Afleveringen

  • Most people think cyber war is about better hackers, better tools, and deeper access.

    But the real danger may be AI turning scattered attacks into coordinated campaigns.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer talk with Dr. Charlie Harry about why cyber has often been powerful tactically but weak strategically — and why that may be changing fast.

    Charlie explains why cyber operations need more than individual hacks. They need timing, sequencing, terrain, and operational grammar. In other words: not just breaking into a system, but knowing how to turn cyber activity into campaign advantage.

    The conversation covers Ukraine, Russia’s cyber failures, logistics systems, ports, rail lines, AI agents, quantum computing, and why the next era of cyber conflict may look less like one big hack and more like coordinated pressure across many fragile systems.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 Why cyber war may be misunderstood

    01:06 What “cyber is present but peripheral” means

    02:16 Cyber optimists vs. cyber skeptics

    06:20 The missing grammar of cyber operations

    09:05 Cyber effects vs. strategic impact

    11:03 Ukraine as the first modern cyber war case study

    13:18 Russia’s cyber operations at the start of the invasion

    16:29 Why cyber resembles aircraft before World War II

    19:46 Cyber terrain is not just a network map

    23:35 Building cyber campaigns, not just hacks

    25:21 When does cyber become war?

    27:30 Cyber fires, effects, and tempo

    29:51 How coordinated cyber attacks could disrupt logistics

    31:58 Is Russia bad at cyber?

    35:17 Could AI solve cyber’s coordination problem?

    38:41 AI agents vs. AI defenders

    40:10 Why Charlie says the genie is already out

    42:55 Why humans still matter in AI-driven cyber

    47:11 AI as a new layer on global infrastructure

    51:19 Agentic AI, AGI, and what people confuse

    54:51 Quantum computing may be closer than expected

    57:19 Charlie Harry’s book and final advice

    #Cybersecurity

    #CyberWar

    #ArtificialIntelligence

    #AIsecurity

    #CyberOperations

    #NationalSecurity

    #CyberDefense

    #LegitimateCybersecurity

    #Podcast

  • Zijn er afleveringen die ontbreken?

    Klik hier om de feed te vernieuwen.

  • You may have gone to Madison Square Garden for a game or concert.

    But the bigger question is whether the venue was quietly building a file on you.

    In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer break down the alleged Madison Square Garden data leak, the ShinyHunters claims, facial recognition concerns, VIP dossiers, biometric surveillance, and why modern venues may be collecting far more information than ordinary fans realize.

    This is not just a story about hackers. It is a story about what happens when stadiums, arenas, and entertainment companies turn guests into data profiles — and then that data becomes someone else’s leverage.

    Frank and Dustin discuss:

    How biometric and facial recognition data changes the risk of attending public events

    Why “we met best practices” is not always good enough after a breach

    How extortion groups profit without traditional ransomware

    Why venues collect data they may not fully understand yet

    What ordinary people can actually do when opting out is barely realistic

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Hosted by Frank Downs and Dustin Brewer.

    Chapters:

    00:00 Should you still go to major sporting events?

    01:07 What allegedly leaked from Madison Square Garden

    02:00 Why venues collect more data than they need

    04:19 “Best practices” after a breach

    05:17 Oracle, vendors, and third-party risk

    09:12 Who are ShinyHunters?

    13:29 Token theft, MFA, and modern extortion

    14:57 VIP dossiers, face scans, and SSNs

    16:08 The privacy regulation problem

    18:35 Why companies collect data before knowing its use

    21:48 Consent is hard, so systems avoid asking

    24:57 Preventable security failures

    25:34 Why AI will not kill cybersecurity

    28:44 How ordinary people can reduce exposure

    30:20 Keep on cyberin’

    #Cybersecurity

    #DataPrivacy

    #MadisonSquareGarden

    #FacialRecognition

    #Biometrics

    #DataBreach

    #ShinyHunters

    #Surveillance

    #Privacy

  • The SpaceX IPO is being sold as rockets, innovation, and the future of space.

    But investors may have also bought into a private network with battlefield, intelligence, and surveillance potential.

    In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer examine what the SpaceX IPO really means when you look beyond rockets and stock hype. Starlink has already proven how powerful satellite internet can be in remote regions and war zones. Starshield raises an even bigger question: what happens when the same company building consumer satellite internet also builds national-security infrastructure?

    This is not a claim that SpaceX is spying on Americans. It is a question about capability, incentives, oversight, and public-market funding.

    If Starlink can shape connectivity in Ukraine and Russia, and Starshield is built for government and intelligence use, what stops similar infrastructure from becoming part of domestic surveillance, border enforcement, emergency response, law enforcement, or classified government operations?

