A

All right, what's up, everybody? Welcome to the party. Hopefully you're after your turkey Thanksgiving food coma afternoon yesterday. This is Simply Cyber's daily Cyber Threat Brief podcast. It is Friday, Black Friday, November 28, 2025. This is episode 10, 1314 ish. If you're looking to stay current on the top cyber news stories of the day, alongside probably professionals and aspiring professionals in the industry in a very supportive, inclusive and empowering you to be the best you can be at cyber security community. Well, then you've chosen the right place because you, my friend, are at Simply Cyber's daily Cyber Threat Brief. We're off and running on this beautiful Friday. Stay tuned. We got a great show for you. All right, all right. Hey, quick shout out and thank you to DJ B Sec running a rogue daily cyber threat brief episode yesterday. I did catch a bit of it. He did a great job, as always. Top of the morning to you, DJ B Sec. Thank you for keeping the tradition going, guys. I want you to know, holla to all of you. I hope you had a wonderful day. I certainly did yesterday with friends and family and loved ones and just overall good food and good, good conversations, all about good times. Came back to the house and just melted into my couch. It was a wonderful experience. If today is your first episode, let me tell you what's going to go on. We've got eight cyber stories that are current and news piping hot, fresh out the oven. And I'm gonna go through them, each of you. Now, I didn't research or prep for any of these shows. I have no idea what they're going to be. I was actually running late having a conversation with Mrs. Oer back in the house there, and I just, you know, click, click, click, click. Didn't even read the titles. You'll notice I don't have the chiron above my head right now. Ain't nobody got time for that. Ain't nobody got time for that. We're running rough, rugged and raw. Plus, guess what? It's live. That's what's up. Sometimes crap happens when it's live, simple, to the point, but it's real. No AI Slop up in this mother trucker. Phil Stafford. Look at. Look at me. No. No lines, no residual, no deep fake Jerry going on. So, hey, first timers, we're gonna go through it. I do want to say shout out to Margaret. I met a hashtag lurker, hashtag passive observer yesterday, so I don't even know if she's tuned in right now, but shout out To Margaret. We see you over there. If today is your first episode and you feel like being chatty, drop a hashtag. First timer in chat. First timer in chat. We just want to know that you're here. We want to say hi to you. It's not creepy, it's not weird. We're not gonna flag you and do some type of like, freshman hazing thing. We literally just want to say hi and welcome you to the group. We want you to know that you belong here. Good morning. A.A. witherspoon, Justin Gold in the house. Hopefully talking crypto over the Thanksgiving table yesterday. Jay Gold. Guys, if every episode is worth half a CPE of credit. So if you have cyber security certifications and you have to maintain them with CPEs, or CEUs, I think they call it in Europe fancy, then this is one way to get them. This is effectively an instructor led webinar or expert led webinar. My qualifications are, you know, can stand up against scrutiny. So we are able to do this. It's a one hour show, but we say half an hour is content. Half an hours playing Lucy Goosey and, you know, having fun and roughing around with the football in the backyard for half an hour with DJ B Sec. Of course, he's like, DJ B Sec would be like, oh, my God, Cooper. What's that guy's name? Bradley Cooper. Bradley Cooper's character. And Wedding Crashers Sack lunch. That guy. No, no, no, no, no, no, no. That's DJB second the H. The ghetto boys down in Houston dropping that. Oh, my God. All right, guys, we got a great one for you. Every single day of the week has a special segment and Fridays, you know it. Dad jokes of the week. It doesn't matter if it's Black Friday. James McQuiggin, whether he's at sea level or 35, 000ft, is bringing the rib ticklers, the chuckles, and he sent them to me yesterday. We are locked and loaded to entertain and delight you guys. Now, as always, I do want to say shout out and thank you to the stream sponsors, those who enable me to bring this show to you every single morning, starting with Flare Academy. Now, this is not just another cyber security webinar. They are bringing experts in the field to bear on monthly conversations that educate, entertain, and un, you know, unveil interesting topics, especially around the dark web. If you are interested, you can go re catch previous webinars. They have like an ad to Azure A.D. one that's pretty dope. But if you go to simply cyber IO flare. So go put it in your URL browser, your browser of choice, simply cyber IO slash flare and you'll get the most current one coming up December 11th. You know guys, most of your shopping will be done. You know what I mean? You'll be your like seventh holiday party. You're like bra, please no more. Catch this right before lunch, 11 to 12 Eastern. Maybe catch it with your, you know, your Danish if you're on the left coast. But this is a panel. They've got four experts talking about the state of Dark Web. I, I love these type of talks because basically they consolidate an entire year's worth of information into a one hour webinar. And when you do that, you're forced to bubble up only the most salient points, the most relevant ones, which you can then take and you know, ingest it. Assimilate for your own thoughts and ideas as you go into 2026. Isn't it nice to be able to reveal some type of interesting insight in a job interview that you gleaned from a talk like this? Simply Cyber IO Flare. Go check it out. Also want to say shout out to anti Siphon training now. They are doing their Black Friday pricing right now. Hold on one second, I gotta go. This is what it looks like when hosts aren't prepared. I forgot they were running the Black Friday deal. I gotta go into my DMs. Zach Hill. There we go. So listen, Anti Siphon train, this is a little different from what they normally do. Usually it's, you know, very transactional. They are offering Black Friday pricing for 1500 bucks, which is a tall order. But you get one year full of their entire catalog and access to their cyber range. So if you're looking in 2026 to invest and have one spot to do it, they do have quite a collection of courses across, you know, different types of skills within cyber security. Ir, sock differ, offensive security, GRC a little bit. Not as much, but a little bit. Giddy up on that. Worth checking out. Go to sim antisipentraining.com Black Friday 2025 I'll drop a link in the description below. As always, we got Threat Locker. Let's hear from them really quickly. And then it's time to start the face melting. Let's go. I want to give some love to the daily cyber threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations Flying High Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance. Visit threatlocker.com DailyCyber. Idea no idea when the when the ad is running like I actually more often than not I like while the ads are running or the videos are running, I'm racing around doing other things. I'm not just standing at my computer. This particular day I just spilled this giant cup of coffee pretty much all over my situation. So there was a frantic like Benny Hill kind of with paper towels and and whatnot. The show must go on though. So do me a favor as I stand in coffee, sit back, relax and let's let the cool sounds of my hot coffee and these stories wash over us in an awesome wave. Let's go.

B

These are the cybersecurity headlines for Friday, November 28, 2025. I'm Steve Prentiss Microsoft to Block Unauthorized scripts in Entra ID logins with 2026 CSP update Microsoft plans to strengthen Entra ID security by blocking unauthorized script injection attacks starting in late 2026. The update, part of its Secure Future initiative, applies a stricter content security policy to browser based Sign ins@login.microsoftonline Do allowing scripts only from trusted Microsoft domains. This aims to prevent cross site scripting attacks and stop any injected or unauthorized code from running during authentication. External ID sign ins won't be affected. Microsoft urges organizations to test their sign in flows early and avoid browser extensions or tools that inject scripts, recommending they switch to alternatives that do not modify the Entra sign in experience.

A

All right, I mean this does seem a bit complicated. So check it out. If you are did you take that flare training the other day? Then you would know that Entra ID is basically Azure Active Directory. It is how you do authentication for users and resources in the Azure cloud. A lot of businesses have become hybrid, hybrid businesses. So they have on premises, they have Azure Active or they have on Prem and Azure and they are syncing. They're syncing the ads together essentially. So it's one kind of, you know, one kind of data center backend infrastructure. You know, apparent it appears from a user perspective they are hardening the authentication process by not allowing unauthorized script injection attacks. Now a couple things that jump out here. Number one, just as a cyber professional and someone who loves cyber security, this must have, I would assume that this was a problem that they took a look at and got fixed. This, I mean while you can shift left and secure by design, this like, I don't want to call it myth but this like fantasy that developers and you know, tech vendors are going to invest in more, more time before they go to market by introducing security into their products is fanciful and whimsical at best. But, but oftentimes they'll do their best to get somewhat secure and then they'll put it to market and then let you know market discover where the problems are. So I would assume that this is coming from some type of issue. Furthermore, in my macro level visions I, you know, I would assume that threat actors are going to try to discover a way to circumvent this and continue to do injection attacks on the authentication process. Now for you, if you are running it at an organization running Azure or M365 and you have Entra ID as you know, part of your authentication workflows and stuff like that, definitely get, get you know, informed on these details around the content security policy and how it's going to be integrated with the, the login process. Now it says login.Microsoft online.com but I'm assuming this is, you know, the same as login at your domain. You know, insert variable domain here. All right, the new, the good news is this. We don't get this very often but the good news is this should be seamless. Not seamless. This should have no impact on end user experience. Here's the thing, just the more you know, right you guys like I love one of my value propositions. If you've been here a minute, you know this. If, if not. Honestly, it's Friday, a black Friday after Thanksgiving, 100 people in here right now. I'm assuming a lot of people either thought we didn't have a show or they're sleeping in or they're just taking the day off saying eff it. Right? Listen, one of the value props I like to do is go beyond the headlines and give you insights from my career, my experience or you know, DJ Bac, Justin Gold, casually Joseph, etc, like everyone in chat sharing their thoughts and stuff like that. Here's the deal. In cyber security, often times when we introduce control there's a, there's a usability or a convenience factor or like a burden that gets introduced, right? Multifactor authentication is a perfect example. It's it, it adds friction to an end user's login process yet it is incredibly valuable and required as far as I'm concerned. It's not optional. But there's a burden, there's a cost. You have to train your users to get used to it. You have to, you know, fight with them to accept this new level of control. With something like this, we get the extra level of security without the cost of the end user experience suffering. Right. It's just, it's a technical control that's blocking injected scripts. Now we're probably going to have a couple end users who are power users, you know, I'm looking at you, that are going to have some funky chrome extension that does something stupid that they don't really need, with all due respect. And it's going to break that because they did mention you have to stop some extensions that are trying to inject things non maliciously into the workflows. Well, guess what, that isn't going to cut it around here, bud. But those are onesie twosies. Flares up, flare ups. And if you do use some type of injectable extension internally as like an enterprise feature, like maybe, maybe it's something you you cobbled together so your ServiceNow implementation would do something special for you, well then you gotta have a real conversation with the business. And then honestly guys, as a ciso, you're an advisor to the business, so maybe they're willing to accept the risk of a login injection attack because they don't want to give up the functionality that whatever this like fictitious extension I'm talking about does. So remember, we're not the office of. No, we're the office of. You know, here are, here are five options with varying levels of risk that you're going to be accepting. What do you want to do? That's my job. My job is to advise. Which is why I don't think I should own when there's a cyber attack resulting in a massive data breach. I don't think you should put me on the dolly and wheel me out in front of the cameras because I advised you just short of telling you I told you so.

B

New legislation that targets scammers that use AI to deceive. This new bipartisan bill is called the AI Fraud Deterrence act. Introduced by representatives Ted Lieu from California and Neil Dunn from Maryland. It would increase the criminal penalties for committing fraud and impersonation with the assistance of AI tools such as convincing fake audio, video or texts. The total potential fines incurred for mail fraud, wire fraud, bank fraud and money laundering would all be increased to between 1 and 2 million dollars with new language specifying that using AI assisted tools, that carries a maximum prison sentence of 20 to 30 years.

A

Oh my God.

B

While scammers who use AI to impersonate government officials can be fined up to 1 million dollars and spend three years in prison.

