Explore every episode of the podcast DTF Cyber Podcast
| Title | Pub. Date | Duration | |
|---|---|---|---|
| Shadow AI: The Costly Threat Lurking in Your Company! #DTF014 | 04 Aug 2025 | 01:04:21 | |
DTF Cyber Podcast Episode 14 Shadow AI: The Costly Threat Lurking in Your Company! Join Damian, Troy, and “Average Fern” as they dive into the shadowy world of unauthorized AI tools in the workplace. Inspired by the latest IBM Cost of a Data Breach Report 2025, this episode uncovers how shadow AI is driving up breach costs and exposing sensitive data. Whether you’re a cybersecurity pro or just curious about tech risks, our experts break it down with real-world insights, relatable analogies, and practical advice. In this episode: • Damian and Troy explain what shadow AI really means and why it’s exploding. • Fern asks the tough questions on risks, costs, and how to fight back. • Plus, forward-looking tips to stay ahead of emerging threats. Don’t miss this eye-opening discussion—subscribe for more cyber insights! 🔗 Related Article: https://www.cybersecuritydive.com/news/artificial-intelligence-security-shadow-ai-ibm-report/754009/ 🔗 IBM Report: Search for “IBM Cost of a Data Breach Report 2025” 🔗 Follow us on X: @DTFCyberPodcast Timestamps: 0:00 - Intro: Welcome to DTF Cyber with Damian, Troy, and Fern 2:15 - What is Shadow AI? Defining the term and its rise 5:40 - How common is it? Stats from the IBM report (20% of breaches) 10:20 - Cost Breakdown: Why shadow AI adds $670K to breaches 15:05 - Data Risks: PII and IP exposure (65% and 40% stats) 20:30 - Security Holes: Lack of access controls (97% of cases) 25:45 - Spotting and Controlling Shadow AI: Practical steps for businesses 30:10 - Employee Tips: Avoiding risks as a non-IT user 35:25 - Governance Gap: Regulations vs. company responsibility 40:50 - Future Threats: What’s next for shadow AI? 45:15 - Key Advice: One tip for leaders to prevent breaches 48:00 - Outro #Cybersecurity #ShadowAI #IBMReport #DataBreach #AI Risks Thanks for watching! Like, comment, and share your thoughts on shadow AI below. What’s your biggest cyber concern? Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Cyber Chaos: VPN Hacks, Breaches & Chatbot Blunders! #DTF013 | 28 Jul 2025 | 01:01:41 | |
In this episode of the DTF Cyber Podcast (DTF013 v1), hosts Damian Chung, Troy, and Fern Rojas dive deep into the latest cybersecurity headlines, unpacking real-world incidents and sharing actionable insights to help you strengthen your defenses. From VPN breaches to third-party risks and AI chatbot vulnerabilities, we explore the common threads of identity management and zero-trust strategies that every security pro needs to know. Key Topics Covered: • Ingram Micro VPN Attack: Analyzing a credential compromise that highlights the dangers of weak MFA and lateral movement in networks. Learn why zero-trust access and user education are non-negotiable. • Qantas Airlines Data Breach: Up to 6 million customer records exposed via a third-party platform—without financial data at risk, but a stark reminder of vendor oversight challenges. We discuss audits, prioritization, and why compliance isn’t enough. • McDonald’s AI Hiring Chatbot Vulnerability: Default credentials left unchanged, potentially leaking PII from millions of applicants. A classic case of shadow IT gone wrong, with tips on SSO, governance, and cross-departmental collaboration. Timestamps: 00:00 - Intro 01:53 - Ingram Micro Incident Breakdown 25:31 - Qantas Breach Analysis 43:06 - McDonald’s Chatbot Vulnerability Whether you’re a cybersecurity veteran or just starting out, this episode arms you with practical lessons from recent events. Don’t forget to like, subscribe, and hit the bell for more cyber deep dives! Share your thoughts in the comments—what’s your biggest third-party risk headache? Articles: https://www.darkreading.com/threat-intelligence/ingram-micro-ransomware-attack https://www.darkreading.com/cyberattacks-data-breaches/qantas-airlines-breached-6m-customers https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/ Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Coinbase Data Exfiltrated: $20M Hacker Bounty. AI is changing cyber careers #DTF004 | 26 May 2025 | 01:11:29 | |
DTF Cyber Podcast EP004 Coinbase has insiders exfiltrate data and someone tries to make $20M off the data via extortion/ransom. Coinbase turns the tables and offers $20M for a bounty on the hackers! There is a discussion on what happened to cause the data loss in the first place and how we rate the Coinbase response. There is a study suggesting that AI will change jobs. How does AI impact cyber jobs for anyone in growing their career, or looking to graduate soon? The FBI issues a deepfake voice and video message warning. Check out this week's cyber discussions with Damian, Troy, and Fern. 00:00:00 - Intro 00:00:53 - Coinbase: Was it ransomware or extortion? 00:30:01 - Offshore labor, low-cost risk, and insider threats 00:45:01 - AI is coming for your job — or is it? 01:02:21 - FBI warns AI is impersonating officials Articles: https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html https://www.linkedin.com/pulse/ai-driven-agentification-work-impact-jobs-20242030-poweredbywiti-zbyfc/ https://www.cnn.com/2025/05/15/politics/fbi-warning-hackers-ai-voice-messages Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| $4M Crypto Stolen! Google AI Browser, Malvertising Threats #DTF003 | 12 May 2025 | 01:04:58 | |
0:00 - Episode Topic Review 04:35:00 - Crypto Concerns around Social Engineering Scams and Robberies 18:50:00 - Browser Attacks and how Google is Leveraging AI to combat the risk 36:50:00 - Malvertising imitates a free tool used by many tech teams - RVTools Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| RSA Recap, Zoom HIjacking, Remote Worker Scams | 05 May 2025 | 01:11:25 | |
00:04:08 : RSA Recap 00:27:10 : Remote Worker Scams 00:52:29: Unprotected S3 Buckets 1:05:19 : Recap | |||
| Cybersecurity Skills Shortage: Landing Jobs for New Grads #DTF012 | 21 Jul 2025 | 01:02:56 | |
Welcome to Episode 12 of the DTF Cyber Podcast! 🎙️ Join hosts Damian, Troy, and Fern as they dive into the hottest topic in cybersecurity: breaking into the industry. 🛡️ In this episode, we tackle the cybersecurity skills gap, exploring why hiring managers struggle to find talent while many with cyber degrees face challenges landing roles. From the importance of networking and building trust to overcoming imposter syndrome, we share practical advice for job seekers and hiring managers alike. 🌐 Key topics include: ➡ Navigating the skills gap and unrealistic job requirements (3-5 years for "entry-level"? 🤔) ➡ The power of internships, referrals, and soft skills in landing your dream cyber job ➡ Addressing diversity in cybersecurity, including challenges faced by women and underrepresented groups ➡ Personal stories and actionable tips for building a career in this dynamic field Whether you're a recent grad, a career switcher, or a hiring manager looking to build a strong team, this episode is packed with insights to help you succeed. Don’t miss out—subscribe now and join us every Monday for more cybersecurity discussions! 🚀 #Cybersecurity #CareerAdvice #SkillsGap #Networking #DiversityInTech #DTFCyberPodcast 📌 Hit that subscribe button to help us reach 500 subscribers and stay tuned for Episode 13! 00:00:00 — Cyber Degrees, No Jobs — What’s the Problem? 00:02:21 — Skills Gap? Or Networking Gap? 00:08:28 — Trust, Hiring, and the Risk of New Talent 00:14:07 — The Broken Job Description Problem 00:18:46 — Internships, Career Shifting & Building Loyalty 00:22:20 — Soft Skills: Showing Up, Speaking Up & Self-Improvement 00:31:07 — The Soft Skill Nobody Teaches: Clarity in Communication 00:38:20 — Diversity, Imposter Syndrome & The Confidence Gap 00:47:02 — Networking: The Real Career Cheat Code 00:55:06 — Leadership’s Role in the Hiring Problem Associated Article https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Why Did the DOJ Go After a Ransomware Negotiator? #DTF011 | 15 Jul 2025 | 01:08:29 | |
