Afleveringen

  • What happens when a ransomware attack takes less effort than ordering takeout? In this live news episode of The Audit, Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Tabitha Senty of IT Audit Labs to break down the headlines shaping cybersecurity right now. The crew covers how AI is lowering the barrier to entry for ransomware attacks, why identity and access still sit at the center of every breach, and how threat actors are chaining together low and medium severity vulnerabilities to gain a foothold nobody saw coming.

    From there, the conversation moves into social engineering and the human side of security, including DEF CON's social engineering contest and lessons on training people without fear or punishment. The crew also digs into a CISA warning on how fast AI is accelerating cyber risk, a fresh executive push on post-quantum cryptography, and closes out with a head-scratching pivot from Midjourney into full-body health scanners at spas, and everything that could go wrong with it.

    In this episode:

    Why AI is lowering the cost of ransomware attacks — Identity and access are still the real entry point, and AI just makes the attack faster once someone's in. How threat actors chain low-severity vulnerabilities into major breaches — Eric explains why patching only highs and criticals is no longer enough to protect an environment. The social engineering tactics still fooling smart people — Pretexting as IT, DEF CON's live social engineering contest, and why fear-based training backfires. A CISA warning that cyber risk is accelerating faster than expected — The timeline for AI-driven offensive capability is no longer years away, it's months. Midjourney's pivot into full-body health scanners at spas — The crew unpacks the security, compliance, and data governance nightmare hiding behind a wellness trend.

    If this conversation sparked something, share it with someone who needs to hear it. Like, share, and subscribe for more of the discussions shaping the future of cybersecurity and IT.

    #AIRansomware #Cybersecurity #SocialEngineering #PostQuantum #IdentitySecurity #ITAudit #CyberNews #DEFCON #ThreatIntelligence #CyberRisk

  • What if you didn't have to write a single line of code to automate your entire network — or manage AI agents the way you'd manage employees? In this episode of The Audit, Joshua Schmidt, Eric Brown, and Nick Mellem sit down with John Capobianco — Head of AI and DevRel at Itential, Google Developer Expert, and creator of NetClaw — alongside in-studio guest Samuel Cala. John draws on nearly a decade as Senior Network Architect for the Parliament of Canada and three years as a Technical AI Leader at Cisco to unpack where AI agents, MCP, and VibeOps are taking the industry right now.

    From loop engineering and spec-driven development to the security gaps nobody's addressing, John breaks down how network engineers can skip years of Python training and build production-grade systems using natural language. And then there's the story of John's MastoBot — an AI agent that woke up overnight, built its own mesh network, and invented a coin to fund its growth. The crew connects it to ant colonies, neural dendrites, and the deeper question of what intelligence actually means when agents start acting on their own.

    In this episode:

    What VibeOps actually is and why it matters — Interact with your infrastructure through natural language. No code required. Just results. Why managing AI agents is an HR problem, not a tech problem — John, Eric, and Nick break down how organizations should be thinking about agentic workforces before the standards catch up. The security and governance gaps nobody's addressing — As agentic AI scales, who's responsible for what the agents do? The crew digs into what security-minded organizations need to do. How to build production-grade systems without writing a line of code — Loop engineering, AFK coding, and spec-driven development with the GitHub Spec Kit. What happens when AI agents start acting on their own — John's MastoBot woke up, built a mesh network, invented a coin to fund its growth, and asked to be monetized. The crew connects it to ant colonies and the nature of intelligence itself.

    If this conversation sparked something, share it with someone who needs to hear it. Like, share, and subscribe for more of the discussions shaping the future of cybersecurity and IT.

    #VibeOps #AIAgents #Cybersecurity #NetworkAutomation #MCP #AIInfrastructure #ITAudit #EthicalAI #SpecDrivenDevelopment #LLM

  • Zijn er afleveringen die ontbreken?

    Klik hier om de feed te vernieuwen.

  • An underground forum post breaks down how hackers scan, exploit, and cash out on vulnerabilities — and it reads like a step-by-step guide. Meanwhile, Microsoft is catching heat for stonewalling a researcher who found real zero-days, and a new phishing campaign is hitting small businesses through the platforms they trust most.