A

Oh my God. Okay, so I mean, I mean, did these guys get hammered and then come up with this legislation? Were they getting after it Wednesday night before Thanksgiving, having a bonfire, got the old crew back together. Everybody's come back to the hometown and they're just, they're just wasted and they're like, oh, we should do, we should, we should put legislation. 30 years in prison if you commit a crime using AI. Are you kidding me? That is going to be ridiculous. Like, I, dude, I'll be the first person to get in line and slap a criminal with a rubber hose and be like, you go to jail. But dude, like, come on. Like, I, again, I, I, I like deterring people from using AI for crime. Deep fakes are going to be something already seen. Nation states use AI for orchestration in massive like Red Team campaigns at scale and very quickly. But guys, if you are going to say that the law says if you commit crime using AI, you will get this elevated level of punishment. 30 years. Dude, I think murder, like doesn't get 30 years. And, and guys, here's what I'm saying. Shall we play a game again? I, I don't want to endorse crime. I'm not, I'm the most conformist, law abiding citizen you're gonna find. But like, everything's gonna have AI. To me, this law is like a, like a police state's wet. Oh, I'm sorry, I am out of, I am off the rails today. This is a police state's fantasy. Like, dude, everything's gonna have AI. Like, literally you can, I mean, obviously if I do a deep fake of me and I'm like, oh, Look, I'm James McQuiggin, send me money. Right? Like that's a clear. This is what the law is intended for. But if I'm, if I'm, if I use, if I write an email and Grammarly checks it and then I send it even though I wrote the email, you could say, oh, Grammarly uses AI. You used AI. We can draw the lines and attach it all 30 years. Like, to me, like, this is insane. I mean, I again, I don't know, like, I suck at negotiating, right? Like, spoiler alert. So maybe this is like 30 years is like the opening salva with the idea that it would be negotiated down to something less serious. But guys, these four people right here on the screen, they're all using AI and again, they're not committing crime with it. But I'm just. I don't know, dude. I don't know, dude. I, I will say this, I will say this. I appreciate that the federal government is deciding to actually start doing something about AI and AI misuse and AI weaponization because they have been moving glacially. Dude, chat GPT blew up in 2023. Have you seen any of that legislation yet?

C

No.

A

Me either. So this, at least this is something. All right. All right, Ted, Lou, let's go buddy. I, I will be interested to see how this one goes. Like any of this. Okay, so final thing, like any of this legislation you can get all hot and bothered like I am right now. You can get all hot and bothered about this. The real tale of the tape for me and again it's because I'm old and I've seen this time and time again the tale of the tape is, let's see who is the first person charged with this or, or where this law is applied to for punishment. That's the, that's where the rubber meets the road, right? I'll give you an example that's perfect. Okay. Like two years ago, three years ago, Australia had a massive string of cyber attacks. Like their telecommunications provider got hit, their main healthcare provider got hit, their main like Internet service provider got hit. And if you're in chat in Australia, you'll know what I'm talking about. Like let me know, keep me honest here. And Australia and like the most knee jerk reaction ever passed a law like almost overnight passed a law saying that like any company that suffers a major breach of like some subjective criteria would be. Would face significant financial penalties. Okay, so Australia thought like oh, if we pass a law saying that you can't have data breaches then it, it'll stop the data breaches which by the way is the most wool headed sheep hurting obtuse direction of trying to circum to thwart cybercrime. Anyways, they passed the law and then like a month later or two months later, some huge Australian financial institution gets hit. Guess what happened? Nothing. Nothing happened. That law was not used. So you can keep your window dressing. And again, I'm all about it. Dude. Take that, take the AI and using it for fraud and, and make it a harsher penalty. Deter people, make it a big stick. But let me know when we start using it in, let me know when we start using It. Okay, get back to me when this becomes a law, first of all. And then second of all, when someone like a judge uses the law for some reason, then I will come back and talk to you. And yes, for those who are following along at home, since ZF said sheep hurting. What? I'm in book five of like, I don't know, like 12 books. Wheel of Time series. I'm rereading the Wheel of Time. If you are a Robert Jordan slash Brandon Sanderson fan, you know, Wheel of Time. And without spoiling anything, calling someone a sheepherder is like very insulting to their intelligence.

B

ASUS Firmware patches Critical AI Cloud Vulnerability ASUS has released firmware to address nine security vulnerabilities, all of which have CVE numbers, with 1A Critical Authentication Bypass having a CVSS score of 9.2. These nine numbers are available in the show Notes to this episode. They affect routers with AI Cloud enabled, which is a remote access feature built into many ASUS routers to allow devices to function as personal cloud servers for remote media streaming and cloud storage. According to the company's advisory, the 9.2 vulnerability quote can be triggered by an unintended side effect of the Samba functionality, potentially leading to execution of specific functions without proper authorization. End quote.

A

All right, quick note. I. I'm gonna have to add. So I'm. Guys, I'm going to be updating the soundboard and the. The emote tray for squad members. One that I'm going to add. You know, the. Actually, you. You know what I'm talking about. Actually, you can, you can look for this in 2026. Okay. Actually, and I'm going to have a sound effect of me saying, actually, because I. I've noticed that I do this quite often. He said Samba. Um, as far as I know, um, everywhere I've been, it's called Samba. So again, I, I just want you to be in. If you're in the data center and you turn to someone and you say, hey, like, did you look at the Samba shares? They're gonna be like, what Samba? Okay, Just like. I mean, whatever. So asis, or as we. I've become. I've enjoyed calling them a sus. Like, God, what's that video game that was popular for a minute where everybody gets to say who the imposter is among us, right? Asus has a new multiple vulnerabilities tldr. Ah, you gotta patch it. You gotta patch it. Okay, that's it. Another thing is authentication bypass for. For a. A router that has a. Basically kind of an Internet facing service is bad, right? This is the kind of. The one, yeah. Mirai. I don't even remember how they pronounce Mirai incorrectly. But here's the deal. Internet facing devices, especially like networking devices are. That's. You don't want those to have authentication bypass or remote code execution. Like those are the worst. So this is one that you would like to get fixed. Now this is probably going to be more likely in like soho, small office, home office, you know, your, your, your, your kid in college. Like basically this feature allows you to host your own media so you can access it anywhere. Think of like a Plex server. A Plex server or like kind of a simple NAS device that you can access. Now one thing I like a complete editorial that if you'll allow me here, since there's only 138 of us to flip out about this. They called it AI Cloud. This is the laziest marketing thing I've ever seen. It doesn't sound like it has anything to do with AI except the name, right? It's, it's, it's a, it's a personal cloud that allows you access to your media so you can stream it wherever you are. What, what about. That's AI other than the name. A. You know what I mean? It's like guys, guys. The marketing team said AI is hot. What can we do as far as putting AI in our products? And they're like, we can change the name, sir. It's like, do it. Let's do it. It's the quickest way to get to market. It's just call it AI. All right. Tldr. Scan your external network. You know, scan your network, see if you got this thing there. There's probably some type of, not fingerprint, but some type of scanner, I guess. Scanner, fingerprint that you can find these devices with. So simple as that. If you want make a little video, get one of these devices and then exploit it. Make a little video. Obviously don't disclose exactly how to do it. Be reasonable. AI sus. That's right. Pew Pew.

B

OpenAI cuts off mixpanel after analytics leak exposes API users OpenAI announced that a data breach at its former analytics provider Mixpanel may have affected users of its API platform. Though regular ChatGPT users are generally not impacted. Mixpanel discovered the breach on November 9th and shared details with OpenAI on November 25th. Exposed data includes profile information such as names, email addresses, approximate locations, system details and account IDs. OpenAI has since removed Mixpanel from its systems and has begun notifying affected users and launched broader security reviews of all vendors. The company reports no evidence of impact beyond Mixpanel's environment and emphasizes its commitment to transparency and strong security standards.

A

All right, so supply chain attack, you know, OpenAI had this company mixed analytics or mixed panel that did analytics and the API key got compromised and they were able to pull, what were they able to pull? Profile information including names, emails, location, operating system, whatever. So this information isn't juicy in the sense that they can't log in as you. It's not a, it's not a compromised API key where they can, you know, have you pay for their cycles, etc. You know, operating system, location, whatever. Like this information could be weaponized from a social engineering attack. Like, hey, name. Like, so the email is sent to email address and I say, hey, at name. We noticed, you know, and then in location, maybe you can change the language that the email's in. If it says like it's from Barcelona, maybe you put it in Spanish so it seems a little bit more real. And then you say, hey, you pretend to be from OpenAI, right? Because you know that they were using OpenAI and you offer them some deal and then they fall for it and then you get a 500 Sephora gift card, whatever. Like, honestly, at a minimum, at a minimum for value for you, this is, this is kind of a textbook example of, of how you would deal with a third party breach, right? Just.

B

Huge thanks to our sponsor, Know before. Cyber security isn't just a tech problem, it's a human one. That's why KnowBe4's human risk management platform allows you to measure, quantify and actually reduce human risk across your organization. With AI powered risk scoring, automated coaching and reporting, HRM helps you surface your highest risk users and reduce the risk of data breaches and cyber attacks proactively Ready to move from awareness to action. Request a demo of HRM today@knowbefore.com that is k n o w b e the number4 dot com.

A

All right, let's go. Oh yeah. Don't you forget about me. What's up everybody? We got some hardcore simply cyber community members in here. 155. Honestly, it's the lowest attendance I've seen in three years. But it's okay. I mean it's a holiday. Black Friday. These are hardcore squad members. Hardcore community members. All right, guys, I want to say thank you very much to all of you for being here. Like I said, it fuels my engine, this community. Thank you to the stream sponsors Threat Locker, Flare Academy, Anti Siphon and Barricade Cyber Solutions. Now, Barricade Cyber Solutions is running the Fortify webinar series Fortify365. And you may have missed it because they had one on Wednesday. So if you missed it, don't worry. They're doing it every two weeks and the next one is December 3rd, which is next week. All right, they're not doing, I think last week's one got pushed, so they're back on the regular schedule. So you get a double shot. So just six days away. You don't have to wait 14 days for the next one. Come on down Wednesday, December 3rd. You know your holiday shopping is going to be done. You got Black Friday, Cyber Monday. You're all in. James McQuiggin's handing out gifts early this year. Ten of you getting an early holiday gift from one James McQuigging become best friends. Thank you, James McQuiggin. So for all of you like Roger America and Justin Williams, Ike love King Brown. Love it, love it, love it. Be sure to think, James. Go to webinars.barricadecyber.com today because on December 3rd you're going to be able to learn oh, Microsoft Defender for Endpoints. Now, I'll tell you something right now, guys, I actually run Microsoft 365 and I've migrated to Google Workspace, but I keep Microsoft 365 because I pay for Defender for Endpoint for all my assets. And it's so like to me, it's like the cost of the EDR solution, but I love it. So I'm interested in taking this so I can learn how to configure device groups. Vulnerability alerts, global exclusion, get my my iPhone devices on which I've already done, maybe to make sure I've done it correctly. Incident notifications and auto remediation, that's what I'm talking about. I'm a small business, guys. I don't have time to be doing IR and remediation all the time. If I can automate it. Let's go, let's go. Go to Barricade. Go to webinars.barricadecyber.com today and check it out. Every single day of the week has a special segment and James McQuiggin at 35, 000ft does the jokes of the week on Here we go. James says happy Thanksgiving, everyone. Here are some turkey day jokes for you. How do turkeys travel on Thanksgiving? How do turkeys travel on Thanksgiving? This is a shout out to Carrie and chat via the gravy train. All right, what type of key doesn't actually help you open any doors? What key doesn't open any doors? Obviously a tur.

C

Key.

A

Turkey, turkey, Turkey. All right, and then finally, why was Thanksgiving dinner so expensive? This one. You guys might not realize it. Like hun. As someone who, you know, prepares and executes the Thanksgiving dinner, many people may not realize how expensive it is to set up a turkey dinner. I mean, for crying out loud, it has 24 carrots. Oh, my God. Let it go, lala. All right, stay tuned because we got the panel coming up at the top of the hour. Let's finish the news. Yeah.

