🔴 May 5’s Top Cyber News NOW! - Ep 1125

A

All right. Good morning, everybody. Welcome to the party. Today is Tuesday, May 5th, Cinco de Mayo. Let's get after it. If you're looking to stay current on the top cyber news stories of the day, welcome. You are in the right place. This is simply Cyber's daily Cyber Threat Brief podcast. We're coming to you over a thousand times in a row to bring you the top cyber news stories and then break them down with my 20 plus years of experience in the cyber world, as well as all of these simply cyber community members, hundreds and hundreds of practitioners dropping knowledge on you, helping you level up, be the boss. Whether you're breaking in or you're trying to reach, you know that promotion from junior to senior, senior to director or cso, whatever it is, we've got it for you. Coming to you live from the Buffer Osier Flow Studio. Let the coffee flow. We're off and running on this beautiful Tuesday morning. All right, good morning. I see a couple things to note really quickly. Visual Li Ling maybe talking about why Americans celebrate Cinco de Mayo. Honestly, I. I think it's just another excuse to drink, like, socially acceptable reason to go out and drink a Corona jammed into the top of a margarita. Somehow that's a thing. Guys, what's up? We are going to be crushing it. I do want to say really quick to the first timers I saw at DC5 saying, Enough with the lurking. I'm coming, I'm coming out, or I'm coming up, whatever, whatever that song is. DC5, welcome to the party, pal. If you're here for the first time, like DC5, do me a favor, Say what's up in chat. Grab a screenshot. Wait, no, no. Just say what's up in chat with a hashtag, first timer. Hashtag first timer. We'll have a special sound effect, a special emote, welcome you to the show. And believe me when I tell you, it's not just about saying hi and screaming out loud into the chat. It's. It's the first step in kind of breaking down those barriers of uncomfortability. And it will go a long way for you into building, you know, your network, your personal brand, however you want to shape it up. I'm telling you right now, guys, there is immense value right now, immense value in basically building a personal brand. Please do it. Please. Real Raz Monk serves. What's up, first timer? Hey. Welcome to the party, Real Raz Monk. If your name is in green, that means you're a squad member like Marcus Kyler Low Pro Space Tacos. Michael Andruzzi. That means you have a special emote. Trey, go ahead, go in that emote. There's a John McLean saying, welcome to the party, pal. If you can use that to, to welcome our first timers at DC5 and Real Raz. At least now every single episode of the Daily Cyber Threat Brief is worth half a cpe. So say what's up in chat. Grab a screenshot. You are part of the show. File it away once a year. We'll count up those screenshots. We do. I did reveal yesterday a new CPE system that is in development. Hoping to drop that this week. I've just got some other priorities this week. Work. Work that needs to be done. Just signed a contract for a big deal yesterday that's been like dragging for months. So we're doing project kickoff for that today and everything. So I will get to the CPE thing. It's just I have to prioritize the revenue generating side of the business because I have bills to pay. All right guys, what else we got? Oh, every day of the week has a special segment. Tuesdays is tidbits. Tuesday, Holla. I'll share a little bit about myself with you. Got news to you. Today's topic may be a bit polarizing. It may be divisive. I'm going to share a franchise, a beloved franchise that I don't like and I might upset some people. But you know what? I don't, I don't, I don't, I don't know why I'm going to share it. Stay tuned for that at the mid roll. You can, you can scream at me or you can agree with me, but it will be polarizing. And every episode of the Daily Cyber Threat Brief, including this one episode, 1126, he says questioning 1125 is sponsored. I can't do it without the stream sponsors. Thank you very much. Stream sponsors. Groups that I not just am glad to be partnered with, but I also stand by their products. I've used their products. I like their products. I'm friends with a lot of the people who either work in the business or own the business. Let's start with Anti Siphon Training. Anti Siphon Training, John Strand's company. I know John Strand quite well. Wonderful person. He actually has an emote. If you are a squad member, there is a John Strand emote. That's how cool this dude is. There he is right there on screen as well. Anti Siphon training is bringing the traditional cyber security training to the masses. But flipping the script by making it accessible to Everybody, regardless of financial position. How does that happen? Well, let me give you an example. If you like, you know the daily cyber threat brief and you want to go beyond the daily cyber threat brief and learn how to take these headlines and turn them into action, likely through detection engineering, because that's what Wade Wells is a massive expert at. Wade Wells Simply Cyber community member. He's going to be bringing the heat tomorrow at noon Eastern time to tomorrow at noon. Don't be shy, go check it out. I, I'm gonna register for this. There's no, there's no downside to registering. You get one cpe, you get an hour of skill, it's actionable. You get to hang out with Wade, which is a bonus. Dude knows his stuff. Learn how to turn cyber headlines into action with Wade Wells tomorrow at noon. Go check it out. Link is both in the description and I just dropped it in chat. Also want to say holler to Flare. Flare Cyber threat intelligence platform. Absolutely game changer on the ability to give you and your information security program threat intelligence that is actionable and very easy to search. Flare has people on their staff that have sock puppet accounts and going to deep dark web cyber criminal forums and pull back data. They are members of invite only telegram channels. They get all this information, pull it back and then they give it in a very easy to interface and very easy to query database. You can see it right here. This is live. I'm not live. This is real footage from the Flare threat intelligence platform. What can you do with this? Well, if you want to know if your VIPs are compromised, if you want to know if there's any endpoints in your organization that your EDR didn't catch because it's absolutely compromised, Boom. You want to see, you know, individuals who fell for fishes and gave up their creds. Boom, it's all there. You want to see lookalike domains? Boom, it's all there. They even have the ability to quickly request a takedown of a domain that's a look like of yours. Very easy all through the interface. Go to Simply Cyber IO Flare now. And you don't have to take my word for it. They're literally giving you two free weeks trial to check it out, no strings attached. What an opportunity. Go to Simply Cyber IO Flare now sign up. Trust me, there's people in the chat right now who are have used Flare besides me, obviously. I, they're paying Simply Cyber to, to sponsor this segment. So you might be like, oh, this guy's paid for. All right, we'll ask somebody in chat who is not being paid what their opinion is of it. Get a second opinion I always say. Also want to say holler to Threat Locker. Threat Locker, longtime sponsor of the stream. They believe in what we're doing and building our community. They also believe an application deny by default on endpoints. Hey what's up Dari Nell. Welcome to the squad guys. If you want to learn about zero trust at the endpoint and in the cloud, if you want to learn about application denied by default, if you want to have the same traffic tech defensive stack that enterprises like JetBlue run, go check out Threat Locker. You will not be disappointed. Let's hear from them real quick and then it's off to the news. I want to give some love to the daily Cyber Threat Brief sponsor Threat Locker. Do zero day exploits and supply chain attacks keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. All right everybody, we are ready to lock and load. So lock in. As the kids say, do me a favor at DC5, thanks for deciding. Oh hold on. Did DC not. Well I guess I don't. I don't know what happened to that. D.C. first timers. Come on real rest bro. I don't know why I can't at some people for all the first timers. Do me a favor, sit back, relax. I do know someone pointed out that jawjacking does show up in the rotating logo at the bottom there. I gotta get that sorted out. Priorities though guys. Sit back, relax and let's let the cool sounds of the hot news wash over us. An awesome wave. See you at the mid roll. Also also also stay tuned. We got a show from 99 to 9 from 9 to 9 30. Listen. From 8 to 9 Eastern we're doing this show. From 9930 we're doing Cyber Career Hotline in AMA to get all your questions answered. From 9:30 to 10 Kathy Chambers Media is doing authentic conversations in cyber. From one to two Jessica Hyde's doing a webinar for free on how to do forensic collection on Mobile devices. My God. The value train has left the station in. Surprise, surprise. It's a bullet train. This thing is hauling butt. Let's go. Let's do it. Computer. What are you doing?