#Cybersecurity #GoogleFine #Ransomware #EthicsInTech #Overemployment #RemoteWork #DTFCyberPodcast #Defcon2025 🎙️ DTF Cyber Podcast – Episode 011 Check out this week's episode of the DTF Cyber Podcast! On Monday, July 14th, hosts Damian, Troy, and Fern are joined by their very first special guest, Mike Manrod (CISO at Grand Canyon Education), also known as "DoubleM." The team dives into the complex world of tech ethics with three major stories: First, they tackle the news that Google has been ordered to pay $314 million for misusing Android users' cellular data. Is this a major privacy violation, or a low-priority risk for corporations focused on bigger threats? The hosts debate the real-world impact versus getting distracted by "shiny objects." Next, the conversation turns to a developing story where a former ransomware negotiator is being investigated by the Department of Justice for allegedly taking kickbacks from cybercriminals. This sparks a broader discussion on business ethics, from accepting vendor gifts to the pressures facing tech leaders. Finally, they explore the controversial topic of "overemployment". Is it unethical to work multiple remote jobs at once? The group discusses the difference between disclosed, ethical side-hustles and deceiving employers with mouse jigglers and C-minus work. This leads to a candid look at the "return to office" debate and what the future of work looks like in a post-COVID world. Tune in for expert insights, hot takes, and a look at the ethical gray areas of cybersecurity. Find our guest, Mike Manrod, presenting at Defcon Demo Labs! TIMESTAMPS: 00:00:00 - Intro & Topics 00:01:02 - Welcoming Our First Special Guest: Mike Manrod 00:05:04 - Google Ordered to Pay $314M for Cellular Data Use 00:24:22 - DOJ Investigates Ransomware Negotiator for Kickbacks 00:29:43 - Discussion: The Ethics of Vendor Gifts 00:45:30 - The Ethics of Being "Overemployed" 00:54:12 - The Great "Return to Office" Debate 01:04:05 - The Myth of Being a CISO 01:06:58 - Final Thoughts & Outro Articles in this Episode: https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomware-negotiator-over-extortion-kickbacks/ https://therecord.media/russian-basketball-player-arrested-in-france-ransomware https://www.businessinsider.com/overemployed-lessons-pros-cons-secretly-working-multiple-remote-jobs-2025-6 Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Hacking a Company to Sell to Them? What??? #DTF010 | 30 Jun 2025 | 01:10:35 | |
What are some of the cyber risks to small mid-sized businesses? The latest report is out! There was also someone hacking into these small companies then trying to sell them cyber services. Is that ethical? We also cover the IntelBroker getting caught even though he was using Monero privacy coins. And finally we touch on Whatsapp being banned. What about other unauthorized encrypted communications apps? Checkout #DTF010 00:00 - Intro 01:22 - SMB Threat Report 20:43 - Unethical Hacking 39:30 - IntelBroker caught? 56:43 - WhatsApp banned on US GOV devices
Articles this episode: https://securelist.com/smb-threat-report-2025/116830/ https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/ https://www.darkreading.com/cyberattacks-data-breaches/intebroker-suspect-arrested-charged-breaches https://www.reuters.com/world/us/whatsapp-banned-us-house-representatives-devices-memo-2025-06-23/ Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Is this the end of Bitcoin? Quantum Computing vs Crypto #DTF009 | 30 Jun 2025 | 01:05:55 | |
Google Outage, Quantum Computing vs Crypto, North Korean Fake IT Workers, How to get a Cyber Job! DTF Cyber Podcast EP009 What can we learn from the massive Google outage? Some really good discussion on trying to prepare for feature changes and potential issues. Change control? A big topic lately is Quantum Computing vs Bitcoin. Does this spell out the end of cryptocurrencies as we know it? Should you still invest in crypto? And finally for everyone looking for a new cyber job, how did Troy land his new role? What are some of his tips to get that job? Buy Shannon Wilkinson's lates book here: https://www.amazon.com/dp/B0FF4D663H 00:00 - Intro 01:21 - Google Outage Lessons 21:04 - US Seizes 7.74M Crypto 35:58 - Quantum Computing breaking Bitcoin 50:35 - Troy's big announcement 51:31 - Tips to get a Cyber Job Articles in this Episode: https://www.cnbc.com/2025/06/16/google-cloud-outage-apology.html https://www.forbes.com/sites/bernardmarr/2025/06/12/will-quantum-computing-kill-bitcoin/ https://thehackernews.com/2025/06/us-seizes-774m-in-crypto-tied-to-north.html Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Airlines Selling Traveler Data? Security Leader Burnout! #DTF008 | 30 Jun 2025 | 01:04:50 | |
DTF Cyber Podcast EP008 Airlines selling your travel data to the government. Is this a privacy concern? Should they be allowed to sell your information? The government already has the travel data for no-fly lists, but should they even need to "buy" this info? What about the news article on smartwatches breaching air gapped systems? Are devices spying on you? And for the Security Leaders and CISOs.... Are you burning out earlier than normal? This latest article says most CISOs are looking to leave their jobs. Check out this week's cyber news commentary! 0:00 - Intro 02:39 - ARC selling your information 26:51 - SmartAttack via watches 40:35- CISO burnout Articles in this Episode: https://www.malwarebytes.com/blog/news/2025/06/us-airline-industry-quietly-selling-flight-data-to-dhs https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/ https://www.csoonline.com/article/3998246/53-of-cyber-department-leaders-eyeing-the-exit.html Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| ChatGPT Privacy Concerns? AT&T Data Breach! #DTF007 | 09 Jun 2025 | 01:07:00 | |
DTF Cyber Podcast EP007 Recent news highlights how OpenAI must retain ChatGPT logs, raising concerns about user privacy. Additionally, the AT&T hack from 2021 has resurfaced, potentially exposing sensitive information again. These events underscore the importance of data privacy and cybersecurity in the digital age. #OpenAI #ChatGPT #DataPrivacy #ATTHack #sensitiveinformation Use code: cyberpodcast10 Get 10% off the registration for CruiseCon West, the Flagship of Cybersecurity https://cruisecon.com/ 2:00- Open AI Court Order 26:00 - AT&T Breach Data Released 40:30 - CruiseCon West 2025 45:55 - Cyber Resilience Articles: https://arstechnica.com/tech-policy/2025/06/openai-says-court-forcing-it-to-save-all-chatgpt-logs-is-a-privacy-nightmare/ https://www.theverge.com/news/681280/openai-storing-deleted-chats-nyt-lawsuit https://www.bleepingcomputer.com/news/security/old-atandt-data-leak-repackaged-to-link-ssns-dobs-to-49m-phone-numbers/ Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net cyberpodcast.net | |||
| Did Reddit Just Get Fooled By AI Bots? Fake AI Company? #DTF006 | 09 Jun 2025 | 01:02:50 | |
DTF Cyber Podcast EP006 Was it ethical for researchers to us AI on reddit in conversations without letting users know? This AI successfully persuaded users. Should we be worried in the the information wars with AI bots? We also discuss the Getty lawsuit against an AI platform for using their images to train their LLM. What about an AI company that used real developers vs the AI they said they were using? Check out this episode of the DTF Cyber Podcast! 00:00 - Intro 01:00 - Reddit AI Experiment 14:00 - Getty Lawsuit 31:30 - Builder AI - Fake AI 49:20 - Crypto Kidnapping Articles in this Episode: https://www.newscientist.com/article/2478336-reddit-users-were-subjected-to-ai-powered-experiment-without-consent/ https://www.cnbc.com/2025/05/28/getty-ceo-stability-ai-lawsuit-doesnt-cover-industry-mass-theft.html https://www.binance.com/en/square/post/24723372076545 https://abcnews.go.com/US/nypd-detectives-crypto-torture-kidnapping-case/story?id=122325180 Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Is Your Browser Safe From Dangerous Extensions? $400M Cyber Incident! #DTF005 | 26 May 2025 | 00:54:27 | |
DTF Cyber Podcast EP005 What's up with these chrome extensions? 100s of malicious ones removed by Google. What are the threats and how should you protect your organization? Marks and Spencer in the UK also reported losses of $400M due to a cyber incident. How much should a cyber program spend to protect against this type of risk? Check out the full episode! 00:00:00 - Topics Intro 00:01:21 - Google Chrome Extensions Hijacking your information 00:17:30 - Marks and Spencer $400M Incident 00:37:40 - Text Scams around Toll Road Fees 00:48:59 - Krebs On Security DDOS Attack Joe Sullivan Charity https://www.joesullivansecurity.com/ukraine-friends/ Articles: https://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html https://www.bleepingcomputer.com/news/security/marks-and-spencer-faces-402-million-profit-hit-after-cyberattack/ https://www.bankinfosecurity.com/change-healthcare-attack-cost-estimate-reaches-nearly-29b-a-26541 https://appleinsider.com/articles/25/05/06/googles-default-search-payments-to-apple-at-risk-in-antitrust-lawsuit https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/ Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Cyber Risks Unmasked: Reporting the Threats #DTF016 | 18 Aug 2025 | 01:06:43 | |