B

Cyber issue hits three London councils with shared IT services. The impacted locations are the Royal Borough of Kensington and Chelsea, Westminster City Council, and the borough of Hammersmith and Fulham, which house some of London's wealthiest districts. Some of the services used by these councils share the same IT system, which has now been taken down as a precaution. Representatives say it is too early to attribute the incident to any threat actor or to confirm whether any data has been compromised.

A

Okay, Dartmoo, so this is a. What are we doing here? So this story is like, there's an issue in London. No details at this time. Okay, I will tell you again, there's a reason that you have to stay current on cyber events. Now, I don't think that this is related, but I want to call your attention to something they mentioned. These are the three. Three wealthy neighborhoods in London at the same time. It's not making major news, but I was on a phone call with a guy last week or earlier this week. Jesus. Earlier this week. And there's a. There's actually kind of a protest thing going on in London right now that if you didn't know, I'm sure Roswell UK knows. But look at this. In London a couple days ago, there's like this massive protest where essentially farmers are all pissed off about, you know, things farmers are pissed off about. And they basically took over the city with their tractors. So you can't, like, you can't take a cab or an Uber anywhere because there's in tractors everywhere. I mean, great, great, Anya. Right? But. But there's a protest. There's outrage, citizens. Okay? So if at the same time that this is happening, there is a cyber attack on three of the wealthiest neighborhoods in London, to me, I'm not saying that it's a tr. It's. It's connected. But you're. You have to give consideration to the threat model and Think, Okay? Like, is this a hacktivist attack? What. What are the ttps, Etc? So what do you mean? So I guess DJ B is telling me this protest has been going on for five years. I don't know. It's news to me. But anyways. Yeah, so anyways. I mean, there's nothing. Like I'm trying to make a. A dollar out of 15 cents because this story has got nothing to it. This is like a wish sandwich when you're poor. Two pieces of bread and wish there was something in the middle. I've had a couple of those in my life. So I'm trying to make. I'm trying to make something out of this. Okay, tldr. Make sure when you're doing threat modeling that you give consideration to current trends. Right. Things move.

B

College suffers breach through Oracle EBS campaign. The Ivy League school located in New Hampshire has suffered a breach that has impacted 35,000 people across multiple states as a result of a campaign involving Oracle E Business suite. Dartmouth officials determined that an unauthorized actor took certain files between August 9th and August 12th of this year. With the leaked data consisting of names, Social Security numbers and financial account data exchange online outage blocks access to.

A

All right, what are we doing here? Like, mailing in the second half of the story. So Dartmouth College, Ivy League. I guess I should do this since we have the time. Hold on one second. Since we're. We're having like a chill Friday session here. How do I make this computer make this appear on the big screen? There it is. There we go. There we go. There's. So Dartmouth College. Yes, yes, of course. Dartmouth College hit with cyber. Attacking us, you know, say, very likely to be clop ransomware because it was the Oracle E Business suite or EBS enterprise application that has a gross vulnerability that we've been talking about for weeks. Harvard got hit with the same thing again. No surprise. Harvard and Dartmouth College. Like, I'm not saying you could throw a rock and hit Dartmouth from Harvard, but they're pretty close, right? And they probably share, you know, like, they probably meet up and talk about what they're doing or tech stacks and stuff. So it's not outrageous that they are using this Oracle ebs. What's gross is. And I'm gonna look right now, if this vulnerability was exploited recently, it's a problem. Nope. So August to August 9th to August 12th. Okay, so this is just. I mean, I guess it just shows you, man. It's like a three month. It's a three month, like, life cycle between getting punched in the face and it coming out publicly in some instances with these Oracle EBS's can't be mad at Dartmouth. The patches in the reporting of this problem came out in September, a month afterwards. So I worked in higher education. I can't speak to Ivy League schools because, you know, your boy Jerry went to UMass Amherst like a. Like a heathen, like an absolute plebeian, right? So I went to the state school and, you know, catch me. Catch me at a bar and I'll tell you about some stories from my undergrad years. Definitely not Ivy League. You're picking up what I'm putting down. So maybe they have different situations. But when I have worked in higher ed, it's a lot of. It's a lot of like, oh, we want to share all the information. Let's collaborate. And like, don't, don't, you know, don't put a thumb on me. Like, I need to be able to spread my wings and research, right? So, unfortunately, there's a lot of access, there's a lot of shared data, there's a lot of data stores, there's a lot of faculty and professors who think that their research data is theirs and they can do whatever they want with it, like JG Wentworth. And a lot of them are tenured, which means you can't fire them. And, and they're. They're. They're, like, stuck in their ways on how things used to be and how they're going to be today. So anyways, Klopp definitely did it.

C

Klopp.

A

I don't know, man. I. I'll tell you what, final thing, and then I'll continue on, because this is ridiculous, what I'm about to say. If I was drafting, like, say we're doing fantasy football, except it's fantasy ransomware. Threat actor, and I got the first pick in the draft. I'm taking Clop Ransomware. Like, solid, dependable, methodical. You know, a lot of you, like Dream Logic, Phil Stafford. I see you guys jumping on the scattered spider train. You know, Justin Gold's all up in that lapsis. But I'm telling you guys, clop ransomware, you know, Got it. You got to stick with consistent, you know, nice. Nice and balanced. Okay, let's. Let's not draft cyber threat actors.

B

By the way, Outlook mailboxes. If you have had trouble accessing your Outlook mail recently, you're not alone. Microsoft is looking into an Exchange online service outage that is preventing customers from accessing their mailboxes using the classic Outlook desktop client. This outage started on Tuesday and according to user reports on Down Detector, it also caused server connection and login issues. The outage affected users in the Asia Pacific and North America regions who were attempting to connect to their Exchange online mailbox using the classic Outlook experience. Microsoft has not yet said how many users have been affected.

A

I'm so old when he says the classic Outlook user experience. My first thought was like an Outlook, an Outlook app and you youngs aren't going to know this, but an Outlook application where they. Back in the day they opened up the, they opened up the API for these apps so you could write custom modules, right? You know, like how you can push to send to phishing. Like that's like a custom. But people got out of control and you would have like, you'd open the app and it would just. You wouldn't even be able to see like your inbox or the, the blank Word document because you would just have like 15 bars of functionality pushed down. Do you guys remember that? It just. When he says the classic Outlook experience, my first thought was like it being unusable because you can't see the friggin inbox. Let's see. Well, of course Down Detector is a great resource. Everybody should know about where it basically is. Down Detector is kind of like the ping of online websites and services. So you can see here they're still having some complaining going on. So they have four reports just in the last hour here with server connection being the main problem. So let's see, is there like a live map of where the outages are occurring? New York, New York City. Can I. Well, I guess I can't see a big one. So whatever. If you're in New York today. Speaking of New York, dude, did anybody watch the Macy's Day Parade? It was like 14 hours long. I like fell asleep and woke up and it was still going. I'm like, what are we doing here? All right, so I, I don't have any more information. To me it's not. There's no indicator as if it was a cyber attack or not. I feel like if Microsoft was under legit cyber attack, it would have been like breaking news. Let's see, it's. You didn't really have any. Here's the problem. You didn't really have any true availability issues because you could still access your inbox through a web browser. So the tl. I mean, here's how you know it's not a cyber attack when you, when, when the workaround is just to access it with a different app. That means there's a problem with like, the API calls or some type of, like, underlying infrastructure or code with the app itself. The service is still up, so you're fine here.

B

Security keys may prompt for PIN after recent updates Also on Tuesday, Microsoft warned users that FIDO2 security keys quote may.

A

Prompt Marcus Kyler I'm 100 with you as far as like Macy's Day Parade. To me it's like a screensaver. It's, you know, normally I run the fireplace at the holidays, occasionally the screensaver with the Christmas tree and like the Christmas music going. But Macy's Day Parade, it's like, you know, it's just kind of like it's on tv.

B

To enter a PIN when signing in after installing Windows updates released since the September 2025 preview update end quote this is an intentional change. Microsoft says to comply with Web authent specifications, which quote dictate how authentication methods such as pins, biometrics and hardware security keys should handle user verification requests. Quote they added quote after installing the Windows update of September 29th, you might be required to create a PIN to sign in with a security key, even if a PIN was not required or set during your initial registration. End quote do you use the C?

A

Hold on, I didn't get this. So if, when you update. By the way, just between me and you, I've been holding off on 24H2. Like, I'm like. Or not 2425? Yeah, no, no, I guess 25H2. I thought it was 24H2, but that wouldn't make any sense. I've been doing the patches and stuff, but like, that 25H2 has just been sitting there. I'm like terrified. I was going to wait until the 19th. Honestly, that way, if it dorked up my system, I could. There's no test dev when, when you're a small business, you don't get to do vulnerability management the correct way. You just, you just push it to prod. In fact, I've got the. I have the vulnerability risk. I have the risk policy around here somewhere. It just says hope size 40 font. All right, so here's the deal. If you've already done this, you may be aware getting some calls to the help desk of users being asked to enter a PIN when they hadn't set one up in the first place. My first thoughts right away is understanding what this means from both an end user perspective, but also for IT support. Right? You send an engineer to someone's desk to help them fix it, or you log in remotely to help them fix it. And it's asking for pins and people haven't set pins. So I don't know how you reset a pin. Right? Maybe if you have admin, you're in the administrators group, you can bypass that perhaps, or use your own creds to get in.

C

I'm.

A

I'm just reviewing this because it's kind of a very specific situation. What Microsoft, Microsoft has a setting. Discouraged is the setting name. What? Hold on. I never seen something like that. Hold on. Okay, so like we're deep into the, we're deep into the, the, into the tech manual here. If authenticator becomes available on this client device, you can set it to required, preferred or discouraged. What the hell is discouraged? I wouldn't do that. I wouldn't do that. That's so funny. All right, I'm all in on multi factor authentication and I think the pins are good. The problem is, you know, pins are essentially, if the PIN is all you need, then, you know, you are introducing a new numerical only password which is easy to crack. So you do have to have some other type of authentication mechanism in front of it too. All right, here we go. Ladies and gentlemen, allow me to reintroduce myself. My name is Jerry. Guys, this was Simply Cyber's daily Cyber threat brief podcast. Definitely a renegade. Episode 166 of you die hards here today. Thank you so very much for being here. I hope you enjoyed the show. I hope you got value. I hope you have a great Black Friday get your deals in reminder. I guess if you didn't know, I don't have a cool. I don't have a cool, cool splash page for it, but Simply Cyber Academy is 30 off everything at the academy through tomorrow with code BF30. So it's not a subscription service, it's a one time pay it. So if you want, if you've been thinking about it or whatever, you could purchase the class at a 30 discount and then take it in 2026 when you're ready. We got Daniel Lowry's class in here. We got Tyler Ramsby, of course, the GRC analyst master class, Michelle Kahn's OSYNC course. So there's a lot of great content in here if you're interested. Anyways, we got a jawjacking panel lined up for you in a hot minute. I see some of the panelists in here already, so we'll be bringing the heat to you. I'm Jerry from Simply Cyber. Thank you so very much. Have a great weekend. And until next time, stay secure. Ever wonder what it takes to break into cyber security. Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. What's up, everybody? Welcome to the party. Today is Friday, November 28th. We are kicking it because it's Friday. We're doing panels here at Jawjacking. Allow me to introduce your panelists for today, and if anyone wants to join the panel, just let me know. You have to be on camera. You have to have a microphone and all these things, but, you know, I can get you the. The. The links. Ladies and gentlemen, our first Secret Santa, Daniel Lowry. Welcome to the party.

D

What's up, Jerry? Good to see you this morning, brother.

A

Oh, my God. Are you all right? Did you go hard last night in the pain?

D

I don't know what happened, man, but I feel like a bear that just came out of six months of hibernation.

A

All right, Daniel Lowry, I love it. Good to see you. DJ B Sec, what's up, dude?

