DTF Cyber Podcast – Details, episodes & analysis

DTF Cyber Podcast Episode 14

Shadow AI: The Costly Threat Lurking in Your Company!

Join Damian, Troy, and “Average Fern” as they dive into the shadowy world of unauthorized AI tools in the workplace. Inspired by the latest IBM Cost of a Data Breach Report 2025, this episode uncovers how shadow AI is driving up breach costs and exposing sensitive data. Whether you’re a cybersecurity pro or just curious about tech risks, our experts break it down with real-world insights, relatable analogies, and practical advice.

In this episode:

• Damian and Troy explain what shadow AI really means and why it’s exploding.

• Fern asks the tough questions on risks, costs, and how to fight back.

• Plus, forward-looking tips to stay ahead of emerging threats.

Don’t miss this eye-opening discussion—subscribe for more cyber insights!

🔗 Related Article: https://www.cybersecuritydive.com/news/artificial-intelligence-security-shadow-ai-ibm-report/754009/

🔗 IBM Report: Search for “IBM Cost of a Data Breach Report 2025”

🔗 Follow us on X: @DTFCyberPodcast

Timestamps:

0:00 - Intro: Welcome to DTF Cyber with Damian, Troy, and Fern

2:15 - What is Shadow AI? Defining the term and its rise 5:40 - How common is it? Stats from the IBM report (20% of breaches)

10:20 - Cost Breakdown: Why shadow AI adds $670K to breaches

15:05 - Data Risks: PII and IP exposure (65% and 40% stats)

20:30 - Security Holes: Lack of access controls (97% of cases)

25:45 - Spotting and Controlling Shadow AI: Practical steps for businesses

30:10 - Employee Tips: Avoiding risks as a non-IT user 35:25 - Governance Gap: Regulations vs. company responsibility

40:50 - Future Threats: What’s next for shadow AI? 45:15 - Key Advice: One tip for leaders to prevent breaches

48:00 - Outro

#Cybersecurity #ShadowAI #IBMReport #DataBreach #AI Risks

Thanks for watching! Like, comment, and share your thoughts on shadow AI below. What’s your biggest cyber concern?

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

In this episode of the DTF Cyber Podcast (DTF013 v1), hosts Damian Chung, Troy, and Fern Rojas dive deep into the latest cybersecurity headlines, unpacking real-world incidents and sharing actionable insights to help you strengthen your defenses. From VPN breaches to third-party risks and AI chatbot vulnerabilities, we explore the common threads of identity management and zero-trust strategies that every security pro needs to know.

Key Topics Covered:

• Ingram Micro VPN Attack: Analyzing a credential compromise that highlights the dangers of weak MFA and lateral movement in networks. Learn why zero-trust access and user education are non-negotiable.

• Qantas Airlines Data Breach: Up to 6 million customer records exposed via a third-party platform—without financial data at risk, but a stark reminder of vendor oversight challenges. We discuss audits, prioritization, and why compliance isn’t enough.

• McDonald’s AI Hiring Chatbot Vulnerability: Default credentials left unchanged, potentially leaking PII from millions of applicants. A classic case of shadow IT gone wrong, with tips on SSO, governance, and cross-departmental collaboration.

Timestamps:

00:00 - Intro

01:53 - Ingram Micro Incident Breakdown

25:31 - Qantas Breach Analysis

43:06 - McDonald’s Chatbot Vulnerability

Whether you’re a cybersecurity veteran or just starting out, this episode arms you with practical lessons from recent events. Don’t forget to like, subscribe, and hit the bell for more cyber deep dives! Share your thoughts in the comments—what’s your biggest third-party risk headache?

Articles:

https://www.darkreading.com/threat-intelligence/ingram-micro-ransomware-attack

https://www.darkreading.com/cyberattacks-data-breaches/qantas-airlines-breached-6m-customers

https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

DTF Cyber Podcast EP004

Coinbase has insiders exfiltrate data and someone tries to make $20M off the data via extortion/ransom. Coinbase turns the tables and offers $20M for a bounty on the hackers! There is a discussion on what happened to cause the data loss in the first place and how we rate the Coinbase response.