B

Blinds. These are the cyber security headlines for Tuesday, May 5, 2026. I'm Sarah Lane. Instructure discloses breach amid leak threats. Education software provider Instructure disclosed a cyber attack that disrupted services tied to API keys and led to a data breach affecting its canvas platform. Attackers accessed names, email addresses, student IDs and user messages. Though the company says passwords and financial data weren't involved, Instructure says its rotated keys, revoked credentials and contained the situation with outside forensic support. The Shiny Hunters group claims responsibility, alleging it stole 3.65 terabytes of data tied to as many as 275 million users across nearly 9,000 institutions.

A

My guy. Holy crap, dude. Look at like. All right, so really right now, and if you haven't been following Shiny Hunters is like, like the attacker du jour. Like, this is like. Like, when I hear Shiny Hunters, this is like what I'm thinking. If you're listening on audio only, you can catch the show on Spotify and Apple Podcast audio only. I'm showing a. A video clip of Conor McGregor walking like an absolute arrogant goober. And. And he can. He can act this way because he's rich and can beat the crap out of anyone he chooses. Fortunately, I don't think he does. But Shiny Hunters, dude, Shiny Hunters, they absolutely slam anyone and everyone that they want. Like, the top cyber attacks in the last month or two have just been Shiny Hunter after Shiny Hunter after Shiny Hunter. My guy, like, when it comes to the cream rising to the top. And again, these are criminals. I'm not. I'm not like, vaulting these dudes, right? They are criminals, absolutely. But I. I gotta tell you, like, if I was Shiny Hunters, I would. If I was a member of the Shiny Hunters gang, I would discreetly cash out. Because law enforcement has to be getting lit up about these guys is just because they are so high profile and so just relentless. All right, so who got hit in Structure, which you may not have heard of? Canvas is the LMS platform that you may have heard of. Spoiler alert. I am faculty at the Citadel Military College. Final exams was this weekend, and they run Canvas and instructor and Structure. So in some. In some alternate universe, some different. What do they call it? What's. Is it a different universe? What do they call the Marvel Cinematic thing where there's, like, different, like, threads of the Universe, I can't think of it right now. But anyways, in a different world, one of my students took the knowledge I gave them and didn't want to take the final. So they did this. But that's, that's in a different reality. Anyways, I could tell you definitively like finals happen, I logged in, I did final grades and everything. So there was, it wasn't massive impact. But you know these cloud platforms that have massive customer bases have to be doing all the best practices. Business multiverse. Thank you. Have to do the best practices around protection. Right. I don't know how they. Most times the Shiny Hunters are known for vishing basically, you know, they don't hack in, they log in. Now they have done some technical exploits in the past but for the most part their ttps result around like calling help desk and getting creds reset or whatever. They didn't have any passwords, date of birth, government or financial information. So you know, Instructure as a company probably isn't going to suffer too much. But yeah, I, whatever. I mean this sucks for this company. The TLDR for me and you is this. And listen, if, if you work at a company, this is, this is the lesson learned, okay? If you work at a company where your product is a SaaS product, all right, this right here, they're offering essentially learning management system as a service. Okay? That's what this is. Power School. They got hacked that, that like 20 year old kid, 19 year old kid or whatever made big news recently because he's going to jail. Power School is a online platform that K through 12 schools in the United States use for doing grading and student reports and stuff like that. Netflix, Amazon, and I know Amazon has like delivery services and other stuff like that, but for the most part it is a SaaS platform. AWS. Oh my God. Okay, like whatever it is, if your product is online, okay, and you have have to be thinking about obviously all the protection things, how do we keep bad from happening. But it is imperative that you think about how you manage responding to an incident. How do you maintain operational resiliency? How do you keep making money? How do you keep your clients happy while you're actively putting out a fire? Okay, if you go to a job interview, this is straight here, heat by the way. If you go to a job interview and the company's business is some type of software as a service or platform as a service, I don't care what it is in the interview, talk about operational resiliency, make sure that you highlight it's they'll give you scenarios like, oh, hey, you know, someone falls for a fish, what do you do? That's a simple question, right? Make sure you're talking about, oh, you know, we got to make sure that, you know, who else got the fish, what did they give up etc for very micro in the response and triage of that fishing question. But then expand the answer to be like, you know, I. You know, we have to make sure that if there is any impact that we maintain operational resiliency while we're doing incident response. The person across from you head is going to catch fire because of what you're saying. Believe that. Operational resiliency, business continuity. It's not just about, oh, we have backups. Yeah, okay, thanks, Kevin. It's not 1998 where that's like the only control we have. There are other ways to maintain operational resiliency. Network segmentation. Right. Rollover to, like, to other environments. Right. What are the critical mission services that have to stay up? Can you just compartmentalize those? Right. Think of it like a submarine, right? If a submarine or boat smashes into something and the hull gets breached, does the boat sink? Does the submarine go down? No, they. They airlock where the breach is, and then they keep on chugging. Yeah, it sucks. You're gonna lose some stuff that's in that room, but you're not gonna lose the whole boat. That's what maintaining business resiliency is. All right, I'm telling you, this is a key. It's gonna. It's gonna crush in interviews. Plus it's going to crush as a practitioner because that. It's not just an answer to get a job. It's like literally what you should be doing.

B

Digicert revokes certificates. Digicert disclosed a malware attack delivered via a customer support chat, infecting internal systems and pivoting into its support portal to obtain EV code signing certificates. The attackers exploited access to initialization codes and approved orders to generate certificates. Some were used to sign malware, prompting the company to revoke about 60 certificates and cancel affected orders. Digicert says it contained the incident, found no broader system compromise, and has since tightened controls like MFA and restricting support portal access and file uploads.

A

All right, what now? Digicert is Digisher. It's been around forever. They're like the grandfather cert signer group. I didn't. Honestly, I didn't even think it was like a business. I just. It's just. I mean, it makes sense that it's a business, but at the same time, it just like exists out in the ether. Just like, like, what is it? I A, N, A, like, you know, these kind of like foundational Internet support pieces that you just don't think of as, you know, a business or whatever. All right, let's see. So Digicert authenticated support analyst can proxy into customer accounts. Okay, so a threat actor compromised some analyst at digisert. And then. Bro, what is this? Okay? Oh, I mean, this is great. So basically some threat actor got in there because it's Digicert. They're using signed certificates for like everything, including like integrity of conversations, authentication of end users, all these other things. Probably software signing. Look, see, it says they identified malware on two endpoints. April 3, April 14. So by April 3, they were already. Taking action. This is pretty good. So April 2nd is when DigiCert got hacked. By April 3rd they were already responding during incident response. They discovered another compromise a couple weeks later. So that's great. A couple mean, it sucks for them, but like, it's great that they discovered it and then they revoked all the activity and actions. This is a brilliant. Guys, you know what? This, I'm going to drop a link to this story in chat. This is how you do. Like, this is, this is solid business continuity in ir. Oh, let me do this. Not business continuity. It's like. Well, I get it's. This is how you do ir. So a lot of times when we think incident response, you think like, oh, like hunting the bad guys and rooting them out, right? Doing all the, all the, you know, superhero stuff of cleaning up the mess. But also there is, once the threat actor's out, you've got to kind of go back and, and clean up whatever activities they did. And in this instance, all the actions that those threat actors took, the transactions they did, the, the customers they spoke to, whatever the, the payloads they sent, they, they revoked all of it and reset it all to a known good state. So when you think about the NIST Cybersecurity framework, right, which has the categories identify, protect, which is like left of boom, detect, respond, recover, right of boom. A lot of times, like fortunately, detect and respond have gotten a lot more, I guess, front of burner, like more mainstream attention in the last four, five, six years. But recover, most people don't give recover. It's due, you know, it's, it's time in the sun. It's flowers for Gen Z. The recover phase of the NIST Cyber Security framework doesn't just mean recovering backups and data. It, it's recovering to a known good state. It's like trying to, if you've ever played Forza on video games, like, if you crash or whatever, you can push a button and it'll just rewind you to, like, a known good state. It's the same thing. Like, recover doesn't mean just getting back your data. It means resetting everything, which means getting the files, the threat actors deployed out, you know, communicating to affected individuals what happened, you know, sending identity theft protection to people, you know, letting shareholders know whatever. But it's more than just recovering from backups. There's a lot of people processing technology that happened during the recovery phase that you got to be mindful of. And this right here, in my opinion, is just a phenomenal, super clean case study of how to recover after an attack. So this, this story and the lesson here is less about them getting hacked and more about how they recovered. Well done.

