And even to this day, people are taking the Mirai botnet and adding additional functionality and weaponizing. And that was 11 years ago. So when you see this, my first thought was, holy crap, we lot of people are going to take this as a base and then add on top of it their own functionality. Which means there's going to be an outbreak of this type of malware. And, and, and that's what's happening. And we're going to continue to see it until, you know, until I guess edr, which isn't really looking at software supply chains, get gets into this or there's some like, very obvious Shai helud type fingerprint that we can intervene before bringing those libraries down or GitHub can kind of delete these things from the open source repos, we're gonna have to be dealing with this. Okay? So again, in the interim today, today, as a practitioner, I'd strongly encourage you go look at the shy hallude malware iocs, because whether it's, you know, some, you know, goober in Spain downloading it to put a crypto jacking tool on it, or it's, you know, some, you know, former rock star out of Colorado who's gonna weaponize it with an info stealer. It it's the same shyloon malware. Like, I guess the final thing I'll say on this is think of the shy hulude malware as the payload vehicle. Right? The shyhud mal malware is like the Uber. Okay? Now, what you stick in the trunk of the Uber is up to you. You could stick an info stealer luggage, you can put a crypto jack or duffel bag, whatever it is, but it's still the Uber that's going to drive you to the victim's network, the victim's computer, the victim's code repository. So it just keep an eye like you got to know what those IOCs are.

B

Healthcare breaches continue Several major healthcare data breaches affecting potentially millions of people were recently added to the U.S. department of Health and Human Services breach tracker. New York City Health and Hospitals Corporation reported the largest confirmed incidents with attackers accessing Systems through a third party vendor between late 2025 and and early 2026, exposing sensitive personal medical insurance, biometric and financial data tied to 1.8 million people. Other breaches include those at Erie family health centers affecting 570,000 individuals and Florida physician specialists affecting 276,000 Nginx.

A

All right, let's see what we got here. Yep. So number one, if you work in health care. Welcome to the party, pal. Welcome to the party, pal. You are in the, you know, top two, one in one, a most targeted industry right now by ransomware threat actors. Number two, I worked in health care for five years, just, you know, whatever to share my personal experience. I will tell you and Jesse Johnson, AKA the cosmic Cowboy, who will be your cyber career hotline host later today, will agree with me. And if you worked in healthcare, please sound off and chat. Call me a liar if I'm lying. Doing cyber and healthcare is like one of the best professional experience developments, professional development opportunities ever. I feel like I worked in cyber for five years in healthcare and I feel like I got 10 years of experience because it's just a. It's wild. All the different kind of users you deal with, all the kind of different tech you deal with, all the kind of different unique situations with patient safety, patient records, regulations, clinical language or vernacular, competing priorities, God complex people, vendors. Oh my God, yeah. Biomedical devices having kind of non traditional tech stacks. Working in health care is a bomb. If you get a chance to work in healthcare, I strongly recommend it. I love it. If you like challenge. If you don't like challenge, I would, I would look Somewhere else. Okay. All right. So a bunch of healthcare people got breached. They're looking at the HHS breach tracker. This used to mean something. The. The Wall of shame, it used to be called. Nowadays, it's just called a website that gets very few hits. Dude, I don't know if it was a slow news day. It's security week. But basically, going through the HHS wall of shame and just reporting on things is like, whatever, I'm just gonna skip the story. Like, what. What are we doing here? This feels like. Literally. I hate to dunk on this reporter, but this just feels like a slow news day. Like, anyone can. Here, I'll drop a link to this. Okay, I just put that link in chat. Okay, Here's the HIPAA breach reports. Okay? Look it. Today is May 19, 2026, okay? Active, currently under investigation. You can see here Western Orthopedics, 113,000 records. Cunningham Prosthetic Care, 2500. You'll also notice that the lowest number is not under 500. 500 is the threshold for having to publicly report. But here, here's my thing. This is why I'm crapping on this story. Like, dude, I could just go download this list, sort by, you know, filter on 20, 26 and HA. And then sort by infected individuals number, you know, ascending. And then just take the top five and write this story. Like, I don't see how this is like a story. So whatever you can see here, you know, you could do a little bit of research on this because they do have location of breached information and type of breach, so you can get some basic analytics if you're looking to write a blog post or something. But for the most part, chances are there's healthcare entities in your. In your area that have suffered a breach that you have no idea about. Okay, Look, I'm trying to find one for South Carolina. I don't even see one. Kansas, maine, georgia, whatever did. 146, 000 records. 700, 000 records. 2 million. 2 million records, my guy. 2 million. Navia benefit Solutions. Do you guys remember that story when it broke? Navi? No. No, because not every story gets a story. New York city Health Corporation, 1.8 million. Nauseating. Dude. Nacho Naco, Doce Memorial in Texas. Two million. Two and a half million. Guys, really quickly. Back in the day, like in 2013, when Athena Health had a. A data breach, it almost broke them. It was like, oh, my God, the biggest news ever. Now it's like you have a 2 million record data breach, and it doesn't even make the news.

