A

All right. Good morning everybody. Welcome to the party. Today is Thursday, May 7, 2026. Welcome to Simply Cybers Daily Cyber Threat Brief podcast. I'm your host, Dr. Gerald Ozier, coming to you live from the Buffer Osier Flow studio here in the low country. And if you're looking to stay current on the top cyber news stories while engaging with community like minded professionals and getting insights and education that go way beyond the headlines and definitely not getting it in a classroom, well then you're in the right place because that's exactly what we do here every single weekday morning. I've been doing it for years. Today's no different. So get settled, get your coffee and get ready because we're about to cook. Foreign. Good morning everybody. I hope everybody's had a wonderful Wednesday. We are on the back nine of the week as it were. We got a great show for you today. Now every single episode of the Daily Cyber Threat Brief has a special segment right Monday through Friday, each day a little different, a little special. Thursdays is what's your meme Thursday? Dan Reardon. This guy makes a custom meme artwork, graphic, however you want to call it special for the show. Unique piping hot one of one. It's basically NFTs before NFTs were thing. And Dan's got a banger for us this week. We're gonna see it at the mid roll. Now if you're here for the first time because you know you stumbled in, friend told you you've been meaning to check it out and today's the day you did well, let us know it's your first time, drop a hashtag first timer in chat. I see Sam Crow 7 from the left coast getting up early this morning. Good to see you, Sam.

B

Pro.

A

If you're here for the first time, drop a hashtag first timer in the chat. The hashtag first timer lets us know it's your first time and we are able to welcome you with the John McClane from the movie Die Hard. Welcome to the party pal. Welcome to the party. Because not only is this a new show and a, you know, a threat brief and a live stream and all this other stuff, but this is community and if you're here, we want you to know that you're part of the community. Not some stupid like you know, pledge pro, like trial period, you know, we'll see how it works out. No, if you want to be part of the community, you're part of the community. You have to self select. Cheryl Drifter says that Cheryl Drifter, a first timer who said their teacher made them come here? Well, Cheryl Drifter, welcome to the party pal. And to Cheryl Drifters teacher. All right. Love it, love it, love it. So Cheryl Drifter, good to have you here as our token first timer. Now what you got? Oh, Betsy Kate's first timer. Welcome to the party, Betsy Kates. So what some of you may not know first timers is that every episode of the Daily Cyber Threat Beef is worth half a cpe. A continuing professional education credit. So Betsy, Cheryl, if you have a cybersecurity certification that requires maintenance, usually the maintenance is two parts. One, you have to pay an annual maintenance fee, which is straight cash homie. Straight cash, homie. Unfortunately, I can't help you with that one. That one falls on you. But there's also a continuing professional education requirement. You got to stay current on the industry, take trainings, etc, different ways to get those CPEs. This episode's worth half a CPE every single day. So say what's up in chat, grab a screenshot for a piece of evidence and once a year count those screenshots, divide by two. Now, I do want to let everybody know I've been talking. DJ B Sec has developed a CPE certificate solution. I took it from him and I'm implementing it in my own infrastructure. So he basically developed the, you know, pilot or MVP Alpha, whatever you want to call it, and I'm deploying it in my environment. But if you are a simply Cyber Academy student, you got an email yesterday from me pointing out that there has to be a maintenance window on Friday this week from 1 to 3pm it's not ideal to do a maintenance window in the middle of the work day. But guess what? I don't want to. I'm the boss and I don't want to be up at 2 to 4 in the morning on Saturday to do this. So I've decided the maintenance window is 1 to 3pm on Friday. I have to move my infrastructure, my back end infrastructure, over to cloud flare. So I can't do the CPE thing until I do that. It's a, it's a much bigger, bigger project than just the CPE thing. So anyways, stay tuned for that. We should be good to go next week with the CPE stuff. All right, we got our memes, our first timers, and our CPEs. Marcus Kyler, your digital pastor, getting back in the saddle with the video content creation. Saw that. Love it, love it, love it. Thank you, Marcus. Good to see you back out there. Every single episode of the Daily Cyber Threat Brief is sponsored and I definitely appreciate it because those sponsors allow me to be able to bring this show to you. Every single day. I'm gonna do something a little different. We're going to talk about flare and anti siphon at the mid roll right now. Let's just talk about Threat Locker play that. I want to save Threat Locker. If you didn't know they. Their whole thing is denied by default application security. What does that mean in practice for. For the, for the people who are new to industry. It means when you try to run a piece of software, if it's not already pre approved, then you're not in. Period. It's like a, it's like a bouncer at a club. Are you on the list? No. Get out. You're not allowed in. You're not allowed past the velvet rope. I don't care how many followers you have on Instagram or Tik Tok, get out. You're not allowed. That's application deny by default. It's typically pretty hard to implement correctly. But Threat Locker has cracked the code. They do it on the endpoint for a while and now they're doing it in the cloud. Let's hear from Threat Locker and then we're going to get into the news and then we'll do flare and anti siphon at the mid roll. I want to give some love to the daily cyber Threat brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full, full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right, there we are. There it is. There it is really quick because some of the first timers definitely don't know. We're going to go through eight cyber stories and guess what, Betsy? Guess what, Cheryl. You know how many I've researched and prepped for zero? Ain't nobody got time for that. That's right. I literally don't know what's coming down the pike. So you're going to get my honest reactions, my honest takes. I do the show live. It is a much more wild experience. Not scripted, not AI, not Deep fake. So do me a favor, Betsy. Sit back. Cheryl. Relax, Marcus Kyler. Let the cool sounds of the hot news wash over us in an awesome wave. I'll see you guys at the mid roll. Oh, hold on. I gotta, I gotta do one small, small, small thing here. Bop, bop. Getting the podcast into the right slot so I can do the mid roll correctly. Here we go. Let's cook.

B

From the CISO series. It's cyber security headlines.

C

These are the cyber security headlines for Thursday, May 7, 2026.

A

My guy finds a Google Chrome Google

C

chrome installs Google 4 gigabyte AI model on devices Computer scientist and lawyer Alexander Hampff reports that recent versions of Google Chrome automatically Download a roughly 4 gigabyte Gemini Nano AI model to user devices without explicit consent when default AI features are enabled. He says the file installs silently and can redownload after deletion, and at Chrome's skill scale could generate between 6,000 and 60,000 tons of CO2 equivalent emissions, raising privacy and environmental concerns. Hon argues the behavior may violate privacy laws and calls for an opt in prompt.