    And if that happens, would ordinary citizens or retail investors ever know?

    Frank and Dustin discuss:

    * Why the SpaceX IPO changes the public-interest question

    * The difference between Starlink and Starshield

    * How satellite internet became a war-zone capability

    * Why private infrastructure can become public power

    * Whether investors understand what they actually bought

    * Why regulation always arrives after someone sticks their finger in the pencil sharpener

    * The uncomfortable line between innovation, profit, warfare, and surveillance

    Media/interview: mailto:[email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Hosted by Frank Downs and Dr. Dustin Brewer.

    Chapters:

    00:00 - Did SpaceX Just Become the Biggest IPO Ever?

    01:06 - Why Everyone Loves Rockets

    02:23 - Starlink vs. Starshield Explained

    03:52 - Why Starlink Is Different From Old Satellite Internet

    05:22 - The Good Side: Remote Access and Global Connectivity

    06:41 - How Starlink Changed Modern War

    07:21 - Drones, Jamming, Fiber Optics, and Satellite Links

    08:44 - Should One Company Control Battlefield Connectivity?

    10:46 - Is This Different From Traditional Arms Dealers?

    13:22 - Why the IPO Changes the Question

    14:45 - Lockheed, Palantir, Boeing, and Public Funding

    16:59 - Did Investors Know What They Bought?

    17:28 - The Elon Musk Factor and Private Decision-Making

    18:52 - Rockets Are Cool — The Implications Are Harder

    20:02 - The Hidden Cost of Powerful Technology

    22:12 - Starshield and Government Intelligence Contracts

    23:23 - When Safety Tools Become Tracking Tools

    24:32 - Could Becomes Should: The Jurassic Park Problem

    29:32 - Shareholder Value vs. Human Consequences

    31:00 - Facebook, Terrorists, and “We Just Connect People”

    35:32 - Why Regulation Exists

    37:23 - Who Should Decide Who Gets the Network?

    38:33 - Final Thoughts: Know What You Invest In

    #spacex

    #starlink

    #Starshield

    #cybersecurity

    #surveillance

    #ipo

    #privacymatters

    #nationalsecurity

    #techethics

    #legitimatecybersecurity

    #ai

  • The hacker isn't a thousand miles away in a hoodie. He's standing at your desk in a polo shirt, holding a clipboard, asking to plug something into your computer. And law firms are the target.

    Frank Downs and Dustin Brewer break down the Silent Ransom Group — the crew skipping the phishing email and walking straight through the front door.

    In this episode of Legitimate Cybersecurity, Frank and Dustin dig into SRG (aka Luna Moth, aka Chatty Spider), a Conti offshoot now assessed — and corroborated by an FBI FLASH alert — to be running physical IT-impersonation attacks against law firms and other data-rich targets.

    They discuss why physical social engineering is suddenly back from the 1990s, the cyber-psychology that makes us trust a stranger with a lanyard, Dustin's casino fake-badge pen test, why law firms are such a rich target (trade secrets, M&A, criminal defense, HIPAA data), and the brutally simple fix most companies skip: trust but verify.

    The conversation also covers why "keyboard Frank" is a different person, the hospital HIPAA nightmares you've personally witnessed, and AI's role on both sides of the kill chain. The one thing to leave with: if an IT person shows up unannounced, it costs you nothing to call IT and confirm before you let Steven in.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 — The hacker shows up at your door

    00:36 — Mandiant + FBI: who Silent Ransom Group really is

    02:39 — The cyber-psychology of "why physical works"

    06:00 — War story: the student who ran from the front desk

    08:00 — Cutouts, proxies, and unwitting accomplices

    11:53 — Why physical access does damage instantly

    12:09 — Law firms: the richest target set there is

    15:46 — Mar-a-Lago, thumb drives, and the history of in-person hacks

    19:08 — Tailgating past security (Dustin's seventh-floor proof)

    20:58 — Trust but verify: the fix that actually works

    26:26 — The societal norms bad guys exploit

    27:02 — The casino badge: getting your face "known"

    28:00 — The human is always the weakest link

    29:41 — AI is only as smart (and hackable) as we are

    32:12 — Keep on cybering

    #Cybersecurity #SocialEngineering #Hacking #InfoSec #DataPrivacy #LawFirms #PenTesting #AI #CyberAwareness #SilentRansomGroup #LunaMoth #PhysicalSecurity

  • Researchers just found thousands of AI-built apps leaking medical records, financial data, and customer PII straight to the open internet. The scary part isn't that AI writes code — it's that it writes code just well enough that nobody asks questions.