Join hosts Damian, Troy, and Fern for Episode 16 of the DTF Cyber Podcast, featuring special guest Dina Mathers, CISO at Carvana. Recorded on August 18, 2025, this episode dives deep into three critical topics shaping the cybersecurity landscape. From measuring the impact of cyber spend to uncovering widespread weaknesses in critical infrastructure, we unpack it all with real-world insights and actionable strategies. Whether you're a seasoned pro or just starting out, this episode is packed with "nuggets of gold" to elevate your game. Don't miss the banter on DTF dinners, the debate on best-of-breed vs. platforms, and why security leaders might just be the best salespeople in the world. Subscribe for more cyber realness every Monday! 0:00:00 - Intro: Special guest Dina Mathers 0:05:51 - Metrics debate: Spend as % of revenue/IT budget vs. data-driven approaches 0:07:24 - Key KPIs: MTTD/MTTR, patching speed, phishing rates 0:09:16 - Budgeting strategies: Industry benchmarks, risk-based cases, storytelling 0:12:20 - Tool overlap woes: 30% waste per Gartner 2023; best-of-breed vs. platforms 0:14:52 - Pro tips: Carve innovation funds for startups/POCs; audit tools yearly for ROI 0:25:00 - How poor metrics blindspot funding, leaving orgs vulnerable 0:28:40 - Real-world angles: Procurement pushback, business use cases 0:32:32 - Career advice: Be proactive, relate news to your env, automate tasks 0:40:00 - Basics failures: Weak creds, poor segmentation, no logging 0:45:26 - Critical infra gaps: 16 domains, antiquated systems, public-private partnerships 0:52:07 - Fixes: Layer security, asset inventory, periodic table mapping, empower teams 0:58:25 - Tease: Non-human identities (NHI) as future ep topic 1:00:01 - Fern's thought: Security leaders as elite salespeople 1:03:42 - Nuggets: Don't store creds in browsers; strong infra passwords; storytelling sells 1:05:46 - Shoutouts to Dina, past eps references, listen twice for gold 1:06:15 - Outro Articles: https://www.wsj.com/articles/how-to-measure-cybersecurity-spending-wsj-readers-weigh-in-12e2b06b https://securityboulevard.com/2025/08/cisa-coast-guard-hunt-engagement-offer-path-to-protect-critical-infrastructure/ "Periodic Table" : https://www.balbix.com/blog/six-step-cyber-insurance-policy-playbook/ Linkedin: Dina Mathers: https://www.linkedin.com/in/dinamathers/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| What Really Happened at Black Hat This Year? #DTF015 | 11 Aug 2025 | 00:57:38 | |
Join Damian, Troy, and Fern on Episode 15 of the DTF Cyber Podcast as they dive into a hilarious and insightful recap of Black Hat 2025 in Las Vegas! From Fern's first-time adventures and networking wins to debunking Wi-Fi myths, swag horror stories, and industry trends like AI SOCs, this episode is packed with real-talk for cyber pros and newcomers alike. Whether you're in security or just curious, get the lowdown on making conferences affordable, avoiding vendor traps, and planning for next year—including a DTF meetup pledge! Don't miss out—subscribe to the DTF Cyber Podcast for weekly cyber insights: https://link.cyberpodcast.net Timestamps: 00:00:00 - Intro: Welcome to Black Hat Recap Week 00:00:37 - Fern’s First Black Hat: Late Nights and Cool Vibes 00:01:38 - Debunking Wi-Fi/Bluetooth Myths at Hacker Cons 00:05:51 - Meeting Fans and Approaching Cyber Celebs 00:08:20 - Helping Newcomers: Introducing Stephanie to Luminaries 00:11:27 - Networking Without a Ticket: Black Hat on a Budget 00:12:25 - Rising Costs Push Networking to Hallways and Bars 00:15:40 - Affordable Vegas: $500 for Flights, Hotels, and Fun 00:16:54 - Sessions vs. Stealth Demos: What’s Worth It? 00:21:20- UI/UX Excellence Awards: Judging, Categories, and Passion for Intuitive Cyber Tools 00:37:48 - AI SOCs, Cloud Backups, and Ransomware Trends 00:38:12 - Swag Fails: Urinal Cakes and Branded Alexas 00:44:06 - Vendor Raffles: Super Bowl Tickets and Hidden Agendas 00:47:00 - AI Notetakers in Sales: Privacy vs. Convenience 00:51:53 - Branded Shirts and Avoiding LinkedIn Disasters 00:53:00 - Wrapping Up: Missed Events and DEF CON FOMO 00:56:21 - DTF Meetup Pledge for Black Hat 2026 00:57:00 - Outro: See You Next Week! Hit like if you survived Black Hat (or wish you did), comment your wildest conference story, and subscribe for more unfiltered cyber chats with Damian, Troy, and Fern! #DTFCyber #BlackHat2025 #CybersecurityPodcast Cyber UXcellence Awards https://www.prnewswire.com/news-releases/mindgrub-announces-winners-of-inaugural-cyber-uxcellence-awards-at-black-hat-usa-2025-302523814.html Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| CEO Teams Scam EXPOSED: $106M Louvre Heist Used Password ‘louvre’ | 10 Nov 2025 | 01:15:32 | |
In this eye-opening episode of the DTF Cyber Podcast, hosts Damian, Troy, and Fern tackle the theme of trust in cybersecurity. From external hackers spoofing CEOs in Microsoft Teams to incident response firms secretly double-dipping in ransomware negotiations, and a shocking $106M heist at the Louvre enabled by the password “louvre,” the crew explores real-world threats and defenses. Plus, tips on security training, OSINT risks, mental health in cyber, and protecting against title fraud.
Whether you’re in security or just curious, this episode reminds us: trust but verify—or pay the price. Timestamps: 00:00 – Intro 01:00 – Microsoft Teams Spoofing Vulnerability Exposed 04:30 – Process Over Tech: Training for Wire Fraud & Deepfakes 08:00 – Data & Identity: Top CISO Concerns 15:32 – CEO Outreach? Double-Check the Source 17:31 – Gamified Training: Making Awareness Stick 20:06 – Why Annual Training Fails—Go Quarterly 26:34 – Instincts Matter: If It Feels Off, Verify 28:18 – IR Brokers Gone Rogue: Representing Both Sides 39:49 – Vetting Vendors & Diversifying Suppliers 42:31 – White-Collar Crime Triggers & Mental Health Support 46:04 – If There’s Money, Expect Cheaters 47:28 – The Louvre Heist: Bucket Trucks & Weak Passwords 50:06 – Camera Password “Louvre” Since 2014 52:10 – Complacency Kills: Beyond Default Passwords 01:07:13 – Title Fraud Scams: Lock Your House & Car Titles 01:10:05 – AI-Fueled Fraud in the Digital Age 01:12:35 – Threat Spectrum: External to Insider Risks 01:15:11 – Pro Tip: Ask a Security Expert—Don’t Guess Subscribe for unfiltered cyber insights every week. 🔔 Enable notifications—don’t miss an episode! 💬 Comment below: Ever spot a spoofed message in Teams? Share your story! #Cybersecurity #DTFCyberPodcast #MicrosoftTeams #Ransomware #LouvreHeist #TrustButVerify #InsiderThreats #SecurityTraining Articles: https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html https://arstechnica.com/security/2025/11/fbi-arrests-ransomware-clean-up-experts-for-planting-ransomware/?utm_campaign=dhtwitter&utm_content=%3Cmedia_url%3E&utm_medium=social&utm_source=twitter https://cybernews.com/news/louvre-password-heist/ Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Do You Need Cybersecurity Certs for a 6-Figure Job? #DTF025 | 03 Nov 2025 | 01:02:25 | |
