DTF Cyber Podcast

Your Resume is Boring. Here’s Why You’re Still Stuck in Entry-Level

Mon, 27 Apr 2026 06:00:00 -0700

Is your resume landing in the trash before a human even sees it?

This week on the DTF Cyber Podcast, Troy, Damian, and Fern get brutally honest about the cybersecurity job market. We aren't just talking about certifications; we're talking about why the standard advice is failing the next generation of cyber professionals.

Troy reveals why he trashed 48 resumes in one morning, Damian explains why a GitHub repo is worth more than a degree, and Fern asks the questions every job-seeker is thinking but is too afraid to ask. If you're stuck in the entry-level trap, this episode is your roadmap out.

Don't forget to Like, Subscribe, and hit the Bell to stay ahead of the curve!

TIMESTAMPS:

⁠00:00 — Cold Open: Why Degrees Don't Stop Breaches

01:21 — Tale of Two Cities: The Cyber Bootcamp Reality

03:14 — The AI Crunch: Reskilling Mid-Flight

06:15 — Recipe vs. Cooking: Why Certifications Aren't Enough

08:28 — Project-Based Hiring: What Damian Looks for First

11:29 — The Debate: Is AI Replacing Human Thought?

15:12 — Adaptability: Finding Your Spot in the AI Workforce

20:02 — Proof of Record

22:18 — Soft Skills: The Differentiator in a Level Playing Field

23:48 — Bypassing Automated Resume Systems

27:31 — State of Fear: Lessons from Multi-Million Dollar Firms

30:15 — Stolen Valor: Spotting Fakes in Cybersecurity

32:09 — The Failure Interview: What Did You Learn?

35:13 — Leadership Relations: Building Bridges Before the Fire

40:36 — Pen Testing: Strategic or Not?

44:23 — Setting Yourself Apart

47:08 — The Open Source Debate

53:42 — Practical Projects: Using YouTube & Portfolios to Stand Out

1:03:17 — Fern’s Final Thought: Stop Hiding Your Value

1:04:05 - Episode 41 Anthem

Anthropic Mythos: The AI That Just Fired Its CISO? | #DTF#040

Mon, 13 Apr 2026 09:00:00 -0700

Anthropic just changed the rules of the game with "Mythos"—a frontier-tier model that doesn't just find vulnerabilities; it reasons through a 23,000-word "Living Constitution" to decide if it even wants to help you.

In this milestone Episode 40, Damian, Troy, and Fern dive into Project Glasswing, the secret group of 12 companies given early access to this "digital nuke," and debate whether we are heading toward a future of AI-on-AI warfare. From 72% exploit success rates to AI toilets, we cover the technical, the tactical, and the hysterical.

Timestamps:

•⁠ ⁠00:00 – Intro

•⁠ ⁠02:15 – Project Glasswing: Why is Anthropic gatekeeping Mythos?

•⁠ ⁠05:39 – The Stats: 72% success in generating working exploits

•⁠ ⁠13:30 – Damian’s Deep Dive: Why BSD and zero-days are back in the spotlight

•⁠ ⁠19:40 – The 23,000-Word Constitution: Can AI have ethics?

•⁠ ⁠28:50 – Troy’s Reality Check: Liability and the "Self-Evolving" rule set

•⁠ ⁠42:00 – The Great Debate: Should we bury this tech or embrace it?

•⁠ ⁠50:00 – Fern’s Final Thought: AI toilets and the future of fiber

Your AI Just Spent $50,000: The Shadow AI Agent Nightmare | #DTF039

Mon, 06 Apr 2026 06:00:00 -0700

In this episode, Damian, Troy, and Fern dive into the 'Wild West' of 2026: Shadow AI.

From autonomous agents paying unapproved invoices to the rinse and repeat of the 2010 cloud revolution, the team debates whether AI agents are productivity miracles or a liability nightmare for the modern CISO.