A

All right, so this is interesting. I do want to point out that the title of the story says guy finds. I'm gonna, we're gonna errata that. And my guy finds a Google Chrome. So Google Chrome is an incredibly popular browser. Web browser. I use Google Chrome, right? Just, I'm sure others in chat use Google Chrome. The fact that Google is quietly installing this four gig model is problematic. Now, number one, you can't be super mad because you know, anytime you do an update on your Google Chrome, Google is bringing down code and putting it on your machine. So the fact that they're doing this four gig AI model, I'm sure it's, it falls within the permissions of, you know, the, the end user license agreement that you agreed to when you initially install Google Chrome. So I'm not, I'm not going to get mad about that now because, because like, when you install a Google Chrome update, are you looking at all of the things that the update's doing and explicitly approving all of them? No. Now, like, so, you know, installing without consent, I, I push back a little bit that I think you're being a little extreme with the definition of what you need to consent to. Secondly, and I think this part's deplorable, if you remove the model, it reinstalls it. Now that, that you're, you're, you're getting into the, the realm of dubious or what's the word? Where it's like predatory, you Know what I mean? Remember guys, Google. I, I love Google, right? Fortune 5 company, but don't forget they got rid of their tagline. You youngs don't know this, but back in the day Google's original tagline was do no evil. Like literally they were like, where they were like anthropic. Today, you know, anthropic just feels like the people's champion that was Google. And then Google like had to get rid of that tagline because, because they wanted to penetrate into the Chinese market. And China was like, yeah, no problem. But we want to censor a lot of the Google results to our citizens. So if, if you like money, you'll agree to that. And Google was like, ah, okay. So the next question is, what does this AI model do? Is it like data harvesting your things? I don't know. If I had to guess, it's basically doing the Gemini type stuff. The heavy lifting of the Gemini parts on your end device to cut down on load on the data centers, to cut down on load on network bandwidth and stuff like that. So honestly, I might argue that this is a good thing, right? Like, so my, my Gemini is moving quicker, faster. It's a localized AI instance, right? So now you know, four gigs is a pretty big footprint, especially if you're on a smaller device. But you know, let's see, it's the weights for Gemini. Yeah, exactly. All right, so you know, it is what it is. It looks, it sounds like, you know, Google's going to handle this from a PR perspective. Your choice is you can stop using Google Chrome. That's what it sounds like. You know what I mean? Now they, this guy's pushing back that it is considered spyware and it violates European Union privacy directives. The European Union's privacy directives and GDPR are quite stringent and quite well supported or enforced. So I could see that. But in the United States where I live, that we don't really have that so much. They do throw in this like environmental thing kind of as like a, a side dish, right? So like the, the four gig model and the no consent is the, the steak dinner, right? Or the vegetable lasagna if you've, if you've elected for the vegetarian option. But the, the climate damage is, is like the side of like asparagus, grilled asparagus or something like that. They just kind of throw it in there as a bonus. The environmental impact of all this AI stuff is quite real, I think. You know, this show is not climate related or conspiracy theory or any of that stuff. So we're not going to really get into it, but there is definitely some, some impact from a climate perspective. Yeah, I don't necessarily know if you can translate the installation of a 4 gig file on my computer to 60,000 tons of CO2 equivalent emissions. I'm sure there's a formula for that, but it just seems very difficult and very abstract for me to wrap my head around. I do want to point out one crazy thing though. I saw this yesterday and I want to share this. If you want to talk about environmental impact, this blew my mind. People in Utah are losing their mind about this and I get it. Maybe somewhere where you live there is. Oh my God, where is it? Hold on. I'm Sorry, Betsy. And 62 Mile Data Center, Utah look at this thing. Look at this thing. You want to talk? I mean to me like when you want to talk about environmental impact, it's like less about CO2 emission and more about. If you're looking. If you're listening on audio, I'm Google code. Excuse me, Google data center 62 square mile, Utah and look at this thing. This is the proposed footprint. The building is 62 square miles. You, you cannot walk around this building. You, you can't even drive around it without getting like gassed up or like a recharge. There's got to be like a recharge station somewhere around this thing to recharge. Obviously the citizens of this area are super pissed off but like just think about how much like energy this data center is going to take. They're going to have to have their own friggin power, not power station, but like what do they call it? Power plant. So anyways, the climate impact of all this AI stuff is real, but I don't know. Installing a 4 gig file on my machine. Meh

C

Tools Disk app backdoored in supply chain attack Kaspersky reports that Damon Tools disk imaging app was compromised in a month long supply chain attack starting April 8th with malicious updates signed by the developer infecting Windows users who downloaded versions 12.5.0.24.21 through 12.5.0.24 dot34. The malware collects system data and sends it to attacker servers. With thousands of machines across more than 100 countries affected, a subset of organizations received more advanced backdoors capable of executing commands and evading detection. Kaspersky says the attack was highly sophisticated and likely targeted, urging users to scan systems and monitor for suspicious activity.

A

Crypto all right, so this is bad, all you cyber folks, this is really bad. Okay, so this is a supply chain attack, which is normal, right? Like in 20, like I guess in Q2 of 20, 26. Supply chain attacks are so hot right now that Hansel's so hot right now. So what's a supply chain attack? You know, basically it's. Well, a supply chain attack can happen in a bunch of different ways, but the way that we're seeing it quite a bit right now is, is impacting and compromising code or software that is being used in a supply chain. So like, you know, some piece of code that I'm writing or using is getting baked into other software that people are using or depend on. And now you're, you're bringing in malicious functionality. This thing is called Daemon Tools. And I want to say this is a nation state threat actor. Again, when we think about our threat actors, financially motivated threat actors want to smash and grab, right? They want that money. Because guys, think about it for a second too. Like if you're a cyber criminal threat actor, like I, I don't need to spend months poisoning software supply chains. If I, if I'm criminally motivated, I'm sending out a bunch of phishing emails, I'm sending out a bunch of, you have you missed court? And there's a warrant out for your arrest unless you pay this fine. You missed a toll payment or like, you know what I mean, like a ransomware, a company. But the thing is, like, if a company doesn't fall for the ransomware or doesn't pay the ransom, or a victim doesn't pay the fake fine, I just go on to the next victim. There's a million fish in the sea when it comes to financially motivated criminals. So it, from an ROI perspective, it's stupid to spend a month or two working on this elegant hack where like you could have made a million dollars in those two months, you know what I'm saying? So when I see something like this month, long, low and slow, rotisserie style, very, very, I don't want to say sophisticated, but very, very comprehensive malicious package. This screams nation state, right? Okay, so this Daemon Tools is a widely used app for mounting disk images. So right now, right off the rip, it's going to have, you know, kernel functionality, you know, basically being able to interface with the hardware and the software of a computer. And it doesn't say Linux, but if I had it, let's see, it runs on Linux and Windows, but the infected version is Windows only. So a lot of admins will be running it. They threat actors have compromised it. And apparently because they got into the source code and the developers of the of the solution didn't notice. It is digitally signed, which means it looks verified and legitimate. When you install it, it is infected. Unfortunately for victims, including, you know, us, the malware runs at boot time. So this is essentially a root level piece of malware. It runs at boot. So rebooting the computer is not going to solve the problem. You have a con like you, you're going to have to reimage this sucker. Okay, the infected version is Windows version 12502421 through 2434. So at least someone caught it and has removed it from the newest version. Infected versions contain an initial payload that does recon on the compromised asset. Gets the Mac address, host name, DNS, domain names, processes software, system locales. This it like this is a standard recon. Remember threat actors? Well don't remember, but just know that threat actors are sending out tons of malware. Threat actors don't know who is going to download this daemon tools infected version. So one of the first things that they need to do is collect a bunch of information on the compromised endpoints and send it to themselves. So then they can determine did they catch my aunt Dorothea's personal computer, which you know, may not have as much value or did they get a senior developer at Microsoft, right. Or at, you know, insert software tech at Anthropic at open AI. It makes a difference, right? Let's see. It says thousands of machines, hundreds of countries, so they got a pretty solid swipe. It does say that they got retail, scientific, government, manufacturing. Of course they didn't. They don't know who's going to download it, right? They do mention the solar winds attack in here. The so solar winds. If you're looking for an example of a supply chain attack that can have absolutely, absolutely massive, devastating consequences, Google the solar winds attack. There's probably like documentaries on YouTube about it. It is a top three most sophisticated, most elegant, hottest cyber attack in history that Hansel so hot right now. All right, what else can I do here? Okay, most organizations are in Russia, Brazil, Turkey, Spain, Germany, France, Italy, China. Again, you know it. It's spray and pray. So if you do run Damon Tools, you probably don't even know it in your organization. I, I would send this to your IT team and to your researchers. Developers don't send this company wide because you know, Carl and accounting, Carl doesn't know what Damon Tools is. And then you're going to have to answer questions like I don't know, am I running Damon Tool. No, you're not. Like, you never. You don't even know what it is, so you're not running it. So I'd send this to a subset. Again, I recommend meeting like meet with team. Every team is going to have weekly meetings, right? That's like a standard practice. And if you're not like, you know, that's a bad manager. But like every team, your finance team, accounting team, I T team, endpoint team, you know, whatever, the UNIX team, going to have weekly meetings, get into those meetings. Hey, manager of team, can I just be there for the first five minutes and share a little bit of information with y' all and then I'll leave? Every manager is going to say yes to that. Every manager is going to say yes to that. Believe me, this is a good opportunity to do that and bring this information to them. Kaspersky does have IOCs. Let me pull that really quickly for you guys so you'll be able to bring this to that team meeting. I'm going to the. Oh, my God guy. Is this even Kaspersky's page? My God. Indicators of comp. Oh, yeah. Oh, yeah. Look at this. We got a screenshot. Oh, my God. Okay, so they're indicative of compromise are just a bunch of file hashes, which is like, okay, and then the C2 is this explicit domain name. So this isn't bad, but at the same time, this is kind of weak sauce. Again, I'm going to show you really quickly David Bianco's Pyramid of pain. For those who don't know, this is how painful it is to threat actors to modify, adapt. I'm showing the David Bianco Pyramid a pain on stream right now. You'll notice the bottom is hash values trivial to change. And then right above it is IP addresses and domain names which are simple to change. So when we look at the indicators of compromise, and most of them are hashes and then one is a domain name. I look at David Bianco's Pyramid of Pain, I'm like, bruh, bruh. So it's not terrible. Go threat hunting, route these things out if you can.