Dive into the wild world of cybersecurity certifications on this episode of the DTF Cyber Podcast! Hosts Damien, Troy, and Fern break down whether certs are the golden ticket to a six-figure cyber career, or if passion, experience, and networking matter more. From entry-level tips like CompTIA Security+ to gold standards like CISSP, they share real talk on getting hired, avoiding burnout, and building a standout resume in today's tough job market. Perfect for newbies, mid-career pros, or anyone pivoting into cyber. 🔥 Key Topics: Do you really need certs to break into cyber? Best beginner certs vs. advanced ones The power of home labs, side projects, and networking Avoiding the "cert collector" trap Mid-career advice for layoffs and upskilling 🚀 Subscribe for more raw cyber insights, hit the bell for notifications, and drop your cert stories in the comments! Email us at dtf@cyberpodcast.net or connect on LinkedIn. Timestamps: 00:00 - From data breaches to six-figure hacker-hunter dreams 03:15 - Fern's confession 06:24 - Continuing education like doctors – Do you need certs to start? 08:03 - No "one cert" guarantees a job – Stand out with initiative 11:08 - Chasing money vs. passion: Burnout risks in cyber 15:35 - "Love your job, never work a day" – Finding your cyber niche 18:19 - New grads: Focus on certs, experience, or networking first? 19:29 - Damien's hiring advice: Internships over Ivy League degrees 22:31 - Entry-level picks: CompTIA Security+, CEH – Show initiative 23:28 - Home labs & side projects: Build and talk about them! 29:33 - Python scripting: The invaluable skill that lands big roles 32:31 - Mid-career: CISSP for screening, but tailor to your path 36:15 - Avoid silos: Broaden skills in big vs. small companies 38:35 - SANS certs: Pricey but powerful 40:14 - Retention: Invest in training, build culture 46:36 - Beat AI resume scanners: Network to bypass bots 50:21 - Salary expectations & red flags in job apps 53:23 - Late-career: Network trumps certs 54:04 - Final tips: Local meetups, be bold, ask for what you want 58:05 - Pro networking hack: 59:27 - Magic tricks as icebreakers? #Cybersecurity #Certs #CISSP #SecurityPlus #CyberCareer #DTFPodcast Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| CISO Budget Hacks: $2B Negotiator Reveals How to Win Funding & Crush Vendor BS | #DTF024 | 29 Oct 2025 | 01:22:23 | |
Join hosts Fern and Troy as they sit down with legendary negotiator and cybersecurity expert Jean Shapiro (formerly of American Express) for an in-depth discussion on navigating cybersecurity budgets, building trust with vendors, leveraging crises for improvement, and fostering a culture of transparency. From managing $2B budgets to avoiding sales pitfalls and tying security to business impact, Jean shares real-world insights from her decades in the field. Whether you’re dealing with ransomware recovery, brand protection, or innovation funding, this episode is packed with gold nuggets for CISOs, security leaders, and vendors alike. If you enjoy raw, unfiltered conversations on cyber defense, hit that LIKE button, SUBSCRIBE for more episodes, and drop a comment below: What’s your biggest budgeting challenge in cybersecurity? 🔗 Listen on Spotify/Apple Podcasts: spotify.cyberpodcast.net apple.cyberpodcast.net #Cybersecurity #CISOBudget #SecurityFunding #VendorManagement #Ransomware #CISOAdvice Timestamps: 00:00 – Intro & Jean Shapiro’s Epic Entrance 03:27 – Why Non-Tech Leaders Struggle to Understand Security 06:10 – Educating Buyers Through Breach News & Real-World Examples 09:06 – Gold Nugget #1: Never Let a Good Crisis Go to Waste 12:36 – Building a Culture of Transparency (No Finger-Pointing) 16:21 – Partnering with CIOs: Fixing Legacy Issues Without Blame 18:46 – Getting Budget: Tie Security to Revenue Loss & Business Impact 23:29 – Risk & Brand Protection in Budget Conversations 26:11 – Risks Breakdown: Litigation, Regulation, Operational Downtime 28:00 – Ransomware Myths: Why Paying Isn’t a Quick Fix 31:56 – Frameworks (NIST, MITRE ATT&CK) for Data-Driven Budgets 37:32 – Carving Out Budget for Innovation & AI Tools 40:46 – Tips: Align with Strategic Initiatives (Don’t Just Slap AI on It) 43:02 – Sales Call Frustrations: “What Keeps You Up at Night?” 47:19 – Protecting Proprietary Info in Vendor Calls (No Recordings!) 51:23 – Post-Sale Support: Don’t Ghost After the Deal 55:38 – Burning Vendor Bridges: When to Replace Tools 58:03 – Sales Ghosting Between Roles: It Bites Back 1:05:16 – Sales Incentives Exposed: Why Renewals Get Weird 1:10:20 – Negotiating with VARs: Avoid Desperation Deals 1:19:00 – Closing Thoughts: Know Your Numbers, Talk Business Language Thanks for watching! Stay secure out there. Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ | |||
| The Battle of the CISOs: Technical vs Non-Technical #DTF023 | 24 Oct 2025 | 01:02:50 | |
Welcome to Episode 23 of the DTF Cyber Podcast! 🎙️ Join our hosts as they dive into the evolving world of cybersecurity leadership, exploring what it takes to be a CISO in 2025. From technical acumen vs. business savvy to AI’s revolutionary impact on the industry, we unpack critical insights for aspiring and seasoned security pros. Plus, hear about Vegas’s tight-knit cyber community, data breach lessons, and the F1 party vibe! 💻 Don’t miss this mix of career advice, tech trends, and real-world stories. Subscribe for weekly cyber insights! 🚀 #Cybersecurity #CISO #AIinCybersecurity #DataBreaches #VegasCyber Timestamps: 00:00 —Intro & Vegas F1 Excitement The crew kicks off with Formula 1 hype, Vegas nightlife, and how local cyber pros turn big events into networking gold. 06:35 — The CISO Role Debate Do you need deep technical chops or business instincts to lead? The team unpacks the “technical vs. strategic” clash lighting up LinkedIn. 14:23 - The Castle & Sword Analogy Defending your organization like a kingdom; strategy, trust, and the danger of “fighting every battle yourself.” 20:10 — Stats, Pay Gaps & AI’s Influence Why technical CISOs earn more, how AI is reshaping cybersecurity, and why partnership beats isolation. 28:27 — AI’s Impact on Cybersecurity Working alongside business units to secure AI-driven projects — and the risks of “vibe-coding” without controls. 33:17 - Leadership Humility The power of admitting mistakes: how transparency builds trust and kills ego-driven cyber culture. 36:01 — SOC Lifers & Innovation Why some pros never leave the trenches — balancing hands-on skill with creative problem-solving. 41:01 — The Hybrid Advantage Why the best CISOs blend technical depth, business vision, and empathy to lead modern security teams. 45:28 — VARs, Pizza & Procurement How to question vendors the smart way — and why “what fails” matters more than “what sells.” 49:45 — Data Retention & Breaches Third-party risk, compliance headaches, and why storing IDs “just in case” creates future breaches. 54:34 — Breach Fatigue Lessons from a 70,000-user data leak — protecting your identity and regaining trust in a breach-saturated world. Topic Links: Connect with Us: • Follow DTF Cyber Podcast on X for updates! • Share your thoughts in the comments! What’s your take on the CISO role in 2025? | |||
| Trust But Verify: The Hidden Cost of AI Hallucinations #DTF022 | 13 Oct 2025 | 01:09:58 | |
Join Damian, Troy, and Fern on Episode 22 of the DTF Cyber Podcast (@DTFCyberPodcast) as we tear into Deloitte’s $290K AI hallucination disaster—fake references, a misquoted judge, and a botched Australian government report that’s shaking trust in AI. From AI’s role in cyber chaos to practical tips for validation, we’ve got CISOs and tech lovers covered. Timestamps (Extracted from Transcript): Timestamps (Extracted from Transcript): 00:00 – 01:26 | Intro: AI Hallucinations & Holiday Banter 01:26 – 15:34 | Cyber News: Deloitte’s AI-Generated Report 15:34 – 30:06 | Deep Dive: Accountability & Ethics Fallout 30:06 – 43:10 | AI Ethics in Security & Vendor Data Use 43:10 – 57:12 | Audits, Maturity Scores & Frameworks 57:12 – 01:09:49 | Outro: Real Talk on Jobs, AI & Accountability Links: • Fortune Article: https://fortune.com/2025/10/07/deloitte-ai-australia-government-report-hallucinations-technology-290000-refund/ • NIST AI RMF: https://www.nist.gov/itl/ai-risk-management-framework • Join us on X: https://x.com/DTFCyberPodcast • AI Ethics Cheat Sheet: [Link to PDF - TBD] Subscribe: Catch our weekly cyber takedowns! Smash that bell and join the DTF crew fighting hype, one ethical byte at a time. 🛡️ Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Ransomware Hits Europe's Airports – Travel Cyber Survival Guide! #DTF021 | 06 Oct 2025 | 01:13:10 | |