B

Attackers target exposed servers Researchers at vulcancheck say attackers are already probing and exploiting the newly disclosed NGINX Rift vulnerability just days after patches and proof of concept code were released. The now 18 year old flaw in Nginx was originally disclosed by researchers at Depth first and can let specially crafted HTTP requests Crash Worker processes and potentially enable remote code execution. In rare cases where Linux memory protections like ASLR are disabled. Vulkancheck researcher Patrick Geraghty said exploitation attempts were already hitting the company's canary Systems. Security researcher Kevin Beaumont noted that modern Linux defaults make widespread real world remote code execution attacks unlikely.

A

AI all right, so couple things. Number one and for the sake of time this is just gna be a quick hit. Number one, they mentioned Kevin Beaumont. His, his online handle is Gossie the Dog. He's a great follow. He was on Twitter. He might be over on Blue sky now but Gossie the Dog, he's a, he's a British guy. Oh he's on whatever this thing's called. I forget what this mastodon right here. Okay so this is great. I love this guy. Definitely a good, a good follow. He's been consistently value add to the community for years. Next of all 18 year old vulnerability discovered in Ingenics 18 year old vulnerability again guys throw another log on the fire. That is the inferno that I've been saying AI is going to find all these bugs. We're going to be in this like vulnerability nuclear winter for like three years next. This bug while 18 years old and can result in really gross takeover. The servers need to have ASLR disabled. ASLR is address what is address layout randomization? I always forget what the S is aslr what is the address space layout randomization? Okay, basically address space layout randomization is where the kernel functions, the functions that come prepackaged with the kernel or the operating system where they're located in memory. Back in the day they would just be written to the same place in memory, which means that the threat actor knew where to go. They could take over control flow of the processor, put the instruction pointer to point to functions that they know and be able to do malicious things. ASLR helped address that risk. So in 2026 having a server without with ASLR disabled is very unlikely because it comes pre configured and it doesn't do any negative consequences to have it enabled by default. Gadget doc 40 months my guy. Thank you for the long time support dude. Great to have you here. So this is again this is the final thing I want to say with this one. So just because we're going to be finding all these vulnerabilities that are 18 years old, 20 years old, 15 years old, do not immediately crap your pants and be like, oh my God, think of the children. No, like, not only like. Any vulnerability to be exploited needs to have the conditions met that are required for the vulnerability to be exploited. So just because you have a vulnerability that's gross in this case it needs ASLR disabled. The chances of that are limited. So the likelihood of you suffering exploitation of this old vulnerability go down. Now, that doesn't mean you be lazy and not verify that you're not vulnerable, but just know that you're not exposed, you're not running naked. Chances are you have clothes on, but you need to verify it first.