There is a study suggesting that AI will change jobs. How does AI impact cyber jobs for anyone in growing their career, or looking to graduate soon?

The FBI issues a deepfake voice and video message warning. Check out this week's cyber discussions with Damian, Troy, and Fern.

00:00:00 - Intro

00:00:53 - Coinbase: Was it ransomware or extortion?

00:30:01 - Offshore labor, low-cost risk, and insider threats

00:45:01 - AI is coming for your job — or is it?

01:02:21 - FBI warns AI is impersonating officials

Articles:

https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html

https://www.linkedin.com/pulse/ai-driven-agentification-work-impact-jobs-20242030-poweredbywiti-zbyfc/

https://www.cnn.com/2025/05/15/politics/fbi-warning-hackers-ai-voice-messages

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

0:00 - Episode Topic Review

04:35:00 - Crypto Concerns around Social Engineering Scams and Robberies

18:50:00 - Browser Attacks and how Google is Leveraging AI to combat the risk

36:50:00 - Malvertising imitates a free tool used by many tech teams - RVTools

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

00:04:08 : RSA Recap

00:27:10 : Remote Worker Scams

00:52:29: Unprotected S3 Buckets

1:05:19 : Recap

Welcome to Episode 12 of the DTF Cyber Podcast! 🎙️ Join hosts Damian, Troy, and Fern as they dive into the hottest topic in cybersecurity: breaking into the industry. 🛡️

In this episode, we tackle the cybersecurity skills gap, exploring why hiring managers struggle to find talent while many with cyber degrees face challenges landing roles. From the importance of networking and building trust to overcoming imposter syndrome, we share practical advice for job seekers and hiring managers alike. 🌐

Key topics include:

➡ Navigating the skills gap and unrealistic job requirements (3-5 years for "entry-level"? 🤔)

➡ The power of internships, referrals, and soft skills in landing your dream cyber job

➡ Addressing diversity in cybersecurity, including challenges faced by women and underrepresented groups

➡ Personal stories and actionable tips for building a career in this dynamic field

Whether you're a recent grad, a career switcher, or a hiring manager looking to build a strong team, this episode is packed with insights to help you succeed. Don’t miss out—subscribe now and join us every Monday for more cybersecurity discussions! 🚀

#Cybersecurity #CareerAdvice #SkillsGap #Networking #DiversityInTech #DTFCyberPodcast

📌 Hit that subscribe button to help us reach 500 subscribers and stay tuned for Episode 13!

00:00:00 — Cyber Degrees, No Jobs — What’s the Problem?

00:02:21 — Skills Gap? Or Networking Gap?

00:08:28 — Trust, Hiring, and the Risk of New Talent

00:14:07 — The Broken Job Description Problem

00:18:46 — Internships, Career Shifting & Building Loyalty

00:22:20 — Soft Skills: Showing Up, Speaking Up & Self-Improvement

00:31:07 — The Soft Skill Nobody Teaches: Clarity in Communication

00:38:20 — Diversity, Imposter Syndrome & The Confidence Gap

00:47:02 — Networking: The Real Career Cheat Code

00:55:06 — Leadership’s Role in the Hiring Problem

Associated Article

https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

#Cybersecurity #GoogleFine #Ransomware #EthicsInTech #Overemployment #RemoteWork #DTFCyberPodcast #Defcon2025

🎙️ DTF Cyber Podcast – Episode 011

Check out this week's episode of the DTF Cyber Podcast! On Monday, July 14th, hosts Damian, Troy, and Fern are joined by their very first special guest, Mike Manrod (CISO at Grand Canyon Education), also known as "DoubleM."

The team dives into the complex world of tech ethics with three major stories:

First, they tackle the news that Google has been ordered to pay $314 million for misusing Android users' cellular data. Is this a major privacy violation, or a low-priority risk for corporations focused on bigger threats? The hosts debate the real-world impact versus getting distracted by "shiny objects."

Next, the conversation turns to a developing story where a former ransomware negotiator is being investigated by the Department of Justice for allegedly taking kickbacks from cybercriminals. This sparks a broader discussion on business ethics, from accepting vendor gifts to the pressures facing tech leaders.