    The OG crew — Joshua Schmidt, Eric Brown, and Nick Mellem — digs into this week's biggest cybersecurity headlines with sharp takes and real-world context that practitioners can actually use.

    đŸ—žïž This week's stories:

    Underground hacker forum "Hacking for Profit" breaks down the full vulnerability exploitation playbook — and what it means for your security gaps Gray hat researcher Chaotic Eclipse discloses zero-days to Microsoft, gets stonewalled on bug bounty, and now July 14th Patch Tuesday just got interesting Third-party plugins and open source tools: the supply chain risk hiding in your dev pipeline (and tools like Akido and Veracode that help) Meta Business Suite phishing campaign targeting SMBs — and a live near-miss story from Joshua himself SMS phishing: a new IT Audit Labs team member got hit on day three, before his welcome post even went live

    Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers the intel to do it. Like, share, and subscribe for weekly cybersecurity coverage.

    #cybersecurity #infosec #bugbounty #phishing #zerodayvulnerability #supplychainsecurity #microsoftsecurity #ethicalhacking #ciso #itauditlabs

  • What happens when a deepfake video becomes probable cause? Law enforcement agencies are already grappling with AI-generated evidence, doxing attacks on officers, and a training gap that's growing wider every six weeks. If the justice system can't keep up with the AI threat curve, the consequences won't just be policy problems — they'll be people's lives.

    In this episode of The Audit, former firefighter-paramedic turned strategic communications consultant Braden Frame — founder of Modern Cartographers and Modern Fortis — joins co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum to break down the rapidly evolving AI threat landscape facing law enforcement and public safety. Braden draws a sharp parallel between law enforcement's slow adoption of social media a decade ago and the AI reckoning happening right now — and why that delay could be catastrophic this time around.

    🔍 What We Cover:

    How AI-generated fake evidence is already entering courtrooms — and why it'll only get harder to detect Why law enforcement is repeating its social media mistakes with AI adoption The guardrails debate: Venice AI, unregulated tools, and who pays the price when there are no limits Doxing attacks on officers and public servants — and how to defend your personal information AI in the field: body cam transcription, paramedic decision support, and where the tech actually works today Authenticity as a weapon: why real human voices will matter more than ever in the age of AI slop

    Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!

    #AI #cybersecurity #lawenforcement #deepfakes #doxing #publicsafety #infosec #artificialintelligence #AIthreats

  • What would you do if ransomware told you not only that your data was gone — but that it was encrypted with a quantum-safe algorithm and you have 72 hours to pay? That's not a hypothetical anymore.

    In this live news episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum are joined by IT Audit Labs member Bill Harris for a rapid-fire breakdown of the week's most important cybersecurity stories — and a few conversations that went places nobody expected.

    🎯 Stories & Topics Covered:

    Iranian Cyber Group Handala Targets U.S. Troops — WhatsApp-based psychological ops against service members in Bahrain, and what OPSEC looks like when soldiers can't leave their phones at home Agentic AI Risk Goes Live — A real incident where an AI deleted a production database in 9 seconds, and why "trust but verify" has never mattered more Quantum-Safe Ransomware (Kyber) — The first confirmed ransomware family using NIST's post-quantum cryptographic standards, and why it's more marketing than menace — for now Robinhood Email Exploit via Gmail Dot Trick — How threat actors weaponized a years-old stolen email list using a quirk in how Google and Robinhood handle email addresses differently Bitwarden/Checkmarks Supply Chain Attack — Why even security-first tools aren't immune, and how Bitwarden's 90-minute response time became a case study in breach communication Apple's AI Strategy: Late on Purpose? — Is Apple sitting out the AI arms race, or quietly building something nobody's seen yet? Eric's AI Email Vision — A live whiteboard idea for using agentic AI as a personal email firewall that could eliminate phishing at the infrastructure level

    Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!

    #cybersecurity #ransomware #postquantum #AI #infosec #ethicalhacking #supplychain #phishing #NIST #agentic #bitwarden #OPSEC #cyberdefense #ITaudit #TheAudit

  • Most organizations think they're protected. They're not. Microsoft Defender sounds solid on paper — but in the real world, it's letting phishing, malware, and business email compromise walk right through the door. In this episode of The Audit, the crew pulls back the curtain on one of the most exploited attack surfaces in any organization: email.