Timestamps:

⁠00:00 - The $50k Shadow Agent Invoice

01:02 - Fern’s Nightmare Scenario: The AI Agent in Production

02:15 - 2010 vs. 2026: Why Shadow AI is the new Shadow IT

04:14 - Damian’s Technical Deep Dive: The Permission Explosion & Admin Entitlements

⁠11:08 - The State of the Union: CISO Mandates and the "Chief AI Officer"

26:10 - Troy’s CISO Perspective: Managing Identity Governance & Global Risk

40:13 - The Great Debate: Micro-segmentation for AI Agents

46:49 - Final Verdict: Can You Govern What You Can't See?

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries:

dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

The Life and Death Stakes of Healthcare Cybersecurity | #DTF038

Mon, 16 Mar 2026 06:00:00 -0700

In Episode 38 of the DTF Cyber Podcast, Fern and Troy welcome Healthcare CISO, Bob Schlotfelt. We dive into why an incident at a hospital is fundamentally different from a retail breach. While Damian is out, Bob brings decades of insight into protecting patient safety over just protecting data. We discuss the nightmare of unpatchable medical devices, why compliance doesn't equal security, and the hilarious (but effective) ways to get a nurse's attention for security training.

Chapter Markers:

•⁠ ⁠00:00 - Intro: Netflix vs. Banks vs. Hospitals

•⁠ ⁠01:46 - Introducing Bob, Healthcare CISO

•⁠ ⁠08:38 - The Threat to Connected Medical Devices

•⁠ ⁠18:50 - Fixing "Operational Friction" on the Hospital Floor

•⁠ ⁠34:06 - Security Awareness in the Bathroom Stalls?

•⁠ ⁠43:09 - Why Compliance (HIPAA) is NOT Security.

•⁠ ⁠1:01:00 - Telling Truth to Power: Boardroom Advice.

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

Cybersecurity Salaries 2026: The "AI Squeeze" is Here | #DTF037

Mon, 09 Mar 2026 07:00:00 -0700

Is the "Cyber Skills Gap" a myth? In this episode, Damian, Troy, and Fern strip away the HR fluff and talk about the cold, hard reality of the 2026 job market. From entry-level SOC roles being "squeezed" by AI to $3.5M CISO roles that come with massive personal liability, we’re breaking down what you’re actually worth and why your resume is likely being ghosted by a bot.

If you aren't negotiating your insurance and building your own AI tools, you're falling behind.

THE DEEP DIVE:

•⁠ ⁠00:00 – Intro

•⁠ ⁠01:11 – Fern’s 2026 Job Hunt: Why 50 applications led to zero interviews.

•⁠ ⁠04:20 – The "Skills Gap" Debate: Do companies actually want to hire?

•⁠ ⁠09:02 – SALARY: The Entry-Level SOC Analyst floor in 2026.

•⁠ ⁠14:15 – The Grocery Store Phone Call: How networking beats the portal every time.

•⁠ ⁠19:40 – Damian’s Warning: Why "Prompting" AI makes you obsolete.

•⁠ ⁠25:10 – The "AI Squeeze": Can a $200 license replace a Tier 1 Analyst?

•⁠ ⁠31:30 – The Reporting Trap: Why CISOs reporting to CIOs is a massive risk.

•⁠ ⁠35:41 – SALARY: Engineering, Pen-Testing, and Cloud Security ranges.

•⁠ ⁠40:11 – The "AI Premium": How to add 20% to your base salary right now.

•⁠ ⁠41:51 – The "Clearance Bump": Is the polygraph worth the extra $30k?

•⁠ ⁠43:24 – SALARY: The $3.5 Million CISO—who is actually making this?

•⁠ ⁠48:50 – D&O Insurance: If you aren't a "Named Director," you aren't protected.

•⁠ ⁠55:30 – Risk Management vs. "Check-the-box" Compliance.

•⁠ ⁠01:04:56 – Final Advice: Don't be a holdout for a dead salary.

EPISODE HIGHLIGHTS:

•⁠ ⁠The AI Squeeze: Troy explains why entry-level salaries are stagnating as automation handles the "low-hanging fruit."

•⁠ ⁠Building vs. Prompting: Damian breaks down why the "Prompt Engineer" is a temporary role—you need to build the infrastructure to survive.

•⁠ ⁠Executive Liability: Why you should never take a CISO role without checking the company's Directors and Officers (D&O) insurance policy.

Are you seeing these salary shifts in your neck of the woods? Drop a comment below with your role and your 2026 outlook.