    Frank Downs and Dustin Brewer break down the hidden cost of vibe coding: insecure-by-default software shipped to production, AI tools replacing the junior developers who'd grow into the people who fix it, and AI quietly wired into services you never consented to — including a dentist's chair that records every cleaning and sends it to an insurance-linked system.

    AI learned security from us. And we were never good at it.

    🎙️ Listen: https://legitimatecybersecurity.podbean.com/

    📩 Media/interview: [email protected]

    Hosted by Frank Downs and Dustin Brewer.

    Chapters:

    00:00 The code works — that's the problem

    01:24 "Do you consider yourself a coder?"

    03:15 What AI actually learned to copy (us)

    04:58 Vibe-coded tools running in production

    05:19 3,380 exposed apps, 5,000 data leaks

    07:56 Who fixes it when the cyber team finds holes?

    08:26 The $1.5M QA cut that cost $6M

    09:35 AI talking to AI: nobody reads the code

    15:21 "Your password is God" — security never changed

    16:27 Should AI touch the live service?

    17:48 The dentist chair that records everything

    21:00 Where the line actually is (help desk vs. prod)

    24:20 AI monitoring employees & the gold-standard trap

    28:23 Always-on "streaming AI" is 5 years out

    29:25 The coming AI caste system

    30:34 Adversaries already use it (the Lego propaganda)

    33:14 We're about to lose every junior analyst

    40:15 The Twitter "efficiency" parallel

    41:35 Keep on cybering

    #vibecoding #cybersecurity #aisecurity #dataprivacy #shadowit #infosec #aitools #privacy #devsecops #surveillance

  • AI companies are running out of easy data — and the next target may be your private files, calendars, medical records, photos, and desktop activity.

    AI pioneer Dr. Jonathan Schaeffer joins Frank Downs and Dustin Brewer to explain why today’s AI tools are powerful, flawed, and increasingly hungry for personal data.

    In this episode of Legitimate Cybersecurity, Frank and Dustin talk with Dr. Jonathan Schaeffer, University of Alberta Professor Emeritus, AI pioneer, AAAI Fellow, entrepreneur, and founder of Synsara.

    They discuss why today’s chatbot boom is not the AI future many researchers imagined, why “hallucination” is the wrong word for AI errors, how AI companies depend on more and more data, and why desktop AI tools may create a new privacy boundary problem.

    The conversation also covers AI bias, manipulation, private data, local AI, regulation, data centers, environmental costs, and why solving AI’s safety and privacy problems should matter before the race to AGI gets even faster. Dr. Schaeffer’s key warning is that current AI systems do not understand the consequences of their answers, yet people increasingly treat them like trusted authorities.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 — AI’s privacy problem is getting bigger

    01:27 — Jonathan Schaeffer’s AI origin story

    03:29 — Beating humans at checkers before Deep Blue

    05:48 — Why modern AI feels like the wrong future

    07:50 — Why “hallucination” is the wrong word

    09:01 — How “chat” created false trust

    10:32 — AI does not understand consequences

    13:52 — Why AI companies are desperate for data

    15:12 — Your private files are the real gold mine

    16:32 — The hidden cost of “free” AI tools

    20:44 — AI wants access to your desktop

    22:50 — The safety, security, and privacy problem

    24:05 — The AGI race is moving faster than safeguards

    27:07 — Why Jonathan built private local AI tools

    30:59 — The security risk nobody talks about

    32:31 — Why AI systems need audits

    34:21 — When AI answers become manipulation

    39:13 — Influence, rage content, and algorithmic persuasion

    42:21 — Why AI regulation cannot keep up

    46:05 — Canada’s failed attempt to regulate AI

    50:40 — Is it already too late?

    55:16 — What polar exploration teaches us about AI risk

    59:39 — Data centers, power, water, and responsibility

    1:03:18 — Jonathan’s life advice: fun beats money

    #ArtificialIntelligence

    #AIPrivacy

    #Cybersecurity

    #DataPrivacy

    #ChatGPT

    #AISafety

    #Privacy

    #TechPolicy

    #LegitimateCybersecurity

    #Synsara

  • Your ex may still have access to your accounts, your phone, or your private life — even after you changed your password.

    This episode explains how cyberstalking hides inside logged-in devices, shared biometrics, old account access, and security questions people close to you already know.

    On this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down real cyberstalking cases involving toxic exes, stolen images, account impersonation, hidden device access, and the overlooked settings that keep people exposed.

    Most people think the danger is “getting hacked.”

    But in toxic relationships, the real danger is often simpler: someone close to you already had the key.