B

Silver Fox targets Indian and Russian orgs. China linked Advanced Persistent Threat, or APT group. Silver Fox launched a phishing campaign targeting organizations in India and Russia using tax themes emails to deliver malware, including the newly identified ABC door backdoor and and the already known Valley rat. Researchers at Kaspersky observed more than 1600 malicious messages with attacks using spoofed government notices and malicious archives to gain access and establish persistence with stealthy remote controls.

A

All right, all right, all right, All right, all right. So China is sending targeted messages to deploy a backdoor RAT and other malware. Just so we're clear, a backdoor is the ability to come and go into. It's like a persistence mechanism. It allows you to access a compromised device without having to attack it again. Right. It's like your own private back door. A RAT is a remote access tool very similar to a back door. Like, you could almost say the back door is the network channel to communicate with a compromised device, and the RAT is how you interface with the device. There are some similarities. All right, what is this guy? Ooh. All right, so Silver Fox, which is a pretty cool name. I'll tell you what, when. When my. When my grays come fully in, if I'm called Silver Fox, it won't be bad. I'll accept that. Oh, Joel Hudson's in chat right now and just said Jerry eventually will be a silver fox. Okay, Joe Hudson reading my mind. My guy. All right, let's see. Wave of malicious emails. Spoiler alert. This is why we educate our end users on not falling for phishing emails, okay? Because this is how it starts. Dude. Most attacks start with a phishing email in 2026. It's. It works just as well as it did in 2010. All right, all right. I guess someone's gonna fight me in chat. Remote access Trojan. Remote access Trojan Rat. I gotta tell you, I don't think the T stands for Trojan. I, you know, I know I've, I've fought casually. Joseph, I think one time in the street on this one. A trojan is a piece of software that does something, but also has a additional payload that does something malicious. Like the Trojan horse. Remote access tool is exactly as it's like, you know, it's like a magic card. The name of it explains what it does. It's a remote from anywhere access. I'm on your device tool. It, you know, whatever. So anyways, someone come at me. All right, let's see. So they're using emails that impersonate Indian tax authority. So obviously targeting, targeting India. Although dude, it's trivial to just change it to target US citizens. Every country, trust me guys, every country's got some type of tax authority. Dude, even during feudal times, you know, medieval times, you gotta, you gotta pay the taxes to the tax man. Turn, you know, Revolutionary war, the T tax, Boston Tea Party was a tea tax revolt. Okay, all right, so is there anything like interesting here? Let's see. All right, so you got a back door on it. So then what, who are they? All right, so the, Remember I told you the persistence mechanism, that back door, like here's Windows registry, keys, scheduled tasks. Classic, classic persistence mechanism. All right, so what is, what, what is. China doesn't typically. China's not. China doesn't want your money. Okay, great cash, homie. China's all about that. Sweet, sweet espionage. So let's see what they're, who they're targeting. Okay, It says primary cyber espionage, critical infrastructure disruption. Sometimes they do financially motivated. Yeah, I guess, maybe. But they're targeting India. I don't know. What's up? All right, so here's the deal. What's basically two things. Number one, if you are protecting India based businesses, you got to let them know immediately that there are Indian based tax authority fake emails coming in. If you are responsible for any other business that has anybody human in it, or you have anybody that you care about in your life, Aunt Dorothea's, Joe Hudson's, friends, family, sisters, brothers, you know anyone that, anyone that gets email, right. You can tell them, hey, just a reminder, whether it's a text message, an email, a letter in. Well, text message or an email are kind of the common ones. A Facebook DM if you get something saying that you have like past due taxes or you owe money for like a toll, like toll booths on the highway, that's really popular. It is fraudulent. Just don't even try to over complicate it. Don't try to explain. Just give them the tools to be able to make this choice. If you get a text message, if you get a text message that says you owe money, it is fake. You, you can continue going forward. Thank you very much. Right. It still works though, man. This is why, this is why you have to be consistent and deliver on these awareness, training and messaging over and over and over. Right? It's, it's, it's all about consistency.

B

New wave of cargo theft. The FBI is warning cyber enabled cargo theft is increasing with phishing fake websites and compromised accounts. Impersonating logistics firms to hijack shipments. Criminals infiltrate broker and carrier systems, post fraudulent load listings, reroute deliveries and then resell stolen goods. Losses in the US and Canada reached around $725 million in 2025 alongside rising incident severity. Severity. Researchers at Proofpoint link the activity to organized crime.

A

Yeah. All right, so first of all, hold on, computer.

B

Huge thanks to our bro.