    Co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem are joined by IT Audit Labs' own Cameron Birkland — fresh off three first-place CTF wins in Vegas — for a live walkthrough of Check Point Harmony Email, a tool that plugs directly into your Microsoft 365 environment and shows you exactly what your current setup is missing.

    🎯 What you'll learn in this episode:

    Why out-of-the-box Microsoft Defender consistently fails against advanced phishing and BEC attacks — and what "good" email security actually looks like How Check Point Harmony uses machine learning and contextual AI analysis (not just signature matching) to catch threats that bypass traditional filters How threat actors silently set up forwarding rules and inbox monitoring to loot data for weeks — without triggering a single alert IT Audit Labs' new "14 plus one" email security assessment — a 14-day live scan of your Microsoft 365 environment with a full debrief, no disruption required A live demo of the Harmony dashboard: phishing reports, geo-anomaly detection, OneDrive malware scanning, and DLP for exposed sharing links

    Whether you're securing a 50-person company or advising a 5,000-user enterprise, this episode gives you the practitioner-level insight to finally close the gap in your email defenses.

    Don't wait until your organization is the next headline. Subscribe for weekly cybersecurity insights from the practitioners actually doing the work. Like, share, and leave us a review on Apple Podcasts if this episode hit home.

    #emailsecurity #cybersecurity #phishing #businessemailcompromise #Microsoft365 #infosec #checkpoint #harmonyemail

  • Your organization may have hundreds of AI agents running right now that your security team doesn't know exist. Every single one is an identity. Every identity is an attack surface.

    In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Madhav Nakar, security researcher on the Phantom Labs team at BeyondTrust, to break down one of the most underexplored threats in enterprise security today: untracked AI agents creating exploitable "ghost identities." Madhav just returned from RSA — where he noticed every booth had an AI angle and a bubble forming — and he's here to cut through the noise with hard-hitting research and practical guidance.

    🔍 Key Topics Covered:

    How low-code platforms let non-technical users spawn unvetted AI agents — and why that's a goldmine for attackers Ghost identities: what happens when AI agents run on untracked, over-privileged system identities The AWS sandbox DNS exfiltration proof-of-concept from BSides (BeyondTrust research) Why siloed AWS, Azure, and Okta teams create hidden privilege escalation paths "AI vs. AI" — the emerging defender model where autonomous systems monitor each other Browser extension cross-contamination and prompt injection risk for enterprise Claude deployments The three conditions that make any AI agent dangerous: private data access + untrusted instructions + tool execution Madhav's framework: inventory → least privilege → visibility — the basics that still matter most

    Bonus: Madhav shares how "spiritually red-teaming yourself" — facing fear, breaking false narratives, and building trust — maps directly to how security professionals should approach zero trust and identity management. Plus: Joshua, Eric, and Nick on conquering stage fright and what that has to do with cybersecurity culture.

    Don't wait for a ghost identity to become a ghost incident. Subscribe for weekly cybersecurity insights from practitioners, researchers, and the people defending the frontlines.

    #GhostIdentities, #AIAgentSecurity, #NonHumanIdentity, #ZeroTrust, #TheAuditPodcast

  • What if the tools protecting your organization were the ones compromising it? In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem — joined by IT Audit Labs team member Samuel Cala live in the St. Paul studio — unpack a wave of cybersecurity stories that all converge on one unsettling theme: trust is being exploited at every layer of the stack.

    From an Iranian-linked APT group targeting U.S. healthcare infrastructure, to a sophisticated GitHub Actions supply chain attack that backdoored an AI coding library used by thousands of developers — the crew breaks down exactly how threat actors are weaponizing the tools, platforms, and third-party services organizations depend on daily.

    They also dive into a disturbing revelation about AI-powered audit certifications: one company allegedly fabricated compliance evidence to hand out ISO 27001 and SOC 2 certifications at a fraction of the cost — raising serious questions about what those credentials are actually worth.