Buckle up for a wild ride through cyber chaos at 30,000 feet! With Damian out slaying dragons elsewhere, Troy and Fern team up with special guest Shannon Wilkinson (Troy's better half, CIO/CISO at Findlay Auto, and reigning "double belt cyber champ"). We dissect the September 2025 ransomware meltdown that grounded 63+ flights at Heathrow, Brussels, and Berlin—thanks to a Collins Aerospace supply chain hack. From botched check-ins to a shocking UK arrest in under a week, we unpack the third-party terror, AI's automation pitfalls, and why your next layover could be a hacker's playground. Plus: Real talk on business impact analysis (BIA), dodging "juice jacking," VPN myths, and why employees aren't your "weakest link" (but untrained ones sure are). Shannon drops gems from her new book on AI ethics, and we roast everything from fast-food kiosks to boardroom budget battles. Laughs, lessons, and low-hanging fruit alerts—because if airports can crash, so can your data. Stay encrypted, travelers! 🚨✈️ Timestamps: 00:00 - Ransomware Grounds Europe – Collins hack chaos. 02:59 - Tech Couples – Can they unplug? 05:11 - Airport Attack – Heathrow arrests & CrowdStrike déjà vu. 08:07 - AI Trap – Automation gone wrong. 14:39 - Boardroom Battles – Layoffs vs. efficiency. 19:34 - AI Revolution – Jobs, tools, & reality check. 27:52 - BIA 101 – Spot risks before chaos. 33:25 - Cyber Risk in Dollars – Board storytelling without FUD. 40:43 - Cyber Spend – $2B budgets & quick wins. 45:25 - Employees – Weak link or weapon? 47:24 - SMS Scams – Bill panic & verification tips. 49:35 - Travel Security – VPNs, hotspots, identity fabrics. 53:51 - Hotspot Hype – Cell signals vs. VPN traps. 57:51 - Juice Jacking – Airport USB risks explained. 01:03:16 - Book Spotlight 01:06:23 - Sales Tactics Roast – Cupcakes as cold calls. 01:10:02 - Wrap-Up Grab Shannon's book: "Prompted, Not Present" on Amazon – DM her on LinkedIn for a signed copy! Love the pod? Smash that 👍, subscribe for weekly cyber roasts, and drop your wildest travel hack fail in the comments. New eps every Monday—next up: Deepfakes in the wild? 🔗 Full episodes & merch: dtfcypberpodcast.net 📱 Follow us: YouTube @DTFCyberPodcast | X @DTFCyberPodecast | LinkedIn #Ransomware #AirportHack #TravelCybersecurity #AIEthics #CyberPodcast #DTFCyber #SupplyChainAttack #VPNtips #JuiceJacking #BusinessResilience Articles: https://www.theguardian.com/world/2025/sep/22/flight-delays-europe-cyber-attack-heathrow-brussels-berlin https://levelblue.com/blogs/security-essentials/securing-your-digital-footprint-while-traveling-in-2025 Shannon's Book: https://www.amazon.com/Prompted-Not-Present-Reclaiming-Thoughtful/dp/B0FF5D87S9/ref=sr_1_1?crid=2BIWF9F0E79D6&dib=eyJ2IjoiMSJ9.X1QHcoWjhBDfHDtebgE0l4gwmpAfCC5WWrEVbCo-sygfPtSsH6pEv62iZnv9oFIQlhSqfObQU_AqUtM-T389Uh2Wp-nU71BK5Ht-XMU0LmlLRqWNUvmPgpdGXv4btnYZIsMXucdOo6EPaGeVckxFncbhY4BrmwSI0mdVEvbIivynUqp9JhrHyZFn-c7OihOlA6QW6gYMu2IhE0w_KVSjMA.GK0phjXd49yIOHuQSahz5k88KN5tbvARge-P1ntZs4g&dib_tag=se&keywords=shannon+wilkinson&qid=1759709566&sprefix=shannon+wilk%2Caps%2C134&sr=8-1 Linkedin: Shannon: https://www.linkedin.com/in/swilkinsoncyber/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| When AI Goes Rogue: Exposing the Risks of Autonomous Agents #DTF020 | 15 Sep 2025 | 01:11:26 | |
Welcome to Episode 20 of the DTF Cyber Podcast! 🚨 Join hosts Damian and Fern, with special guest Gary Chan, the Security Mentalist, as they dive into the wild world of rogue AI agents—autonomous systems that wreak havoc when they go off-script. From AI browsers falling for phishing scams to coding agents wiping out databases and chatbots selling $76,000 SUVs for a buck, we unpack real-world incidents shaking the cybersecurity world in 2025. Gary’s psychological manipulation expertise reveals how AI vulnerabilities mirror human tricks, making this a must-watch for tech pros and curious minds alike! 🧠💻 🔔 Subscribe to @DTFCyberPodcast for weekly cybersecurity deep dives: youtube.com/@DTFCyberPodcast 💬 Drop your rogue AI stories in the comments and let us know what topics you want next! 📩 Want Gary’s security mentalism for your company? Visit https://www.gschan2000.com Timestamps 00:00 - Intro: Damian and Fern set the stage for rogue AI agents, introducing Gary Chan with a WWE-style entrance! 03:27 - Guest Spotlight: Gary explains security mentalism—blending psychological tricks with cybersecurity awareness. 08:59 - Perplexity’s Comet AI Browser Exploit: How this AI browser got tricked into buying fake items and leaking data. 27:02 - Replit AI Database Disaster: A coding agent deletes a production database and fakes logs to cover it up! 42:45 - Chevrolet Chatbot Fiasco: A chatbot “sells” a $76,000 Tahoe for $1 via social engineering. 54:42 - Roundtable: AI Risks & Fixes: 80% of companies face rogue AI—how do we secure these agents? 68:47 - Outro & Takeaways: Key lessons on testing, governance, and trusting AI, plus a call to subscribe! Key Topics Perplexity Comet Exploit: How phishing and prompt injection led to unauthorized purchases and data leaks. Replit Database Wipeout: A coding AI’s catastrophic error and attempt to hide it. Chevrolet Chatbot Blunder: Social engineering tricks a bot into absurd deals, raising liability questions. Mitigations: Testing in dev environments, strict permissions, and rollback plans to tame rogue AI. Gary’s Take: How mentalism reveals AI’s susceptibility to manipulation, with tips for secure deployment. Security Mentalist: https://www.gschan2000.com Article 1: https://www.bleepingcomputer.com/news/security/perplexitys-comet-ai-browser-tricked-into-buying-fake-items-online/ Article 2: https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-data Article 3: https://www.upworthy.com/prankster-tricks-a-gm-dealership-chatbot-to-sell-him-a-76000-chevy-tahoe-for-ex1 Article 4: https://www.digit.fyi/80-of-firms-say-their-ai-agents-have-taken-rogue-actions/?utm_source=chatgpt.com Linkedin: Gary Chan: https://www.linkedin.com/in/gschan2000/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Why Third-Party Apps Can Put You at Risk! #DTF019 | 08 Sep 2025 | 00:56:29 | |
Welcome to Episode 19 of the DTF Cyber Podcast, where Damian, Troy, and Fern dive into the wild world of cybersecurity with our special guest, Lester Godsey, CISO at Arizona State University! This week, we unpack the massive Salesloft Drift supply chain breach that rocked companies like Cloudflare, Palo Alto Networks, and Zscaler. From OAuth token risks to third and fourth-party vulnerabilities, we break down what went wrong, why it matters, and how to protect your organization from the next supply chain nightmare. Expect technical deep dives, real-world insights, and our signature banter—because even in chaos, we keep it real. Subscribe, like, and join us every Monday for more cyber talk! Follow us on X: @DTFCyberPodcast Watch on YouTube: https://www.youtube.com/@DTFCyberPodcast Timestamps 00:00 - Intro: Welcome to the DTF Cyber Podcast 00:33 - Guest Introduction: Meet Lester Godsey, ASU’s CISO 01:41 - Lester’s 8-Hour Retirement & Transition to Private Sector 03:12 - Talk Track 1: The Breach Breakdown – Salesloft Drift Incident 04:49 - Why Third-Party Risk Management (TPRM) Needs More Hype 06:26 - The Skills Gap in Governance, Risk, and Compliance (GRC) 09:57 - Do CISOs Need to Be Super Technical? The Debate 13:22 - Talk Track 2: OAuth Token Risks – The Double-Edged Sword 18:04 - Analogies: Amazon Garage Access vs. OAuth Token Exposure 23:20 - Talk Track 3: Third and Fourth-Party Risks – Hidden Layers 26:30 - Vendor Transparency and Proactive Disclosure 29:01 - Shadow IT and the Challenges of Vendor Visibility 31:20 - Talk Track 4: Mitigation Strategies – Auditing and Non-Human Identities 36:02 - Managing Up: Communicating Risks to Leadership 39:15 - Gen Z Slang and Workplace Communication Challenges 43:32 - Recap: Key Takeaways on OAuth, Audits, and Risk 47:46 - Future Topics: Non-Human Identities and Agentic AI 51:02 - Actionable Advice: Audit Your OAuth Tokens Now 54:41 - Closing Thoughts from Troy, Damian, Fern, and Lester What You’ll Learn - How attackers exploited OAuth tokens in the Salesloft Drift breach - The cascading risks of third and fourth-party vendors - Practical steps to audit and secure OAuth tokens and APIs - Why non-human identity management is critical for modern cybersecurity Have you audited your OAuth tokens lately? Drop your thoughts on supply chain risks in the comments or hit us up on X (@DTFCyberPodcast). If you found this episode helpful, smash that like button, subscribe, and share with your cyber crew! Let’s stay one step ahead of the hackers. #Cybersecurity #SupplyChainSecurity #OAuthRisks #DTFCyberPodcast Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Why Cybersecurity Training is Often Ignored #DTF018 | 01 Sep 2025 | 01:09:23 | |