C

What's up?

A

Good to see you. Thanks for running the show yesterday. How was your experience?

C

Hey, I think we had about the same amount of people, about 100 people yesterday.

A

Oh, right on. Very cool.

C

Just got to run it and have some fun with it yesterday, so I love it.

A

Well, in a while, as always, y', all, very simple. Ask your questions in chat, and we, the panel, will do everything within our power to answer it to the best of our ability. Cyber questions. It is holiday time, so if you want to, you know, ask fun questions, like, you know, is there a Black Friday deal you're excited about or did you buy something or whatever? We can certainly get into that, but we're off and running. I'll open it up really quickly. Daniel, how was your Thanksgiving?

D

It was really good. Really good. We ate turkey, you know, got stupid stuffed and walked around with bellies bloated out, as you should. And, yeah, had to undo the first. First notch in the old belt there. And we had a little pickleball tournament with the kids outside. It was a lot of fun.

A

Oh, nice, dude. Now, was there monster energy at the table?

D

No, I do monster energy one time a week, and it is Fridays at Cybercast irl.

A

I didn't realize it was that special. DJ B Sec, I did refer to you as Bradley Cooper in Wedding Crashers earlier today. Sack lunch, how was your Thanksgiving?

C

That was restful. Restful. That's. That's what I'll say is restful.

A

Okay, there we go.

C

Over to the parents, hung out, had some food, watched. Watched some football. Getting ready for today's big game. UT versus A mic.

A

Okay, UT A and M. What time's kickoff?

C

That's 6:30 tonight.

A

All right, so 7:30 in the correct time zone. Is that what we're saying?

C

No, 6:30 in the correct time zone.

A

That's right. Okay. Yeah, the eastern time zone for those who are. Are following along at home. All right, so let's look at chat. Here's Keith Sloan. Have any of you worked I. T. And retail and experienced outages because of crazy deals? That's a good question. I have not worked in retail, but I've been. I've been. I can't remember any of the details, but I feel like I've been the victim of trying to buy something like. Like. Like tickets for a concert and. Or like secret layer magic, the gathering cards. And like, you basically snipers and sniper bots take all the. Take it all and then put it on the secondary market. And that pisses me off.

C

Yeah. Doesn't that. Isn't that crazy how, hey, it's gonna go live and all the tickets are gone two seconds into it. Like, what the hell just happened?

A

That was the case with Shmoo. Con has. They call it F5 day, but there's a cyber conference. It's. I think this year's their last year. Last year was there last year, where they only sell so many tickets and they go live and you have to, like, buy them at that moment. And that one. That one goes pretty quickly as well. I actually got to go to Shmoocon in 2011, but they basically threw me a bone. Like, I contacted the conference organizers and I was like, if anyone cancels, can I have a ticket?

C

And they're like, I hadn't been in it retail, but I'd say this sounds like a. A DOS attack. A denial of service. So many different people doing something at once.

A

Yeah. Yeah. Denial of service attacks can happen. Not maliciously. Right.

D

They call it the Reddit hug of death and that kind of thing.

A

Yeah, exactly, Exactly.

C

All right, so overloading the systems.

D

Yeah.

A

Did you cook for Thanksgiving, or do you think that's women's job? I don't know. At user. I mean, I'll say it. You know, there's a pretty inclusive community, but I don't really have role designations for certain things. But we actually went to a friend's house, so I actually went to a really fancy bakery in town and bought a. A cheesecake that they made. So I didn't really cook anything. I did pour beer. So, I mean, I. I did produce a beer into a cup that was.

D

I just want to create an animation of, like, the world's worst, like, misogynist who's just like, I refuse to eat still.

A

If some woman gets in that kitchen. Yeah.

D

It makes me some food and it's just emaciated and dying.

A

Yeah.

C

I'm sitting here thinking to myself, it seems to me like most guys actually cook the turkey or smoke the turkey.

A

Or fry the turkey or do something like that.

D

Yeah, guys really enjoy cooking. Like, it's fun.

C

And it's like, we were already talking about Christmas. Like, what are we gonna do Christmas? So we're gonna do a brisket. Are we gonna do prime rib?

A

How do you say that? Like, as soon as, like, it. Literally as soon as I woke up this morning, the very first thought in my mind was a rib roast. I'm like, oh, like, oh, yeah, like Christmas. Right around the corner. I'm gonna be able to do a rib roast. Rosemary, gm, some garlic and butter in there. Let's go. Right.

D

There's a reason Traeger Grills is like a billion dollar industry.

A

Exactly. All right.

D

Women ain't out there buying them, that's for sure.

A

Escol07 says, Is it off putting or would I lose credibility during an interview if I let the interviewer know that I'm using Google Doc to guide me through the interview and take notes? So I was with you right up until. So I wouldn't say guide you through the interview. I mean, I personally always brought a notebook with me to interview because if they asked me, like, a scenario, complicated question, I would actually, like, jot down, like, key things so I wouldn't have to ask them to repeat something or confirm something or if there was like, multiple parts to the question, like, you know, you have this situation, what would you do and why would you do it and what would you tell them? So then I would say, okay, there's actually three questions here. Let me make sure that I address all three. To me, that's how I did it. I. I've been employed multiple times. So, like, it's. It's never been held against me. As far as guiding you through the interview. I'm not, I'm not sure about how that that would work, but I don't think it's a problem. I don't think you need to tell the interviewer that you're doing it at all Anyways, if the interview has issues.

C

With that they'll probably want you to be in person anyway.

A

Yeah. Yeah, I. I think. Go ahead, Daniel.

D

Yeah. So one of the main things that you're doing when you're in an interview is. Is like, you're being you. They need to see who you are.

A

Yeah, right.

D

There's nothing wrong with having, like, some bullet points of things that, you know, you don't want to forget to talk about or bring up during the interview. I need to make sure I discuss this. Talk about X, Y, or z, totally fine. But to that what? The way you worded the question makes it sound like you're going off some sort of script.

C

Yeah, this.

D

This is. This is a no bueno, right? That's what you don't want to do, and you sure as heck don't want to tell them I. I'm reading off a Google script right now.

B

That's.

D

That's something you want to stay away from. Bullet points. Totally cool. But be you engage, have a normal conversation with someone. Explain why you're passionate about the job. Don't just sit there and kind of like, be like, interrogated. Necessary. You want to have a conversation. Right. So back and forth, have questions ready. Anything that can. That a question that comes into your mind. Yeah. Write that down. And that way, like, kind of, to Jerry's point, you don't forget to bring that up and go, hey, you said something about this, man, I'm, you know, I cannot wait to get my hands on that technology. I can't wait to be able to help in that area. I'm really passionate about that certain X, Y or Z thing. This is a conversation because they're interviewing you not just so much, not just for your skills, but for you as well. Do you fit here? Are you gonna be cool? Like, we. We don't really talk about that kind of thing a lot, but that's the truth. I don't give a dang what you say. People do not want to hire someone. That's going to be a problem personally, right? To where you just personality clash with a bunch of people. And you don't want to do that because then you got a quick turnover and it's weird on your resume. It's like, oh, so what. What was the purpose of this quick turnover here? Well, you know, and, well, it didn't work out. How come now you got to explain that, right? That's not something you want to get into. Well, I don't know legally, if they can ask you too much about why you were let go or like, Daniel.

C

Makes like the, the biggest point Daniel makes there is it's a conversation. You got to make sure that's a com. Like, don't just sit there and wait for them to ask the questions, converse back and forth.

A

Yeah, it took me a while to get my head around this one, and I think it's because I got older and age dynamics and stuff, but for me it's easier said than done. But when you enter the interview psychologically, don't think of it as like a superior and a subordinate power structure. Right. Yes, they have the job that you want, but like see them as equals. I, I almost. The way I do it now, again, it's easier said than done is, I mean, don't be an arrogant prick or anything, but like walk in there like you're, you own a consulting business and you're talking about whether or not you want to consult for them. Now the consulting will be full time, 40 hours a week with benefits and stuff like that. But if you enter it kind of with that mindset of like, okay, hey, like, how can I help you solve your problems versus like, can you give me a job? I, I think you might find yourself thinking through more of a conversation perspective instead of trying to answer the question and make them happy. Right. Like that's, that's, you don't want that really quickly. Rhonda Rummerfield, because you mentioned Traeger and, and you know, men cooking, everything. Rhonda said she's got rec tech and uses it all the time. I, I had to google this because I hadn't heard of rec tech, but.

C

That'S my, my brother in law. I think he has a rec tech.

A

Yeah, there it is. Rhonda Rummerfield out there. Is this a smoker or.

C

Yeah, it's a, it's a pellet smoker.

A

Nice. It looks good. It looks good. I like solid wheels on it too.

D

I was speaking generally.

A

All right. Hey, no one's canceling.

D

Let's nail you in.

A

I, I could prove you wrong. I love Ron.

C

Much love.

A

Let's see. Keith Sloan says I'm working on a presentation for work. I know Jerry has a picture of the audience picture, but what do you guys use to help you remain natural on camera? Oh, yeah, I don't even use that picture anymore. But. So he's given a remote or virtual.

C

Who says we're natural right now? Yeah. Right.

D

This is a complete facade. In real life, I'm more like a robot.

A

Yeah, well, I mean, Tyler Ramsey claims to be introverted. Right. And he, he's presenting all the time. So do you guys have any way to stay calm or cool or natural when you're presenting on camera? By the way, talking to a camera takes a lot of getting used to. By the way. It's. It's not normal. Go ahead.

C

For me, in all reality, it's a lot easier because there's nobody looking back at you.

A

There you go. They're not giving you faces.

C

You're not like, oh, I need to, you know, see everybody in their underwear type of thing. You're just talking like, that's it.

A

Yeah. What about you, Daniel? How do you stay?

D

For me, honestly, like, getting used to talking to the camera was difficult because I wasn't gauging how loud I was speaking.

A

Right.

D

Because there was no one to gauge it against. It didn't seem like they were like, hey, you're screaming at me, or like, like, oh, I'm sorry, I can't hear you. So it was difficult to get the projection in my voice off the get when I first started doing this kind of thing. Other than that. Yeah, you just. You just talk like it's just a person. We used to put googly eyes back at it for two. We put googly eyes on the camera because we get contractors in there and they would not look at the camera at all. Right. It was like, the camera is right there. You need to look at the camera. There's a person in the camera. You gotta look at them. So we put eyes on the camera so they feel more comfortable about looking at it.

C

I would say the other thing is depending on what you're doing and how much you're doing, it would be that you get a. A teleprompter that allows you to put like people up in front of you.

A

Yeah.

C

Because then you can look directly at it. So you're looking directly at this. Like I have teleprompter here directly at it. And the camera's behind it. You don't see the camera, but you see whatever you have in front. Like for instance, I could take Jerry and Daniel and put them right in front of here so it looks like I'm talking directly to them while I'm. While I'm looking at it.

A

Yeah. And so the Elgato, just to get into actual product, the Elgato teleprompter is actually very good. I own. I own. I own two of them. I have one at my in law's house just so I don't have to truck gear up. And then I have one over here.

C

They actually just came out with A new one, too. A bigger one.

A

Did they. All right, well, look. Yeah, go ahead.

D

They're not too difficult to build. You just need, like, a piece of glass that's big enough and a monitor. You take a big monitor, you lay it down, put the glass, and then some black muslin cloth, you put it around your camera, and you can stick it right in front of you. And it'll project. Everything will have to be reversed because it'll be a reverse image. So if you're trying to read something or anything like that. But they're. They're really not that difficult to build out of some wooden glass.