C

Decentralized finance sector hit by investor exodus. The Financial Times reports that the defi sector is seeing a sharp investor pullback with nearly $14 billion withdrawn after two major hacks, including a $290 million exploit tied to North Korean actors that destabilized open source protocol Aaven and triggered a bailout. The attacks exposed structural risks in interconnected defi protocols, leaving a with more than $200 million in bad debt and pushing the market down to around $86 billion near a yearly low. Iran.

A

All right, I mean, I guess cyber adjacent maybe. So they're saying that there was a big pullback in the crypto market because of cyber attacks. Okay, this is not a cyber story. I don't pick the stories. People. I'm working with DJ B Sec I have, I'm working with DJ B SEC to take, take action on this. Let's say. I do want to say, listen, I think this is a personal opinion. I know Jay Gold. Jay, Crypto has different opinions. I know Charles Finfrock has opinions. I think crypto is an absolute modern day massive, wide scale scam. Okay, I get the idea of decentralized finance and the vision of crypto is sound as a societal exercise, but there's so many criminals involved with it that mostly it's rug pulls. Do you remember NFTs? Rug pull, rug pull, rug pull. Okay, I mean look at, here's just a random option, a random example. This is called Melania Coin. Let's look at the market on this one. Just quickly look at. So if you're listening to the audio podcast, I've pulled up a stock value histogram chart showing the value of a, of a, of this asset, the Melania coin. And now it's current value. This right here is exactly the problem with the crypto space. Do you see how there's a bunch of investment right away, the hype. This is the example of people convincing people to spend their money and then the sharks cash out and this thing goes to zero. Like you can't get a more informed graph of. This is a microcosm of a macro problem in this space. All right, that's enough with crypto again. I'm going to be meeting with the CISO series folks at some point they reached out to me like this. I'll be mentioning this as like, what are we up to here on cyber

C

snoops still larping as ransomware crooks. Rapid7 researchers report that an Iranian state linked group, likely muddy water tied to the Iranian Ministry of Intelligence and Security, masqueraded as the Chaos Ransomware gang to conceal an espionage campaign. The attackers used Microsoft Teams, phishing, social engineering and remote tools to steal credentials, deploy dark comp backdoors and move laterally across networks while staging fake ransomware messages without encrypting files or seeking payment. Rapid7 says the operation was designed to obscure attribution and distract defenders with stolen data ultimately published suggesting intelligence gathering or pre positioning for future attacks. Rather than financial motives.

A

All right, I see people in chat saying, I like. I cherry picked that. That was a meme coin. Some people said bring up bitcoin. Maybe during career hotline or something, we could talk about crypto. I just, I wanted, I guess I just wanted to share my thoughts that I think the whole crypto thing is, you know, 95 criminals running around doing stuff. Look at FTX. What's the other one? CZ and Binance. What's the guy. Unbank yourself. Alex Machunsky, whatever the hell his platform was called. He's in jail, dude. Okay, so Iran still larping. I don't know what. So, dude, real quick, on a side note, LARPing, as far as I know, is live action role playing. These are people standing in a field somewhere dressed up like medieval knights, bumping into each other. My son, who's 14, told me that larping is now a Gen Z term that means something totally different. But what, what happens here? Iran's advanced persistent threat actor, Muddy Waters. Is, Is doing state sponsored espionage operations now. Oh, yeah, the Hawk coin. There's another one. We'll pull that up at the end. Muddy Waters is doing espionage level attacks now. Oh, happy text. We just become best friends. Yep. Space tacos with shout out. Happy teacher appreciation day. Shout out to everyone out there teaching. Thank you for sharing your time, knowledge and wisdom. I'm gonna, I'm gonna include myself in that dimension. Space taco. So thank you for the super chat and thank you for recognizing the teachers. Nice job. All right, so Muddy Waters is Iran. Iran obviously is. I don't know what your definition is, but like, we are at war with Iran. The united, excuse me, the United States is at war with Iran. And if you want to mince words, that's whatever. But they are doing everything within their capability to respond in kind to the existential threat of their country, including cyber. Now here is the attack sequence that they're doing. I, I would imagine. Hold on. Does it say who they're targeting? It does not say who they're targeting. However, Western government and banking networks. Okay, so if you work in finance, you already have a highly increased level of cyber awareness, right? Like usually finance sector groups pay a lot of money for their cyber security teams. Usually people that work in finance are hyperware. I mean, some people in the chat work at a bank right now, so they might have more insight into what the attitude is in general about cyber security at banks and financial institutions, but for the most part, they're usually pretty sound. Western governments obviously this would be quite a target for Iran right now it's including the United States. So if you're working in state, local, federal, listen up. This is the attack sequence and it's unbelievable that someone falls for this. Okay, they're going to send you a Microsoft Teams phishing email. Hey, can we meet on teams? Okay, so no big deal. They do ask you to share your screen somehow. I don't know why you would want to share your screen unless you had something to show, but that's okay. And then, then this is the part where alarm bells should be going off. And by the way, you might want to work this into your own internal fishing your users campaign or use it as a demonstration because what I'm about to tell you blows my mind. Once they get the victim, the Carls and accounting to share their screen, then they get the victim to enter their credentials into a text file, modify their multi factor authentication settings to allow the attacker to enroll a device to authenticate their their account. So they give their credentials and watch the threat actor enroll a device in mfa. At that point, it's game over, man. I mean like you're literally, you're your victim, your Carl, Carl is essentially an accomplice to this attack. Ignorance is not, listen, ignorance is not acceptable. It is our responsibility as professionals, GRC professionals, specifically to eliminate the ignorance of our end users when it comes to falling for a crime like this. Dude, everyone at your organization should know typing their password into a text file and doing anything with multi factor authentication is a bad idea. A like they should have spidey senses going off. All right, educate your end users about this, please. Today the threat actor deployed a remote management tool to further facilitate access. Again, they're probably pretending to be Help Desk. That's what I would say. Guys, just educate your end users, all of them and say, hey listen, if you're ever contacted by Help Desk, this is our process. If any other form of this process happens, it is a problem. This is our process. Our process is, you know, we'll contact you and tell you to you call this phone number or call the help, you know, this official Help Desk number or whatever. Click on this internal link. Whatever. Just God dang. This is so, so common also for practitioners. Best practice, guys. It's called conditional access and behavior based kind of intelligence. You could see this in Microsoft 365 environments. Like listen, if someone is logging in or registering an additional device, like not to say you need to disable their account, but like it should elevate or have a detection for you to investigate. If you see someone logging in from like, you know, this is a classic, but someone's logging in from Charleston, South Carolina and then 15 minutes later they're logging in from Cambodia. That's a problem. That's a big problem. All right.

C

Huge thanks to our sponsor, Vanta. Risk and regulation ramping up and customers expect proof of security just to do business. Vanta's automation brings compliance, risk and customer trust together on one AI powered platform. So whether you're prepping for a SoC2 or running an enterprise GRC program, Vanta keeps you secure so and keeps your deals moving. Learn more advanta.com C

A

All right, all right, all right.

B

Hala.