B

Won't stop the slot. GitHub product security engineer Jerome Brown warns that many submissions lack reproducible proof of concept exploits or duplicate known issues requiring stricter validation standards. Cloudflare Chief Security officer Grant Borzikas says AI tools are worsening triage overload by producing large volumes of plausible but unverified findings that drain security teams time. Cloudflare testing of Anthropic's Mythos showed some improvement in generating exploit chains and proof of concepts. But security researcher Daniel Stenberg, lead developer of Curl that C URL, says most findings were false positives or low impact and argued the model's gains over earlier tools are modest despite the hype, remember to join.

A

All right, so, okay, so a couple things. Number one, this is like what we're dealing with right now. I feel like this will get sorted out in the next three months. Basically, people are using AI to. To do bug bounty and it's resulting in an overwhelming number of submissions and a lot of them are slop, right? And this is what Linus Torvalds was losing his mind about at the beginning of the show. The the amount of vulnerabilities being submitted to the Linux kernel and the Linux security mailing list are overwhelming because they're just AI generated. Not, not some of them are valid, I'm sure, but a lot of them are just slop. So they're overwhelming because the researchers aren't having to do a lot of to get the finding and submit it. So there, here's what I was saying, right? AI look at AI for those findings. So they're saying AI might cut those false positives, but it won't stop the slop. The slop being like true findings that are just overwhelming. This is like a Big problem right now. And if. Listen really quickly, this is going to be kind of funny, at least in my opinion. If you ever wanted to have a problem, like not solved but like optimized, ask an IT person to do it, especially a developer. They will code the crap out of it and make it optimized. So this problem right here around AI slop and not being able to cut through and find findings and collapse down a bunch of the same findings into a single finding and you know, take the first one and report the other ones is already submitted, we. That's going to get solved. I really do feel like this, this problem of the. The submissions of findings and dealing with it as a code repository, I feel like AI is going to solve that. It might take a few months for sure, but unfortunately, dude, AI slop is. Dude AI is generating a lot of crap. Justin Gold, just as a fun little teaser before we close out, Justin Gold's got this awesome, I guess, fringe theory that like, data has weight and with all these data centers and all this AI generated and stuff that like, at some point it won't. We'll be dead long before this happens. But at some point the weight of all this stuff is actually going to influence the gravity of the planet, which is crazy. Crazy, crazy, crazy. Hopefully we solve, you know, all the, all the problems we have before that happens. All right, guys, holla. When? A few minutes over. All right, went a few minutes over. But we had a great day. Guys. I gotta say shout out and thank you to all of you. Gadget Doc getting the love, Phil Stafford. Let me know about that analogy. Guys, I want to say thank you so much. Hey, OPSEC Charlie and Pirate Kitty, first timers. Hope you had a good time. I didn't see your comments in chat. I don't know if they split. Split peace out. Either way, do me a favor, don't go anywhere unless you gotta. I know Devin Grady always has a meeting to run to. Space Tacos is in lurker mode if you got a minute and you want to have some fun. May I recommend chef recommends for your second course today. Cyber Career Hotline. It is a spicy dish served by the cosmic cowboy. Phone lines are open. Jesse, your camera's off right now with obs showing, FYI, so I. I don't feel comfortable. There you go. All right, guys. Hey, Cyber Career Hotline. Jesse Johnson's going to be answering your questions, bringing the heat. I'm Jerry from Simply Cyber. Don't forget to get your CP EAs here and let me know what you Think about the. The. The little changes I made. If you have any feedback, drop it in. Discord. I'm Jerry, your chat. Till next time, stay secure. Thank you, Jesse. I'm Dr. Gerald Osher. This is the Cyber Career Hotline. And if you're building a career in cybersecurity, this show is for you. Let's get into it.