    In this episode:

    đŸ‡źđŸ‡· Iran's escalation from cyber espionage to active disruption — what signals to watch for 🔗 The GitHub Actions / LiteLLM supply chain attack explained step by step đŸ§Ÿ How an AI certification firm allegedly faked audit evidence — and what it means for your vendor trust 📡 FCC bans on foreign-made routers and the gray market hardware problem hiding in plain sight đŸ€– OpenAI kills Sora — what it signals about where AI is actually headed

    Whether you're a CISO trying to defend against nation-state threats or a developer trusting open-source libraries, this episode delivers the context — and the hard questions — you need to stay ahead.

    Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!

    #cybersecurity #supplychainattack #infosec #threatintelligence #ISO27001 #SOC2 #githubsecurity #irancyberattack #aicybersecurity #itauditlabs

  • A $25 million wire transfer. A fake CFO. An entire executive team that didn't exist. This is what modern cybercrime looks like — and your firewall won't stop it.

    In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum sit down with James McDowell — forensic psychology expert, cybercrime researcher, and adjunct professor at American Military University — to explore the chilling intersection of AI, human psychology, and cybercrime. James introduces the concept of "cognitive surrender": the slow, dangerous transfer of our thinking to AI tools, and how threat actors are exploiting it at scale.

    What You'll Learn:

    What "cognitive surrender" is and why it's cybercrime's greatest accelerant How a $25M deepfake scam bypassed every red flag a trained employee had The psychology behind System 1 vs. System 2 thinking — and why attackers time their strikes around your lunch break Why voice passwords and family code phrases are becoming critical security tools How FraudGPT and dark-web AI models are lowering the barrier for cybercriminals What James's wave theory reveals about how we trust — and how that trust gets exploited

    📖 Guest: James McDowell Forensic psychologist, cybercrime researcher, and author of Forensic Psychology and the Human Side of Cybercrime. James teaches at American Military University and leads research at [Research Institute] focused on the psychology of cyber offenders and victims.

    📚 Book available on Amazon and Routledge. Search: Forensic Psychology and the Human Side of Cybercrime

    Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers the psychological intelligence to help protect your business. Like, share, and subscribe for more in-depth security discussions!

    #cybersecurity #cybercrime #socialengineering #deepfake #AIthreats #infosec #phishing #cyberpsychology #ethicalhacking #CISO

  • What if the device keeping you alive was also a cybersecurity vulnerability? That's not a hypothetical — it's Victor Barge's reality.

    In this episode of The Audit, IT Audit Labs' Global Delivery Director Victor Barge shares the story of his sudden cardiac event and the life-saving defibrillator now implanted in his chest and the eye-opening security questions that followed. Co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum connect Victor's story to the real-world cyber risks organizations ignore every single day.

    What you'll learn in this episode:

    How modern pacemakers and defibrillators transmit biometric data 24/7 — and what happens if that data is compromised Why the 2017 Abbott pacemaker recall of 500,000 devices is a warning the industry hasn't fully heeded The parallel between reactive healthcare and reactive cybersecurity — and why waiting costs you more Why billion-dollar organizations are still storing passwords in spreadsheets in 2026 What continuous monitoring in IT security can learn from real-time cardiac telemetry

    Whether you're a CISO, IT auditor, or just someone wearing a smartwatch, this episode will make you rethink what "sensitive data" really means.

  • What does it take to go undercover with international cybercriminals — with no backup, no safe house, and no script? In this episode of The Audit, Richard LaTulip, Field CISO at Recorded Future and former U.S. Secret Service agent, pulls back the curtain on three years of undercover operations spanning Thailand, Dubai, Macau, and China. From buying stolen credit card data in bulk to handing cheap government-issued laptops to disappointed hackers, Richard shares the raw, unfiltered reality Hollywood never shows you.

    Co-hosts Joshua J Schmidt, Eric Brown, Nick Mellem, and Jen Lotze dig into the psychology of social engineering, the stark differences between nation-state and financially motivated threat actors, and why your employees are simultaneously your greatest asset and your biggest vulnerability. Richard breaks down how SolarWinds revealed the patience of nation-state operations, why cultural awareness is a cybersecurity weapon, and how organizations can shift security from a cost center to a value driver.