A

Yeah, they're awesome, like, for. For the. Putting the person on the screen. But I will also tell you, I have. I've done this before, too. Okay. So I. I do a lot of presentations and sometimes I don't have a lot of time to prep for it. So if you. This is like a really specific use case. But feel me on this one. When you do PowerPoint presentation mode, you can do the one where you get to see your notes. And then there's. The other screen is like the. The display that people see. You guys know what I'm talking about. So I have. I have done it before where the projector is showing my notes and the presentation is being seen by everybody. And I've got, like, very detailed notes. So I'll. You know, it looks like I'm just, like, crushing it. And in reality, like, I didn't prep for this talk, but all of my notes are right there. And I'm like, oh. And another thing that you must give consideration to is, as said in the, you know, bleeping computer report of April 2019. And then people like, oh, my God, like, how do you pull all these facts? I'm like, preparation, I suppose. And it was really preparing the PowerPoint. So it's it. But you never look away. You're never looking down at your notes. You like, your notes are hidden in plain sight. Also, since. Since we have it right here within arm's reach, if you want, you can always get one of these, right? And you can put that right in front of the projector, and then you can look at Zach Hill every time. Also an option. Permanent fixture in my office. All right, great questions. Is there any way. Here we go. Electro, Char or El? I don't know how to El. Terry Charles, you can do it. Is there a valid way orgs can defend against Quantum in regards to encryption? I was asked in a GRC interview, and when I couldn't Provide any options. I wasn't moved on to the next round.

C

Okay, that's a crap question because that's not even feasible right now.

A

Yeah, I mean, maybe they wanted to see how you were thinking about it or if you did anything. I mean, I do find that that's like an asinine question.

C

Let's get this guy out of here. Question.

A

Yeah. So I mean, let me answer the question as best I can. The answer is NIST has quantum resistant encryption algorithms that are approved right now that you can implement in your organization. You will run into challenges where the apps you're using cannot support those quantum resistant encryption algorithms. So good luck with that. And then thirdly, you can be like, what secrets are you guys running around here that you want them? Resistant encryption.

C

You have a quantum computer.

A

Yeah, yeah.

D

Can I see it?

C

Where is this at?

A

What do you play Battlefield 6 on that thing? Then you're getting high res. So anyways, yeah, I think that that's a jerk question. Okay, Chris Kahal, has anybody used KEA dhcp and are there good tips for documenting it? So DHCP is dynamic Host control protocol. It's like basically how you get IP addresses assigned on lands. I don't know what the hell KEA is.

C

Is KEA like a key vault? What is ke?

D

It looks like an organization or something. It's an open source implementation of the Dynamic Host Configuration Protocol developed and maintained by the Internet Systems Consortium isc. Designed to be a successor to the older ISC DHCP server which reached end of life in 2022.

A

What? I didn't even realize. I mean, DHCP is just kind of like baked into a router. Like I don't even think about it.

D

Yeah, it's just a protocol, but kiarke seems like it's a, it's a server. Yeah, it's just an open source server for dhcp.

C

It's their Sir. Oh, so it's their DHCP server that they built.

D

Right.

A

I don't know much about it. I mean, I guess it's like IPv6. Like, like IPv4 is not really broke. So I'm going to keep using it. Like regular DHCP has been fine for me until it becomes an issue. And like it's like.

C

So it's like, you know, when you build a, a Windows server, you can have DHCP running on it. This is just their specific server running KEA that they probably have said, hey, this is no longer good. Let's update it. Because it says it's got a web graphical interface on it now. It's got modern performance implementation.

D

Fancy.

C

Like.

A

Yeah. I don't know. Chris K. How much about it?

C

Just a DHCP server is all it is.

D

Yeah, that's it.

C

It says it use it. It supports using MySQL and Postgres.

D

Oh, that's cool. So it's probably for like reservations and it's like setting all your fun stuff.

A

Oh, hey, really quickly, Sabe sm, first time joining live. Hey, buddy. Welcome to the party. Welcome to the party. Love it. Thank you so very much for being here. Kathy Chambers. We all know Kathy Chambers. That would be awesome to call someone an A hole in the interview.

D

Okay. Oh, man.

A

Yeah, just make sure that you're saying it as you're standing up and walking out of the room because the interview's over.

C

Mumbling as you're walking out.

D

Challenge to anyone to call their interviewer an A hole and still get the job.

C

Yeah. If you do that, you're. You're well on your way.

D

Yeah. You're gonna be CEO of that company.

A

We're doing jawjacking. This is a ama Ask me anything, but it's asked the panel anything. Daniel Lowry's in the middle. DJ B, Sex on the far end. I'm Jerry Ozier. We've got some. Some experience sitting in the seats here, and we're here to answer your questions as always. Any Black Friday deals you're excited about, Daniel?

D

Oh, yeah. Black Friday deal on that Complete Pen Test plus, baby, you know what's up over there? It's Simply Cyber Academy.

A

Okay, well, you know what? That's a. That's a great point. Let's go ahead and bring it up. If you didn't know, Daniel Lowry is the instructor at Simply Cyber Academy on the Pen Test plus. If you wanted to study for Pen Test plus, which I would say is going to help you get the certification. But more importantly, the Pen Test plus seems to be organized as how you would actually do a cyber security pen test engagement from reporting and documentation and all the Cyber Kill chain and stuff like that. 30% off with the code BF30 right now. I'll drop a link in chat, but other than that, any, Any Black Friday things that you're really excited about?

D

No, I, I don't do the shopping, so I'm.

A

Okay. Okay.

D

I'm very reluctant to, like, I don't know. I don't spend money on myself. My wife always has to buy stuff.

A

Yeah, I got you, dj.

C

That's a dad thing.

A

DJ B, you getting any, like, technics?

C

Yeah.

A

Okay, so basically this is What? For those who are not aware.

D

Very lame.

A

This is what it looks like when you're like a 40 plus man. Like, you're just like, well, no, no.

C

We were a 40 plus dad.

A

40 plus dad. Okay. Yeah. We're not like, I don't know. Mrs. Was like, what do you want for Christmas?

C

I'm like, I literally had that exact same question because they were going out black, Black Friday, shopping. What do you want? I'm like, I don't know.

D

Yeah, Nothing.

A

Just to be.

C

Just.

A

Can I. Actually, you know what? Another conversation I had with somebody yesterday.

C

I told him I wanted more days off.

A

Yeah, exactly. So I don't know if anyone's gonna vibe with this, but over Thanksgiving dinner yesterday, we were talking about like, you know, like, what do you want for Christmas? Or something like that. I'm like, I, I don't think you understand. Like, kids don't get it. Like, I. I just want to do nothing. Like, I want to. I want to do nothing. I don't want to go. Like, I just want to do nothing. I'm so busy all the time. Doing nothing is actually desirable. Like I would like to do.

C

Sit on the couch and do nothing.

A

Yeah.

D

Yeah. So I don't want a dad, I don't want a husband. I just wanna. Just leave me alone, chill for like. You know what though? I know my wife wants that too.

C

So.

D

I gotta find some time. I'm give her like coupons or whatever for. You don't have to do it. This is. Do. Don't do anything. Coupons. I'll take the kids. You just sit here and watch.

C

You know, don't do anything. I'll take them out to go eat and get. Yeah.

B

Yes.

D

You watch the Bachelor or whatever.

A

So question for you, Daniel. How would you gauge the difficulty of pen test plus compared to Security plus?

D

That's a relative question. That's. That's subjective questions. I love them so, so much. It depends. Well, if you're learning the security plus because you're at that level, then it's going to be, you know, it's going to be whatever for you. It's going to be depending on how much you've studied. The exams are not that hard, I would say as far as like, they used to be really bad. Like compti used to really try to kick you in the, the. In the midsection there and, and with, with like reverse logic and stuff like that. They don't seem to be that bad anymore. At least not as bad if you've, if you've studied on how to take their tests and you know the material, you should do fine on either one. So if you've done your, your due diligence, you feel confident in the material that you've studied, you haven't left any, you know, it's like, oh, you know, I'm pretty good on everything, but that encryption thing just kicks my, kicks my dingus in the dirt. I'm gonna, I'm just gonna skip that. Then you're gonna have a bad time, right? Make sure that you have solid understanding of each one of the domains and the objectives in there and then be prepared for, you know, have some good test taking strategy. You're gonna, you're gonna do fine on either one of those things. Because if you're going for security plus, I assume you're at the security plus level. If you're going for Pentas plus, I'm assuming that you're at the pen test plus level. A lot of assuming going on there. If you are at the pen test plus and you're going to go take your Security plus, you're going to smoke that thing, right? Because that's assumed knowledge going into the pen test plus. So it's a difficult question to answer. There you go.

A

No, there you go. I like it. This is a good question from es cool07dj b. What's the best way to showcase culture fit during interview?

C

I, I think Daniel said it right off the top of the bat was you have a conversation that's, that's going to show the culture fit. You're gonna, through the conversation, you're gonna figure out the culture.

A

There you go.

C

I mean that, that's, that's pretty much you're talking about a 15 minute conversation or so. You're not gonna know the ins and outs of what, what this team does. But the, the whole, like Daniel said, the whole thing with the, with the conversation and with the interview isn't can this guy do xyz? You're already there because that's on your resume. They're trying to see, hey, if I actually talk to this person, are they going to give me fluff back? Are they going to give me, you know, a decent answer? Are they, can I actually sit there and talk with them or if I ask them a question, do I just get a one word answer and they're over and done with? That's not somebody that I can sit.

A

There and talk with 100%, 100% like, and just think about any time in your life, like if you've sat next to Someone on a plane or you, you, you were in a class with somebody or whatever, and you're like, ah, this guy's annoying, or this lady's like, you know what I mean? Like, whatever it is, like, that's, that's.

D

Like, don't be that person.

A

Yeah, yeah. So that's, that's what's up. All right.

D

What you want about that? Like, oh, that's not fair. And that's not right. It doesn't matter whether fair or right. Doesn't matter if the person that you are talking to feels that way. You make them feel feel, like, uncomfortable or bored or whatever, you're cooked. You're done. It's over. Forget it.

C

Even though Jerry said you, like, you can't look at it as a hierarchical. You do have to realize that you're coming in. They're either going to be. You're either going to be their supporting or you're going to be their equal coming in. So you got to be able to get along. That's. That's really what it is. Can I get along with this person for eight hours a day, 40 hours a week, 365 days a year?

D

Right?

C

Because.

A

Because think about it this way too. Like, like, say they have three candidates, right? And all of you can do the thing, right? Then what becomes the differentiator? It's, it's like, how, how do you interact? How do you, like, what's, you know, you don't have to be, like, hilarious or charming or, you know, best dressed or anything like that. It's just be yourself. Right?

C

I would say as the interviewer, you're also looking across the table to see, can I. Can I trust this person? Is there is. Can I. I'm trying to feel that person out being like, if I ask them a question, can. Can I tell they're trying to blow smoke up my. You know what? Or are they really giving me a true answer and then saying, hey, I. I have never dealt with that before because a lot of the times I tell a lot of people, when you go into the interview, you already, you know what you know, and if you don't know it, you need to let the people across the table know that you don't know it. Because that may be some. They may be reaching for, hey, we need, you know, this level of person. But I'm going to ask this level of questions and see where they're at, because maybe I can get this level of person for the money, that type of thing.

D

Authenticity. Yeah, that's what they're Looking for authenticity.

A

All right. I love it. We got the big weekend coming up, right? Lots of. Lots of activities. We personally, any traditions in chat? Like, we. There's a place around here called James island, and they have a huge county park. And every year they basically light the thing up. It's like, it's. It's a spectacle to behold. So every year we load the kids up in the car and, you know, you basically drive it once, pull over, get hot chocolate, drive it a second time, and then boogie out. It's a. It's a milestone kind of thing. We'll be doing that Monday or Tuesday this week before it gets wicked busy. The closer you get to Christmas, the more outrageous it gets. Anything. I know. DJ B Sec. You go like Clark Griswold on your house with lights. What? You know.