C

Hey everybody, phone lines are open. Coming hot off the hills of that nerd, Dr. Jerry Ozier in his daily cyber threat brief. Welcome to the Cyber Career Hotline. I am your humble host, Jesse J. AKA the Cosmic Cowboy. I work in security operations, vulnerability management, and I've spent some time working in IT operations as well. Before that, worked in many different careers. Everything from a law enforcement officer to a touring musician, coach, mentor, everything kind of in between. And so love chatting with the community, helping build up the community. If you have questions, you just want to talk about cyber football, magic, the Gathering, whatever it is. This is a. This is your time. 30 minutes. Ask me anything. Thanks Dr. Jerry Oer for your awesomeness. What's cooking everyone? Phone lines are open. Drop me some questions. Yeah, I know. My obs is showing. Whoops. Hey, Pirate kitty. Pirate Kitty is a student of Slay Cert plus. Slave Cert plus is something that I do, teaching people how to pass their cyber security certifications using live community driven practice exams and whatnot. So cool to see somebody from the Slay Start plus community come back to simply cyber. Love it. Thoughts on sscp? Let me look it up. That sounds to me like it's an ISC2 certification. Ah, it is an ISE2 certification. System security Systems Security Certified Practitioner. Earning a globally recognized IT and Security Administration Operations certificate. Like the SSCP is a great way to grow your career and better. Here's the thing with this certification, I feel like it's only going to have the relevance that you're going to make it worth. It's only going to be as valuable as the company that's hiring you. It might be helpful to take the certification for yourself for the studying to have the knowledge that goes with studying for this certification. I have not seen it at this point on a ton of job requirements. I always point folks in the direction where they want to go. You want to get into pen testing. The OSCP is going to be your benchmark certification. Like it or not, the Security plus is usually your entry drug when it comes to cybersecurity certifications. Then after that, people kind of branch off. Maybe they get the size of plus. Maybe they just get some Microsoft Industry vendor certs. Getting the hands on experience after you get that industry cert, that first industry cert really is what is most important. So I think sure, get the SSCP if it's for you or if the company that you see on the job requirement or on the, whatever the, you know, the job posting, if it requires SSCP or it's listed in there, then sure, go for it. Or if somebody else is paying for it absolutely free, not out of your pocket, then yes, absolutely, pay for it, put it on your resume and run with it. Lemur286 Long time caller, first time listener. Well, welcome to the party, pal. Where do I get an unbiased list of certs? I feel like a few content creators network Chuck Mad Hat. There's a few folks that have put out Dr. Ozier have put out videos discussing unbiased as unbiased as you can get. I don't know that there is a quote, unquote, a single unbiased source of certifications. Some people say that all the comptia stuff is garbage because it's multiple choice and has no hands on components. Some people say the hands on stuff is not as realistic and therefore creates maybe not as much textbook knowledge. And so there is really no unbiased perfect certification. What cert works for you in your situation is going to be different than what works for me in my situation. I don't know if that makes sense. Right. So let's say you need to get your security plus. Well, I already have mine. I need to get my size of plus for my work and for myself. And then I might get some Microsoft certifications, whereas you might get some AWS certifications. And I'm can't really say one is better than the other is. What tool do you need for the job that's going to propel you and your career? There are some certs that I can tell you to stay away from, but that's my personal bias. Right. And so I don't know that there is. I would look stick to the resources you trust. Dr. Jerry Ozier. Tyler Ramsby. Right. The folks at Black Hills Information Security, folks that we rub elbows with, can help point you in the right direction. That's a great question though. Is a referral the only way to get a job and do direct applications usually go straight to the trash? I have spent time looking over the shoulder of my former boss who was a hiring manager. Direct applications. A referral definitely does go into a special container. It does get a star, a heart, a put it in the favorites bin, a scroll to the top, a move this resume from one pile to the other. A referral does go a long way. An internal referral does help significantly. But a direct resume or a direct application doesn't always go in