A

Holla, holla. Thank you all for being here. This is the mid roll. One second. I do want to say thank you all for being here today. Shout out to the stream sponsors, Threat Locker, Anti Siphon and Flare. We talked about Threat Locker at the intro. Let me spend a minute just telling you about Flare and Anti Siphon training. Flare Cyber threat intelligence platform gives you insights and value from the dark web criminal underbelly. We talked earlier about this rootkit Kaspersky infection, right? It gets on your box and the first thing it does is grab all that detail. Mac address, domain names, endpoint usernames, all those things. Well, that's what Flare is looking for. You can look in the Flare threat intelligence platform because they're scraping real data from real criminals and making it in a very easy to access interface. You can find out if your domain has been compromised. You can find out if your CFO's workstation is owned. You can find out these things super powerful. And right now you can check out Flare for free for two weeks. This is not something you put on your devices. It's a SaaS portal. Two weeks is way more than enough time to validate the value of this platform. Many of you in chat have done this. Go to simply Cyber IO Flare sign up. This is not something you can do if like you're just like curious or you're a student or whatever like this you have to, you have to be like a professional working at an organization and, and not a criminal threat actor. They will have to validate and verify who you are and how, what your intent is for using it before giving you access. It's that powerful a platform. This would be an absolute field day for a criminal and they don't want that. So go to Simply Cyber IO Flare for more info. Talk about anti Siphon training. Anti Siphon training is disrupting the Traditional cyber security training industry by offering high quality, cutting edge education for everyone, regardless of financial position. How many of you caught Wade Wells yesterday? Let us know in chat. I. I was all set up to go there and ended up sneaking in a run. I've been trying to prioritize physical health and personal health for myself since I don't take great care of myself and work myself a little too hard. But if you did go, let me know. But let me. Oh, gosh. Elite. So check this out, guys. Next week, dude, Anti siphon training, Simply cyber firesides brings the heat. But anti siphons, anti casts are fire. Wade Wells last week, this week, coming up next week. Elite. Dennis, do you know who Elise Dennis is? Let me introduce you. Not only is she a friend of mine and a friend of the Simply Cyber community, she is a phenomenal social engineer, physical penetration tester. She can convince you to open the door to your house and let her walk right in. She's amazing. She works at Bishop Fox. She's a black badge DEFCON Social engineering village winner, which is an incredibly high honor if you want to learn from a leaf for absolutely free how to build a pretext. If you want to get into penetration testing or you work in pen testing and you want to improve to include physical security. Pen testing, dude. Learning from a master is probably the best advice I can give you. I just dropped the link in this. Awesome. Come check it out. Not only is she amazing at her job, but she is also a super great person. Big fan. James McQuiggin's coming up for Cyber career hotline. He actually introduced me to Elite Dennis. Thank you, James McQuigging. All right, guys, Every single day of the week has a special segment. And every Thursday is. What you mean Thursday? Last week it was my inside of my studio being power washed by the power washer guy. Dan always does a great job. This one has got nostalgia vibes. Ladies and gentlemen. I mentioned earlier in the week about getting a paper route to pay for things. I forgot that paper routes went the way of the dinosaur. So maybe you youngs don't even know what a paper a newspaper is, let alone a paper route. I had one. So, ladies and gentlemen, hit the nostalgia. This is a video game called Paper Boy. Dan has modified it for GRC Boy and there I am on it. So, Dan, love it, love it, love it. Thank you for that custom meme of the week. So good. I love that blue too. That blue is so iconic. All right, all right. Let's get back into the news, guys.

C

Sandbox bug Lets attackers execute code on hosts. A critical vulnerability in the widely used Node JS sandboxing library VM2 lets attackers escape the sandbox and execute arbitrary code on the host system. The flaw stems from improper handling of exceptions where webassembly features can bypass JavaScript level protections and exposed host objects, enabling access to sensitive Node JS internals. A proof of concept exploit is available and users are urged to Upgrade to version 3.10.5 or later.

A

New all right, this is a pretty massive security issue. The I the concept of sandboxing gives us peace of mind that we are detonating malware. We are testing code in a safe space. The idea is that by doing, I mean, usually you use a sandbox to detonate malware, so you can do dynamic analysis on it, but you can also use a sandbox just to test any software to make sure it's doing what it does. And you can kind of control the environmental variables, etc. Now, when you have a piece of software that can escape the sandbox because remember, a sandbox is just code running on a workstation, right? So think of, think of like a virtual machine, like in the cloud, right? A hypervisor needs to manage the VMs. So the hypervisor is running and within the hypervisor there's a VM running. So the VM is not supposed to be able to break out of its VM instance, but it does. It does need to access the hypervisor for system resources. So it's not air gapped. It's definitely not air gapped. It does have connections. It's just when it was architected. It's designed to be ultra secure and not allow those connections to be abused in any way. But unfortunately, sometimes it can be abused. And in this instance, Node js, which is a very, very popular platform, has a flaw that can allow that escaping. Now, what's the big deal? Who gives a crap if you can escape the sandbox? Well, if you escape the sandbox now, I can execute code on your computer, your host system, your workstation, your server, your VM instance. And that is a big problem because A, you're not expecting that or planning on that, and B, it is a much more juicy surface for a threat actor to get. Now, it is being tracked as CVE2026, 26, 956. Let's go ahead and look at DJ B sex EPSS tool. Get some results here. This is. I'm gonna drop a link to this in chat EPSS tool. Thank you. DJ B Sec all right, so it has a nine hundredths of 1% chance of being exploited in the next 30 days. So this is not good, right? You don't want a VM breakout. But, but if you're prioritizing, if you've got 50 problems in your environment, if you got 99 problems like Jay Z, you know, a CVE 2020 626-5956 isn't one. Huh? See what I just did there? Anyways, I wouldn't allow this thing to go long. There is a proof of concept exploit code published. What does that mean? All right, so do you see how it says on DJ B sex tool? It is not part of SISA's KEV list. The KEV is an acronym. It stands for Known Exploited Vulnerabilities Catalog. When a vulnerability gets exploited, it goes up in risk. Because now not all like dude, if your front door is unlocked, if you forget to close your garage door when you leave you, if you forget to lock your vehicle when you go into the mall, you're not getting robbed necessarily. You just have a vulnerability. Now if you forget to lock your car or you forget to close your garage and all of a sudden there's a report that there's burglaries in your neighborhood going on right now, now the likelihood of you getting exploited goes up significantly because there's a known threat doing exploitation. It's the same thing here. So right now it's not really crappy because it's not being exploited, but with a proof of concept exploit. A proof of concept by the way is like basically like a toothless weapon. It's demonstrating that how the exploit can be happened. The problem is when you publish a proof of concept, it is very easy to take that proof of concept and then weaponize it. Especially with AI. So I would expect that this particular vulnerability is going to see active exploitation in the wild very soon. All right. It does impact environments only with Node JS25. So if you're not running that and you have to have enabled web assembly, exception handling and JS tag support. So there is some nuance and conditional elements that have to be in place for you to be vulnerable. Which further in reinforces why the EPSS score is so low. This isn't like anyone and everyone can get hacked. 0 click remote code execution, unauthenticated, you know, field day. This isn't progress. Softwares move it. Back in the couple years ago with clop ransomware going ham on everybody. This, this is a very special set of circumstances that can be exploited now that Means you still got to take care of it, right? Don't, don't let this one go. All right, let's see. Again. This is really for the developers, the engineers, the researchers in your environment. I do want to point out that with the advent or the explosion of AI and AI coding and people vibe coding and all, that the surface of people that would possibly be using these type of libraries has increased significantly, which is kind of gross. So just, you know, I, I would just reiterate to everybody, you know, kind of keep your libraries clean, keep your instances maintained. If you do make a SaaS app for a side hustle, you can't just set it and forget it. You do have to maintain it offline.