#Cybersecurity #CISO #TechSalaries #AI #CareerAdvice #DTFPodcast #CyberJobs

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

Why Your Tech Won’t Save You: The Human ROI of Cyber Security | Dom Vogel #DTF036

Mon, 02 Mar 2026 07:00:00 -0700

Chances are you’ve got the best tech money can buy, the latest AI, and the biggest firewalls—but you’re still losing. In this episode of the DTF Cyber Podcast, Damian and Fern sit down with Vancouver-based leadership coach and "positivity troll" Dom Vogel to discuss why the weakest link in cybersecurity isn’t a line of code, it’s the person behind the keyboard.

We’re ignoring the hardware today to focus on the Human Side of Security. Dom shares his 20+ years of experience transitioning from corporate burnout to coaching cyber leaders on empathy, branding, and "connected leadership" in the AI era.

In this episode, we dive into:

* The CIO Branding Problem: A real-world story of how a helpdesk’s "likability index" changed a CEO’s perception of IT.

* The 1,000 Applicant Crisis: Why junior roles are getting overwhelmed and how to "short-circuit" the online application black hole.

* Certs vs. Communication: Why technical certifications are now "table stakes" and how soft skills are the real differentiator in 2026.

* Authentic Leadership: Why vulnerability is a leader’s most powerful tool for building trust and mental resiliency within teams.

* Personal Brand vs. Reputation: Understanding the "visceral emotional reaction" people have to your name.

Connect with Dom Vogel:

LinkedIn: https://www.linkedin.com/in/domvogel/

Website: https://www.vogelleadershipcoaching.com

Subscribe to DTF Cyber: Don't miss our upcoming deep dive into 2026 Cyber Salaries and the "AI Premium" in Episode 37!

Video Timestamps

00:00 – The Weakest Link: Tech vs. Humans

02:18 – Meet Dom Vogel: The Ball Cap & Beard Guy

03:33 – The CIO Branding Problem: A Helpdesk Story

06:12 – Translating Risk into "Boardroom Conversation"

08:12 – The 1,000 Applicant Problem: Standing Out in Noise

10:07 – Why Applying Online is a "Black Hole"

12:23 – Technical Skills are Now "Table Stakes"

14:51 – Photography & Networking: Fern’s Origin Story

19:05 – Stop Investing Only in Certs

21:07 – Vulnerability: A Leader’s Most Powerful Tool

24:42 – Story: The Helpdesk Manager Who Loved Marketing

28:01 – Will AI Replace the Human Craving for Interaction?

33:32 – Creating Psychological Safety in Your Team

37:56 – The Janitor Test: How to Hire for Culture Fit

42:07 – Operational Leverage: Reinvesting in Your People

47:28 – The "Soft Skills" Payday: Why CISOs Need Sales Training

51:06 – Remote Work vs. Office: The Choice Matters

55:30 – What is a "Positivity Troll"?

59:54 – Personal Brand vs. Reputation: What They Say When You Leave

01:05:02 – How Content Creation Leads to Job Offers

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

72 Hours to Report or Else: The New Compliance Nightmare

Mon, 23 Feb 2026 07:00:00 -0700

In this episode, Damian, Troy, and Fern dive into the heated controversy surrounding new federal reporting mandates. We explore the "Feds vs. Firewalls" dynamic: does mandatory reporting actually help stop the bad guys, or is it just a massive resource drain on teams already fighting for their lives?

We break down the 72-hour reporting window for significant incidents and the even tighter 24-hour requirement if you decide to pay a ransom. From the ambiguity of what defines a "significant incident" to the personal liability risks for CISOs, we’re looking at the real-world implications of these 2026 directives.

Key topics include:

* The struggle between immediate threat response and mandatory paperwork.

* How the SBA size threshold might pull 30,000 "non-critical" companies into these rules.

* The "minimum viable content" framework for initial reports.

* Why the "don’t pay" mantra is harder to follow when human lives are on the line.

Timestamps

00:00 – Intro

02:46 – The Car Crash Analogy: Should you call 911 or save the body?

03:55 – Defining Critical Infrastructure: Telecom, Energy, and Gas.

04:41 – The Ticking Clock: Does the 72 hours start at detection or declaration?