C

Well, you know what, though? I'm too old this year, and I'm not doing that. I'm putting. I told my wife once we get off of here, I'm gonna put stuff out in the yard. I'm not throwing lights from the backyard to the front yard and back and forth and then trying to flip switches. This year, I used to do it. We. We had little kids in the neighborhood and they've moved out and just like, I'm doing it for myself. Yeah, I'll just put stuff up in the yard.

A

Yeah. Mrs. Ozier said this year, because she does a lot of the. You trust me, given me or her, you'd want her to decorate. And she actually told me this year, she's like, don't even bring down, like, these. Like, I am. I'm labor. Right. So she's like, don't bring these boxes down from the attic because we're. We're doing it slightly lighter this year. So. Yep, that's happening. Daniel, any traditions in chat? Obviously. Tell us your traditions in chat. We'd love to see them.

D

Yeah, we. We go get a tree today. Usually get a tree day after Thanksgiving. I already got some lights up because we kind of pre gamed a little bit on the. On the lights because I'm like, you know what? Instead of doing this all in one day of hard, hard labor, how about I just. I'll put something over here and then tomorrow I'll do a little bit of that, and then the next day I'll do a little bit of that. So I've. I've kind of like, slow rolled out my. All my Christmas lights at this point.

C

I did that last year. It was fantastic. Yeah, I didn't. Didn't spend eight hours a day. I was like, you know, 30 minutes.

A

Here, 30 minutes there. We do have the tree up with lights. Right now the lights is my responsibility on the tree. Mom does the garland. Because every time I do it, like, I'm glad that we finally figured this out. It took years of frustration, but, like, I put it on and then it's not correct. So then I have to take it off and put it on again and then it's not correct. And then my wife is like, I'll just do it.

C

So wait, did you do it because you wanted her to do it? Did you do it like, no.

A

I mean, I literally tried to do it correctly. Trust me. Like, I don't want. I didn't want to do it a second time. So fortunately, we've gotten to the point now where we just, we just pretend that I've done it twice incorrectly. And then Nadine takes care of it and then the kids do the ornaments and then we have to go behind and fix it because it's like 30 ornaments within a one foot square space.

D

It's because it's where they reach.

A

Yeah, it's like right here. Right here. So we got a lot of people commenting on the culture fit. Some people said, two beers and a puppy. Would you have two beers with this person and let them watch your puppy over the weekend? That's a good kind of rule of thumb. Let's see. Kathy's chiming and saying it's hard to believe some people don't like her or some leaders don't like her. So she learns to be herself in an interview again. Yeah, it's easier. You don't want to get down the road and find out. Space Tacos can ask specifically Taylor questions related to Vision Strat and how they invest in their people. Yeah, that's definitely a good one. I actually saw. I re. Hold on. We have a question coming in, but I'll ask it afterwards. I. I know somebody who's interviewing right now, and I think they're going to get the job, which is phenomenal. I can't wait. They're a member of the community. I'm going to play the wrecking ball when, if and when it happens. But one of the things that to me was like, oh, this is a good organization. They, they said, okay. They said, okay, we think we want to move forward with you. Let's talk compensation. What's your salary? And the person said, it has to be at least this number. Okay. Now normally that would be like, the employer would say, okay, perfect. Like that's the number. Right. And this employer said, yeah, we're actually going to do that number plus about $15,000 more because we want our people to be excited. We want our people to know we appreciate them. We want our people to stay here. And I mean, it's great that you want minimum that amount. You're going to get it, but you're also going to get more. And you don't really see that often. And if you look at all these reports of how much it costs to replace somebody and train them up and get them, you know, it's expensive, it's really expensive to replace somebody. So just treat them right first. And to me, not every job is going to give you extra money that you didn't ask for. But to me that's like a pretty solid, easy way to make your staff happy. Do you guys have any thoughts on try hack me's SAL1 cert? I will refrain from answering that question only because I have a produced video with let's defend running right now.

C

So I haven't looked into this one. So I mean this is security analyst Level 1 cert from Try Hack Me. I, I don't, I mean you can get it, but I don't, I don't know if it holds any water in the industry.

A

Yeah, I guess what I would tell you, SAE BSM is the same thing for any cert relevant. Like look at job postings and see are they asking for this certification. That's the first step. The second one is does the cert give you practical experience and practical hands on? Like if it's security analyst level one, I'm assuming it's SOC analyst. Are you actually touching sims? Are you actually touching EDR product? Are you, are you doing log analysis? Right.

C

So it looks like they're trying to make it equivalent with CYSA plus and BTL1.

A

Okay, there you go.

D

Funny. Like what was maybe, maybe even as early as seven years ago this was a much easier question to answer because it would have been CISA plus or something to that effect and we'd be like, oh yeah, we, we knew all the certs pretty well. We probably all had, have been around the horn and now it's like we have such a glut of certifications. It's hard to stay on top of.

C

All of them and looking with, looking at this and what they're trying to say, hey, this is what it is equivalent to like the three that are on there. Then I would say go get CYSA plus because everybody knows that, right?

A

I love It. All right, so we got questions coming in. Let me do this really quickly. All right, so it's 9 26. I do have the availability to go to 10 and Daniel Lowry IRL if people want to do that. And let's keep going. So the questions are coming in slowly. We've got 128 people here, which is about half of what we normally run on. On the AMAs.

C

I think it's pretty good on a Black Friday on a holiday.

A

Oh, yeah, no, for sure.

C

Everybody's out shopping, holding their phones, walking through. Through Target.

A

I know Christmas vacation. So, hey, here. Question in chat. And don't say Die Hard like. Or unless you want to like Die Hard. What Christmas movie are you looking forward to watching? I. I always like Die Hard. For sure. Me and Mrs. Watch Die Hard together. But I love Christmas vacation. I. I do love Cousin Eddie and the beginning where Clark's shopping at the Macy's or whatever. You know, look, right?

C

So.

D

So I worked at a place one year, right, where I got a really nice Christmas bonus every year. And then all of a sudden it got acquired. And then that year for Christmas, I got a T shirt and I was like, they literally. Clark griswolded us like. Like, this is my Jams and Jellies subscriptions.

A

Actually. That's a fun question. What's the best way or worst holiday bonus you ever got at work? I. I've actually never gotten one ever. Bad or good. I've never gotten a holiday bonus my entire career. DJ B. Sec.

C

Yeah, All. All bonuses and all that stuff usually roll into the first quarter after the year's over.

A

Never gotten a holiday. Never gotten a Jelly of the month club. Never got a T shirt. But I think I would almost be, like, irritated by that, frankly, even if I hadn't gotten bonuses before. Daniel.

D

Yeah, that's kind of a slap in the face. And it was a. It was a company T shirt and it was.

A

Yeah, yeah. And it wasn't even.

D

Wasn't even good.

C

Like, at least it could have been cool.

A

Yeah.

C

Here's your swag bag.

D

Yeah.

A

Drop them in chat. We will. We'll. We'll continue. I'll continue to read them out loud. Your favorite movies or your favorite worst bonuses you've gotten for the holidays while mixing in questions. Fred from Ghana, good to see you. Fred. On. When someone. When someone study for technical interview instead of preferred real experience, are they not being authentic?

D

Two different things.

C

Yeah, that's.

A

No, I think you're.

B

Okay.

D

Yeah. Authentic. The authenticity part is about your personality you being you in the interview, the technical skills are what you can do. Right. And so that's a category difference.

A

There you go. Thank you. Ethan says if I already have Hack the Box sub, do I have to get separate? Let's Defend. I don't know the answer to that, Ethan. Hack the Box did acquire let's Defend recently, which is known. I, I can't answer this question, but I will tell you, typically, when there's an acquisition of tech stacks, even, you know, this platform aside, just speaking kind of objectively, typically it takes about a year for those tech stacks to integrate with each other. It's not, it's not like a, you know, you go hang a new sign out front, all of a sudden everything's the same. So I, I, It's a good question, one that I can look into if you would like. Oh, Anita Sailors is sitting in the hospital waiting for the dad to get out of surgery, helping us pass time. All right. Hopefully it's pretty. Pretty routine.

B

Going well.

D

Yeah.

A

Justin says, what's your favorite Thanksgiving Day movie, and why is it Planes, Trains and Automobiles? Okay. I don't think of Thanksgiving. I, I actually would have thought Plane, Trains and Automobiles was Christmas if I, if you put a gun to my head. But that's. That's good. I feel like playing Trains and Automobiles has been lost to time. I watch every year. Okay, so David's all in on it.

D

That grumpy old man son in law is a Thanksgiving movie. Dutch, it's a, It's a John Hughes movie. So Planes, Trains and Automobiles is John Hughes flick. Right. And Dutch is as well, and it's basically Planes, Trains and Automobiles, but with a. A dude and a kid.

A

Yeah. Different dynamic.

D

Yeah, just it was, you know, traveling across, trying to get, you know, I.

A

Don'T know if Ed o' Neill doesn't like acting on. In movies and like movie production because it, It. It is a different animal. But Ed o' Neal is very, very good. I like Ed o' Neill as a, as kind of a. I don't know, like, Bob's Burgers kind of character where he's just like, so matter of fact. And like, what are we doing here?

D

Yeah.

A

All right. Elf. Elf's a good one. So Kathy Chambers, her movies are Elf, which is great. We watch those every year, too. Drake and Josh. Merry Christmas. Drake and Josh. Forgot about that. That's a little bit younger generation. The Grinch, which, Which Grinch though? There's like nine of them now. I think the Jim Carrey one's pretty good.

C

Second one, I probably get hate in the in chat. But I actually sit there and turn on the Hallmark shows and watch all those janky Hallmark movies.

A

Wow. So here we are and he's gone.

D

Hey, goodbye dj.

A

Now the whole.

C

Is how bad they are. You realize like every single one of those is filmed in Canada.

A

Yeah, I didn't know that. But they all seem to have the same exact storyline.

C

100 it's the same storyline.

D

Yeah.

C

My wife.

D

Roll the dice on what the girl's name is. Is her name Noel?

C

She's gonna be. And she's gonna be from New York, have a high, high paying job that's going back to the little town that the guy that was the football guy that or whatever is now, you know.

A

Yeah, yeah.

C

Has. He has a Christmas farm that he's trying to save.

A

There is like a, a jerk boyfriend that comes to visit and he's like, yeah, yeah, yeah, yeah. And then the football guy handles him and then. Ah, yeah. No, no, it's. It's so funny. Hey, sound off in chat. I'm not throwing hate. If you like the Hallmark movies, I mean there is, there is, there is a. I don't want to call them a cult, but there is a loyal. Oh yeah, Hallmark movie.

C

But it's all the same actors too. It's all the same.

A

Always.

D

Like watching one yesterday and I sit down, I watch it for a second and it's these two girls, they got these hot chocolates and they're in glass. Like you can see the chocolate, right? So it's, it's clear glass. It's not. And I'm sure they're not made of Pyrex. So she, she picks it up and she puts her hand on it goes.

A

Oh, it's so hot.

D

And I go. Her hand would be scalding off against the glass. Like, I'm sorry I'm ruining the suspension of disbelief for you, honey.

C

I'm sorry.

D

I'll leave the room now.

C

Some of them are so bad. Like the snow. You could tell the snow is not real at the time. Yeah, you can tell that it's all fluffed cotton. It's.

A

Jenny Housley has dropped a YouTube link in chat of every Hallmark movie ever. YouTube video looks like it's one of these, like kind of dunking videos. In a minute. Good morning from Chile, Juan Pablo Dominguez coming in from South America today. Good to see you.

D

Just so you sound like a character in a book or something, like, Juan Pablo Dominguez.

A

I love it. I don't think you Killed my father.

C

Prepare to die.

