Full Metal Packet – Details, episodes & analysis

Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, brings a rare perspective shaped by government cyber operations, Big Tech, and building security platforms from first principles.

In this episode, Maxime breaks down why modern security fails when it relies on black boxes, and what changes when you treat security like cloud infrastructure in an AI-driven world.

He explains:

1. Why “trust me bro” security models quietly fail CISOs
2. How government cyber ops reshaped his view of threat modeling
3. What provable security actually looks like in practice
4. Why transparency beats vendor magic every time
5. How AI should amplify SecOps teams, not replace them

Episode Timeline:

(00:00) From hacker curiosity to cybersecurity foundations

(07:45) Lessons from government cyber operations

(16:07) The shock of moving into private-sector security

(25:35) Why most security platforms repeat the same mistakes

(32:15) Provable security vs “trust me” security

(41:40) Treating security like cloud infrastructure

(49:50) AI’s real role in the future of SecOps

(59:52) What CISOs should demand next from security vendors

Connect with Maxime on LinkedIn

Powered by Control D

Matt Lee, now Senior Director of Security & Compliance at Pax8, reveals how a ransomware blast at his former MSP triggered a multi-million-dollar fallout, 26 client disruptions, and a complete redefinition of what security leadership really means in today’s world.

Matt is a battle-tested cybersecurity leader known for translating complex technical crises into practical security transformation. In this raw, revealing episode, he opens up about the breach that changed everything - and how it helped shape the philosophy behind Secure by Demand.

He explains:

1. How a hidden ransomware infection derailed a multi-company merger
2. What most MSPs get dangerously wrong about security risk
3. The real cost of reactive security: layoffs, lawsuits, and insurance gaps
4. What “Secure by Demand” really means (and why it’s missing from most strategies)
5. Why security maturity is the new battleground (not just tooling)
6. How to lead through cyber chaos without losing your sanity

Episode Timeline:

1. (00:00) Intro: Who is Matt Lee and why this episode matters
2. (02:42) Matt’s origin story - from hacker kid to MSP tech
3. (06:19) Falling into security: “I just added ‘and Security’ to my badge”
4. (11:30) The merger that hid a ticking ransomware time bomb
5. (17:04) Voldemort incident discovery: “We bought a company mid-breach”
6. (20:47) The day it hit: Ransomware spreads to 26 client businesses
7. (25:15) What went wrong: due diligence gaps, supply chain blindness
8. (30:22) Incident response chaos and internal suspicion
9. (36:48) Fallout: 18-month recovery, insurance battles, FBI involvement
10. (41:35) Live Compromised: The philosophy Matt built from the wreckage
11. (47:10) The birth of “Secure by Demand” - a challenge to the industry
12. (53:01) Software design flaws: why vendors ship insecure defaults
13. (56:20) Advice for CISOs and MSPs: mindset, tooling, and where to start
14. (59:40) Real-world examples: empathy, leadership, and rebuilding trust
15. (01:03:15) Final reflections: Why the industry needs hard conversations

Connect With Matt on LinkedIn

Powered by Control D

When a breach hits, the first 72 hours decide everything. But the stories, decisions, and philosophies behind those critical hours rarely make it into public conversation. That’s what Full Metal Packet is here to change.

Hosted by Yegor and Alex - the founders of Control D (and before that, Windscribe, now trusted by 90M+ people) - this podcast is where operators, CISOs, and security leaders finally get candid.

Season 1 brings you:

• Breach Incidents → Inside the calls leaders had to make under fire, anonymized and NDA-safe.
• SecOps Therapy → The frictions nobody talks about: burnout, workflows, and the daily grind of running security.
• Security Futures → What’s underrated, what’s overhyped, and how AI will reshape security in the years ahead.

No blame. Just raw, operator-grade conversations from the people who’ve lived it.

Guests already include CISOs from SaaS, healthcare, and hospitality — the voices shaping security today.

If you’re a security leader, this is where your peers will be telling their stories. And if you’re listening, it’s where you’ll find the missing conversations you’ve been waiting for.

Subscribe now and join us for Season 1 of Full Metal Packet.

Alejandro Rivas Vazquez has spent nearly two decades running DFIR services and now advises on preparedness through his boutique consultancy, VeraBeam. He’s sat in boardrooms, testified as an expert witness, and been on the phone at 1am when OFAC changed the rules mid-ransomware negotiation.

In this episode, Alejandro breaks down why the EU and US approach cyber incidents from fundamentally different starting points, and what happens when those worlds collide inside a real investigation.