05:15 – The 24-Hour Ransom Rule: What happens if you pay?

06:48 – Private Sector Concerns: Will this extend beyond the 16 critical sectors?

09:34 – The Executive War Room: Who is responsible for the communications?

10:47 – Partnering with the FBI: Intel sharing vs. criminal investigation

12:23 – Global Context: The EU’s 24-hour "Early Warning" requirement

15:03 – The Resource Drain: Why incident responders are in revolt

16:59 – CISA vs. FBI: Simplifying the reporting paperwork

20:49 – The ROI of Reporting: What’s in it for the private company?

21:49 – The 30,000 Entity Controversy: Mid-sized companies as "covered entities"

25:56 – Cyber Awareness: Learning from past incidents to prevent future attacks

28:56 – "Minimum Viable Content": Reporting when facts are still changing

34:00 – Legal Risks: Consent to search and "anything you say can be used against you"

36:59 – The "Office Space" Effect: Bureaucracy vs. Collaboration.

40:41 – Voluntary vs. Mandated: The role of ISACs and InfraGard.

48:22 – The Moral Dilemma: Why outlawing ransom payments is complicated

51:13 – 2026 Deadlines: Upcoming CISA Town Halls and feedback loops.

54:33 – Career Implications: Will GRC finally get the respect it deserves?

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

OpenClaw: The Dangerous Evolution of Autonomous AI Agents

Mon, 16 Feb 2026 08:00:00 -0700

In this episode of the DTF Cyber Podcast, Damian, Troy , and Fern dive into the rapid and often confusing shift from tools like Clawdbot to Moltbot and finally OpenClaw. They discuss why these autonomous agents are more than just a productivity trend—they represent a significant new attack surface for the modern enterprise.

From the "Toddler with a Chainsaw" analogy to the risk of "Shadow AI" in the workplace, we break down the security implications of giving AI bots unfettered access to your network and credentials.

00:00 – Intro

01:19 – The rebranding maze: From Clawdbot to OpenClaw

02:35 – What is an AI bot? First impressions of autonomous control

05:02 – The "Poor Installation" risk and isolated environments

07:21 – The "Age of Ultron" scenario: Efficiency vs. Security

08:45 – Privacy concerns: Bots with access to banking and travel rewards

10:15 – The Starbucks test: Automation vs. user friction

12:15 – When AI goes rogue: Extortion and covering tracks in closed environments

16:04 – Third-party AI risk and the lifespan of autonomous agents

18:24 – Shadow AI: Bots as the new high-tech "mouse jiggler"

20:19 – Inherited Identity: When bots gain your admin privileges

21:40 – Advice for Organizations: How to check your environment for OpenClaw

26:36 – A nightmare for the SoC: Signals, logs, and new attack surfaces

28:53 – 6,000 actions a minute: Why human analysts can't keep up

37:38 – The "Toddler with a Chainsaw" warning

42:07 – Action Items: Three steps to secure AI in your organization

55:35 – Lessons from outages: Why you shouldn't "open the world" on day one!

When the World is on Fire: Mental Health and Cyber Incidents

Mon, 02 Feb 2026 07:00:00 -0700

Is the constant wave of alerts keeping you up at 3 a.m.?

In this episode of the DTF Cyber Podcast, industry veterans Damian, Troy, and Fern dive deep into the reality of mental health and burnout in the cybersecurity industry. Special guest CISO, Vito Rocco jumps deep into this conversation.

With 78% of professionals feeling stressed out and 62% citing alert overload as a primary cause, it's clear the industry needs a culture shift. We discuss the pressures of catastrophic risk , the fear of missing critical alerts, and actionable strategies for leaders and analysts to combat fatigue—from tuning systems to building empathy.

Plus, we explore the importance of diverse leadership and setting personal boundaries in a 24/7 world. If you are feeling stressed out and think you need help, please don't go through it alone—seek support from friends, leadership, or a mental health professional.

Timestamps:

00:00 - Intro: The reality of cybersecurity exhaustion.

04:19 - 78% of the industry is stressed: The anticipation and reality of major incidents. 07:33 - The hidden stress of the SOC: Alert overload, perfectionism, and the fear of missing the "big one."