    Frank and Dustin explain:

    Why changing your password may not log someone out

    How old devices can stay connected to your accounts

    Why shared phones, laptops, and biometrics create risk

    How security questions can be abused by people who know you

    What warning signs suggest someone may be monitoring you

    Where to get professional help if this is happening to you

    This episode is part of our cyber safety series for people dealing with toxic relationships, stalking, harassment, and digital abuse.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 — Your Ex, Walmart, or the State Agency Problem

    00:51 — Why Cyberstalking Is Now Everyday Life

    01:27 — Case 1: She Changed Her Password, But He Stayed Logged In

    03:39 — Why “Logged-In Devices” Are So Hard to Read

    05:20 — Don’t Share Accounts in Relationships

    07:28 — The Netflix / Hotel TV Problem

    08:20 — Why Access Tokens Keep People Logged In

    10:21 — Marriott, Hotel TVs, and Automatic Logouts

    11:41 — Case 2: Private Images Posted for 14 Years

    13:36 — The Law Slowly Caught Up

    14:41 — Photos, Trust, and Digital Leverage

    16:32 — Treat Your Phone Like a Toothbrush

    17:43 — Red Flags: When They Know Things They Shouldn’t

    20:20 — Case 3: He Added His Thumbprint to Her Phone

    22:28 — Why Biometrics Can Become Relationship Risk

    23:31 — Used Phones, Forensics, and Hidden Data

    28:27 — Don’t Let Someone Else Use Your AI Either

    30:49 — Security Questions Are Broken

    32:08 — Personal Cyber Hygiene Checklist

    34:18 — One Year of Legitimate Cybersecurity

    34:53 — Where to Get Real Help

    35:46 — Keep on Cyberin’

    #cyberstalking

    #cybersafety

    #digitalsafety

    #toxicrelationships

    #onlineprivacy

    #phonesecurity

    #cybersecurity

    #domesticabuseawareness

    #dataprivacy

    #legitimatecybersecurity

  • One could be hidden in your car, purse, luggage, or jacket — and it may cost less than dinner.

    Bluetooth trackers were built to find lost keys, but they can also turn nearby phones into a surveillance network.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down how AirTags, Tile trackers, Samsung SmartTags, Find My-compatible devices, and other Bluetooth beacons can be abused for stalking, theft, and surveillance.

    They explain why these devices do not “call home” like GPS trackers, how nearby phones quietly report their location, why some safety alerts can fail, and what to do if you suspect someone is tracking you.

    This episode also covers real-world cases involving hidden trackers, vehicle sweeps, modded AirTags, stalkerware, smart clothing, and the broader problem of everyday devices becoming personal surveillance infrastructure.

    If you think you may be in danger, contact professionals who can help:

    National Domestic Violence Hotline: 1-800-799-7233

    Coalition Against Stalkerware: StopStalkerware.org

    Operation Safe Escape: SafeEscape.org

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    0:00 — A $29 tracker could be on you

    0:46 — Why Bluetooth trackers changed personal safety

    2:55 — How AirTags actually track location

    5:18 — Why abusers use trackers instead of GPS

    7:18 — AirTags, Find My, and Apple’s safety alerts

    10:04 — Tile trackers and the limits of smaller networks

    11:38 — Samsung SmartTags and smart home tracking

    13:07 — Modded trackers and the speaker loophole

    14:31 — The ethics of tiny surveillance devices

    18:48 — Cars, phones, and surveillance double standards

    22:33 — Real cases where trackers led to violence

    24:27 — Pattern-of-life tracking in the real world

    26:48 — Flipper Zero, Bluetooth footprints, and NFC risks

    33:12 — What to do if you think you’re being tracked

    34:00 — Where to search your car for hidden trackers

    35:37 — Behavioral signs someone may be monitoring you

    37:23 — Smart clothing and Bluetooth tracking risks

    39:41 — Resources for stalking and domestic violence help

    41:09 — Final thoughts

    #cybersecurity

    #airtag

    #BluetoothTracking

    #digitalprivacy

    #Stalkerware

    #personalsafety

    #surveillance

    #smartdevices

    #legitimatecybersecurity

  • Gloria Globman — CTO of Acclaimed Technical Services, former Senior Cyber Advisor at the US Embassy in Tokyo, US Navy veteran, and Presidential Rank Award recipient — joins Frank Downs and Dustin Brewer to translate what's really happening on your home network. Every smart device is a tiny computer with a camera, a microphone, and an internet connection, constantly talking to its manufacturer, the cloud, and other devices on your Wi-Fi. Many of them will never be patched again. Some of the manufacturers don't even exist anymore.

    In this episode we cover why mid-sized companies keep underfunding security until it's too late, how AI tools like Mythos and Zealot are compressing the patch window to almost nothing, why the upcoming TP-Link ban probably won't save you, and the simple home-router moves that actually do.