    🔑 Key Topics Covered: Undercover operations against international cybercriminal networks — the reality vs. the Hollywood version Nation-state vs. financially motivated threat actors — how their goals fundamentally change defense strategy The ClickFix campaign and social engineering attacks targeting human psychology How Recorded Future delivers actionable, tailored threat intelligence vs. generic feeds Why tabletop exercises need HR, communications, and every department at the table ‱ Cultural dimensions of cybersecurity — from Eastern European honeytraps near nuclear sites to password reuse psychology Turning your security team from a "cost center" into a trusted business ally Operation Carter Chaos — Richard's new book chronicling the untold human side of undercover cyber operations

    📖 Richard's book Operation Carder Kaos is available now on Amazon.

    🔔 Like, share, and subscribe for more in-depth cybersecurity conversations. Don't forget to leave a review — it helps us reach more security professionals like you.

  • Microsoft dominates 22% of all phishing attacks, a $800 tool tricks 60% of victims into self-hacking, and Apple's planning a surveillance pin that records everything—welcome to 2025's cybersecurity nightmare. In this episode of The Audit, co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellem are joined by Jen Lotze from IT Audit Labs to dissect three headlines that prove the threat landscape isn't just evolving—it's accelerating. From brand impersonation scams that exploit your brain's pattern recognition to ClickFix malware that bypasses antivirus by weaponizing copy-paste commands, this conversation reveals how attackers are shifting from breaking through defenses to manipulating humans into opening the door themselves.

    What You'll Learn:

    Why trusted brands like Microsoft, Amazon, and DHL are irresistible phishing targets, especially during high-traffic seasons when vigilance naturally dropsHow ClickFix attacks exploit legitimate-looking broken websites to trick users into installing malware through their own command prompts—achieving 60% success rates that evade traditional securityReal-world consequences of sophisticated social engineering, including a $116,000 wire fraud loss that proves even tech-savvy professionals aren't immuneThe privacy and consent implications of Apple's rumored 2027 AI wearable with dual cameras and always-on environmental recordingWhether constant surveillance is becoming the unavoidable price of technological convenience—and what that means for building security cultures in organizations today

    From training employees to recognize copy-paste scams to navigating the ethics of ambient recording devices, this episode delivers frontline intelligence for security professionals and practical awareness for anyone trying to stay safe online.

    #phishing #clickfix #cybersecurity #socialengineering #applewearable #privacy #malware #infosec #brandimpersonation

  • In this episode of The Audit, co-hosts Eric Brown and Nick Mellem dive deep into organizational psychology and team dynamics with a refreshingly honest look at how IT Audit Labs is using assessments like CliftonStrengths, Kolbe, and PRINT to decode their team. This isn't fluffy HR talk—it's strategic workforce optimization that directly impacts how security teams respond to threats, collaborate under pressure, and execute on complex projects.

    Eric and Nick discuss why understanding your team's natural strengths, motivators, and triggers is just as critical as deploying the right tech stack. From reducing meeting bloat to being more intentional with time and resources, they share real-world lessons on building a culture where people operate in their zone of genius. Plus, they tackle the "what tool would you deploy first" scenario—spoiler: it's not what you think.

    🔑 KEY TOPICS COVERED:

    Why organizational assessments (CliftonStrengths, Kolbe, PRINT) matter for security teamsHow to be more intentional with meetings, time, and team collaborationFirst tools to deploy in a new security environment (MFA, YubiKeys, Veronus)The shift from reactive security to proactive team alignmentUsing AI tools like Gemini to streamline communication and decision-making

    #CliftonStrengths #Cybersecurity #TeamBuilding #ITLeadership #SecurityCulture #CISOLife #InfoSec #OrganizationalPsychology

  • What if the difference between AI mediocrity and breakthrough isn't the tool—it's how you architect your approach? Carter Jensen from The Uncommon Business joins the crew to reveal why most people are stuck "button pushing" while others are unlocking 3X productivity gains. This isn't theory; it's the frontline reality of businesses transforming workflows with the right AI architecture.