12:50 - Building the pipeline: Training talent from within vs. hunting for unicorns. 15:06 - Beating alert fatigue: How to automate, tune the noise, and grow from entry-level to senior analyst.

18:24 - Burnout isn't just about workload: Why empathy and recognition from leadership matter.

23:05 - Building a support system: The importance of therapy and talking it out.

25:05 - Leadership strategies: Connecting with your team beyond transactional work. 35:37 - Why you must use your PTO (and the trap of "Unlimited PTO").

42:25 - Setting personal boundaries and managing communication in a 24/7 global team.

53:07 - Using turnover rates as a measurement for team health.

1:07:48 - The power of diverse leadership and the rise of female CISOs.

1:18:01 - Conclusion and final thoughts on seeking help.

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

8 Ways to Jumpstart Your Cybersecurity Career in 2026 | #DTF032

Mon, 19 Jan 2026 09:00:00 -0700

2026 is here, and the cybersecurity job market is evolving. Whether you are trying to break into the industry or land your next senior role, the playbook has changed.

In this episode of the DTF Cyber Podcast, Fern and Troy are joined by Gary Perkins (CISO at CISO Global) to break down 8 actionable steps you can take right now to jumpstart your career. From building public red team projects to mastering new attack toolchains like the Flipper Zero, we cover the technical and soft skills that hiring managers actually look for.

We also dive into why networking is your #1 asset, how to contribute to open source projects, and why "learning to script" is non-negotiable for modern security pros.

🚀 In this episode, we cover:

Why you need a public GitHub portfolio (even if you aren't a dev).

How to legally perform "hunts" in your current job to gain experience.

The difference between "scripting" and "developing" and why Python/Bash helps.

Why reading non-cyber books can actually make you a better CISO.

👇 Jump to the 8 Career Hacks:

00:00:00 - Intro: Welcome back to 2026!

00:01:02 - Meet Gary Perkins, CISO at CISO Global

00:07:43 - #1: Build One Public Red Team Project Quarterly

00:14:00 - #2: Master a New Attack Toolchain (Flipper Zero, Bloodhound, etc.)

00:21:16 - #3: Contribute to Open Source Security Projects

00:29:16 - #4: Perform a Weekly Hunt in a Real Environment

00:43:35 - #5: Learn to Script Your Own Tools (Python & Bash)

00:51:18 - #6: Network Like Your Career Depends On It

01:02:17 - #7: Read a Non-Cyber Book (The Phoenix Project, Leaders Eat Last)

01:07:42 - #8: Teach Something Publicly

01:16:20 - Bonus Resource: The Threat Intelligence Support Unit (TISU) Cohort

📚 Resources & Mentions:

Book: The Phoenix Project

Book: Leaders Eat Last by Simon Sinek

Organization: Threat Intelligence Support Unit (TISU) - Free Cybersecurity Cohort

https://www.eventcreate.com/e/tisu8

Connect with the Guest: Gary Perkins (CISO Global)

https://www.linkedin.com/in/perkinsgary/

Subscribe for more no-nonsense cyber insights! #Cybersecurity #InfoSec #CareerAdvice #RedTeam #BlueTeam #CISO #TechCareers #2026

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

2026 Cyber Predictions: AI Agents, Record Ransomware & Deepfake Disasters | DTF#031

Wed, 24 Dec 2025 09:00:00 -0700

Is 2026 the year AI takes over everything—including the crimes? 🤖💸

In the final episode of 2025, Damian and Troy break down their Top 8 Cyber Predictions for 2026. From AI agents executing 90% of breaches to ransomware payouts potentially hitting half a billion dollars, the future of cybersecurity is moving fast. We also discuss the "Harvest Now, Decrypt Later" threat, why your LinkedIn profile picture might already be a lie, and the new $150k entry-level salary standard.

Plus, we’re ending the year with a GIVEAWAY! 🎁 Drop your 2026 prediction in the comments—for every 10 predictions we receive, we’re picking a winner for some exclusive (and secret) DTF Cyber swag.

In this episode, we cover:

Why AI agents (not humans) will be behind 9 out of 10 breaches.

The terrifying potential for a $500M ransomware payout.