    If you've ever brought a personal phone onto the work Wi-Fi, set up a smart camera you've stopped thinking about, or assumed "the cloud" means it's somebody else's problem — this one is for you.

    🎙 Listen to the audio version: https://legitimatecybersecurity.podbean.com/

    📩 Media / interview requests: [email protected]

    👥 Hosts: Frank Downs and Dustin Brewer

    🎤 Guest: Gloria Globman, CTO, Acclaimed Technical Services

    Chapters:

    00:00 The IoT problem nobody locks down

    00:36 Meet Gloria Globman — Tokyo, the IC, and 20 years of cyber

    02:10 Your smart devices are unlocked front doors

    03:51 Cognitive offloading: convenience until it isn't

    04:42 The aquarium that hacked a casino (MGM)

    05:17 Are IoT devices just printers 2.0?

    06:14 When personal phones meet corporate Wi-Fi

    08:35 Work moved home — security posture didn't

    09:19 Mid-sized companies and the 15–20% rule

    10:16 Why "not sexy" budgets keep getting cut

    11:24 Highest-impact moves: zero trust, segmentation, encryption

    12:16 Patch, patch, patch — and why AI changed the timer

    12:39 Mythos vs. Zealot: orchestrated AI attacks

    16:09 Microsegmentation for your actual house

    17:39 Why companies embrace BYOD anyway

    18:48 Why VDI never quite won

    22:18 Risk transference dysmorphia: "it's the cloud's problem"

    22:53 Botnets, dead routers, and the FBI cleanup

    23:24 Goodbye TP-Link — security move or theater?

    26:25 What the average person should actually do tonight

    28:21 Password managers, quantum, and MFA

    29:44 Gloria's one piece of life advice

    #cybersecurity #iotsecurity #smarthome #zerotrust #byod #HomeNetworkSecurity #infosec #dataprivacy #patchtuesday #legitimatecybersecurity

  • AI is no longer just answering prompts — it is imitating dead relatives, profiling shoppers, and helping companies decide what people pay.

    That matters because the same hidden data systems behind convenience can reshape grief, prices, privacy, work, and trust without clear consent.

    In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer break down a disturbing wave of AI and surveillance stories: AI avatars of deceased loved ones, Maryland’s move against surveillance pricing, Washington’s restrictions around public access to ALPR data, Virginia’s precise geolocation data ban, deepfake CEO scams, remote hiring impersonation, and employee webcam monitoring.

    The big question: When AI can imitate people, price you individually, and watch you at work, what does consent even mean anymore?

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 — AI avatars of dead loved ones

    01:19 — Grief, deception, and consent

    02:48 — When an AI “person” is not really a person

    04:00 — Frank’s Afghanistan story and withheld grief

    07:14 — The problem with resurrecting people through AI

    09:16 — AI ghosts, Benjamin Franklin, and Disney presidents

    10:58 — Maryland moves against surveillance pricing

    12:37 — When dynamic pricing becomes predatory

    14:38 — Market pricing vs. personal profiling

    15:35 — Washington limits access to ALPR data

    18:10 — Virginia bans precise geolocation data sales

    21:30 — Location data, pricing, and individual targeting

    22:56 — Deepfake CEO scams and wire-transfer fraud

    24:17 — The “three-finger test” for deepfakes

    26:04 — Remote hiring scams and AI impersonation

    28:23 — Laptop farms, proxies, and scam infrastructure

    29:56 — Employee webcam and microphone monitoring

    34:30 — Final thoughts: stay dressed at work

    #ai

    #cybersecurity

    #privacy

    #surveillance

    #dataprivacy

    #Deepfakes

    #geolocation

    #SurveillancePricing

    #remotework

    #legitimatecybersecurity

  • A new AI is being framed as a tool that can find zero-days fast and even “hack its way out” of containment.

    If that claim is real, defenders, developers, and everyday users are about to feel the consequences.

    On this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer are joined by Jason Casey, CEO of Beyond Identity, to break down the panic around Anthropic’s “Mythos” discussion, what AI can actually do for offense and defense, and where the marketing may be outrunning the real-world risk.

    They dig into whether this is a true cybersecurity turning point, or the latest example of the industry turning fear into momentum. They also explore how AI is already reshaping blue team work, governance, detection, and security operations.

    Plus: hacked smart vacuums, trackable e-ink nails, wearable surveillance, and why convenience keeps creating new attack surfaces nobody asked for.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 The new AI panic begins

    00:59 What “Mythos” is supposed to do

    02:17 Is this a real threat or brilliant marketing?

    07:12 Will this change security budgets and priorities?