the trash. At the corporate level, hiring managers and HR has a due diligence to sort through to fill the best position for the job. Somebody I've been referred to to a couple different companies and it didn't work out. Maybe I wasn't a fit. Maybe it was just a level of experience that they were looking for in a certain sector of the industry. And so referrals aren't always the way in. They can help significantly. But direct applications, unless there's a keyword or a level of experience or something that would automatically get it thrown out. Direct applications, scanned ones person, human reviewed ones, they still get reviewed. They don't go straight to the trash. A referral helps, but it's not the only way. If you really want the truth. If you want the truth, I mean, let me. I don't know if you can hate. You want the truth. You can't handle the. I'm not gonna try and do a Jack Nicholson impression right here. I'm gonna look at it Career questions here. Zach Hill. Zach Hill, a. Friend and mentor to myself in the community, has a few takes on Certs. Highly recommend you check out his content. You're trying to break into the industry, trying to level up. Check out it Career questions. Zach Hill, preaching the truth. Phil Stavord coming in with the truth. Experience over Certs and Certs over a degree. A degree can be really helpful, especially maybe in the later when you're looking at the leadership roles. Having that doctorate or master's degree may get you a leadership role over somebody else. But reality, having that hands on experience, both in an employed setting, right? So you're full time work. That's what you do. You work in IT or cybersecurity operations or through volunteering in home labs. Now don't present on your resume that you're working for a Fortune 5 company if all you've done is spun up some home labs. But it still is work. And don't let anybody tell you that it's not. It still is experience. I shouldn't say work. It still is experience. Please share two Certs to stay away from. I would love to hear from my perspective. I'll give you one cert to stay away from. And this I will just come out and say. And Jerry might come and say, Jesse, don't Say that ever again. You're gonna get me booted. We're about to find out. I personal. So this is my own. This is my own thoughts and no reflection of Dr. Jerry Ozier or the simply Cyber Community or channel. I personally would stay away from EC Council certifications. Right? The Certified Red Teamer and the Certified hacker, all of those. That company just has a reputation that I personally don't line with. I highly suggest you do your own research on search to stay away from. But if somebody said, Jesse, you've got one cert that you have to tell people to stay away from, that would be the one for me. Goddess Simone I am currently pursuing my associates in cyber security and information technology with a focus on soc. What certifications you say I should go for? Well, if you're currently pursuing your associates and I'm going to assume which is always dangerous, I'm going to assume that you don't have any certs coming in. I would start with something like the Security plus. You're going to have folks that may tell you get the A plus, Net plus, then the Security Plus. That's bogus. You don't need to have the two A plus and Net before Security plus. Okay, that is a misnomer and that's comptia. Liking the extra income, I highly recommend if you don't have it, you get the knowledge of A and Net plus, which is completely free on YouTube, Professor Messer, etc. But then I would get your security plus, continue to build those home labs, volunteer, get that hands on experience and then after that as you start to develop where you want to go in cybersecurity, then you can start to hammer out do I want to get a Red Team certification? Do I want to get something more that aligns with the security Operations Center Analyst certification? So in your case I would look at maybe getting something like Blue Team Level 1 which is a all hands on cert. Both half the box has an awesome blue team cert which is completely hands on. They look good to hiring managers because it shows that you can get behind the keyboard and you understand conceptually how the work goes. So those are two certs that I would recommend. Security plus and Hack the Box Security Analyst and then you can get size of plus down the road if you want to. Could I please Recommend Some good AI training? See if Dr. Jerry Ozer has a video for it. I personally don't have a ton of experience watching AI training videos. I use AI for work and I work on my prompting and some automation. But as Far as AI security training and things of that nature, I would give it a Google and do some research. Certified ethical hacker. But everyone is asking for it. Sure. So if your company's paying for it, go ahead and get it. I personally am not