A

You know, there's an infograph on right now. Computer, why are you. When I say pause the pod, pause the pod. Don't give me five more seconds of audio. Sorry you guys had to watch that. I'm sorry. Me and the computer have been having some, some, some, some time, some rough times. The computer kind of doesn't understand its station in this business. It's getting a little big for its britches. All right, so first of all, right, DJ B Sec is very upset. So this story says May 1st. First of all, guys, Devin Grady, TJ Long Timers, you guys know what's up. Now listen, this infograph normally, doesn't, normally wouldn't receive this. But we do have three dimensional boxes. It does use a color palette that's uncommon. This was not just, you know, Vizio, so I'll allow it. And you first timers here, don't let this turn you off, okay? Oh yeah, look at this infograph, guys. Oh yeah. Oh yeah, dude. A good infograph, my guy. Just let that wash over you. Guys listen really quickly. Just as a quick aside, if you can visually communicate a lot of information in an infograph, that is a power move. Shout out to notebook LM Google's Notebook LM that you can basically just dump a bunch of information in and tell it, tell it to make an infograph and it will. That's A DJ B power tip for you. All right, so listen, you might be thinking, wait a minute. Who cares about cargo? Cargo's not a thing. Oh, I beg to differ. I beg to differ. Let me introduce you to this guy. This is Ben Wilkins, fierce beard speaker at Simply CyberCon 2025. A friend of mine runs the Cyber Trucking Guy podcast. He came on Simply Cyber Firesides not too long ago. Let me tell you something about this guy, okay? He turned me on to the fact that organized crime is stealing all sorts of cargo. It is big business, guys, do you know. Listen to me. Listen to me really quickly. Do, like, just to give you an example that will melt your mind, okay? If I steal a truck full of pistachios. I'm serious. If I steal a truck full of pistachios, do you know what? Those Pistachios don't have SKUs on them. They don't have barcodes. They don't have RFIDs. It's just a big truck of pistachios. Do you know how much a bag of pistachios cost? It's like eight bucks. If I seal a dump truck full of pistachios, we're talking million of dollars, like millions of dollars. And then I just go fleece them. Hey, you want a truck full of pistachios for half a million dollars? Half the price. Oh, yeah, dude, don't think it's all about stealing jewels, diamonds, crypto, all that stealing. Stealing cargo is like so hot. That Hansel's so hot right now. I gotta tell you. Like, Ben Wilkins came on. Like, these organized criminals are super organized too. Like, they'll steal a. They'll pretend to be like. They'll show up at a. At a cargo or like a port, and they'll be like, hey, what's up? I'm. I'm Tony here to pick up the thing. Like, they'll hack in, right? So, like, let's say that ZF in chat right now is a legit truck driver. I'll hack into ZF's email, find out that he's got a load coming at, like, for pistachios at 1pm I'll show up at noon and be like, hey, what's up? I'm zth. I just. I'm running ahead of schedule. Can I get those pistachios? Come on, man. It's my kid's birthday. I want to knock this out. They're like, sure, drop the pistachios, drive off, put a. A fake GPS unit on it. It looks like I'm driving up the Pacific Coast Highway. In reality, I'm driving across to Vegas. Never see me again. And then Ziff shows up at one o'. Clock. He's like, I'm here for the pistachios, you know? And they're like, you were here an hour ago. Get out of here. Boom. That is how organized crime is. Stealing. It's crazy. And real quick, DJ BAC is very. Wants everyone to know because DJ BAC works in the transportation logistics. He actually did a full story on this one earlier this week or two weeks ago. Look at this. Six billion dollars in losses. Six billion dollars in losses, guys. Six billion. My guy. That is huge numbers. Great cash, homie. So don't sleep on this. This is an area here. I'm gonna drop a link to DJ B's thing. This is an area of cyber security that very few people talk about. And it is awfully big business at Ben Wilkins, if you want to. So DJ BAC and then Ben Wilkins.

C

I'm gonna

A

look at this guy. I'm a. If this is an area you want to get into, connect with this dude right here. I'm telling you, when I found out about this, I was like, what? What the hell are you talking about, Ben? You pulling my leg? You joking me? Who's stealing pistachios? He's like, bro, that's why they're stealing them. Because people are just, like, dismissive of what you're thinking of. Oh, all right. So DJ B, I think, sent me a. An infograph that said he. I might need to. I might need to pause the show. Hold on, dude. It's 10 minutes. Let's check it out. Let's check it out. Ladies and gentlemen, DJ B. Oh, it's a whole deck. Djb. Hold on. Let's just really quickly. All right, all right, all right. Look at this guy. Made a whole slide deck. Oh, yeah. Oh, oh. Chiron process flow Venn diagram table. They're all here, Every single one. Look at this. Nicely done, DJ B. Sec. Okay. Google Notebook LM. DJ B Sec. You should do a webinar on NotebookLM. It's so powerful, I might make a short about it. All right, enough. Enough goofing around. I'm about to make some people angry in chat. Children, you may want to earmuffs. You might want to put earmuffs on because it's about to get. It's about to get heated up in here. As Tippet Tuesday drops huge.

B

Thanks to our sponsor Vanta, Risk and regulation are ramping up and customers Expect proof of security just to do business. Vanta's automation brings compliance, risk and customer Trust together on one AI powered platform. So whether you're prepping for a Sock 2 or running an enterprise GRC seed program, Vanta keeps you secure and keeps your deals moving. Learn more@vanta.com C cell all right, here we go.

A

All right, guys, I really appreciate all of you. I really, really do. Thank you so much for being here. Shout out to the stream sponsors Threat locker, anti siphon flare. What I'm about to do may, may result in. Cancel. I might get canceled on this one. All right, guys, I want to say thank you all for being here. It really does take a village. Joe Hudson over on LinkedIn. TJ guy name tech run super zoomie. Berlinda guard rail, GRC guardrails. Oh, guys. Every single day of the week has a special segment and Tuesdays is tidbits. Tuesday. Listen, I'm a real human. I'm not AI, okay, I'm a John Cena deep fake. But listen, I've got my likes and dislikes, right? I hate sour cream, for example. But every Tuesday I share a little bit and you know, we see if we vibe or not. The most divisive one ever is coming in hot right now. Let me see if I can find a good. All right, I don't have a great one, but let me, let me just, let me just drop this for you guys, okay? In the world of magic the Gathering, they do all these like, universes beyond sets, like, like other IP properties. The same way that, like Fortnite has like, you know, all these other ones in there. They're gonna be doing one with Star Trek at the end of the year. I, I don't like Star Trek. I said it. I said it. Okay, listen, I, I, I, When I was younger, I did watch the Next Generation. Jean Luc Picard alone made that show watchable, but at on balance, the overall franchise. I'm not a Star Trek guy. I used to be a Star wars guy, but Disney destroyed that. Like, if you're a star track guy, get in here, let us know. I, I just can't get into Star Trek. I do appreciate what they did for pushing the boundaries on, you know, with, with inclusivity and diversity in the 60s. Like, shout out to the showrunners. Gene Rod, very great, great mind for a big universe. I love good, complicated world building, but I just, I don't know, man. I just can't with Star Trek. The Borg was cool. I like the Borg. Q was all right, but it's just. Thank you, guy named 303. I just. I find it overrated. So there we go. I said it. I said it. I hope we can agree to disagree. Like, I just like the. The live viewers goes down to like a hundred. All right, all right, so if you got some hot takes on Star Trek, drop them in chat. So, you know, people are saying they don't cyber Shin. And Guami says he doesn't like the Chris Spine version. The Star Trek. They did make him kind of arrogant. I. I did like the newer version of it. I don't know, though. Like, in the newer version, they just make Chris Pine's character like the main character. Like, when you take unbelievably reckless challenges and it works out for you every time, that's kind of hot trash. Okay, Shatner, I will say that I do yell con a lot when I'm angry. All right, guys, do me a favor. Let's. Let's reset. Whether you're Star Trek fan or not, we all can say, la la la. Joe Hudson, close your eyes, bob your head, drop the la la la lot. Let's go. By the way, I love. I love. I didn't expect this to happen, but I do love the die hard Star Trek people in Chad who are talking about, like, ultra specific nuances. Like Phil Stafford's talking about the Kobayashi Maru in the interpretation in the new series. I love it. I. I love it. Dude, dude, embrace your passions. Like, I. I will go deep down the rabbit hole on Magic the Gathering, for sure. So embrace it. I just. I love celebrating nerd stuff, guys. I mean, obviously I've got a show coming out celebrating nerd culture, but let's go.

B

World Leaks claims breach of Hungarian firm ransomware group. World Leaks says it breached Hungary's Media works, leaking about 8.5 terabytes of allegedly sensitive data, including payroll records, contracts, and internal communications. Mediaworks confirmed the incident and launched an investigation, warning that using the stolen data could be illegal. While independent outlets reported the leak may include politically sensitive editorial discussions tied to Russia, the group is known as a rebrand of Hunters International and. And focuses on data theft and extortion. Simp.