    10:11 Why cybersecurity leaders amplify moments like this

    13:58 How AI actually helps blue teams

    21:49 Rules, patterns, and better AI detection

    23:59 The idea of an AI “security factory”

    31:50 Beyond Identity’s new governance layer

    35:30 Hacked vacuums, smart nails, and wearable tracking

    45:00 Final takeaways

    #legitimatecybersecurity #artificialintelligence #cybersecurity #anthropic #claude #aisecurity #zerodayjay #blueteam

  • A new lawsuit alleges LinkedIn may have been collecting data from inside users’ browsers in ways most people never expected.

    If that is true, this is not just normal tracking. It is a much more invasive look into how websites can profile you behind the scenes.

    In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer break down the class-action allegations against LinkedIn, explain browser extension detection in plain English, and talk about why so many people are fed up with paying for platforms that still treat their identity like a product. They also walk through what this kind of tracking could reveal about you, why regulation keeps falling behind, and what everyday users can do right now to limit exposure online.

    📩 Media/interview: [email protected]

    🎧 Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 LinkedIn is spying on you?

    00:37 What this new lawsuit actually alleges

    01:34 Why this one feels different

    03:32 Why people are so fed up with LinkedIn

    06:04 What websites can already learn about you

    08:23 How browser extension detection works

    10:13 Why this feels so invasive

    14:51 What you can do to protect yourself

    18:11 Browser vs app: which gives companies more access?

    20:46 Consent, ethics, and hidden tracking

    26:56 Will regulation ever catch up?

    28:15 Final thoughts

    #linkedin #privacy #BrowserTracking #cybersecurity #dataprivacy #onlinetracking #surveillance #digitalprivacy #technews #legitimatecybersecurity

  • You expect a government app to inform you. You probably do not expect tracking capability, mystery dependencies, and sloppy security decisions.

    This episode breaks down why the White House app is a warning sign for anyone who installs “official” software without asking what it can really do.

    Frank Downs and Dustin Brewer dig into the White House app as a real-world case study in mobile privacy, dormant GPS functionality, third-party code dependencies, digital supply-chain risk, and the uncomfortable question of who is actually accountable when insecure software gets released.

    This is not just about one app. It is about the broader problem with modern software: hidden permissions, weak development practices, and the false assumption that “official” means secure.

    If you use apps from governments, brands, schools, banks, or anyone else you assume you can trust, this episode will make you think twice about what is really happening in the background.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Hosted by Frank Downs and Dustin Brewer on Legitimate Cybersecurity.

    Chapters:

    00:00 – Why this app matters

    00:50 – The White House app and dormant GPS capability

    02:47 – Why “it’s off for now” is not reassuring

    07:47 – Real-world GPS tracking through everyday apps

    10:06 – Why taxpayers should care about this one

    11:35 – Random dependencies and supply-chain risk

    14:05 – How software supply-chain attacks really happen

    18:35 – Incompetence vs malicious intent

    24:47 – Leftover dev tools, WordPress, and security basics

    27:46 – Who is actually accountable?

    32:49 – Cybersecurity is a mindset, not a checkbox

    36:18 – Which frameworks help and which get gamed

    39:34 – Listener shout-outs and close

    #cybersecurity #appsecurity #dataprivacy #mobilesecurity #supplychainsecurity #privacy #WhiteHouseApp #infosec #LegitimateCybersecurity

  • AI is being forced into the tools you use every day before most companies have written real rules.

    That matters because one careless prompt can become a privacy, compliance, or job-risk problem fast.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Walter Haydock to break down what happens when AI shows up in Word, email, HR systems, search, and business workflows before organizations are actually ready for it.

    They unpack where companies get AI adoption wrong, why “just use it” is dangerous guidance, what accountability should look like, and how frameworks like ISO 42001 and the NIST AI RMF help organizations build rules before the damage is done. They also dig into AI hiring risks, shadow AI, risky models, and why some AI features feel more like forced adoption than useful innovation.

    If you’ve ever wondered whether AI is helping your company or quietly creating legal, privacy, and security risk, this episode is for you.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Subscribe for more conversations with Frank Downs and Dustin Brewer as they translate the hidden systems shaping everyday technology.

    Chapters:

    00:00 AI is suddenly in your tools

    01:14 Meet Walter Haydock

    02:41 Every company needs AI rules

    04:42 Why gray areas become risk

    05:38 Advice for less technical businesses

    09:44 ISO 42001 vs. NIST AI RMF

    12:44 Who should own AI accountability?

    14:24 AI in hiring and HR

    20:50 Why bias never fully disappears

    27:29 Will the U.S. regulate AI?

    30:27 Where AI is being overused

    38:27 Shadow AI and risky models

    43:10 What StackAware does

    44:23 Walter’s best advice

    #artificialintelligence #aigovernance #cybersecurity #privacy #compliance #shadowai #iso42001 #nist #techrisks #legitimatecybersecurity

  • AI is starting to replace parts of white-collar work faster than most people realize.