He explains:

1. Why lawyers belong in the room (and exactly when they don't)
2. How the EU's hyper-regulation actively hinders incident response
3. Why business email compromise costs more than ransomware — and gets less attention
4. What preparation actually means before an incident hits
5. How DFIR is professionalizing, and where AI fits into its future

Timestamps

1. (00:00) Alejandro's path from Big Four IT risk to DFIR
2. (07:45) How Operation Night Dragon changed the industry
3. (16:20) Boardrooms, expert witnesses, and CISO liability
4. (25:35) EU vs. US: regulation-first vs national security-first
5. (32:15) When Europe's privacy laws block your own investigation
6. (41:48) CISO personal liability: insurance, risk acceptance, and burnout
7. (54:18) War story: business email compromise and the board member who went rogue
8. (01:01:45) The single decision that separates contained from catastrophic
9. (01:09:26) Midnight OFAC call during an active ransomware response
10. (01:14:00) Why DFIR merged and where the profession is heading
11. (01:20:09) AI as force multiplier: threat, opportunity, and the hallucination danger zone
12. (01:33:53) Practical advice: what EU and North American CISOs should do this quarter

Connect with Alejandro on LinkedIn

Powered by Control D

Ralph Chammah, Co-Founder & CEO of Blacklight AI, shares a builder’s perspective shaped by years in cybersecurity analytics—what breaks in real SOC environments, and what it takes to make detection actually usable at scale.

In this episode, Ralph explains why “AI-first” security isn’t a label—it’s an operating model for reducing alert noise, improving context, and helping teams detect behavior that rule-based systems routinely miss.

He explains:

1. Why security stacks get noisy (and what “AI-first” should actually mean)
2. How to cut through acronyms like XDR/MDR and evaluate real value
3. How to use context + behavior patterns to catch insider risk and compromise
4. Why privacy/trust decisions (local vs external processing) matter in AI security
5. How replay/simulation helps validate detections and reduce false positives

Episode Timeline:

1. (01:46) Meet Ralph + what Blacklight AI does
2. (06:45) Why he left the Big 4 to build a product
3. (12:26) Tool overload, acronyms, and differentiation (XDR/MDR)
4. (18:10) Why AI belongs in detection (and how to avoid bad signals)
5. (21:44) Trust & privacy: where the data goes (and why)
6. (23:16) “Battle scars” from SIEM life: parsers, missing fields, manual grind
7. (29:32) Selective ingestion vs. “pipe everything” into the magic box
8. (31:32) Validation: replaying history + simulation to prove detections
9. (35:35) Biggest high-risk wins: insider threat + slow-burn intrusions
10. (39:13) Jaguar Land Rover breach story + business impact
11. (47:27) Quickest wins: what to connect first by maturity level
12. (49:55) What tools he’d remove first (and why)
13. (59:39) Platform vs point solutions: the real trade-off

Connect with Ralph on LinkedIn

Powered by controld.com

Randy Barr has held the CISO title at over 10 companies — including Cisco, Zoom, and BioRender — and has seen every version of how security programs succeed and fall apart.

He now leads security at Sequence Security, focused on API security, bot management, and AI protection. In this episode, Randy takes us through what security teams think they're doing well but aren't, what incidents actually look like at scale, and why AI is rewriting the rules faster than most organizations can keep up.

He explains:

1. Why compliance and security are not the same thing — and confusing them is dangerous
2. How insider threats often hide inside your own growth and broken processes
3. What a war room actually needs to function under pressure
4. Why MCP servers and prompt injection are the next wave of incidents no one is ready for
5. How to build a CISO career that doesn't burn you out

Episode Timeline:

1. (00:00) From ASP to cloud to AI — how the security industry has shifted
2. (07:33) Why 80% of internet traffic is now machine to machine
3. (09:46) What most startups get wrong about security programs
4. (15:01) How to make the business case for a security budget
5. (19:36) When buying more tools is actually the wrong move
6. (28:30) War story: stolen servers sold online by an infrastructure manager
7. (36:25) War story part 2: third-party contractors scripting their own reimbursements
8. (42:00) The website defacement that launched Randy's security career
9. (46:11) What a good incident war room actually looks like
10. (53:50) Shadow AI, MCP servers, and the prompt injection risk no one is tracking
11. (01:02:00) Where AI can genuinely replace manual security work
12. (01:12:43) Advice for new and experienced CISOs on what actually matters

Connect with Randy on LinkedIn

Powered by Control D