A

All right, so another threat actor group getting involved. Looks like this one's a little politically motivated. Let's see. Yeah, I mean, there they couldn't. They couldn't verify the integrity of it. So this could be even a false flag campaign. Like, you know what I mean? Like, oh, like, what better way to kind of legitimize whatever the information is in it than to make it appear like it was stolen and released. Dude, the world like misinformation, disinformation, psyops, all of it's crazy. What? So I'm trying to figure out what's going on here. Media Works accusing them of serving as propaganda tools for Orban's Pro Kremlin Kremlin policy. All right, so in Hungary, not to be confused with Hungry Hungry Hippos, am I right? But in Hungary, some of the leaders are pro Russia, some are not pro Russia. So there's a lot of like Game of Thrones chess moving things going on over there. I thought this guy lost. I thought if I wasn't. Hold on. Okay, okay, so this is about hand media empire to Hungary after election. All right, so dude, it gets crazy when you start dealing with like the media. I mean, like, don't even get me started. Have you seen like what's happening with the Warner Brothers acquisition and how, what news outlets and media outlets fall under that banner and how that's all going? Okay? All right, so this, this, this group got hacked eight and a half terabytes. A bunch of information like sensitive files around payroll contracts, etc got leaked. I, I, I don't think it's anything sensitive around like, you know, conspiracies or extortion or, you know, criminal implications or anything like that. So it seems like it's almost tied to the fact that this hungry guy in the media empire and Pro Kremlin just happens to be going on. It's very rare in my opinion, to see like an ideologically motivated, slash financially motivated threat actor. But you know what? If you can make that money while also, you know, you know, and moving your ideological agenda forward, why not? So whatever this is, this is an interesting story, but for practitioners in chat, you know, like, I, I live in the United States, I protect US based businesses that may do some work with Europe, but for the most part, this is interesting, but I'm not taking any action on this today. The one thing that you could take is this is a ransomware threat actor. Guys, it's 2026. Ransomware has been hot for nine years, ever since 2000 early 2017 when North Korea deployed WannaCry. Like, you should be doing all the things, do tabletop exercises, do conditional access, do network segmentation, do privileged access, do all of the things around protecting and deterring ransomware attacks. You've had years to prep for it. Make sure your backups are solid. Make sure the people who use the backups know how to do it. Make sure you know what order to restore things in. Make sure that you have leadership. Clearly understand what the order of operations is. If you get hacked, are you going to pay the ransom? Yes or no? Are you going to call the insurance company? Yes or no? Are you going to bring in third party incident responders? Yes or no? Who are those third party incident responders? If the press calls, if the media calls, who speaks to them? Do you have a position? Like all of these things, you have plenty of time to think through and come up with the plan. Because trust me, when your business is on fire is not. When you want to hold a meeting to talk about what you should do, that is the worst time.

B

Will help. And Screen Connect. Go fish. A phishing campaign dubbed Venomous Helper has targeted more than 80 organizations, mostly in the US using spoofed Social Security Administration emails to trick victims into installing legitimate RMM tools like Simple Help and Screen Connect. Researchers at Securenix say attackers use these tools to establish persistent, stealthy remote access with redundant control channels allowing file transfers, command execution, and undetected lateral movements. PI.

A

All right, I mean, okay, guys, here's the deal. RMM tools, any desk, team, viewer, log me in, Screen Connect, Simple Help, insert name here. There are a ton of businesses that sell product that allow basically it to log into your machine so they can help troubleshoot the problem. So. So instead of asking the end user, can you describe the problem to me? And they're like, the Internet's down. And you're like, oh, my guy, let me just log into your machine and I will take care of it. It's the equivalent of move. And these RMM tools are wicked popular because people have distributed workforces. You could have a sales guy on a plane, you could, you know, people were working remotely. So they're quite popular. The problem is threat actors can use them as well. And since they're fully baked, fully featured tools, all they have to do is socially engineer you into convincing you to let them remote in those. The Indian call scam centers. That's what they use. They use these tools, oh, your computer's infected. Oh, your computer has a virus. Oh, whatever, your printer's not working, let me remote in and fix it. And then they do a bunch of bull crap in front of you and trick you into thinking that your computer zoned. How do they trick you? They send you a phishing email, or they have a popup that says your computer's infected, or they, you know, or, hey, you know, you owe a bunch of money, contact this phone number, and then they they own you. What I would. You want to know something? Like, again, Threat Locker is a sponsor, for what it's worth. Okay. But this is an example where you can put like, say your organization uses Avanti as your remote management solution. You can, it's called Whitelist or Allow List. I think Whitelist is no longer like PC, but you can Allow List Avanti and then deny all other RMM tools, whether they exist today or not. So then when threat, when Threat Actor sends a phishing email and you're, you know, your Carl, Carl falls for it. The tool just won't run on Carl's machine and boom, you win. Okay, the phishing email in this case looks like it's coming from the Social Security Admin Administration. They need to verify your email and download a Social Security Administration statement by clicking on a link. And then the link goes to a legitimate website that is compromised. That's another thing. So you might be like, oh, I would be able to tell if the website's trash. No, they'll actually take down a real website and then use it as criminal infrastructure. Right. And then they open a Windows executable that looks like it's a document and then they are owned. This is a nice little, This is a nice little story here. It's a little bit more complicated than just having them run any helper, some or VNC or something like that. Very interesting. Yeah. So definitely check this out. I will say again, I'm a huge fan of breaking the kill chain earlier in the attack. So educate your end users. You're not going to get an email from the Social Security Administration saying that you need to verify anything. Stop falling for those things. Just stop. Second of all, if you're a malware researcher or security researcher, could be nice to get a sandbox and go follow this rabbit hole, pull down that, the J wrapper Windows executable. Look at it. I mean, it's not really malware per se because it is just a remote management tool. But looking at the kill chain, doing a little bit of up, you know, excuse me, awareness training, showing how this works, how this attack works, could be valuable for educating your workforce. A lot of times people like to see how the magic trick is done, right? If you just. Here's the final thing I'll tell you. If you just tell people, don't click on dumb stuff, people are going to be like, well, I'm not dumb, so I won't click on dumb stuff. As I tell my 14 year old all the time, like, I appreciate that you're not going to get in an accident on your bicycle. Nobody's like, oh, I'm going to go crash my bike right now. But it happens, right? So if you can show them the trick, show them what it looks like. Click, click, click. This is what it looks like. And now your money's gone, right? Personalize the impact of the attack so that I remember it. Thank you everybody for the blessing. And then two, show them the magic trick. I'm telling you, people love to see how it's done. Pretend to be a hacker. All right.

B

Lightning drops credential Stealer A malicious version of Pytorch Lightning on Pypi executed a hidden supply chain attack that ran an obfuscated JavaScript payload after import. The payload was identified by Microsoft as shy worm and steals credentials from browsers, files, tokens and cloud services along with arbitrary command execution. The impact seems limited, but the package has been rolled Back to version 2.2.6.1. Affected users are urged to rotate all secrets. Shocking.