going to pay for it. They're also. If you say everyone's asking for ceh, I can tell you that everyone's also asking for the OSCP which is the benchmark. Hi Iron Wolf, I have Security plus. My next move is Net plus, then CCNA or OT Security plus. Again what is the end goal or what are. What sector of cyber security are you interested in getting in? You've got your Security plus, you've got a good high level understanding of how the industry works, at least at a textbook level. CCNA is going to be focused solely around networking infrastructure, building out networks, routers, switching, understanding traffic control, all of those things. Whereas the OT security is going to be securing operational technology, industry control systems, scada, all of those components. So really you need to have the heart to heart conversation with yourself. What do I want to get into? Routing, switching, what I want to get into OT security. I can tell you that there is definitely a gap in OT security and we need more people to be focused on OT security. I don't think that that would be a, a bad bet to go. Not the networking is a bad way to go. I just feel like they're potentially down the road. Could be more longevity in OT security than the networking. What AI skills? This is from Air DrXP. What AI skills do I think are the most valuable for cyber security professionals to learn? This one's pretty straightforward. But understanding, prompting, how to get the information, how to get the machine to do what you want through prompts I would understand how to have AI be a force multiplier. Right? I think we already have the critical thinking component. A lot of us in the industry already have that critical thinking component. What we're missing is the force multiplier. So most valuable skill is use AI to be a force multiplier, whatever that looks like in your tool set. Kind of a vague answer but really it's true. So the skills are prompting, understanding, how to review it when it's hallucinating multiple sources. And no matter how much the AI is going to tell you, it can be wrong. Correlate, do your own research. Hashtag humanmade. James McQuiggin at 35000ft coming in saying AI training this was for, I can't remember who it was, was asking about some good AI training Check out Anthropic or Google. They have free training. There you go. Do this free stuff first. Scrolling for questions. Make sure I don't miss anything. Here we go. Question I want a second gig. I'm currently in ISO for my daytime job. I would like a night sock job or HHS gig that won't affect my clearance. Any pointers or am I looking at the wrong places? Man, you are have a ton of time on your hands and capacity to do something like that. Phil Stafford James McQuiggin do you have any input for Test Strong 60? They want a second gig. They're currently in ISO for their daytime job and they're looking for a nighttime sock job or a HHS gig that won't affect their clearance. Any pointers or am I looking in the wrong places? So I welcome James McKigan Kathy Chambers Media maybe some of the long timers that have been in the industry. TST TS Strong 60 is looking for a second job. A second job and is already in ISO. What would you suggest? If you mean is like HH like health services, I mean hospitals are hiring like crazy for cyber security folks and if they're not, you can get those fine people rub elbows and get those positions created. I can tell you that because we're seeing a need for more on prem or just more dedicated cybersecurity folks. Random X skills what are my on the job jams? I listen to music without words, so it can be lo fi. It can be synthwave. Whenever I'm working I don't want the lyrics because I'm reading typically either a contract, technical data output from whatever, a terminal. I don't want words, they just throw me off. So I listen to lo fi, jazz, electric, acoustic, world music, ambient music. Sometimes I'll use binaural beats so it sounds kind of weird in your head, but it makes your brain feel funny. But I feel like it opens up my brain waves. So no words. James McQuigan answering ts strong 60s hey teach, see if you can instruct at a college or university. Hey, that's a great way to for your other lemur ask do any AI cyber certs hold any weight yet? Not to my knowledge. I haven't heard of any that hold like industry weight. You may see some popping up as AI moves at light speed. Business moves at light speed. So. How long did I get used to my oh, you're talking about the one in the back. Not long at all. I prefer so I got a smaller one here too. I know. Gross Mac. It works all the Time when I need it to. So that's why I roll with didn't take. So to answer your question, take me long to get the new feedback there. It's got 80s clicky keys on it too, which is pretty cool as a real throwback. Annoy everybody in the office sound. Yeah, check out some binaural