    The bigger problem is that it may also flood the market with insecure code, weaker judgment, and fewer real entry-level paths.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer break down Anthropic’s latest report on the jobs most exposed to AI and explain what the headlines are getting wrong.

    They dig into the difference between AI exposure and actual job loss, why the data may be skewed toward technical users, and why roles like programmers, analysts, support specialists, and customer service reps are being hit first. They also tackle the deeper issue: if AI keeps making it easier for inexperienced people to ship software, are we about to create a massive wave of insecure code?

    This is not just a conversation about automation. It is a conversation about who still needs human judgment, where experience still matters, and why “efficiency” can quietly become a security problem.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    #cybersecurity #artificialintelligence #techjobs #softwaredevelopment #jobmarket #anthropic #automation #infosec #legitimatecybersecurity

  • Your smart TV may be taking snapshots of what you watch, even when you think you bypassed the built-in apps.

    That data can be used to identify shows, measure advertisements, and help build a profile of behavior inside your home.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dr. Dustin Brewer explain how Automatic Content Recognition (ACR) works, why HDMI devices like Apple TV or gaming consoles may not stop it, and how companies correlate TV viewing with other data sources.

    They also break down why opting out can be difficult, how these systems are used for ad measurement and profiling, and what steps viewers can take right now to reduce the tracking.

    If you own a smart TV, streaming device, or connected home system, this episode explains what is actually happening behind the screen.

    📩 Media and interview inquiries:

    [email protected]

    🎧 Listen to the audio podcast:

    https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 — Your TV Is Watching You Back

    00:45 — What Automatic Content Recognition Actually Is

    01:25 — How TVs Identify What You Watch

    02:13 — Why HDMI Devices Do Not Stop It

    05:25 — How Viewing Data Gets Linked to Your Phone

    09:59 — Why Opting Out Is So Difficult

    11:37 — Cameras, Microphones, and Smart Device Monitoring

    18:51 — What You Can Do to Reduce Tracking

    20:22 — VPNs, DNS Blocking, and Practical Limits

    26:33 — The Real Takeaway: Every Screen Collects Data

    #cybersecurity

    #privacy

    #smarttv

    #dataprivacy

    #surveillance

    #smarthome

    #technology

    #streaming

    #legitimatecybersecurity

  • A cyber incident is not just a technical problem. The legal response can shape what happens next, what gets disclosed, and how much worse the damage becomes.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Kate Hanniford, cybersecurity and data privacy partner at Alston & Bird, to unpack the part of cyber incidents most people overlook: the legal side.

    Kate explains what really happens when the phone rings after a breach, how executives think under pressure, where regulators draw the line between bad luck and negligence, and why data retention can quietly become one of the biggest risks in an investigation. They also dig into SEC disclosure rules, outdated regulations, AI adoption risk, and the growing sophistication of state and federal regulators.

    This is a grounded look at what actually breaks after a cyber incident — and why the legal response matters just as much as the technical one.

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    #cybersecurity #dataprivacy #incidentresponse #breachresponse #compliance #aigovernance #riskmanagement #legitimatecybersecurity

    Chapters:

    00:00 Cyber incidents are legal incidents too

    00:36 Meet Kate Hanniford

    01:12 How Kate got into cybersecurity law

    05:30 How lawyers specialize in cyber

    08:34 What the first breach call feels like

    12:32 How technical a cyber lawyer has to be

    14:45 Which regulators worry companies most

    18:47 Bad luck vs negligence in cybersecurity

    19:57 Why data retention becomes a legal problem

    22:17 The SEC four-day disclosure rule

    27:43 Are cyber regulations outdated?

    32:43 Which frameworks actually inspire confidence?

    35:28 Does AI create more legal risk?

    39:20 The fast question round

    44:36 Kate’s best life advice

    #Cybersecurity

    #DataPrivacy

    #IncidentResponse

    #BreachResponse

    #Compliance

    #SEC

    #AIGovernance

    #RiskManagement

    #PrivacyLaw

  • America’s cyber “first responder” isn’t the FBI anymore—it’s private companies.

    That shift changes what gets prioritized during a breach: mission vs. margin, attribution vs. recovery, and who gets help first.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Milan Patel (Global Head of MDR at BlueVoyant, former FBI) to unpack what breaks when cyber defense gets outsourced—because it already has. Milan shares how the FBI actually works in real incidents, why private-sector response dominates, and the recurring failures that keep breaches happening “the same way, with a different cut of sushi.”