A

All right, we got another supply chain attack here. PI PI, dude. At this point, anybody using PI PI like you should absolutely be checking everything. Just assume, assume it's malware until further notice. For real. All right, so Pytorch Lightning. Never heard of that before. Foreign. Let's see what happened. There's a bunch of different ways that these attacks can happen. You can have a developer account compromise, you can have a project taken over by a threat actor. You can just have a malicious contribution made. All right, so April 30, the supply chain was compromised. So what does it do? All right, Defender does detect this. So, you know, it sounds like that's a good sign. If you're running Defender, other EDR solutions will probably pick it up as well. It is stealing environment files, API keys, GitHub tokens, etc. Which is gross. That means you'll have to rotate keys. Not easy, not fun. I will say if you want to do some tabletop exercises with your developers and your, you know, DevOps people talk through how would you rotate keys? Where are all the keys? People don't do a great job of inventorying keys all the time. You should definitely know because when things like this happen, sadly you have to rotate all the keys, which means revoke existing keys, generate new keys, and then put the new keys in production. It is disruptive and if you don't know where the keys are, you don't know who has permissions to revoke and introduce new ones into production. It's going to be like a Benny Hill show of people Just bumping into each other. So, like, you don't want that. You don't want to be that guy. Okay? If you don't know if you're using Pytorch lightning, They don't have IOCs or indicators of compromise in here. So I can't really tell you how to tell, but I guess I would just say it is used for pre training and fine tuning AI models. So, you know, Carl, unlikely to be using this. But just honestly, guys, at this point, at this point, if you haven't done it, all right, if you haven't done it already, you should absolutely have open lines of communication with the developers and the DevOps teams around Pypy and NPM compromises. Like the fact that this happened, you should have already had open lines. You should already be talking to them regularly about this stuff. So, like, this is just another, like, hey, guys, we see another one, let me know if. If anything bad's going on here, all right? And then do the things that have to happen.

B

News kids can circumvent age checks. Research from Internet Matters finds the UK's new online safety Act AIDS checks are largely ineffective, with 46% of children polled saying they're easy to bypass, using tactics like fake birthdays, a borrowed id, or even disguises like a mustache. The survey of more than 1,000 families also shows 32% of kids have bypassed controls. 17% of parents admit helping do so. Despite the new rules, 49 of children still report encountering harmful content early. Re.

A

All right, I mean, guys, we're at time here. Like, this is like, whatever. This is a. I feel like this is a passage of, you know, not a right of, like a rite of passage. Okay, listen, I'm a parent. I have children. I have controls on my children's technology, and I don't want them to bypass it. But at the same time, like, you know what I mean? Like, it's a game of cat and mouse. If they bypass it and see things they shouldn't, I'm gonna be upset. But at the same time, like, clever, clever. Now the fact that you just draw a fake mustache is hilarious to me. My son, my youngest son, Callan, was walking around yesterday with the glasses that has the big nose and the bushy eyebrows. So that's funny. Another thing that's interesting too is that kids have, like, the best, like, viral communication system. Like, you'll find, like, this fake mustache thing right here. Kids will share this information at school and it'll just go. It'll go viral, man. Age checks are Easy to bypass. I mean, I don't know. I, I, I.

B

Who.

A

Here's the thing. First of all, clever. Second of all, you got to remember, like, what is the incentive and motivation if you're a business that sells a product or has it online and you sell sponsorships and marketing and stuff, how do you, like, make your product more expensive? You talk about how many users you have, how much active usage of your platform is used. So there's a perverse incentive for these businesses to have more users. Now, I'm not saying they're targeting children, but I don't know how much effort they are putting into ensuring that all the controls are doing the best they can to keep kids from getting on the platforms again. It's messed up because socially and societally speaking, you do want to keep children from harmful material. I'm a parent. I want to keep my kid from harmful material. And I want them to have controls to stop my kids from being able to get in there. But at the same time, like, look at Fortnite, for example. Fortnite's a video game. There are tens of thousands, hundreds of thousands of kids playing Fortnite. And I think you're supposed to be 13 or over to play Fortnite. Maybe so. I mean, it's epic. Like, think about how rich epic is making itself by selling cosmetics to children even. You know what I mean? So, like, it's all about money, guy. Great cash, homie. So anyways, this is clever. It's funny. If you can demonstrate this, this, this reminds me really quick. And then I'll, I'll end the show if you're interested. If you are putting in checks and stuff, do these kind of tests. This is fun. If you can show a fake mustache circumventing it, that's a fun, memorable way to show a security control bypass. Just to share one more funny one. You guys know the fingerprint on iPhone or fingerprint to open a door like in Mission Impossible? Back in the day before FITO2 compliance threat security researches, you, you used to be able, like if I put my thumb there, you used to be able to take a gummy bear and, and roll the gummy bear over the fingerprint to pick it up like, almost like Silly Putty. And then you could, then you could take the gummy bear and apply the gummy bear as the fingerprint. That had some, some action back in the day. Oh, my God, what a day, guys. What a brick flair. Let him hear it. All right, guys. What a day. That was the fastest hour. If you Were here for the first time. I hope you enjoyed the show. D.C. and Zeke Daddy or, or zoom zaggy. I can't remember your name. I'm sorry. But if you were a first timer, drop. Drop it in chat. I hope you enjoyed it. For all the regulars, all the long timers. Guys, another banger of an episode. I really hope you enjoyed it. I just want to remind everybody really quickly, where is it? Hold on. Kathy. Where'd you put a Kathy? Oh my God. I. I can't find it. Kathy Chambers. Can I get a link? Kathy's got a show at 9:30 on her pod. She's doing it every Tuesday at 9:30. I don't have the link. I don't know where she put it. But I want to remind Everybody, today at 1:00pm we have a free webinar. You don't have to register, you can just come learn. This is Jessica Hyde, 1pm Eastern Time. Today. Jessica Hyde is an absolute, like, awesome cyber security practitioner. She's a u. S. Marine and she loves giving back mentoring. She knows her stuff, she teaches, she's awesome. She's gonna spend an hour and she's going to teach you how to parse unsupported third party apps on mobile devices. If you want to pick up a skill today, if you want to be better off today than you were when you started, come hang out at 1pm today. You can go to Simp. If you want to make sure you don't forget it, you can go to simply cyber IO schedule. Simply cyber IO schedule. And right here, look at this, we have it where you can get a calendar invite. Again, this is absolutely free. Come to the webinar. Boom. Okay, thank you, Jesse. And here, right here is. This is Kathy Chambers at 9:30am today. AI in cyber security. Very hot topic right now. How's AI coming in cyber? You let me know. I'm gonna drop a link for this too and pin it. AI enemy or friend. I know I spelled it incorrectly, but that's okay. I'm gonna pin this. All right, guys, I gotta tell you, finally get ready because a Jesse Johnson, AKA the cosmic cowboy, is going to be doing some cyber career hotlining. If you have questions, he's got answers. Don't go anywhere. We got you covered. Have a great day, everybody. And until next time, stay secure. I'm Dr. Gerald Osher. This is the cyber career hotline. If you're building a career in cyber security, this show is for you. Let's get into it.

C

Yo, yo, yo, everybody. Welcome to Wednesday. I live in a Different time and place.

A

How's it going, everybody?

C

Welcome to Cyber Career Hotline.

A

The hotline is open.

C

I am your host.

A

Host.