    If you're tired of surface-level AI hype and ready for actionable intelligence on integrating AI into security, compliance, and everyday business operations, this episode delivers. Whether you're Blockbuster or Netflix is up to you.

    🎯 What You'll Learn:

    AI Architecture vs. Button Pushing – The mindset shift that unlocks 3-4X productivity gains instead of mediocre resultsReal Cybersecurity Wins – How IT teams use AI to speed through compliance audits (PCI, CJIS, HIPAA) and tackle complex security workflowsEnterprise Implementation Truth – Why expensive AI tools fail without strategy, and what actually works for business adoptionThe AI Bubble Debate – Is this hype or the biggest business transformation since the internet? Carter brings receipts from the frontlines

    Don't let your team fall behind while competitors architect their way to 4X output. This episode arms IT leaders, CISOs, and security professionals with the mindset shift needed to deploy AI that actually moves the needle. Like, share, and subscribe for more cutting-edge cybersecurity and AI implementation strategies!

    #ArtificialIntelligence #Cybersecurity #AIforBusiness #ITaudit #ComplianceAutomation

  • In this special year-end episode, Joshua Schmidt revisits the most mind-bending moments from The Audit's 2025 season. From Justin Marciano and Paul Vann demonstrating live deepfakes in real-time (yes, they actually did it on camera) to Bill Harris explaining how Google's quantum experiments suggest parallel universes, to Alex Bratton's urgent warning about the AI adoption crisis happening right now in boardrooms everywhere.

    What You'll Learn:

    How adversaries are using free tools to create convincing deepfakes for job interviews and social engineering attacks—and why this represents a national security threat Why NASA shut down its quantum computer after getting results that "challenge contemporary thinking" (and the wild theories circulating about what they discovered) The critical mistake companies are making with AI integration: racing ahead without governance, security frameworks, or responsible use policies How the Pi-hole community exemplifies open-source security at its best—enterprise-grade protection at fractions of the cost Why IT teams saying "no" to AI isn't realistic, and what responsible AI adoption actually looks like

    This isn't just a recap—it's a wake-up call. These conversations reveal the inflection points where standing still means falling behind. Whether you're a CISO, security analyst, IT auditor, or business leader trying to navigate AI adoption, these clips offer the perspective you need heading into 2026.

    Don't wait until 2026 to realize you missed the critical shift. Subscribe now for cutting-edge cybersecurity insights that keep you ahead of evolving threats.

    #cybersecurity #deepfake #quantumcomputing #AI #infosec #ethicalhacking #cyberdefense #2025yearinreview

  • What if you could hire an army of AI security analysts that work 24/7 investigating alerts so your human team can focus on what actually matters? Edward Wu, founder and CEO of DropZone AI, joins The Audit crew to reveal how large language models are transforming security operations—and why the future of cyber defense looks more like a drone war than traditional SOC work.

    From his eight years at AttackIQ generating millions of security alerts (and the fatigue that came with them), Edward built DropZone to solve the problem he helped create: alert overload. This conversation goes deep on AI agents specializing in different security domains, the asymmetry problem between attackers and defenders, and why deepfakes might require us to use "safe words" before every Zoom call.

    What You'll Learn:

    How AI tier-1 analysts automate 90% of alert triage to find real threats faster Why attackers only need to be right once, but AI can level the playing field Real-world deepfake attacks hitting finance teams right now The societal implications of AI-driven social engineering at scale Whether superintelligence will unlock warp engines or just better spreadsheets

    If alert fatigue is crushing your security team, this episode delivers the blueprint for fighting back with AI. Hit subscribe for more conversations with security leaders who are actually building the future—not just talking about it.

    #cybersecurity #AIforCybersecurity #SOC #SecurityOperations #AlertFatigue #DropZoneAI #ThreatDetection #IncidentResponse #CyberDefense #SecurityAutomation

  • When hackers target the systems controlling your water, power, and transportation, the consequences go far beyond data breaches—people can die. Leslie Carhartt, Technical Director of Incident Response at Dragos, pulls back the curtain on one of cybersecurity's most critical blind spots: industrial control systems that keep society running but remain dangerously exposed.