Finally, they explore the controversial topic of "overemployment". Is it unethical to work multiple remote jobs at once? The group discusses the difference between disclosed, ethical side-hustles and deceiving employers with mouse jigglers and C-minus work. This leads to a candid look at the "return to office" debate and what the future of work looks like in a post-COVID world.

Tune in for expert insights, hot takes, and a look at the ethical gray areas of cybersecurity.

Find our guest, Mike Manrod, presenting at Defcon Demo Labs!

TIMESTAMPS:

00:00:00 - Intro & Topics

00:01:02 - Welcoming Our First Special Guest: Mike Manrod

00:05:04 - Google Ordered to Pay $314M for Cellular Data Use

00:24:22 - DOJ Investigates Ransomware Negotiator for Kickbacks

00:29:43 - Discussion: The Ethics of Vendor Gifts

00:45:30 - The Ethics of Being "Overemployed"

00:54:12 - The Great "Return to Office" Debate

01:04:05 - The Myth of Being a CISO

01:06:58 - Final Thoughts & Outro

Articles in this Episode:

https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html

https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomware-negotiator-over-extortion-kickbacks/

https://therecord.media/russian-basketball-player-arrested-in-france-ransomware

https://www.businessinsider.com/overemployed-lessons-pros-cons-secretly-working-multiple-remote-jobs-2025-6

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

What are some of the cyber risks to small mid-sized businesses? The latest report is out! There was also someone hacking into these small companies then trying to sell them cyber services. Is that ethical? We also cover the IntelBroker getting caught even though he was using Monero privacy coins. And finally we touch on Whatsapp being banned. What about other unauthorized encrypted communications apps? Checkout #DTF010

00:00 - Intro

01:22 - SMB Threat Report

20:43 - Unethical Hacking

39:30 - IntelBroker caught?

56:43 - WhatsApp banned on US GOV devices

Articles this episode:

https://securelist.com/smb-threat-report-2025/116830/

https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/

https://www.darkreading.com/cyberattacks-data-breaches/intebroker-suspect-arrested-charged-breaches

https://www.reuters.com/world/us/whatsapp-banned-us-house-representatives-devices-memo-2025-06-23/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Google Outage, Quantum Computing vs Crypto, North Korean Fake IT Workers, How to get a Cyber Job! DTF Cyber Podcast EP009

What can we learn from the massive Google outage? Some really good discussion on trying to prepare for feature changes and potential issues. Change control? A big topic lately is Quantum Computing vs Bitcoin. Does this spell out the end of cryptocurrencies as we know it? Should you still invest in crypto? And finally for everyone looking for a new cyber job, how did Troy land his new role? What are some of his tips to get that job?

Buy Shannon Wilkinson's lates book here:

https://www.amazon.com/dp/B0FF4D663H

00:00 - Intro

01:21 - Google Outage Lessons

21:04 - US Seizes 7.74M Crypto

35:58 - Quantum Computing breaking Bitcoin

50:35 - Troy's big announcement

51:31 - Tips to get a Cyber Job

Articles in this Episode:

https://www.cnbc.com/2025/06/16/google-cloud-outage-apology.html

https://www.forbes.com/sites/bernardmarr/2025/06/12/will-quantum-computing-kill-bitcoin/

https://thehackernews.com/2025/06/us-seizes-774m-in-crypto-tied-to-north.html

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

DTF Cyber Podcast EP008

Airlines selling your travel data to the government. Is this a privacy concern? Should they be allowed to sell your information? The government already has the travel data for no-fly lists, but should they even need to "buy" this info? What about the news article on smartwatches breaching air gapped systems? Are devices spying on you? And for the Security Leaders and CISOs.... Are you burning out earlier than normal? This latest article says most CISOs are looking to leave their jobs. Check out this week's cyber news commentary!

0:00 - Intro

02:39 - ARC selling your information

26:51 - SmartAttack via watches

40:35- CISO burnout

Articles in this Episode:

https://www.malwarebytes.com/blog/news/2025/06/us-airline-industry-quietly-selling-flight-data-to-dhs

https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/

https://www.csoonline.com/article/3998246/53-of-cyber-department-leaders-eyeing-the-exit.html

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net