A

You and I went to the same place, so best holiday gift I got was a bottle of something. I'm assuming liquor. Holiday bottles. My uncle owned a business, and he would do that. He would get, like, you know, 40 or 50 bottles of wine, and you would have, like, your. You could have, like, your name put on it. Right. It's like white labeling wine, and he would give those out. That's definitely an option.

D

I get Wild Irish Rose for everyone.

A

Monster Energy, four Loco Flavors or whatever.

B

Yeah.

D

Piece of tape with their name on it. There you go.

A

Yeah. Merry Christmas. I love it. Oh, wow. Space Tacos has got a movie marathon going on. Muppets Christmas, Home Alone 1 and 2, Guardians Scrooged. I. I love.

B

That's good.

A

I am a huge fan of all the YouTube videos that are, like, doing analysis on Home Alone and, like. Like, whether Kevin was, like, a psychopath and why. Why his parents should lose custody of him for leaving him a second time. Like, how his parents are actually degenerates.

C

Like, they're losing the second time. Remember, they were in the airport.

D

He lost himself.

C

He lost them. He chased the guy that had the same jacket as his dad did.

A

Yeah.

C

Have you seen the video of him, like, Macaulay Hawking actually talking about him watching it with his kids now?

A

No. No.

C

That's pretty funny. He's talking. I guess his kids are younger, like three and four, something like that. And he's talking about it, and they showed. I guess he was at his mom's house, and his kids saw a picture of him younger, and they said, man, dad, you really look like that Kevin kid. He was like.

A

He.

C

They don't realize that he. He is. That he was the one that was playing that. It's kind of funny. He said he's watched. He watches all his movies with them right now, and it's. It's cool right now because they don't realize that it's him.

D

So he was on an episode of the. Or maybe two of the Angry Video Game. Nerd.

C

Yeah.

D

If you. Yeah. Very epic. Good stuff. Very funny.

A

Yeah. He's kind of. I mean, is he, like, kind of. I hate to say normal, but, like, he. He was kind of like Corey Haim, Corey Feldman, kind of strange there for a minute.

D

Yeah.

C

He. He had his rough patch.

D

Yeah.

A

Yeah. Child. Child actors, man. They get so.

C

That's funny you brought that up. That. That's what I was gonna say is I saw that about Macaulay Culkin, and then yesterday, before we left to go to my parents for Thanksgiving. I had it on the ID channel and it was child actors and it was talking about how bad they are and what they end up, you know, like when they start out, like, you know, four or five years old and they had one child act on there. His whole face was tattooed. He was completely like, does nothing now.

A

Yeah, it's messed. I mean, look at. Britney Spears is another amazing example of just Amanda Bynes.

D

That's all you got to do. Yeah, but he. Amanda binds. Yeah, there you go.

A

I'll look into it. All right. Sar. Juan Gupta says, what resources do you suggest for someone looking to grow into GRC? I've worked on updating and aligning IT policy with NIST ISO 27001 and handling a lot of security exceptions in four years. I mean, that's great. You are. You're right. There you are building the GRC portfolio, as far as I can tell. I guess what resources would I suggest? I mean, technically you're doing it. I mean, if you want CIS 18 so you can understand frameworks, NIST cybersecurity framework. I think the next thing you'd want to do is start understanding how a cybersecurity program looks holistically and how you build into it so you can start managing risk and kind of, you know, basically enabling the business to be mindful of like their resource allocation, like money people time on executing and leveling up their cyber program. So instead, instead of being transactional, like updating the policy or something like that, which is great, keep doing that, but start thinking more macro level and strategic on how to roll out a risk management program. DJ bsec, you got something?

C

No, that sounds exactly like what I was gonna say is rolling something out, like starting from the top. Hey, think of it as building your own program if you're gonna start from the top and build it down, because that right now you're sounds like what you're doing is maybe helping with everything. And then now what you do is go into the point of, hey, this is. If I was a consultant. This is how I'm gonna build it out for a company. And you know, that's how you're gonna grow in that level.

A

I like it. Kathy Chambers is in the Hallmark crew. We might have a sub. A subculture here in the simply cyber community. Dream Logic is also on board.

C

So I know I like Kathy for a reason.

A

Yeah. And Dream Logic, you found your people. How do you handle working with someone who didn't give you credit after working together to create a new process for handling emails or handling anything, wrote an entire SOP and the individual took all credit for it. All right?

C

That is called working.

A

Yeah.

C

Yeah.

A

So, I mean, I guess first of all, I would just chalk it off as that's the cost of figuring out that this person's an a hole. Right. First of all, so here's.

C

I had this happen to me, and this is what I did moving forward. Everything that I put together had my watermark on it. So anything that I put out, whether it was in a company or somewhere, my watermark was on there. So somebody could not take what I had and go flip it over and saying, hey, this is. This is what I did. Because if you go hand out what I just gave you, guess what? Guess whose name's on there. Mine.

A

Yeah, there you go. That's one way to do it for sure is, you know, make it and then also be. Don't be rude to this person. But I wouldn't help them beyond what you have to do. You know what I mean? Like, hey, because, you know, obviously they're. They're relying on you to do their work, right. So they could be like, hey, Lazaro, like, what do you say we. We get cracking on this detection? You're like, yeah, get cracking on it.

C

Like, I'll help you once you, you know, do 40, 50 of the work.

A

Yeah. Or, you know, I mean, what you need help with. There's a lot of, like, Game of Thrones political ways to do it, too. Like, you know, in, you know, in the meeting, they're like, oh, hey, I'm gonna need you two guys to work on X. And you can be like, yeah, no, that's fine. Like, I'll do this, you do that. Or like, you know, like, kind of make it clear who's. Who's responsible for what. And then, you know, it depends, too. I mean, if they're your boss, like, you know, it is what it is.

C

I mean, I ig your name on it.

A

Yeah, I've always tried to. I've been fortunate because sometimes there will be people that will exploit you. But I personally have tried to make my boss look great as I've been through my career, because typically, if I can make my boss look good, they're going to want me more because I'm. I'm delivering value to them personally. And then when they get promoted, I'm one step away from them now, and they don't like that because they, they like having me help. So they'll pull me up, which allows me to get promoted. Make More money and stuff like that. So just.

C

It's also. It's also a mindset though. Like if you're. You can't see it as you're doing all the work and getting none of the credit, if you're seeing it like that, then you probably don't need to be in that position. Move. Move to somewhere that you feel more comfortable or that you feel that you're actually getting the acknowledgment that you think you need.

A

S Cole07 says he appreciates our answers, so thank you. DJ B Sec and Daniel Lowry. He's going to get me a Nas Illmatic flag for the studio. Oh, looks like we're all full up here on space for Flags. So I don't know if the Nas Illmatic's gonna make it. And for those who don't know, I think Nas is a completely overrated rapper. Legrot wants to know what city you're in. Keith Sloan. So if you're comfortable sharing that, go for it. Hawkeye is a Christmas series. Jenny, how's. Hold on. Why is it not showing Hawkeye? I don't know if this is like. Was there like an offshoot Avengers movie for Hawkeye?

C

I think there was.

A

Or TV series. Okay, so we're checking out. I don't know, the MCU kind of like overplayed their hand. Let's see. Continuing to look through chat right now. Good to see Fleet is posting. The third is in chat here. Good to see him. Fleetus, as always, Post Malone. Dude, what a talented guy, huh? He's like, like big rapper and then now he's like a big country star. Etc. Daniel, you gotta go. Is that what we're doing?

D

Yeah, yeah, that's what you saw. The ticky tapping.

A

Yeah, yeah. Why don't you. Why don't you tell us what, what. What's going on? Where are you going? What are you doing?

D

What's going. Where am I going? Well, I'm just gonna do this little thing we like doing Friday mornings at 10am it's called Cybercast IRL where you'll hear that voice come out of me, especially at the end of the show. We've started doing technics the last 10, 15 minutes of the show, which is a lot of fun where I turn into the biggest redneck technophile. You know, we do some news story or whatever and I just go full on trucker hat, bib overalls, skull in the mouth and just have fun ripping on some news story or something like that. As as the world, dude.

A

I'm telling you, you have an opportunity there. If you could like get a look for it, you could.

D

Yeah.

A

You know what I mean? Like mad hat with the. The thing. Or like Larry guy. Like you have. There's an opportunity there for Daniel. Or you can't even call him Daniel Lowry.

D

It's no 2026. Might be. I. I've been thinking a lot about this. That where I start a new channel called Technic.

A

Yeah.

D

And I have. Yes. The whole thing kind of going on.

C

Is this in the front, party in the back.

D

Yeah. Yeah. That's to be good. I could get a mullet. Like I need a skullet. I need to get like a. Where I don't have hair at the top, but I got them all at hanging down.

A

Right.

D

Like the ape drape just. Just cascading down my back.

A

Yeah. Like. Like bush light, natty, lighter. Your swans. Yeah, yeah.

C

That's.

D

That's gonna be what's up. You know. So I. I've.

A

We.

D

We should talk about that, Jerry. It'll be a lot of fun just to.

A

I like it. All right, well, we'll come catch you at Cybercast IRL if you like. Daniel Lowry. And getting your AMAs easing into this holiday weekend. Daniel Lowry will be doing more of this in just a minute. So. Thank you, Daniel. We'll see you and we'll see you over there.

D

See you then.

A

All right, hold on one second. Let's get him off stage. There we go. Now.

C

It's me. There you go.

A

It's me and DJ B Sec now. Marcus Kyler is very upset about my NAS hate. I'm not saying he's not. He's not. He's just overrated. I'm not saying he's not. Okay. He's all right. It's just not good.

C

Okay, he's just not good. That's a. I can catch 22 there.

A

Not a question, but thank you for the input. Appreciate it. Taking it as a learning lesson and take it to heart what BSEC suggested. There you go. There you go. BSEC making. Making moves. All right. What's the best way to build knowledge in an API and middleware governance? Are there any simply cyber courses you recommend? So I don't. So there is. Let me see what courses we have at the academy. I wouldn't say it's around API governance, but Tyler Ramsby has a course on hacking AWS which I suspect would have API related content in it. That's probably the only one. Introduction to AWS Pen Testing with Tyler Ramsby. As far as Looking at and learning about APIs and middleware governance and stuff like that. I mean there's tons of API calls and things you can hook into. I would, I would open like you could capture network traffic and see, you know, what those, what the data is that's flowing between them. You could stand up like Burp Suite and like capture like you know, the, the replies from the web server and stuff like that and actually look at those things. DJ B sec, you got any, Is there any like API?

C

That's what I was just looking at. I mean a lot of the stuff that I think talking about APIs or doing, it's, it's more along the lines of what's open to the API, trying to figure out what, you know, what data are you allowing out of the API, what data are you allowing to come into it?

A

I think, I don't know if there's.

C

Any, are there any certs for this? I don't even think there's a cert.

A

I don't think so either.

C

I was trying to look and see if there's something for nist, like an actual API governance.

A

And my, my understanding is, and again, this isn't a sponsor post. This is just the deal hacking APIs. The no start Pressbook is supposed to be pretty good. I've heard, I haven't read it myself. They are running a Black Friday deal with 42% off the book right now, so, so that's a very good deal. But as far as I know, if I like right now, like put it this way, say that my boss came to me and he's like, Jerry, I know it's the holidays and this sucks, but I need somebody who is smart on API security. Can you do it? This, I would buy this book and go through it this weekend. You know what I mean? Like, if it was like one of those urgent things that needed to be done, that's what I would do. Final thoughts on this one dj I.

C

Mean basically for API governance, it's whatever you're going to put inside your, your governance documentation, the company, what are you going to allow in and out type of thing. How are you going to lock stuff down?