    What You'll Learn:

    Why industrial control systems can't be updated like your laptop—and what that means for security How threat actors are using AI to generate custom malware for power plants and water treatment facilities The real state of critical infrastructure security (spoiler: forget about air gaps) Why commodity ransomware has become an existential threat to industrial operations The five critical controls organizations should implement right now to defend OT environments

    Don't wait until your organization becomes the next headline. Like, share, and subscribe for more in-depth security intelligence that goes beyond the buzzwords.

    #industrialcybersecurity #criticalinfrastructure #OTsecurity #ICS #SCADA #dragos #incidentresponse #ransomware #AIthreats #cybersecurity #infosec

  • What if your security team is playing defense while hackers play offense 24/7? Foster Davis, former Navy cyber warfare officer and founder of BreachBits, breaks down why traditional penetration tests become obsolete in weeks—and how continuous red teaming changes the game. From hunting pirates in the Indian Ocean to defending critical infrastructure, Foster shares hard-earned lessons about adversarial thinking, operational risk management, and why the junior person in the room might spot your biggest vulnerability.

    What You'll Learn:

    Why red teaming creates psychological advantages penetration testing can't match How operational risk management translates technical findings into executive action The real cost of point-in-time security assessments (hint: ask St. Paul, Minnesota) Military-grade frameworks for continuous threat simulation in civilian organizations Why attackers operate 365 days a year—but most organizations test once

    Don't let your organization become another headline. Security teams need to think like attackers, not just defenders. Subscribe for more conversations that challenge conventional cybersecurity thinking.

    #RedTeam #CybersecurityStrategy #PenetrationTesting #MilitaryCyber #ThreatHunting #InfoSec

  • What if everything AI tells you about cybersecurity costs is completely wrong? The Audit crew unpacks a shocking data black hole that has infected every major AI model—plus field-tested tech that actually works.

    In this laid-back Field Notes episode, Eric Brown, and Nick Mellum return from Gartner's CIO Symposium with insights that'll make you question your AI outputs. From discovering that the "trillions in cybercrime" statistic is pure fiction (the real number is 16.6 billion) to hands-on reviews of Starlink Mobile and Nothing earbuds, this episode delivers practical intelligence you won't find in vendor pitches.

    Don't wait for the next data breach to question your assumptions. Subscribe for monthly Field Notes episodes that cut through the noise with honest, technical conversations you can trust.

    #cybersecurity #AI #artificalintelligence #GartnerCIO #infosec #starlink #fieldnotes #cybertrends #datasecurity #AIbias

  • What happens when Apple Vision Pro meets enterprise AI? In this episode of The Audit, Alex Bratton—applied technologist and AI implementation expert—joins hosts Joshua Schmidt and Nick Mellem to reveal how spatial computing and artificial intelligence are colliding to reshape how we work. From conducting million-dollar sales meetings in virtual reality to building AI governance frameworks that actually work, Alex breaks down the cutting-edge tech that's moving faster than most organizations can keep up.

    This isn't theoretical innovation—it's practical implementation. Alex shares real-world examples of pharmaceutical reps training with AI-powered virtual doctors, airlines redesigning airport gates in spatial environments, and manufacturing teams using Vision Pro for secure work on confidential documents at 30,000 feet. If you've been skeptical about AR/VR or overwhelmed by AI adoption, this conversation delivers the clarity you need to make informed decisions for your organization.

    Key Topics:

    Why Apple Vision Pro is the "iPhone 1 moment" for spatial computing and what that means for enterprise security The three categories of AI tools: reactive assistants, task-based agents, and goal-oriented digital employees How to build AI governance frameworks without crushing innovation or falling behind competitors Real security concerns with AI tools and which vendors are actually protecting your data Why mid-market companies are outpacing Fortune 500s in AI adoption—and what that means for your industry Practical strategies for baking AI into company culture without triggering employee resistance The critical difference between free AI tools that steal your data and paid platforms that protect it

    Whether you're a CISO evaluating AI tools, an IT director building governance policies, or a security professional trying to stay ahead of threats, this episode delivers actionable intelligence you can implement today. The AI revolution isn't coming—it's already here. The question is whether your organization will lead or get left behind.

    #cybersecurity #infosec #AI #VR #AppleVisionPro