How deepfakes will finally cause a major real-world crisis.

"AI Laundering": The new frontier for cleaning dirty crypto.

Why entry-level cyber jobs are hitting $150k salaries (and the catch).

🔔 Subscribe for more unfiltered cybersecurity insights!

⏱️ TIMESTAMPS:

00:00 – Intro: Did AI change the world in 2025?

01:58 – Prediction #1: 90% of breaches will be executed by AI Agents.

07:40 – Prediction #2: Ransomware payouts will break records ($500M?!).

15:15 – Prediction #3: Identity becomes the central pillar (Passkeys backfire?).

20:00 – Prediction #4: A deepfake event will hit major global news.

24:45 – Prediction #5: "Harvest Now, Decrypt Later" goes mainstream.

28:40 – Prediction #6: Mandatory AI Agent audits for federal contractors.

32:30 – Prediction #7: "AI Laundering" becomes the new money laundering.

38:15 – Prediction #8: Entry-level AI Cyber jobs will start at $150k.

45:00 – Bonus Prediction: The consolidation of massive data analytics.

47:00 – GIVEAWAY DETAILS: How to win exclusive swag!

#CyberSecurity #AIPredictions #Ransomware #Deepfakes #TechTrends2026 #InfoSec #Podcast #DTFCyber #AI

The Ultimate Cybersecurity Gift Guide (Under $100, $200 & Unlimited) #DTF030

Wed, 17 Dec 2025 10:00:00 -0700

The 2025 Cyber Christmas List That Actually Gets You Hired

Happy holidays, nerds!

Your mom just spent $79 on a “hacker hoodie” that says “Trust Me” in Comic Sans…

…while real juniors are out here making six figures with a $29 Yubikey and a Raspberry Pi.

In Episode 30, Damian, Troy & Fern save your Christmas with the only cyber gifts worth buying in 2025:

• Under $50 stocking stuffers that turn into paychecks

• $50–$150 tools that get you interviews

• $150–$300 big wins that scream “I’m serious”

• Free gifts that slap harder than anything paid

• And the absolute coal you should burn before anyone unwraps it

Timestamps

00:00 Intro: The "Hacker Hoodie"

01:37 Why "Hacker" Clothing is Bad OpSec

06:01 The Worst Gifts: "Hacking for Dummies"

08:59 Beware of Knockoff Tools & Malware

12:15 Danger: Pre-loaded Hacking USBs

13:49 Best Gifts Under $100

14:00 Book Rec: The Hardware Hacker

14:20 YubiKeys for MFA

16:21 Lockpicking Sets & Physical Pen Testing

21:42 USB Rubber Ducky

23:25 USB Data Blockers (Juice Jacking Protection)

25:05 RFID Blocking Wallets

28:06 Raspberry Pi Projects (Honeypots & VPNs)

28:45 Best Gifts $100 - $200

30:30 Packet Squirrel: Man-in-the-Middle Attacks

34:20 Flipper Zero: Radio Frequencies & Rolling Codes

39:34 Certifications: Security+ & Network+

44:24 Cloud Credits & AI Subscriptions

46:26 Unlimited Budget Gifts

47:25 Black Hat & DefCon Tickets

48:14 Mac vs. Windows vs. Linux for Hacking

51:53 Giveaway: The "Hacker" Hoodie

57:58 Holiday Security Warning

Giveaway: Comment your dream (or worst) cyber gift — we’ll randomly pick one subscriber for a genuine “hacker” hoodie (minimum 10 comments).

Everything here is our personal hot takes — not our employers, not legal advice.

Just three idiots with mics trying to keep you from bad gifts.

— Damian, Troy & Fern

DTF Cyber Podcast

#CyberGifts #Christmas2025 #CyberSecurity #Infosec #Career

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

Your Google Account Just Got Hacked – And You Didn’t Click Anything

Tue, 09 Dec 2025 10:15:00 -0700

2.5 billion daily account-takeover attempts.

That’s one every 34 microseconds.

Damian, Troy & Fern go full send-it mode on the 2025 ATO playbook: SIM swaps, session-token theft, MFA fatigue bombing, rogue QR codes, deep-fake family scams, and the OAuth tokens you granted in 2017 that are still wide open.