🎙️ Welcome to the DTF Cyber Podcast! In Episode 18, “Why Cybersecurity Training is Often Ignored,” we dive into the real struggles of staying sharp in cyber roles. From budget battles to justifying big conferences like Black Hat and RSA, this episode uncovers why training gets sidelined—and how to fight back! 💻🔒 🔑 Key Topics: • Why training costs (like $8,000 SANS courses) scare off CEOs • Budget hacks: Vendor deals, free meetups (e.g., Phoenix East Valley), and LinkedIn Learning • Justifying conferences with ROI (reports, team training) • Employee initiative vs. leadership responsibility • Training as part of compensation and culture • Staying ahead with job research and the “seven whys” 😂 Bonus: Hear about the hostel pinkeye saga—a lesson in cost-cutting gone wild! 📌 Timestamps: 0:00:00 - Intro: Staying Up-to-Date 0:02:34 - Budgeting Challenges 0:09:05 - Vendor Training Tricks 0:18:23 - Justifying Conferences 0:36:02 - Free Training Options 0:43:10 - Employee & Leader Roles 0:54:26 - Black Hat Cost Breakdown 1:05:26 - Closing Tips 💬 Drop your training hacks in the comments! Subscribe @DTFCyberPodcast for more cyber realness. Join us next week—stay safe! 🔗 Full Episode: [Link to Episode 18] 🌐 Learn more: https://www.youtube.com/@DTFCyberPodcast #Cybersecurity #Training #BlackHat #RSAConference #CyberCareer #DTFCyberPodcast Phoenix Cyber Meetup: EVSec https://www.meetup.com/evsecaz SANS pricing: https://www.sans.org/cyber-security-courses/advanced-security-essentials-enterprise-defender UI/UX: https://www.linkedin.com/posts/cyber-uxcellence_a-milestone-moment-for-ux-in-cybersecurity-activity-7361758949525622785-Rsha?utm_source=social_share_send&utm_medium=member_desktop_web&rcm=ACoAAAPdJL0B8xce6ECZfPNPS2Hp24evoT2uY0E Online Training Resources: https://explore.skillbuilder.aws/learn (AWS Skill Builder – Security Learning Plans) https://www.cloudskillsboost.google/ (Google Cloud Skills Boost – Security Labs & Quests) Use of "Five Why's" : https://www.corporatecomplianceinsights.com/want-better-incident-response-keep-asking-why/ Phoenix Community Meetup Groups: https://owasp.org/www-chapter-phoenix/ (OWASP Phoenix) https://engage.isaca.org/phoenixchapter/home (ISACA Phoenix Chapter) https://isc2chapterphoenix.org/ (ISC2 Phoenix Chapter) Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| Is Your Mobile Phone Secretly at Risk? #DFT017 | 25 Aug 2025 | 01:00:50 | |
In Episode 17 of the **DTF Cyber Podcast**, hosts Damian, Troy, and Fern tackle three cybersecurity threats that could impact your daily life: zero-day exploits on mobile devices, hardware-based attacks via webcams and laptops, and ATM/network breaches using physical devices. Drawing from recent 2025 incidents like Apple's CVE-2025-43300, Lenovo's "BadCam" flaw, and the "CAKETAP" rootkit, they break down risks, share practical tips on patching, privacy, and layered defenses, and emphasize resilience over perfect prevention. Whether you're an iPhone user, remote worker, or ATM frequenter, this episode delivers actionable insights with the trio's signature banter and real-world stories. 🔔 Subscribe to **DTF Cyber Podcast** for weekly cybersecurity discussions: https://www.youtube.com/@DTFCyberPodcast 👍 Like, comment, and share your biggest patching pet peeve below! 📱 Follow us on X: @DTFCyberPodcast **Timestamps:** 00:00 - Intro: Episode overview and personal impacts of zero-days, webcams, and ATMs 01:12 - Zero-Day Exploits: Apple vulnerabilities, myths about iOS security, and patching urgency 04:23 - MDM and Privacy: Balancing BYOD risks, EU regulations, and employee monitoring 07:14 - Browser and App Patching: Managing third-party tools and auto-updates 10:01 - Data Leaks via Cloud Tools: OneDrive instances and insider threats 12:24 - VPNs and Privacy Concerns: User paranoia and employer trust 15:02 - Work-Life Balance: Salary expectations vs. 24/7 access 18:09 - AI-Accelerated Exploits: Threat actors weaponizing patches in hours 23:52 - IT vs. Security: Balancing rapid patching with testing 26:05 - Hardware Attacks: Webcams as entry points (BadCam exploit) 29:01 - Firmware Risks: Updating drivers and BIOS vulnerabilities 32:39 - Physical Access Threats: Hotel room espionage and lost devices 35:34 - Convenience vs. Security: Reducing user friction in tools 40:03 - Proof-of-Concept Testing: Involving non-tech users for adoption 43:32 - ATM Breaches: Raspberry Pi rootkits and network compromises 46:13 - Card Skimmers vs. Deeper Hacks: Physical-cyber blends 49:39 - Financial Tips: Separating accounts and credit card protections 52:33 - Anomaly Detection: Monitoring for Raspberry Pi drops and flippers 56:47 - Defense in Depth: Layers, resilience, and rapid response 58:08 - Closing Thoughts: Patch promptly, understand policies, and stay vigilant #Cybersecurity #ZeroDay #WebcamHacks #ATMBreaches #DTFCyberPodcast #CyberTips #AppleSecurity #HardwareVulnerabilities #NetworkSecurity ### Zero-Day Exploits 1. **Link**: https://safe.security/resources/blog/most-likely-damaging-cyber-threats-vulnerabilities-2025/ - **Relevance**: Discusses 2025 zero-day trends, including Apple’s CVE-2025-43300, aligning with the podcast’s focus on mobile device vulnerabilities and rapid patching needs. 2. **Link**: https://stonefly.com/resources/zero-day-exploits-cyber-threats-you-cant-see-coming - **Relevance**: Covers AI’s role in scaling zero-day attacks, matching Troy’s discussion of AI reverse-engineering patches and Fern’s point about targeting unpatched devices. ### Hardware-Based Attacks 3. **Link**: https://www.datasunrise.com/zero-day-exploit/ - **Relevance**: Explores hardware vulnerabilities like firmware flaws, tying to "BadCam" and "ReVault" exploits and Troy’s emphasis on BIOS/driver risks. 4. **Link**: https://www.blackfog.com/zero-day-security-exploits/ - **Relevance**: Details hardware-based zero-day risks, supporting Damian’s hotel room espionage concerns and Troy’s firmware update focus. ### ATM and Network Breaches 5. **Link**: https://www.greynoise.io/blog/2025s-biggest-cybersecurity-threats-exposed - **Relevance**: Addresses infrastructure attacks, aligning with the CAKETAP rootkit incident and the hosts’ discussion of physical device vulnerabilities. Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| AI Just Hacked the World With Almost No Humans Involved | 27 Nov 2025 | 01:03:02 | |
Anthropic’s new report is a wake-up call: hackers turned Claude into a near-autonomous espionage agent that handled 90% of the attack chain by itself. The future is officially here… and it’s terrifying. We go deep on how they did it, why current defenses are cooked, and what defenders need to do yesterday. Timestamps 00:00 – The scariest line Anthropic has ever published 01:17 – “Set it and forget it” – the new AI attack paradigm 04:04 – Breaking attacks into tiny, undetectable chunks 13:48 – Attackers flipped the script: 90% AI, 10% human 17:26 – Why defense has to 10x its speed right now 27:11 – SOC automation, log nightmares & the data problem nobody’s solved 33:18 – Thousands of API calls/sec + AI writing its own evasion logic 40:31 – Regulation debate: should frontier models be locked down? 51:38 – Back to basics… but the basics just changed forever 55:21 – Raw reactions: “Is this even real?” 58:09 – The silver lining (yes, there is one) 01:03:13 – When’s the next one coming? Like if this freaked you out, comment your biggest fear for 2026, and smash subscribe — the AI cyber war just started. #AICyberAttack #ClaudeAI #Cybersecurity #AgenticAI # infosec http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| 60+ Cybersecurity Tools Per Company: Fix Tool Sprawl Chaos Now | 17 Nov 2025 | 00:54:09 | |
The average company now runs 60+ cybersecurity tools — more apps than most people have on their phone. Is this making us safer… or just creating chaos, alert fatigue, and million-dollar shelf ware? In this episode, Damian, Troy, and Fern rip apart the tool sprawl epidemic: why CISOs are drowning in overlapping platforms, how 7% of IT budget became the “standard,” when best-of-breed actually beats single-vendor, and how to start consolidating before you go insane. Real talk from three practitioners who’ve lived the nightmare. Timestamps (short & sweet edition) 00:00 – 60+ tools per company… are we actually safer? 03:17 – The 7% of IT budget “rule” – is it enough? 06:21 – Cybersecurity isn’t insurance, it’s risk mitigation 11:05 – Shelfware nightmare: tools bought, never used 14:30 – Single-vendor vs best-of-breed debate 28:40 – The shiny new toy problem every CISO faces 36:20 – Analyst alert fatigue is real 40:05 – Best-of-breed wins when tools actually talk 47:36 – You need a 3–5 year roadmap (even if you won’t be there) 49:02 – AI wasn’t on anyone’s 5-year plan… now what? 51:09 – Pro tips for CISOs & analysts 54:35 – Wrap-up & see you next week! Subscribe so you never miss the raw truth about cybersecurity. 🔔 Turn on notifications – new episode every Monday! 💬 Comment: How many security tools does YOUR org actually use? #Cybersecurity #ToolSprawl #CybersecurityTools #CISO #BestOfBreed #SecurityConsolidation #DTFCyberPodcast Linkedin: Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net | |||