A

Yeah, and I mean again, I, I don't think you would really see this in like an API governance document. It would be more filtered throughout other things. Like you'd probably have like say an access control policy or something like that. So then how are, how are the API like the APIs and how you interface with them would have to conform to the access policy, not an API Governance policy. If not Nas, then who? Well, I mean, I think Eminem is.

C

I know that's what you were gonna say.

A

I think Eminem's incredibly talented. I mean, Jay Z's personal life, I don't want to get into that, but, I mean, I think he's pretty good. I think RZA is an incredible producer. Dre is a very good producer.

C

He went from being an incredible rapper to mainly producing everything.

A

I know the cat. I know the catalog is not large because they died young, but Biggie and Tupac are.

C

I was gonna say Biggie Tupac.

A

That's where it was at as far as I'm concerned. Biggie and tupac are like 1 in 1A. Like, they are exceptional, you know, Andre 3000. Say what?

C

You know, like, Biggie Tupac, you can still put that on and everybody knows what's going on. And that was 30 years ago.

A

Yeah, dude. Pocke died at 26, like, if you can think about that. So, yeah, that's. That's what I think on that. So, I mean, I guess you could put him in the top 10. Nas, but he's definitely not cracking top five.

C

Yeah, to me, that, like Biggie, Tupac, that whole state, the whole era right there was rap, was hip hop, and then like all the mumble crap. Now I'm like, what the hell is this stuff?

A

Yeah, I don't get that either. Emo Rap, AppSec University. Fred on is sharing, I guess maybe around API learning, Fleetus shared map, AI use cases, risk tiers, and business alignment. Oh, this is around AI governance. AI governance is so hot right now.

C

That Hansel's so hot right now.

A

Just so people know.

C

Well, yeah, because everybody's trying to shove it into everything.

A

I know. Did you see. Dude, did you see that story? I lost a freaking mind about? First story of the the day. It was about how a Democrat legislator is introducing a bill to make, like, the penalties for using AI. 30 years in prison. Yeah. What? I don't think you understand how pervasive AI is.

C

I was gonna say, what, do you, like, put everybody in prison? Everybody's using it, like, yeah, it's everywhere.

A

So if you're just joining us, this is Jawjacking. We are just answering your questions, having a good laugh. This is community. This is simply cyber DJ B Sec has. I don't know, what do you think? 25 years of experience, professional.

C

Yeah, I started when I was 18, so that's more than 25 years.

A

Oh, boy. Okay, so 20. 25 years of experience. I. I have 20 plus years of experience and, yeah, just a couple old gray beards trying to help people out.

C

Phil Stafford. Old guys don't get the music of the Utes.

A

I know, exactly.

C

My son will. He'll come drive it in, and he'll have something on. I'm like, hey, you want your sound system to sound real good? Put this on. It's like, what is this? Like, that's Biggie, man. That's.

A

Or, oh, my God. Yeah, I guess Snoop Dogg was in Fortnite. So then my kid's like, have you heard of Snoop? And I'm like.

C

No.

A

Who is that?

C

Tell me more.

A

Yeah. Yeah. I was like, yeah, you know that. You know the biggest tell. He's like, have you heard of Snoop? I'm like, yes. And he's like. I was like, what about Dre? And he's like, who's that? I'm like, oh, my God, bro. And then, like, Eminem was in Fortnite, too, and I guess rap God was like this big song, and I'm like, dude, Eminem's early stuff, like, what do we like again? I. I've officially been old where I'm like, you don't understand how it used to be.

C

That's like, what was it? Was it two years ago or three years ago when stupid Dre came out and Eminem came out the super bowl, and just, like, everybody was ready for that one. Our. Our generation was like, yes, this is going to be the greatest super bowl halftime ever.

A

Yeah. Oh, yeah. Oh, yeah. No, that was. That was good. That was really good. I had a. I had a. Like, a nightmare last night. It wasn't. It was like a blend nightmare dream. It wasn't, like, super scary, but, like, I was on stream and I had done something, and it pissed off like. Like a. Like a. Kind of a gang member rapper. I can't remember who it was. You know, it's like somebody like. Like second tier, like. Like. Like. Like Ja Rule or something. I can't remember who it was, but. But, like, they came to me with, like, their crew, and, like, they were like, you. You're doing, like, Crip Crib Crip walking on stream. And, like, that's an affront to me. And, like, you were. I just read that apology, like, on stream that I was not. I was not trying to Crip walk live.

C

Beach said that just a minute ago when you said, do you know who Snoop is? And he said, like, you say yeah as you walk through the house.

A

Yeah. Oh, my God, that's so funny. 8 mile is very good.

C

That's a great movie.

A

Very good. Esco07 says if I get all the way to the offer letter, what is an appropriate amount for a sign on bonus? Okay, so there's a lot of dependencies there. Right. Like, so say the job pays 40 grand. Asking for a ten thousand dollar sign on bonus might seem excessive.

C

Quarter of the year of sign on bonus.

A

Yeah. So I don't know if it's a percentage. I. In the past, I've gotten 10,000. Well, in the past, like normal jobs, I've gotten $10,000 sign on, $5,000 sign on. So, you know, asking for those, you know, could be fine. It depends on how you want to negotiate, I suppose.

C

Depends on the job, I mean.

A

Yeah, I mean, I guess I would say an appropriate amount would be no more than 10%. No more like 5%, probably. Okay, 10%. You're starting to get into the territory where they're just going to say no.

C

Anything or, or depending on what the company is, you know, stock options or something along those lines.

A

Yeah. Or, you know, work from home once a week or, you know, 410 kind of shift, take your Fridays off or something like that. Non compensation related. Oh my God. Marcus Kyler. The parents who would punish you for listening to Snoop's album. I'll just leave it at that. Calvin Broadus has one of the craziest arcs of all time. Yeah. Yeah. I mean, he's actually like the United States mascot for the Olympics. Think about that.

C

Oh, yes, dude.

A

That'S.

C

You know, that came because of when he was talking about the horse crip walking. Like that became such a funny meme. I was gonna say, I keep seeing every now and again I see something come across on Instagram or Tick Tock or something where it's talking about how parents these days are screaming at their kids for listening to this music. And then. But yet back in our day, we were listening to like two Live Crew playing in the background. What are we doing?

A

Yeah, NWA and whatnot. We were around when the explicit lyrics came out. Like Martha Bush. Right. Wasn't it Martha Bush that was pushing for that? Barbara Bush or Barbara. Who's Martha?

C

That's Martha Washington if we weren't that old.

A

Oh my God. Oh my God. What a fool. Barbara Bush. Martha. Oh my God. Hold on.

C

Was it, was it her that was pushing or was that Reagan that was pushing because it was late 80s early Reagan was.

A

Reagan was like drug war. War on drugs.

C

Yeah, he was. Yeah, that was the chicken club. And what was all the Other stupid things.

A

And let's see here.

C

Tipper Gore, they're saying Tipper Gore was one that pushed that maybe that. That could be true. That could be more like. Because it was 90. That would have been 92.

A

Trying to see here. Yeah, I don't know. No, 92 was too late because, like, I remember it was.

C

I think that's high school. That's when. High school.

A

That's like NWA and Easy E were the first ones with the explicit lyric.

C

That's like, you're pulling Easy Eve.

A

Yeah, they're the ones who got it. The first one, I believe.

C

Now we're going down a rabbit hole trying to figure out who.

A

Yeah, sorry. For those who are in chat and you're like, jesus, what are we doing here? Two live crews banned in the USA. 1990 was the first album to receive the parental advisory. Explicit.

C

Yeah, they're right. It was Tipper Gore, co founder of pmc, pmrc. Gore champion. The cause of informing parents of the contents of music which then didn't. That then moved over to video games.

A

Yes, 100%. And just actually to get a little more interest. NWA I thought it was NWA they're straight out of Compton album had an explicit sticker on it, but it did not. It wasn't a standardized format yet in the industry. So Straight out of Compton was the first one. Dude, if you want to hear some, like, just absolutely vulgar. Like, what? Like, wow, it's. It's bad.

C

You know, I put that on every now and again when I'm driving the car with my kids. I'll put it on just to get the looks from them. Like, what the hell are we listening to?

A

Yeah, I have never seen the Straight out of Compton movie. I will tell you this, though, and I'd love people's thoughts. Like, listen, I grew up in, like, suburbia, right? Like, I mean, I listen to all this music, but I did not live in a very tough neighborhood. I didn't live in an inner city. I certainly didn't live in Compton. But I will tell you, I remember growing up in. I think it was like, 92, 93, when boys in the Hood came out. That movie, to me, is. Is pretty much a docu drama of, like, what was actually really happening in Compton at that time with the way that people.

C

Isn't that the one where, like, the movie starts out with the football and the dude pulls a gun right out of it?

A

Yeah, yeah, yeah. And the. The one, guys, that's the one with Ice Cube where he's like, the brother and the guy has the football scholarship potential and all that. That was a.

C

It was a great movie. I think I was like 12 when I watched it.

A

Is Cuba Gooden Jr. In that too? Is he got that?

C

Yes, yes, he is. Now, Now I'm going to go look up this movie. I'm like, hey, I want to go watch Boys in the Hood.

A

The guy who played Morpheus, Larry. Lawrence Fishburne was his dad. Right. Like, anyways, to me, I thought that that was a very accurate portrayal. If anyone in Chat knows if that movie was not accurate, let me know.

C

But it wouldn't Kubi Gooding Jr. He was the. He was the one that was actually had the scholarship, I think.

A

No, no, it was. It was Ice Cube's brother because he was the football player. Because he's the one at the beginning his football got so. And Cuba Good and Junior story arc is about him and the woman who was in the Martin TV show. Oh. It's trying to hook up the whole time and he's trying to be all suave. And then Lawrence Fishburne is like the. The, you know, stoic dad who's given life lessons and whatever. Yeah, no, I. You know what? I did not have early 90s hardcore West coast rap history on my bingo card this morning. This morning. Oh, Space tacos. Grew up in Compton, so Space tacos. Who is fairly around our age. I. I'd be curious Face tacos. If you. How you feel about.

C

Since you didn't watch it. She refused to watch it.

A

Well, she didn't watch Straight out of Compton the movie, but Boys in the Hood, she has seen that Reagan was worn on drugs. Clinton with strikes. Three strikes in crime Bill. Yeah. All right. Hey Whisk. Okay. Whis Khalifa getting some love. All right, guys. Yeah. Oh, wow. So this is. This is interesting. It's 9:58. We are going to be wrapping here in a minute, guys. Thank you. I. I know we're trying to help everybody level up as cyber pros, but this, this, this stream, this ama. This almost felt like holiday vibes where you kind of just chilling and having a. Having a. A fun chat with friends. So thanks for making it that way. B Sec, thanks for showing up. Anything you want to share? Promote you doing any streams? So DJ streams on Twitch periodically or used to.

C

It's been a while since I've done that. I. I do have everything sitting back here. Like I told everybody yesterday, I wiped obs and restarted it. So I probably do need to sit down and get some. Get this set back up. If I'M gonna do Advent of Cyber to have some. Have some fun with that, but nothing big. I'll be around, just hanging out through the end of the year.

A

All right, there you go. Hanging out till the end of the year. The Cybercast IRL is in here. Let me see. Really quick to share the screen with you. This is where we're gonna go. Daniel Lowry, the guy who was just here, tech neck, he's gonna be coming in and doing his thing. I appreciate all of you. Thank you so very much. Have a wonderful weekend. If you're gonna get your shopping done, get your shopping done. I'm trying to share this and it's just hanging like a. Like a. Not a gigachad. I guess maybe that's the wrong way to use it. I can't. I can't share with you. So we'll go on over there, guys. Thank you so very much. Have a wonderful time. I'm Jerry Heath, DJ B Sec. Until next time. Stay secure. Let me. Let me do this really quick so we can wave goodbye to everybody. Stay secure, everybody.

D

Cheers.

A

Bye.