    You’ll learn:

    Why the private sector responds first ~95% of the time—and what the FBI really does when they arrive

    The 3 root causes Milan sees behind most breaches (and why they don’t go away)

    The hidden risk of “unknown, unprotected” network branches and configuration drift

    What AI will (and won’t) replace in MDR, SOC work, and incident response

    The real looming problem: training the next generation when Level 1 work gets automated

    Why AI agents inside your environment force a rethink of identity + data access controls

    Media / interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    If you want weekly breakdowns of the hidden systems shaping security (and the incentives nobody admits out loud), subscribe and join the conversation in the comments.

    Chapters:

    0:00 Cold open: “The FBI used to be the frontline…”

    0:55 Meet Milan Patel: FBI → private sector MDR

    2:30 “How do I get into cyber?” Milan’s origin story

    6:50 The FBI hiring gauntlet (and why honesty wins)

    11:35 Quantico + the “blind monkey” field office lottery

    14:05 “Too bad, you’re going cyber” (how cyber squads really looked back then)

    17:35 The big shift: who responds first during breaches (and why)

    20:10 Why companies don’t care about “catching the bad guy” mid-crisis

    22:55 The same breaches keep happening—what people aren’t learning

    23:30 Milan’s “3 causes” of most breaches: culture, funding, configuration

    26:10 The generational gap in clicking, trust, and risk behavior

    29:10 “What security do I even need?” (coverage vs. cost reality check)

    31:15 The brutal truth: validating what’s actually deployed vs. what you think is deployed

    33:00 AI in cybersecurity: what’s real vs. hype

    34:35 “Don’t make me talk to a robot” — the last-mile human requirement

    36:10 The coming SOC shift: fewer Level 1s, more “all Level 3” teams

    37:25 The pipeline problem: how do juniors learn when grunt work is automated?

    38:40 Vibe coding + security: why Milan’s confidence is rising (with guardrails)

    44:10 AI arms race: faster attackers, same fundamentals

    46:05 AI agents in your network = identity + data access crisis

    49:00 Milan’s one life rule: “Focus on your sphere of influence”

    49:40 Outro + “keep on cyberin’”

    #cybersecurity #incidentresponse #fbi #manageddetectionandresponse #ransomware #cybercrime #aisecurity #SOC #cyberrisk #infosec #legitimatecybersecurity

  • Compliance isn’t “paperwork”—it’s the last line between your customers and the next Equifax-level mess.

    But GRC teams are stuck chasing screenshots and questionnaires instead of reducing real risk—and AI is about to change that.

    In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Richa Kaul, CEO & Founder of Compliance (an AI-native enterprise GRC platform), right after her company’s $20M raise led by Google Ventures.

    We dig into:

    Why GRC gets hated (and how to stop being the “business blocker”)

    What real AI in compliance looks like vs. “LLM sticker on legacy software”

    The uncomfortable truth: audits shouldn’t disappear—and why incentives matter

    How to reduce hallucination risk with tight inputs/outputs + guardrails

    Third-party risk management (TPRM): the questionnaire nightmare… and the path out

    Media/interview: [email protected]

    Audio: https://legitimatecybersecurity.podbean.com/

    Chapters:

    00:00 – Compliance is the job (and also… you wanted to be an astronaut)

    01:20 – Meet Richa Kaul + the “privacy nut” origin story

    02:11 – $20M from Google Ventures: why GRC is getting real investment

    02:52 – Quick GRC explainer (governance, risk, compliance)

    03:35 – “Compliance is broken”: why everyone hates the process

    04:49 – The real pain: chasing evidence vs. reducing risk

    07:00 – What “AI-powered” actually means (and why most vendors are faking it)

    09:31 – Force multipliers: where AI should increase capability, not just save time

    11:25 – Completeness problem: you can’t protect what you don’t know exists

    13:09 – Example: encryption checks → automation + AI completeness/accuracy criteria

    15:58 – The future: continuous monitoring, audits, and what should change

    17:24 – Why audits shouldn’t go away (incentives + independence)

    20:07 – Gatekeeping, CMMC, and “audit industry” friction

    23:58 – TPRM hell: questionnaires, insurance, and repetitive evidence requests

    27:05 – Why Richa cares: privacy, consumer harm, and the mission behind GRC

    28:46 – Equifax as the “spark” (without breach-shaming)

    31:52 – Hallucinations: how to build AI you can trust in compliance workflows

    35:24 – “Do you use compliance to ensure compliance?” (dogfooding)

    36:00 – Outro: “Keep on cyberin’”

    #GRC #Compliance #Cybersecurity #AI #RiskManagement #Audit #ThirdPartyRisk #DataPrivacy #Governance #securityculture #legitimatecybersecurity