| 8 Ways to Jumpstart Your Cybersecurity Career in 2026 | #DTF032 | 19 Jan 2026 | 01:18:17 | |
2026 is here, and the cybersecurity job market is evolving. Whether you are trying to break into the industry or land your next senior role, the playbook has changed. In this episode of the DTF Cyber Podcast, Fern and Troy are joined by Gary Perkins (CISO at CISO Global) to break down 8 actionable steps you can take right now to jumpstart your career. From building public red team projects to mastering new attack toolchains like the Flipper Zero, we cover the technical and soft skills that hiring managers actually look for. We also dive into why networking is your #1 asset, how to contribute to open source projects, and why "learning to script" is non-negotiable for modern security pros. 🚀 In this episode, we cover: Why you need a public GitHub portfolio (even if you aren't a dev). How to legally perform "hunts" in your current job to gain experience. The difference between "scripting" and "developing" and why Python/Bash helps. Why reading non-cyber books can actually make you a better CISO. 👇 Jump to the 8 Career Hacks: 00:00:00 - Intro: Welcome back to 2026! 00:01:02 - Meet Gary Perkins, CISO at CISO Global 00:07:43 - #1: Build One Public Red Team Project Quarterly 00:14:00 - #2: Master a New Attack Toolchain (Flipper Zero, Bloodhound, etc.) 00:21:16 - #3: Contribute to Open Source Security Projects 00:29:16 - #4: Perform a Weekly Hunt in a Real Environment 00:43:35 - #5: Learn to Script Your Own Tools (Python & Bash) 00:51:18 - #6: Network Like Your Career Depends On It 01:02:17 - #7: Read a Non-Cyber Book (The Phoenix Project, Leaders Eat Last) 01:07:42 - #8: Teach Something Publicly 01:16:20 - Bonus Resource: The Threat Intelligence Support Unit (TISU) Cohort 📚 Resources & Mentions: Book: The Phoenix Project Book: Leaders Eat Last by Simon Sinek Organization: Threat Intelligence Support Unit (TISU) - Free Cybersecurity Cohort https://www.eventcreate.com/e/tisu8 Connect with the Guest: Gary Perkins (CISO Global) https://www.linkedin.com/in/perkinsgary/ Subscribe for more no-nonsense cyber insights! #Cybersecurity #InfoSec #CareerAdvice #RedTeam #BlueTeam #CISO #TechCareers #2026 http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned. | |||
| 2026 Cyber Predictions: AI Agents, Record Ransomware & Deepfake Disasters | DTF#031 | 24 Dec 2025 | 00:49:15 | |
Is 2026 the year AI takes over everything—including the crimes? 🤖💸 In the final episode of 2025, Damian and Troy break down their Top 8 Cyber Predictions for 2026. From AI agents executing 90% of breaches to ransomware payouts potentially hitting half a billion dollars, the future of cybersecurity is moving fast. We also discuss the "Harvest Now, Decrypt Later" threat, why your LinkedIn profile picture might already be a lie, and the new $150k entry-level salary standard. Plus, we’re ending the year with a GIVEAWAY! 🎁 Drop your 2026 prediction in the comments—for every 10 predictions we receive, we’re picking a winner for some exclusive (and secret) DTF Cyber swag. In this episode, we cover: Why AI agents (not humans) will be behind 9 out of 10 breaches. The terrifying potential for a $500M ransomware payout. How deepfakes will finally cause a major real-world crisis. "AI Laundering": The new frontier for cleaning dirty crypto. Why entry-level cyber jobs are hitting $150k salaries (and the catch). 🔔 Subscribe for more unfiltered cybersecurity insights! ⏱️ TIMESTAMPS: 00:00 – Intro: Did AI change the world in 2025? 01:58 – Prediction #1: 90% of breaches will be executed by AI Agents. 07:40 – Prediction #2: Ransomware payouts will break records ($500M?!). 15:15 – Prediction #3: Identity becomes the central pillar (Passkeys backfire?). 20:00 – Prediction #4: A deepfake event will hit major global news. 24:45 – Prediction #5: "Harvest Now, Decrypt Later" goes mainstream. 28:40 – Prediction #6: Mandatory AI Agent audits for federal contractors. 32:30 – Prediction #7: "AI Laundering" becomes the new money laundering. 38:15 – Prediction #8: Entry-level AI Cyber jobs will start at $150k. 45:00 – Bonus Prediction: The consolidation of massive data analytics. 47:00 – GIVEAWAY DETAILS: How to win exclusive swag! #CyberSecurity #AIPredictions #Ransomware #Deepfakes #TechTrends2026 #InfoSec #Podcast #DTFCyber #AI | |||
| The Ultimate Cybersecurity Gift Guide (Under $100, $200 & Unlimited) #DTF030 | 17 Dec 2025 | 00:58:51 | |
The 2025 Cyber Christmas List That Actually Gets You Hired Happy holidays, nerds! Your mom just spent $79 on a “hacker hoodie” that says “Trust Me” in Comic Sans… …while real juniors are out here making six figures with a $29 Yubikey and a Raspberry Pi. In Episode 30, Damian, Troy & Fern save your Christmas with the only cyber gifts worth buying in 2025: • Under $50 stocking stuffers that turn into paychecks • $50–$150 tools that get you interviews • $150–$300 big wins that scream “I’m serious” • Free gifts that slap harder than anything paid • And the absolute coal you should burn before anyone unwraps it Timestamps 00:00 Intro: The "Hacker Hoodie" 01:37 Why "Hacker" Clothing is Bad OpSec 06:01 The Worst Gifts: "Hacking for Dummies" 08:59 Beware of Knockoff Tools & Malware 12:15 Danger: Pre-loaded Hacking USBs 13:49 Best Gifts Under $100 14:00 Book Rec: The Hardware Hacker 14:20 YubiKeys for MFA 16:21 Lockpicking Sets & Physical Pen Testing 21:42 USB Rubber Ducky 23:25 USB Data Blockers (Juice Jacking Protection) 25:05 RFID Blocking Wallets 28:06 Raspberry Pi Projects (Honeypots & VPNs) 28:45 Best Gifts $100 - $200 30:30 Packet Squirrel: Man-in-the-Middle Attacks 34:20 Flipper Zero: Radio Frequencies & Rolling Codes 39:34 Certifications: Security+ & Network+ 44:24 Cloud Credits & AI Subscriptions 46:26 Unlimited Budget Gifts 47:25 Black Hat & DefCon Tickets 48:14 Mac vs. Windows vs. Linux for Hacking 51:53 Giveaway: The "Hacker" Hoodie 57:58 Holiday Security Warning Giveaway: Comment your dream (or worst) cyber gift — we’ll randomly pick one subscriber for a genuine “hacker” hoodie (minimum 10 comments). Everything here is our personal hot takes — not our employers, not legal advice. Just three idiots with mics trying to keep you from bad gifts. — Damian, Troy & Fern DTF Cyber Podcast #CyberGifts #Christmas2025 #CyberSecurity #Infosec #Career http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned. | |||
| Your Google Account Just Got Hacked – And You Didn’t Click Anything | 09 Dec 2025 | 01:03:40 | |
2.5 billion daily account-takeover attempts. That’s one every 34 microseconds. Damian, Troy & Fern go full send-it mode on the 2025 ATO playbook: SIM swaps, session-token theft, MFA fatigue bombing, rogue QR codes, deep-fake family scams, and the OAuth tokens you granted in 2017 that are still wide open. Timestamps 00:00 – Intro 05:20 – SIM swaps & losing your phone number in minutes 09:40 – Why password resets are useless (session tokens survive) 14:20 – MFA fatigue / push-notification bombing 19:10 – OAuth & old third-party app tokens nobody revokes 24:30 – Rogue QR codes at restaurants & hotels 30:15 – Enterprise reality – weekly O365 token theft 37:40 – Non-human identities & service-account sprawl 44:50 – Passkeys in 2026 – will increase ATO risk if misconfigured 51:00 – Public Wi-Fi, juice jacking & QR code myths 58:00 – Closing thoughts Discord (coming soon) #AccountTakeover #SIMSwap #MFAFatigue #CyberSecurity #Infosec #ZeroTrust https://www.fcc.gov/consumers/scam-alert/grandparent-scams-get-more-sophisticated https://newsroom.servicenow.com/press-releases/details/2025/ServiceNow-to-Expand-Security-Portfolio-With-Acquisition-of-Vezas-Leading-AI-native-Identity-Security-Platform/default.aspx https://thehackernews.com/2025/04/customer-account-takeovers-multi.html https://www.gartner.com/reviews/market/identity-threat-detection-and-response-itdr http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned. | |||
| Why Your Tech Won’t Save You: The Human ROI of Cyber Security | Dom Vogel #DTF036 | 02 Mar 2026 | 01:12:52 | |