C

CISA initiative for cyber ATTACKS CISA launched a new initiative called CI Fortify to help critical infrastructure operators maintain operations during cyber attacks by preparing to disconnect from Internet and telecom dependencies and operate in isolation. The guidance emphasizes network segmentation, rapid recovery and resilience as officials acknowledge that nation state actors like China linked Voltaiphoon may already be embedded in systems and difficult to remove. New Cisco DOS flaw Computer requires manual

A

Geez, I don't, bro. When my computer doesn't respond when I push a button to stop playing the music or whatever, like, I don't know, maybe I have unrealistic expectations, but it's a computer. When you push a button to take an action, it should take the action now. Like what, what, what, what are we doing with delays? I'm like, I'm the Somali pirate from Captain Smith or Captain Roberts or Captain Phillips or whatever that movie was called with Tom Hanks. I'm the captain now. Computer. All right. CESA's initiative aims for critical infrastructure to operate offline. All right, okay, listen, if you work in OT or ICS in chat, please can you holler at me? Aren't these systems designed to work offline already? My understanding was yes, you can use IT connections and infrastructure to take action to modify cyber physical systems. But I thought a lot of the IT was for getting telemetry, checking health viability, all these things. The OT is the one that moves the systems. Yeah, you know, I, I, I just don't know. Like CESA wanting things to continue to operate when they're offline. Here's the idea. The idea is that there's some. Whoa, hold on. We got another first timer. Jonas. Welcome to the party, pal. Welcome to the party, pal. Listen, the, the dream is that or the, the scenario, right? Just. I'm going to use China. Not for fear, Mongering. Or xenophobia, but because China has attacked several US Based critical infrastructure organizations in the last couple years. If you don't believe me, go look at Volt Typhoon. Volt Typhoon as an example. All right, so the idea here is that we get attacked by a nation state and they knock out our energy, they knock out our water, they knock out our communications, they knock out our economic aggro. Pick your critical infrastructure to. You remember when change healthcares got taken down? Healthcare is a critical infrastructure. They wanted to continue to operate because what they're trying to do is eliminate or degr. Or down. They're trying to reduce the impact. Again, it. It all boils down to fundamentals, guys. GRC people. Risk. When we look at risk, this is like day one, hour one, you get your CIA triad right? That's hour one. Hour two, we talk about risk. What is risk? Risk is the likelihood and the impact of something crappy happening. All right? We got that vulnerability. Your car, Your car is unlocked at the mall. What is the likelihood someone breaks in? And if they break into your car, what's the impact? Do you have a gold doubloon in the. In the glove box? Or maybe you have some credence tapes in. In the back, right? Like the Big Lebowski, right? What is the impact if your car, if you. If you listen, if you have a Jeep Wrangler, you keep nothing in it because you don't even. You don't even have, like, doors on it, right? So the likelihood of someone breaking into your Jeep Wranglers, pretty high because it's. It's like, literally doesn't have doors. What's the impact? Zero, Right? Or I guess they could maybe like, sit in your car and like, whatever, Sharpie, the dash, whatever. So you see what I'm saying? Likelihood and impact. So in this instance, if critical infrastructure goes offline, what is the impact? The impact could be devastating. You could lose power. You could lose communication abilities. So they're saying they're. They're wanting critical infrastructures to work through, operating during downtime, explicitly to limit the impact. Now, this is cute, but I want to point out some obvious things. Justin Gold, our resident water expert, points out that water organizations would continue to run. They would lose the remote ability to manage through it. So they'll have to send a guy out or a lady out to the station. This happened in Ukraine when Russia knocked out the power. They had to send a dude out to all the substations and literally flip a switch. Okay? So in some of these more industrial Critical infrastructure organizations, sure it can operate offline. Water will continue to run. I can flush my toilet. Yay. Awesome. Not all critical infrastructures are created equal. Like it. This title is being awfully generic. There's no way like listen, hospitals will do downtime procedures where they continue to write stuff on paper, continue try to administer medicine, etc, but I don't know if critical infrastructure is going to be able to operate like I don't know, communication, right? Like what are we going to send like carrier pigeons and smoke signals? We're going to write letters and inter office memos. Like we're not built for that. So some of these critical infrastructures are not going to be able to pull this off. I do want to point out it costs a lot of money to in like reduce the risk of these type of impacts. A lot of training, a lot of, you know, preparation, business continuity, tabletop exercises, etc. So CESA asking for it is cute because if I'm a business, that's me. Oh look, see, I don't even research or prep for this dude. And I called Volt Typhoon out like literally like this is what I'm talking about. So you can ask me to prepare to run offline but like are you going to give me money? Like if I'm a business that's all about revenue and I have shareholders, right? Like I'm Dominion Energy, right? Which provides power to a lot of the Southeast, right? Like I'm making Money and now CESA's asking me to invest money in making sure that I can deliver energy during a cyber. What do you don't. What are you doing? James McQuiggin is producing off off stream right now. So anyways, TLDR, this is a great idea but but very difficult to implement I will say if you work in critical infrastructure and you've been wanting to get some oomph to help move your agendas forward, your budgets, etc. You might be able to leverage this if your senior management is bought into, you know, best practices, federal systems guidance. There may even be some grant money here for you. But yep, you will reboot.

C

Cisco has patched a high severity denial of service flaw that affecting its crosswork network controller and network services Orchestrator products. The bug lets unauthenticated attackers remotely exhaust connection resources and crash systems, leaving them unresponsive until a manual reboot is performed later. Goat in the Machine says there's no evidence of active exploitation, but urges customers to upgrade to fixed versions, noting similar dos pause have been exploited in past attacks.

A

Arctic all right, so for the sake of time, really quickly. Denial of service attack. It's exploiting the, it's exploiting the resources on this device. Unfortunately, it requires a manual reboot, which means you have to have a person go into the data center and actually physically touch the machine. This could be problematic if you're, you know, it's a remote site or it's at a data center or something like that. This is the crossover network controller and network services orchestrator. So let's see. It can be exploited remotely by unauthenticated threat actors, which definitely sucks. Here's the deal on this one. For the sake of time, I'm just going to say this quickly. Obviously you want to patch this and get this sorted out. Ah, you gotta patch it. If someone does exploit this, it's going to cause an operational impact. If you don't have redundancy in place, it's going to suck for a minute. You're going to send someone to patch it, they're going to say how the hell did this happen? You're going to figure it out that this is the problem and then you're going to have a high priority maintenance window given to you to be able to fix this. So it's not good. I mean, if you're a high volume, you know, trader on a financial platform, you could lose some money. But for the most part, this is annoying. Go fix it.

C

Wolf bends out the pack. Arctic wolf laid off 250 employees or less than 10% of its workforce as part of a restructuring to shift more investment towards AI, including its superintelligence platform and agentic SOC offerings. The cuts impacted roles across sales, product and marketing as the company looks to operate more efficiently while competing in the crowded MDR and EDR markets. There's a broader industry trend going on of reallocating resources towards towards AI driven security capabilities. Remember to join us.