C

Thank you, Dr. Gerald Ozier, for your mentorship, entrusting me with the ones and the twos. My name is Jesse J. I go by the Cosmic Cowboy from time to time online. I'm excited to have all of you for the Cyber Career Hotline. Let's get the chat pulled up. Please drop any questions you have about cyber security, breaking into the industry, maybe leveling up. And if it's an answer, it's a question that I cannot answer. We've got a community of folks that would be happy to chime in and help point you in the direction. Welcome to the party, pal. Z42. Good to see you. I see a lot of folks. Today is Tuesday. Good call. Same here. Phil Stafford. I'm not sure what the day is. It years are like dog years. I say that time and time again, but I think it's true. We just we flying at light speed, the speed of business. Hey, Brian Coyote. Nice tool shirt. Question from Simply Cyber. How am I using AI in my workflows? What is AI? I've heard some things about it. I'm terrified of it. I don't know if it's a friend or if it's an enemy or if it's a frenemy. And so I probably will turn into tune into Kathy Chambers authentically Cyber to figure out how I want to use AI. No, I'm kidding. I use it a lot for automation. I use it for API calls, for helping to put together and streamline dashboard optimization, helping with PKI reporting, things of that nature. James McQuiggin coming in hot with a dad joke. Why do stormtroopers shop at Walmart? They can never hit a target. James, we're kicking gonna be here all week from 30,000ft. Can I pan over to the wolf howling backdrop looks killer. Hey, thanks. I appreciate it. It's a tapestry that I got a while back and I thought it would be cool to to have as a background cosmic cowboy. I live out here in the desert. Drop your cyber security questions there. I see a good one here from our good folks at Barricade Cyber Solutions. How. How you can you ensure you're always learning from either you or your team's mistakes when doing implementation or response? I think the question is asking how can you ensure you are always learning from either your team yourself or your team's mistakes when doing implementation or response? There were no commas there, Eric. So it's hard for me to parse that one, but we got it. Communication and documentation would be my hot Take answers right? Document what worked, our lessons learned, and what went wrong so that you have a record of how not to repeat yourself and how to be more efficient efficient when things do go wrong or you're in the middle of an operation of some kind. Awesome team. Hey Claude, what is a workflow? As Cole07 Funny guy, funny person, funny human there.

A

Yeah.