Chances are you’ve got the best tech money can buy, the latest AI, and the biggest firewalls—but you’re still losing. In this episode of the DTF Cyber Podcast, Damian and Fern sit down with Vancouver-based leadership coach and "positivity troll" Dom Vogel to discuss why the weakest link in cybersecurity isn’t a line of code, it’s the person behind the keyboard. We’re ignoring the hardware today to focus on the Human Side of Security. Dom shares his 20+ years of experience transitioning from corporate burnout to coaching cyber leaders on empathy, branding, and "connected leadership" in the AI era. In this episode, we dive into: * The CIO Branding Problem: A real-world story of how a helpdesk’s "likability index" changed a CEO’s perception of IT. * The 1,000 Applicant Crisis: Why junior roles are getting overwhelmed and how to "short-circuit" the online application black hole. * Certs vs. Communication: Why technical certifications are now "table stakes" and how soft skills are the real differentiator in 2026. * Authentic Leadership: Why vulnerability is a leader’s most powerful tool for building trust and mental resiliency within teams. * Personal Brand vs. Reputation: Understanding the "visceral emotional reaction" people have to your name. Connect with Dom Vogel: LinkedIn: https://www.linkedin.com/in/domvogel/ Website: https://www.vogelleadershipcoaching.com Subscribe to DTF Cyber: Don't miss our upcoming deep dive into 2026 Cyber Salaries and the "AI Premium" in Episode 37! Video Timestamps 00:00 – The Weakest Link: Tech vs. Humans 02:18 – Meet Dom Vogel: The Ball Cap & Beard Guy 03:33 – The CIO Branding Problem: A Helpdesk Story 06:12 – Translating Risk into "Boardroom Conversation" 08:12 – The 1,000 Applicant Problem: Standing Out in Noise 10:07 – Why Applying Online is a "Black Hole" 12:23 – Technical Skills are Now "Table Stakes" 14:51 – Photography & Networking: Fern’s Origin Story 19:05 – Stop Investing Only in Certs 21:07 – Vulnerability: A Leader’s Most Powerful Tool 24:42 – Story: The Helpdesk Manager Who Loved Marketing 28:01 – Will AI Replace the Human Craving for Interaction? 33:32 – Creating Psychological Safety in Your Team 37:56 – The Janitor Test: How to Hire for Culture Fit 42:07 – Operational Leverage: Reinvesting in Your People 47:28 – The "Soft Skills" Payday: Why CISOs Need Sales Training 51:06 – Remote Work vs. Office: The Choice Matters 55:30 – What is a "Positivity Troll"? 59:54 – Personal Brand vs. Reputation: What They Say When You Leave 01:05:02 – How Content Creation Leads to Job Offers http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned. | |||
| 72 Hours to Report or Else: The New Compliance Nightmare | 23 Feb 2026 | 01:03:47 | |
In this episode, Damian, Troy, and Fern dive into the heated controversy surrounding new federal reporting mandates. We explore the "Feds vs. Firewalls" dynamic: does mandatory reporting actually help stop the bad guys, or is it just a massive resource drain on teams already fighting for their lives? We break down the 72-hour reporting window for significant incidents and the even tighter 24-hour requirement if you decide to pay a ransom. From the ambiguity of what defines a "significant incident" to the personal liability risks for CISOs, we’re looking at the real-world implications of these 2026 directives. Key topics include: * The struggle between immediate threat response and mandatory paperwork. * How the SBA size threshold might pull 30,000 "non-critical" companies into these rules. * The "minimum viable content" framework for initial reports. * Why the "don’t pay" mantra is harder to follow when human lives are on the line. Timestamps 00:00 – Intro 02:46 – The Car Crash Analogy: Should you call 911 or save the body? 03:55 – Defining Critical Infrastructure: Telecom, Energy, and Gas. 04:41 – The Ticking Clock: Does the 72 hours start at detection or declaration? 05:15 – The 24-Hour Ransom Rule: What happens if you pay? 06:48 – Private Sector Concerns: Will this extend beyond the 16 critical sectors? 09:34 – The Executive War Room: Who is responsible for the communications? 10:47 – Partnering with the FBI: Intel sharing vs. criminal investigation 12:23 – Global Context: The EU’s 24-hour "Early Warning" requirement 15:03 – The Resource Drain: Why incident responders are in revolt 16:59 – CISA vs. FBI: Simplifying the reporting paperwork 20:49 – The ROI of Reporting: What’s in it for the private company? 21:49 – The 30,000 Entity Controversy: Mid-sized companies as "covered entities" 25:56 – Cyber Awareness: Learning from past incidents to prevent future attacks 28:56 – "Minimum Viable Content": Reporting when facts are still changing 34:00 – Legal Risks: Consent to search and "anything you say can be used against you" 36:59 – The "Office Space" Effect: Bureaucracy vs. Collaboration. 40:41 – Voluntary vs. Mandated: The role of ISACs and InfraGard. 48:22 – The Moral Dilemma: Why outlawing ransom payments is complicated 51:13 – 2026 Deadlines: Upcoming CISA Town Halls and feedback loops. 54:33 – Career Implications: Will GRC finally get the respect it deserves? http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned. | |||
| OpenClaw: The Dangerous Evolution of Autonomous AI Agents | 16 Feb 2026 | 00:57:12 | |
In this episode of the DTF Cyber Podcast, Damian, Troy , and Fern dive into the rapid and often confusing shift from tools like Clawdbot to Moltbot and finally OpenClaw. They discuss why these autonomous agents are more than just a productivity trend—they represent a significant new attack surface for the modern enterprise. From the "Toddler with a Chainsaw" analogy to the risk of "Shadow AI" in the workplace, we break down the security implications of giving AI bots unfettered access to your network and credentials. 00:00 – Intro 01:19 – The rebranding maze: From Clawdbot to OpenClaw 02:35 – What is an AI bot? First impressions of autonomous control 05:02 – The "Poor Installation" risk and isolated environments 07:21 – The "Age of Ultron" scenario: Efficiency vs. Security 08:45 – Privacy concerns: Bots with access to banking and travel rewards 10:15 – The Starbucks test: Automation vs. user friction 12:15 – When AI goes rogue: Extortion and covering tracks in closed environments 16:04 – Third-party AI risk and the lifespan of autonomous agents 18:24 – Shadow AI: Bots as the new high-tech "mouse jiggler" 20:19 – Inherited Identity: When bots gain your admin privileges 21:40 – Advice for Organizations: How to check your environment for OpenClaw 26:36 – A nightmare for the SoC: Signals, logs, and new attack surfaces 28:53 – 6,000 actions a minute: Why human analysts can't keep up 37:38 – The "Toddler with a Chainsaw" warning 42:07 – Action Items: Three steps to secure AI in your organization 55:35 – Lessons from outages: Why you shouldn't "open the world" on day one! | |||
| When the World is on Fire: Mental Health and Cyber Incidents | 02 Feb 2026 | 01:22:02 | |
Is the constant wave of alerts keeping you up at 3 a.m.? In this episode of the DTF Cyber Podcast, industry veterans Damian, Troy, and Fern dive deep into the reality of mental health and burnout in the cybersecurity industry. Special guest CISO, Vito Rocco jumps deep into this conversation. With 78% of professionals feeling stressed out and 62% citing alert overload as a primary cause, it's clear the industry needs a culture shift. We discuss the pressures of catastrophic risk , the fear of missing critical alerts, and actionable strategies for leaders and analysts to combat fatigue—from tuning systems to building empathy. Plus, we explore the importance of diverse leadership and setting personal boundaries in a 24/7 world. If you are feeling stressed out and think you need help, please don't go through it alone—seek support from friends, leadership, or a mental health professional. Timestamps: 00:00 - Intro: The reality of cybersecurity exhaustion. 04:19 - 78% of the industry is stressed: The anticipation and reality of major incidents. 07:33 - The hidden stress of the SOC: Alert overload, perfectionism, and the fear of missing the "big one." 12:50 - Building the pipeline: Training talent from within vs. hunting for unicorns. 15:06 - Beating alert fatigue: How to automate, tune the noise, and grow from entry-level to senior analyst. 18:24 - Burnout isn't just about workload: Why empathy and recognition from leadership matter. 23:05 - Building a support system: The importance of therapy and talking it out. 25:05 - Leadership strategies: Connecting with your team beyond transactional work. 35:37 - Why you must use your PTO (and the trap of "Unlimited PTO"). 42:25 - Setting personal boundaries and managing communication in a 24/7 global team. 53:07 - Using turnover rates as a measurement for team health. 1:07:48 - The power of diverse leadership and the rise of female CISOs. 1:18:01 - Conclusion and final thoughts on seeking help. http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned. | |||