A

All right. Sake of time. We'll just spend a minute on this. I actually Eric Taylor put this in the CIS the Simply Cyber Discord general chat yesterday. I did comment on it, I did read this story. So I don't research or prep for the stories but I live and breathe cyber security and lifelong learner. So like sometimes I've already review. I already know all about the story because I've done it. Arctic Wolf is a big player in the MDR space. I know some people over there, pretty good people. Here's the deal. They laid off 250 people. Most of those people are marketing and sales people. Not engineers, not sock analysts, not whatever. This is a Business thing, really what they're doing is 250 people, let's say each of them made 150,000. I mean $100,000 to make the math easy, right? So that's, what is that, $25 million. So they just freed up $25 million of money essentially, Right? Probably even more than that because of like loaded rates and retirement and health care and all that other crap. But just to make the math simple, let's say $25 million. They're going to take that $25 million and, and buy AI tooling, agentic AI tooling to effectively make their SoC analysts better, faster, more competitive in the market. Arctic Wolf is doing this to stay on pace with other MDR providers in the market. Those 250 people, it totally sucks. It totally sucks. I do want to point out one quick thing. If you look at the stock market right now, and again, I just want to point this out really quickly because now I've got like some semblance of understanding on business because I, I'm a real boy with a real business now. Listen, you know how the stock market's doing better than ever and like the S and P is all time highs and like, you'll hear that repeatedly in the news. The value of a business, especially publicly traded businesses that are on, you know, the stock market, it's how much money are they making? There's two things, assets and liabilities. Assets are good things. That's money. Liabilities is things that cost money. The number one thing on your expenses, when you're looking at your P L, your profit and loss and your value of your company, the number one thing is human labor. It's the most expensive thing at an organization. So when you lay off 250 people, the value of the company goes way up. We're loving it. Meta just laid off 10,000 people. The value of Meta skyrocket. So when you see these layoffs, the value of the company is immediately going to go up because they're shedding tons of expense effectively. So that's part of the reason why this, there's this like, for those who are like nauseous about the current job market and how things are going and honestly, why I have such a dystopian view of the future is is this is why. Because the more people who get laid off and are, you know, supplemented by, by AI the, the value of those companies are going to go up. All right, I, I will tell you, I did reach out to someone I know who works at Arctic Wolf. Some of us Met him at Wild West Hack and Fest last year. He had not been laid off or RIFT as part of this, so he's good to go. But, yeah, it sucks. If you know someone at Arctic Wolf, hopefully they can land on their feet if they were rift. All right, guys, check it. Check it out now. All right, we did go a few minutes over. Thank you all so very much. I appreciate it. If you got value from the stream, please hit the like button. Basically just to let me know you liked it. If you didn't like it, tell me in chat. I want to remind everybody, if you're looking to learn about hardware hacking, which is an awfully niche area of cyber security, we're getting one of the best in the business, Matt Brown. He does have a YouTube channel where he does hardware hacking. He's my guest on Simply Cyber firesides today, 4:30pm Eastern time. Come on down, get some hardware hacking. It's all about good times. If you haven't caught a fireside yet, please enjoy it at Betsy. Betsy's not here. At Cherel. Also not here. So, you first timers, I hope you got value from the show. Didn't think I was a blow hard. Don't go anywhere because we are about to do Cyber Career Hotline. Wait a minute. What? Jerry? Yeah, that's right. Every single day after the daily cyber threat brief, we have an easter egg show. 30 minutes, seasoned industry practitioners bringing you value. James McQuiggin is going to be doing it for us today. I want to tease this out really quickly, everybody. Tomorrow, Career Hotline is going to have a panel and Jessica Hyde, yes, the same Jessica Hyde of digital forensics fame is going to be one of our panelists. So if you have digital forensics questions on career, she's absolutely the person that you need to talk to. All right, guys, I leave you in the capable hands of James. Have a great day. And until next time, stay secure.

B

I'm James McQuigan at. I'm James McQuigan At 35,000ft. This is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it.

A

You are muted. All right, so while we. I could say whatever I want right now. I can make fun of James. I could say anything. Oh, look at me. I'm James. I'm James the Quicken at 35, 000ft. All right, guys. Hey. While James gets his audio sorted out, let me go ahead and premise the show. This is Cyber Career Hotline. You have questions, we have Answers James is going to get sorted out and come on and answer those. I will do it in the interim since we are.

B

Can you hear me now?

A

We can hear you now, James. We got audio too. Put your questions in chat with the queue. James has got you. Have a great show James. Bye bye.