beats. Binaural beats. Check them out. They're really good. From what I understand, some of the binaural beats and some of the binaural brainwave activities is used in and forgive my lack of not being an astrophysicist or an astronaut, but NASA uses the binaural beats in some of the frequency spectrums for power naps for when you're under rested. They're great for recovery, so check them out. You take like a 15, 30, 90 minute power nap. The the synth, the sine waves and the frequencies guide your brain into rest, sleep, REM deep sleep and then kind of back out 30, 90 minute segments. Super good. If you're really well under rested or you need just a quick little power recharge. Highly recommend. Jazzy jazz88 yeah, I'm trying to find a hospital sock job. Wish you the best. If you lived in Western Colorado, I would have a job for you. Who is the speaker? Are you talking about me here on the camera? My name is Jesse J or Jesse Johnson. I go by the Cosmic Cowboy here in the cyber security community on YouTube and I am a moderator and I help volunteer with Dr. Gerry Ozier's Simply Cyber Community Driven Movement. This may be a question for you CISSP holders, which I would like to have that myself soon. I understand. Where do you find your CP in for the cissp? I've been doing conferences but they are expensive. So you get the half a CPE for being on the cyber. The first component, right where Dr. Ozer is going over the threats. You get half a CPE for that. And so if you go to reach out to Dr. Hozier on that, anybody else in the CP conversation, I'm not sure if that's fully fleshed out or not, but take a screenshot during the Simply Cyber Daily Cyber threat brief with say something in chat, right? Maybe put the date, a timestamp, take a screenshot of that, save it and then that's one of the ways that you can turn in your cpe. We also have a legit CPE program. See if I can get that online for everybody. Elliot, Binaural beats work best with headphones. Amen. Well, they honestly they only work well. I don't know about only they definitely work significantly better with headphones you don't you want those sound waves injected directly into your brain 100 true good to see you look forward to hearing at the next conference too see it simply Cybercon this year. Checking for questions. Don't want to leave anybody hanging. Jazzy Jazz if somebody wants to learn cloud just be a cloud engineer analyst. Should they go for AWS or Azure? I don't think there's a wrong answer. Which pick your poison. Both. I would I would get certified in both. And then are you looking to work in more of a corporate industry that's going to have a lot of the Entra tools Defender suite, Azure suite or are you looking into work in the AWS suite of solutions? Really it's there's no wrong answer. Both of you both of the vendors have weight in the industry and having some industry certs in either one of them or each could help you in your mission. Haircut Fish knows how to get me he put a put a GIF from Attack on Titan in mod chat which come on now trying to be a professional here. Kishan Infosec maybe I connect with you on LinkedIn and or Discord sir. Absolutely. If you haven't already here I'll put my LinkedIn in chat. I think Dr. O would be okay with that kind of and then we're going to boogie out of here and over to Kathy Chambers Authentically Cyber podcast. I really don't want you to miss this one because this is something that I preach about. It's not giving up when it comes to breaking into the industry. You've heard me beat on this soapbox, this dead horse a ton. Don't give up. It's almost a game of attrition. Everybody else is going to give up. You're going to stay with it. You're going to continue to volunteer, build hands on experience. You're going to continue to show up, put in the grit, have the hard work and when everybody else quits and they pull their application they decide you know what maybe cyber was too hard for me. Maybe breaking in was just too hard. I understand a financial needs. Or you're just at a point in your life where like I can't wait around. I have to go do something else. Understand And I respect that. I've had to do it before. In between it jobs. Something doesn't come up. I've had to go wait tables, work construction, dig ditches. Whatever it takes I've had to do I will go do it to bridge that gap so there's no disparaging, no disparagement there. But it is a game of attrition. At some point, in some capacities. Don't give up. Don't go anywhere. All right, we got a roll team. I'm over on time. Kathy Chambers has her awesome little rundown timer. I gotta run because that's what we do. Thanks so much for hanging out, all 250 of you for the cyber career hotline. Make sure you check out Kathy Chambers, authentically cyber. I will see you later today for simp. For simply for slay Cert plus, to all of you out there, have a wonderful day. See you.