C

If you have questions about breaking into the industry, leveling up general cyber security music, Feel free to ask Keep it hot, Keep it going Were you live last night? Jesse Johnson over on Slay Cert plus I was so I was live last night reviewing Domain three Incident Response of the comptia. Real quick, I'm teaching folks we're going through a live free study course helping folks slay their cyber security certifications and that is what I've been working on my main project in the last couple of weeks and we go live every day at 2pm Eastern. I went live last night, I think for a little impromptu study session. Here's a good question. Thoughts on using AI to mass apply for jobs? If so, how? In my experience, mass applying for jobs did not work in my favor. I found that targeting jobs that I was interested in or I thought that I could be a good fit in has been my experience and I got told no a lot. I made it to the final interview multiple times to the point where looking at property and houses to relocate the final stage, like inside people saying hey, it's between you and one other person and it's not up to me, but we're pretty sure it's going to be you. Just to get the call that next morning or five minutes later and say, unfortunately we moved on with a different candidate. And so I found that mass applying for jobs when you mass apply for anything, you get massive production results. And what I mean by that is if you have an artist and craftsman who makes one widget and they take six months to make that one widget, it's going to be hopefully pretty good versus something that is commercially mass produced. You're going to get a reduction in quality, a reduction in quality assurance, you're going to get a reduction in potency, right? How strong something is that you're trying to present? And so I wouldn't use AI to mass apply for jobs as much as I would use AI AI to refine where I could be a good fit in my level of expertise compared to the field that I'm operating with the baseline, the gap assessment of myself. And so I personally would never use it to necessarily mass apply, but I think it's a great strategy for refinement and for getting ideas. James Jr. MMA. Hey man, let's go. No, I'm kidding. My wife tried to tie kick me and I put up a good knee block and now she has a massive bruise on her shin. I thought I'd throw that out there. It's pretty funny. Where can I find the entry level GRC positions? LinkedIn always request three to five years. I have seven years as a, I'm guessing as a. Has a. Has operator compliance, but not it. That's a fantastic transition. So one of the things that I would do if I were your, if I were your. In your position is I would put together. You clearly work in compliance. So you understand reporting, you understand frameworks, you understand how to have conversations at the business level, right. With stakeholders where they're in their compliance needs. I would do a mock up, I would find, I would use maybe artificial intelligence and say create me a mock company, company that has a medium level cyber security posture. And I want to do a mock GRC assessment on it, but make it look the final product like you are a consultant making seven digits and this is the results. But you really care this time, right? And so I would do something to show that, hey, I don't have a ton of IT GRC experience, but I understand compliance. Most of the things within our industry, they're in other industries as well. It just happens to be cyber security is the specificity of the, of where we're going. Right. So for me, I would use that seven years as a way to say I've got experience in compliance. Let me show you how I can transition that into it experience. Stay close to Dr. Jerry Ozer and his channel heavy into the GRC. Rj112, rj12 trying to break into cyber security slash GRC. I have a master's in cyber and SEC plus. Excuse me, but no real IT experience. What should I do? Excellent question and a very common question. Something that we see all the time. One of the things I would do is build a home lab and I would do this and you're going to hear this from myself. Dr. Ozier, people that are have been in the industry for a while is you do need to show some kind of hands on experience. And I would get that in one of two ways. Build a home lab and volunteer projects. So, and you put that on your resume or in your GitHub or wherever you have your repo of me, your branding, your I'm the CEO of me. I would build up a home lab. I would start. I would do an install Windows trial, create an active directory, users and groups, join a Windows workstation to a domain, maybe then set up a Linux, use Wireshark, capture some packets, try to hack the system. I would actually spin up my lab in three different ways. I'd either buy an older computer or something that I could use to build labs on. So I'd build a home lab at home with just a. Whatever. It's a computer, right? Virtualize it. I would also look at some free developer accounts in either Azure aws and I would spin up a small organization using infrastructure as code and then I would do it manually in the cloud as well. So you have an understanding of three different technologies. You've built a hands on home lab and now all those security plus questions and all that textbook knowledge can start to be tangible. You're actually seeing the packets flow across the wire. You're seeing when you open up your email server to the wild, wild world of the Internet. You'll see those attacks coming in. You'll start to understand what headers look like. You'll start to understand TCP flags. All of these tested subjects will really start to come to a tangible to come to fruition, right? They'll be tangible for you. You can say, I've done these things. You take that to the next level and do some volunteer work. Doesn't mean that you have to go do full on pen tests or be a sock for the church down the street. But you can go in and say, hey, I am working on. I'm in. You can say you're in an internship. Create yourself an internship. I don't know. You create what you want to be in your head. You want to be a cyber security professional, you start titling yourself a cyber security professional. You start acting like one, you start reading like one, researching like one. Go to a local church. Hey, I'm a cyber security professional. I'm doing an internship right out of college. I would love to volunteer my time doing a cybersecurity assessment on your church. I get it, you might have two outdated routers. But this is a chance for me to build experience and also help you as a service in securing your network. You've then worked in grc. You've got some soft skills that you're building. You do this a handful of times. You've got your home lab as technical ones and zeros experience and now you're going out and you're almost like a consultant and of course you want to be careful of scope. You're not trying to pen test an organization. You end up bringing down the church, down the street. But realistically right come up with come up with ideas to create yourself experience. Then start applying for entry level IT help desk jobs. I totally believe that you can get into cyber by and skip it. But I think it could hurt you because cyber security is a specialization of it, of understanding how it works. You need to at least be able to speak the language. You don't have to be an expert or elite coder, but you do need to speak the language in the IT world right? You have to have an idea of what the heck is going on here. I hope some of that helps man. I hope that helps get you into a direction that you can go. There are so many free resources out there, it's almost overwhelming. Stick with folks like Simply Cyber Tyler Ramsby. Keep your compass pointed in the direction you want to go and don't look back. A guy named 303i don't know if you're in Colorado, but I like 303. We hear it all the time that we need to build our own brand. Where do we start and how do we build a brand when we don't have that experience to lean on? Dr. Jerry Ozier has a simply has a video for that and he also does a course on building your own brand. Let me link that in chat and then I will also tell you how it worked for me because before I was online doing slate security plus here's a personal branding for your career. 2026 dropping in chat. This one you don't want to miss. Find things that stick out to you. I started really simple. I knew that folks wanted to that I needed to take the Security plus at the time I enjoy I was a little older getting into the industry and in my previous life I'd worked in law enforcement. I've worked in a college and so I had understanding of study tactics, how the brain learns, learning strategies. And so as I was studying for Security plus I said you know what? I think I'm going to help others study for Security plus and build a living resume. I say this all the time, call it a brand, whatever you want. Build a living resume. Whether it's a YouTube channel, something that you're continuously and consistently posting the things that you are doing. Having your own brand doesn't always mean that you're the next Simply Cyber or you're the next TCM security. Having your own brand just means that it's a brand, right? It's that hot iron on the back side of whatever your product is. It just says it's yours. It has something that uniquely identifies it as you that you can send hiring managers, HR professionals, people at conferences, you can send them to your page, to your repo and it's, it is uniquely yours. And so I would check out that video that I dropped in chat, start there and then just go for it. At the end of the day, be consistent. Don't be afraid to put yourself out there because at the end of the day I said that just a second ago. We're all trying to get from point A to point B. I think it might have been a LinkedIn CFO or CEO or some three letter C suite. So what one piece of advice and she said be kind to yourself. We are all trying to figure it out and it's true. No matter where you're at on the totem pole, you're trying to figure it out. So be kind to yourself. We got about eight minutes and then I am going to transition everybody over to Authentically Cyber with the one and only Kathy Chambers. Here's I live in a in the middle of the desert on a relatively quiet street and Today Tech Grunt 11G, my Colorado man Jesse Johnson playing a cyber gospel playlist starting with the hit single Don't Stop Configuring. Hold on to that home lab. Oh that's funny. Is that a human made joke or is that a artificially engineered joke? Elliot, that's a Do what makes you happy. Make content that you are excited about and the audience will engage with you because of your passion. Don't chase the audience, let them chase you. Oh, it's gold. That might be what we end on unless another question comes in because that is gospel. All the slay security plus stuff that's just. I enjoy doing it whether I got a following or not, whether Dr. Jerry Ozer talked about it or not, whether I was known at conferences or not. Which I'm not just a guy up on a screen that's helping people break in and enjoying my journey because I love it. Cyber security and teaching and so do things that you're passionate about and do it your way, not for the numbers. I don't care if there's one person that watches my stream or a hundred thousand. I want to give high quality, integrity and value. Be passionate about something. It's contagious. Your passion will be contagious and somebody will want to invest in you. If you don't invest in yourself because you can't. But you're extremely passionate. I promise you, mark my words, if you are passionate about something and you for whatever reason can't find the finances or the resources to invest in yourself, folks will catch on to that passion and they will invest in you. They'll ask you what your goals are. Maybe it's financial, maybe it's with gear, maybe it's a new computer, maybe it's. They'll go to bat for you in an interview of some kind. And if you're passionate, you do the possible, the, the impossible start to happen. I'm telling you. Burke, SSJ, a little bit of lamenting here. Hey guy name 303, I'm in the same boat trying to build my own brand. I made a portfolio website. Going to blog about my creation of a sock home lab. That's a great place to start. That's a great place to start and keep going and consistently show that you're learning, that you're staying on top of, top of what's going on in industry, building that healthy network. It's so cheesy and almost cringe cringy to say because I personally was against. I didn't have a LinkedIn at all. Three years ago I didn't have a LinkedIn, worked in it quietly, worked as a police officer, touring musician, doing all my stuff. Didn't have a LinkedIn. LinkedIn is not the end all be all, but it is a place that you could potentially find value, meet other people. All right folks, we've got about five minutes left. I'm feeling pretty good, ready to answer some questions. Anything about breaking in, leveling up, resume building. There we go. Taekwondong. How does building labs and everything that you're proposing is going to help someone get past the HR filter? So from my experience, and I have to be careful because part of that is a lot of times sometimes I will get hired, cold hire, right? I'll just apply. I'll go through the process like everybody else in a lot of circumstances and the person didn't give me the job, I still got the job. But I might know somebody. Even if it's somebody at that low entry level that says, hey, I know a guy that's looking, that immediately puts you past the hiring filter. Because the HR filter, once somebody get an internal reference from somebody, your name is on a completely different stack than everybody else that's applying. One of the important reasons you build healthy friendships and you contribute, it's reciprocal, right? So don't just think, go get on LinkedIn and chase down people. Hey, can you give me a job? Can you give me a job? Can you give me a job? It's gross. It stinks. Don't do it. But over time you develop and you build professional relationships. And before you know it, when that position opens up at somebody's company, they're dropping Taekwang's name in the ring, right? They're saying, hey, I know Taekwang, he's ready to take this thing to the next level. Let's put his name in the ring and then go, well, we still have to interview people externally. But Taekwang, he's already on his way because he had that internal connection. It truly is a lot of times. But let's say you don't have that connection. You could put it on the resume as work experience. So it's going to look under the experience and you're going to put the actual jobs that you most recently worked. Or you could put experience, you could put your projects and in the description of your project, don't pass it off as real work because that'll come back to bite you. Even if it doesn't right away, it will later and put it in the experience section and somewhere in there say how you demonstrated it in a could say a home lab. I like to say either a virtualized environment, use whatever words that you want, but that's how I would put it in my resume and it's going to come up in the conversation. This is probably a question for everybody out there. Yeah, I'm checking my time. If you want to do CTFs, capture the flags, do you need a VPN and if so, which one should you use? There's so many choices. I was trying to tell around the attack Smarter Beginner Labs. Oh no. So you don't need a vpn. Most lab environments you can use browser based connections or you can download a VPN on your Linux machine, which is really straightforward. I would use Linux and just use OpenVPN. Process on most videos starts at the beginning. If you go to Tyler Ramsby's, I can't remember which one it was but on one of the first few he goes through the whole process of downloading your VPN configuration file. So you don't really need like a paid vpn. If you're doing labs, you know, hack the box, Kyro Sec or sorry hack Smarter Labs, you'll get the option to use your own VPN or they'll usually have a browser based. Provide you a vpn you connect to cyber code brew cyber you only need a client like openvpn. There you go. Phil Stafford making a great point about the comments I was making regarding putting your home lab experience on is it is real work, but it's not paid work. Don't pass it off like you work for a Fortune 500, but don't let some gatekeeper tell you that it didn't count because you didn't get some corpo to sign it. That is preaching to the choir. Get out there, get your hands dirty, volunteer, build labs, do the stuff, be the CEO of you and don't let anybody tell you that it's not work or it's not experience just because some corpo didn't sign off on it. That is brilliant to leave everybody with. With that I'm gonna part ways. I hope all of you had a wonderful time on the Cyber career hotline. I love being your host because the simply Cyber community has honestly been a life changing place for myself and so many others. I'm gonna drop, I'm gonna roll over to Kathy Chambers Authentically cyber. Hope that you guys have a fantastic Tuesday. And until next time, well actually until 2pm Eastern I'll be doing live size of plus study slay cert plus come check us out. We'll see you tomorrow. Daily Cyber Threat brief. Be well everybody. Bye.