B

All right, well take two on on that so thank goodness for that nerd Dr. Gerald Ozer coming in to help us out there. Good to see everybody. Sorry about the little tech snafu. That's the fun thing of doing live shows, isn't it? Is when you think something's working and you go in and it's not. So all else fails, kick over the microphone to the mic feature and not the fun wavelength that you're using here. So definitely drop in those questions. Good to see everybody. It's been a busy week. I if you caught Wade Wells yesterday on the Anti Siphon Anti Cast session, I had the pleasure of hosting that and had a lot of fun doing that and it was great to. Great to see Wade and, and connect with uh, Bronwyn and a bunch of other folks there and Corey from uh, from Anti Siphon. But also get to. I got to hang out with Elth, uh, who Jerry had on a couple weeks ago and as he mentioned earlier will be having up on the anti side vanity cast next week. She's got that next week as well as another workshop at the end of the month. Both dealing with pretexting and how you have to prep your pretext when you do social engineering. Alrighty, so let's have a look here. Let's bring up the chat so I can see what's going on with everybody. Hopefully everybody's having an awesome week. No, we can hear you. Haha. Okay, great. Thanks Roswell. Let's see. Dropping the questions. Did you hear about the music teacher going into the produce area? Yeah, she dropped some cool beats. Very nice there, Carrie. So Yeah, I'm James McQuagan at 35000ft. Kind of got disrupted there at the beginning, but yeah, 32 decades plus 25 years of experience doing it. Cyber security. Everything from networking databases, a little bit of programming thrown in there, incident response, security awareness. And it's kind of where I developed my passion for and it's one of the great things that I love being here helping out Jerry, doing the cyber career hotline. Always a good time hanging out with everybody. So let's see, any fun questions? Kathy should be calling him, right? Yeah, yeah, yeah, I remember I missed that. I've now made sure that when I and I click on end stream and I look for that, that function. Good thing I didn't do anything weird that day. Someone's got an event down south. Got to get to see you later, Mr. Stafford. So I'm curious, you know, I saw somebody drop in there about Teacher Appreciation Day, Teacher Appreciation Week. Curious, does anybody have a favorite teacher? I know for me, while we wait for the questions to come in, I always like to have a question for you all. Did you all have a favorite teacher? Was there somebody that was important in your life that made a big change for you, that changed how you viewed school or how you did in school? I know for me it was back in the days of Ms. It was Ms. Hansberger and Mrs. Oliver way, way, way, way back when James Wiggin was stuck at ground level, not flying at all. But yeah. So drop in the comments. Was there a teacher? Don't list your third grade, don't say what grade it was. Don't put anything that can be done for opsec. But you know, was there a teacher that kind of made an impact on your life? Give them a shout out, out, you know, so well, here we go. What's this? The Velvet Bandit for James in the community, what is the market view on WGuit degrees for 2026? I've, I've known a bunch of folks to go to WGU and have been very impressed and I believe they've got a high rate for education. Sorry for employment placement that's out there. So, you know, if you're going to be going for your degree, one of the things, you know, whether it's a degree or certification, you know, what is it, you know, what's the purpose for you? Are you at a point where you want the degree so you can get the cert, so you can get the job? Is it something where you need to learn? You're starting at the base, you know, hopefully there you're gonna get when you're in those classes that you get deliverables, you get ways that can help you stand out to the, the other applicants because there's so many of them out there. So I think WGU is good. Jerry will always promote his, his university went to for his master's in his doctorate, North Dakota, I think is what it was. If not he'll jump in and put it in here. But you know, they're. It's important to look at why we want that degree. What is it that we're looking for from that? What's it going to help us with? I won't knock the degrees. It's important. You got to have it. Especially as you start getting into an organization. You want to move up in those enterprise large medium organizations, having the degree will help. So going for somebody's going for their second masters. That's awesome. Good stuff. Let's see. I thought I saw there was another question. Oh, my favorite subject back then was science and biology. There you go. Oh, here we go. Here's a fun one. I have my first interview today for a pen tester. Oh, speaking of pen testing, I can depending if you want to do this when you go into the interview, pick up a pen and go I'm a pen tester. See, I'm testing the pen. Or you get out of notepad and you start writing. See, I'm a pen tester. Yeah. Okay. I'm moving from network security to pen testing. How can I best prepare for this interview and show how I can be an asset to this new organization? Rick Baird 3523 so coming out of network security, going into pen testing. Well, one of the things you bring into it is network security because it's always DNS, right? You know, when there's, there's network problems. You are, if you're preparing for the interview, certainly work on that for that first question which is tell us a little bit about yourself that isn't and Jerry's done the examples and our good friend Bowtie security guy Robert Redstein has gone through and you know, don't be talking about your history. Do it fast, do it in 90 seconds. Talk about a situation, talk about your situation as what you are. I'm an aspiring pen tester that, that's been working in the IT network security field for the last 10 years. We've I, over the years we've been able to reduce network attacks or incidents within the organization by doing X situation, task action results. Those things kind of put into 90 seconds. That's the key thing you want to be able to answer. And if you're not sure how to do it, you give give Claude or Gemini or Chat GPT information, your resume and ask it to help create a star. 90 second response and get that down cold, put it in your own words of course, but get that down cold and get that in your head. When it comes to pen testing, you know they're gonna. There may be a hands on thing but also it's going to come down to it may also involve your professional development skills or soft skills. You know, those are the kind of things we want to be looking at that you can communicate effectively, that you can write, that you've written reports. If you've got pen testing reports that you've done and if you've never done a pen test before, then do a certainly have one in your own home lab and be pen testing there and have reports from that have something that's deliverable that you can show them your ability of doing a pen test and then communicating those results and also what they need to do to remediate the results with regards to that. So good luck with the interview, Rick. Let us know how it goes. But yeah, you want to look to try to stand out, have deliverables, have something you can share with them that can prove and demonstrate your ability as a pen tester. And depending on how they are, just go, hey, look, I'm a pen tester. Yeah, I know. Bad dad joke. All right, let's see what else we got. Good question. Kicking us off here today, seeing lots of fun comments in here regarding that your favorite teacher, Mr. Z in fifth grade was instrumental. I'd go see him until he moved to a new school when I was in high school. I up until I still keep in touch with her. But Ms. Hansberger, she got married later on. But I still keep in touch with her and her husband from time to time. But yeah, definitely shout out to all the the teachers that impacted us this week with for Teacher Appreciation Week, Teacher Appreciation Day day. All right, got another question. I have a second interview with Threat Locker coming up. Junior Cyber hero Chris Zavata. Any advice or pointers? I know Threat Locker, they're based here in Central Florida. Hopefully not sure if they're going to be making you be in the office or you'll get to work remote. But that is always a possibility. If you've got your second interview, Junior Cyber Hero definitely be looking at the job description, be figuring out what questions they may ask you if you're a junior cyber hero. I'm not sure what the that particular job entails whether you're kind of out there promoting the cyber role or cyber security people overall. But you know, when it comes to that, you know, you've, you've made it past the first level so now you're onto the, the second level. You know, ask them what success looks like in 90 days. Have a, maybe even have a game plan in your head of what you can do with this role. If you were to be hired again, have that star plan, have that star statement night because they're going to ask you again. You know, tell us about A little bit about yourself because you could be interviewing with different people. Have that down cold. If you've got examples of the work you've done in cyber security that goes a long way as well. Maybe even drop in the job description into Claude chat GPT or your favorite large language model Olama and have it hit you up with questions just to kind of get you into that mindset of what they may be asking. Cool. Let's see. W yeah, Coach Smith, big time. My teacher WGU grad organizations. Oh I thought I saw somebody make a comment about the pen testing and I can't find it now. All right, never mind, let's keep scrolling. Let's have a look at for some more chat stuff here. I thought I gotta do a shout out to haircut Fish. He did did good today with the GRC cowboy. What cracked me up. I don't think I have it here. Oh yeah, no I do have it. This is good. This showed up yesterday in the. I gotta see if I can share this here. This showed up yesterday. There we go. This showed up yesterday in the Wade Wells's session on Anti siphon yesterday. A good meme of computer to do your thing, you know of Jerry cracked me up. Thought that was really good. Had to had to share that with all of you here today. Ah, let's see. Scrolling through Redeem Gifted Subs Most of the employees of Threat Locker have to be in the office. Yeah, that I did know. Thanks for sharing that Kathy. I do know that that's something that they do want people to be in the office. They kind of. They very much went back return to office RTO for that. So I know that that's always one of the key items if you're in the not sure how it may work with that cyber hero role but that is certainly you want to make sure you're aware of if you're gonna have to be in the office or you get to work remote take. Oh here's a nice. Here's a good tip. Take a small notebook with your questions and you'd be able to take notes too. Excellent tip. Something I've done as well. I always have a padfolio portfolio book notepad with me. I got my business cards in there, extra copies of my resume just in case any deliverables I want to share with them. That is always in there as well that I've got readily ready and available. So yeah, definitely have a notebook be taking notes. Makes a big difference overall. Yeah, I know some of us, we like to be remote. I Know, personally, I'm, I'm all remote now with the work that I'm doing. Three different clients contracts that I'm working on now. One is a visa, one is a visa, one working in human risk management and the other one doing a little courseware development. So that's a, that's a lot of fun as well. So I, I'm certainly keeping busy, but I do like being remote. Going into an office is for me would be a special occasion kind of thing. I definitely like to be something where I work here at home. Oh, there you go. Yeah. And tell them you're an experienced pen tester. Right. Because you pull out your pen. Yeah, no, I can pen test. See, that joke just is never gonna die. That works for me. Let's see. Took me a bit. Yeah. So I'm kind of, you know, it was funny with regards to the meme today, that first job. I know that I remember my first job. I worked in a library. Yeah, library where they have books. Worked and worked as one of those people that would put the, you know, check out people with books, collect the books when they came back in, sort them back on the shelves. Always. Yeah, it was a small library, but it was a lot of fun way back in the day. Way, way, way back in the day. Good high school job. It was a lot of fun. That was my first job. Didn't have a paper route. My brother did that. But not me. I had more fun working in the library with books. It was quiet, it was nice. And then it just kind of went crazy from there. So let's see what. How are we doing on time? You're 9:22. Oh, we got plenty of time here, folks. So I need more coffee. Yes, definitely. Always can, never, can, never, never can have enough coffee. Right. Kathy said no. One other. Let's see any other fun questions out there from folks? Drop them in there with the queue. So it's easy to see that, by the way, next week when a leaf is going to be on the anti siphon, I have the pleasure of being the host again. So if you enjoyed the. What I was doing yesterday, come back and check out Elise next week. The banter was a lot of fun. That's always a good time. Getting to chat with everybody, getting to hang out with everybody, ask questions, learn from everybody and just kind of show that we're having a good time. And then kicked it over to Wade and, and his session, you know, it was interesting. If you haven't watched it, go back and see it because he was talking about how the headlines help us within our organization and even talking about headlines and verifying headlines, you know, we can't exactly believe everything we see. Depending on the source, you know, are they going to have IOCs in there? Especially when it comes to CTI. But the same thing applies with what we're seeing with videos, with deep fakes, with social engineering, the different phishing attacks that are going on. We need to be able to go through and verify, have that trust and verify. Not the trust but verify, but certainly that trust and verify. Let's see, what was this? Remember when we used to go to the library, public library to sign up for a 30 minute intercession Internet session? Moxie. Ah, that brings back some scary memories. Just to date myself, my library didn't have computers. We had computers that we were using to check out books and we had the little wand pen that would read over the barcode and it would knew what book it was and check it out. But we didn't have computers for people to use at that point. We were still back in the old DOS days of running that. But yeah, I do remember when computers started showing up in the library. When would it be beneficial for someone to get their associate of ISE2 instead of the full CISSP? John, I'm going to give you one, I'll give you a cert that you can get from ISC2 besides the associate but get your CC, you're certified in cyber security if you have a degree that knocks off a year. Because with the CISSP you do need five years of experience across the different the eight domains that are there, whether regarding risk management, network security, legal, cloud I think is in their network equipment or that's part of network security. But you've got to have five years of experience. If you've got a four year college degree that knocks off another year as well. If you get your CC that gets you involved and engaged with the ISE2 family. Highly recommend getting that right now I believe until May 20th is the cutoff date. You can sign up and take the exam for for free along with all the training materials. So John, check out the ISC2CC. ISC2.org CC. Great certification to get you started. It's up there with the network plus security plus this one though is from ISE2 and get you in and engaged with regards to getting your cissp. It's fine if you want to get the associate, all the associate does is state that you've passed the exam which if there's an opportunity where they're going to be changing it, which I think they just changed it last year. But if you see that it's going to be changing in the next year or so, then go ahead and sit the exam and that way you have it and then you just have to get the five years experience. Once you have that or you cross that threshold of the four years, then essentially you're just looking to get endorsed and you submit your application for ISE2 to be able to obtain and earn that CISSP. Any tips for taking us online? CERT exam yeah, study no, definitely look at, you know, any practice exams if they're available out there. Look at when it comes to the certs besides the practice test maybe even and the large language models are really good with it. If you got a PDF of one of the CISSP or whatever CERT you're doing, upload that in or it's probably already there. But have the large language model quiz you depending on how you learn will depend on how you study for the exam. If you're somebody that can just read and assimilate and take all the information in, great. If you're somebody, you've got to write it out by hand. You got to create flashcards, write out the definition, write out the what the answer is or the matching or whatever it is. You know, make sure you understand and you know yourself on how well you study. Are you somebody that has to be in a classroom? I am study that. When it comes to things like this, I much prefer to be in a classroom. That way I'm focused on the instructor, on the coursework and, and that's the time to do that. When I'm at home, if I'm studying, you know, reading through a book, my mind wanders and we, you know, look, squirrel, you know, those kind of things. So make sure you understand how well you learn and how you study and then go from there to figure out okay, what kind of questions are out there. Practice tests you can take. The other thing is, is as you're going through a concept, teach it to somebody else when you have to kind of when you have to take in the information and then pass it along. When you're able to essentially teach that to somebody else and explain it, that goes a long way overall. So space tacos. When was the last time you pulled an all nighter?

A

Wow.

B

When was the last time I pulled an all nighter? Probably. When was the last time I did that? Sometime last year I think it's working on. Working on presentations and it was next thing you knew it was three in the morning and it's like, oh, I gotta get on a plane in four hours. So I just stayed up and slept on the plane. So it does happen. Jesse Johnson in the house. Good to see you sir. You know, tag teaming on this. Jesse does this on Tuesdays. I have the pleasure of doing this on, on Thursdays. That is the day today, right? Yeah. Which reminds me, I got to send the dad jokes to Jerry for tomorrow. Will we see more company hackbacks in the future? Ah, Cody Crooks, good question. You know, hackbacks is kind of one of those things that it's a double edged sword. Yeah, you could probably push back on the attackers, but they may just push back even harder depending on how good your organization is. You know, are you in the business of hacking back or are you in the business of defending? Depending on what you're doing. For me, I think a lot of it comes down to, you know, if you're going to sit there and try and hack back against another, you know, attack group, they have a lot of friends, you know, you're just kind of stirring up a hornet's nest, you know, if any of it, rather than wasting the time trying to attack back to a hacker group work, take that, take those resources and effort and put it to strengthening your organization, training your users, educating, maybe more bolstering up some of the different technologies that you can implement to be able to protect. Whether it's, you know, EDRs, ITDRs, whatever it may be, but hacking back it. For me it's a double edged sword. That's my take. There's a lot of other people that will say differently and, and that's fine for me. It's not something that I would be actively doing, but that's me. Ah, there we go, Here we go. Throwback. Remember when the modems connect and get you on the Internet, unless you had USR modems on both ends, then it was quick. Yep, I remember that. Remember the. And then when somebody would pick up the phone in the house and you were on the Internet and break your connection and you were in the middle of a download. Ah, that was the worst. All right, a couple minutes to go. Oh, let's see what we got here. Lots of cues on this one from Carrie. Gemini told me that companies are looking for night people for tier one. And since I have my SEC plus, how do I go about finding companies in my area and also remote for me I would be, you know, if you're finding, looking for comp, looking for companies in your area, if You've got local chapters, ISSA, ISE2, ISACA, computer meetup groups. Check out the meet like go to meetup.com see if there's any cyber security groups. That way you get an opportunity to be able to meet other people. Maybe it's a Google search, look to see what companies are in your area. Years ago we used to bust out the yellow pages. You know, maybe now it's a, a search to see what organizations in the area. But by going to one of the chapter meetings or security meetups, then you get to meet people that are working in those organizations and that can help as well. Overall, ISE 2. Yeah, good point on this one. Yearly fee to remain associate. Yes. If you, if you have your ISE2CC, the, the believe the year AMF, the annual maintenance fee is a lot lower. I think it's only 50 bucks versus the 100 and something I think I'm paying. I can't remember. Oh well, There we go. $50 for annual maintenance for your associates, 125 for other certs. There you go. So it's 50 bucks for the CC I believe as well. So associates CC, either one, you're, you're connected with ISC 2. If you want to get the exam out of the way and you think you can pass it, then sure, go for your associates and then just work on getting the resume beefed up for your four to five years depending if you got that degree or not. Overall, let's see. Got time for one, maybe two more questions. I already have a job in cyber. This is coming from visually xing or visual yixing. Interesting. I like that. I already have a job in cyber and not looking for anything new, but was wondering if I should get the ISE 2cc certs since it's free. I've been in this new role for three months. If you get your company to pay for it. Oh wait, it's free. Never mind. Yeah, I mean depending on what, what you need the cert to do. If you're already doing having a job in cyber, that's great. Where are you going in the next five years and what kind of certification will help you is kind of would be my recommendation. If you don't have anything right now, you have experience and that's huge when it comes to what you're, you know, for that next role, you know, abl always be looking is kind of my role. But basically with regards to certs, you know, is there a cert that's going to help you get further a cc is that Entry level one sounds like you're already there. You could get the CC if you want to wait, you know just to kind of give you something. So get you in that ISE2 family. Sure, that's fine. Maybe it's a CompTIA SEC plus or maybe it's now looking to get specialized. You're going to look at certifications relating to pen testing relating to OT environments or security architecture or whatever it may be. But rather than look at where you are now, look at where you want to go in the next five years and figure out what it is that where you want to go and figure out what search will help you with that overall. Great question. Thank you Visual with regards to that. All right, I think I got time for one more question. We're kind of over the 9:30 hour but I know Jerry came in late. That nerd, Dr. Gerald Ozier. Let's see got time. Let's see if there's one more in here. You guys are chatting it up. I love it. I love that. This is one of the things I love about this community. Everybody helping out everybody. And that's what the hackback's illegal in the U.S. yeah, I think they are but they gotta catch him. You know, so is speeding is illegal, but people still do it. Password. Today is password day. Is it really password day? I had to go look it up first. Thursday, May 7th. Yes, it is world Password day. How about that? Well you guys always know I and it's actually on my, it's on my business cards now. But you know why you can't use beef stew as a password? Well yeah, it's not stroganoff. So there you have it. Yeah, let's see one. I'll take one more question here. Oh yeah, password. Yeah. Passwords now in the future I think now I think a lot of the fact that people are going to pass keys, you know the physical machine to helping with that solely need to get away from you know having passwords. You know where it's your something of a bio feature. You know it, you're I know with, with the smartphones it can do your face scan fingerprints, you know to be able to you're using that, that two factor authentication. We could do a whole hour on password security and yeah for me I, I using a password manager, 40 character passwords. That's common. If I can use 40 character passwords, I'm using 40 character passwords because they're saved in my password vault and I don't have to worry about what the password is. I just log in and I just have that one password which is authenticated by the face or my fingerprint with regards to the phone. Cool. Forest Gump had to change his password. Yeah. Because I hacked Forest Gump's computer because it was one Forest One. Yeah. Yeah. Well, there you go. Bruising hacks just joining us coming in. Dude, we're getting to the end of the show here, but I can't. I'd be remiss if I didn't say that. Folks, you've gotta check out today at 4:30. We have Matt Brown, hardware pen tester coming to us this afternoon. Jerry's gonna be doing that interview. Maybe Jerry will ask him about passwords this afternoon or we can come back and definitely hit him up for that overall. And of course he does have his own site, which is basically YouTube at Matt Brown. So you can go check out some of his videos, get some questions prepped with regards to that overall. So definitely be checking out the hardware hacking session this afternoon at 4:30 with our good friend Dr. Gerald Ozier. I want to thank all of you for throwing me your questions here today. Excited for the panel tomorrow. Tomorrow I will be at Hack spacecon. I'll be there tomorrow and I'll be there on Saturday. So if you're going to be there, come find me. I have my stickers with me. Be happy to give those out to anybody. Come on up and say hi. Excited to see the sessions that there is. Next weekend they'll be at B side Stampa. Next Wednesday you'll see me again on at Andy Siphon, Annie Cast with Elite Dennis. And then also there's. I'm recording a podcast this afternoon with somebody so that'll probably get released next week. Week as well. So awesome. Thank you all for being here today. Appreciate the questions, appreciate everything your time being here. We know your time's valuable. I know Jerry appreciates it. Coming to watch Simply Cyber every day. I appreciate the questions. Enjoyed the conversation with all of you. Had a blast. Always a good time with this community and so have yourself an awesome day. Have yourself an awesome weekend and thanks for stopping by.