Timestamps

00:00 – Intro

05:20 – SIM swaps & losing your phone number in minutes

09:40 – Why password resets are useless (session tokens survive)

14:20 – MFA fatigue / push-notification bombing

19:10 – OAuth & old third-party app tokens nobody revokes

24:30 – Rogue QR codes at restaurants & hotels

30:15 – Enterprise reality – weekly O365 token theft

37:40 – Non-human identities & service-account sprawl

44:50 – Passkeys in 2026 – will increase ATO risk if misconfigured

51:00 – Public Wi-Fi, juice jacking & QR code myths

58:00 – Closing thoughts

Discord (coming soon)

#AccountTakeover #SIMSwap #MFAFatigue #CyberSecurity #Infosec #ZeroTrust

https://www.fcc.gov/consumers/scam-alert/grandparent-scams-get-more-sophisticated

https://newsroom.servicenow.com/press-releases/details/2025/ServiceNow-to-Expand-Security-Portfolio-With-Acquisition-of-Vezas-Leading-AI-native-Identity-Security-Platform/default.aspx

https://thehackernews.com/2025/04/customer-account-takeovers-multi.html

https://www.gartner.com/reviews/market/identity-threat-detection-and-response-itdr

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

AI Just Hacked the World With Almost No Humans Involved

Thu, 27 Nov 2025 09:00:00 -0700

Anthropic’s new report is a wake-up call: hackers turned Claude into a near-autonomous espionage agent that handled 90% of the attack chain by itself. The future is officially here… and it’s terrifying.

We go deep on how they did it, why current defenses are cooked, and what defenders need to do yesterday.

Timestamps

00:00 – The scariest line Anthropic has ever published

01:17 – “Set it and forget it” – the new AI attack paradigm

04:04 – Breaking attacks into tiny, undetectable chunks

13:48 – Attackers flipped the script: 90% AI, 10% human

17:26 – Why defense has to 10x its speed right now

27:11 – SOC automation, log nightmares & the data problem nobody’s solved

33:18 – Thousands of API calls/sec + AI writing its own evasion logic

40:31 – Regulation debate: should frontier models be locked down?

51:38 – Back to basics… but the basics just changed forever

55:21 – Raw reactions: “Is this even real?”

58:09 – The silver lining (yes, there is one)

01:03:13 – When’s the next one coming?

Like if this freaked you out, comment your biggest fear for 2026, and smash subscribe — the AI cyber war just started.

#AICyberAttack #ClaudeAI #Cybersecurity #AgenticAI # infosec

http://cyberpodcast.net

Spotify: http://spotify.cyberpodcast.net

Apple: http://apple.cyberpodcast.net

X: https://x.com/dtfcyberpodcast

IG: https://www.instagram.com/dtfcyberpodcast/

Linkedin:

DTF: https://www.linkedin.com/company/dtf-cyber-podcast/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

60+ Cybersecurity Tools Per Company: Fix Tool Sprawl Chaos Now

Mon, 17 Nov 2025 09:20:00 -0700

The average company now runs 60+ cybersecurity tools — more apps than most people have on their phone. Is this making us safer… or just creating chaos, alert fatigue, and million-dollar shelf ware?

In this episode, Damian, Troy, and Fern rip apart the tool sprawl epidemic: why CISOs are drowning in overlapping platforms, how 7% of IT budget became the “standard,” when best-of-breed actually beats single-vendor, and how to start consolidating before you go insane.

Real talk from three practitioners who’ve lived the nightmare.

Timestamps (short & sweet edition)

00:00 – 60+ tools per company… are we actually safer?

03:17 – The 7% of IT budget “rule” – is it enough?

06:21 – Cybersecurity isn’t insurance, it’s risk mitigation

11:05 – Shelfware nightmare: tools bought, never used

14:30 – Single-vendor vs best-of-breed debate

28:40 – The shiny new toy problem every CISO faces

36:20 – Analyst alert fatigue is real

40:05 – Best-of-breed wins when tools actually talk

47:36 – You need a 3–5 year roadmap (even if you won’t be there)

49:02 – AI wasn’t on anyone’s 5-year plan… now what?

51:09 – Pro tips for CISOs & analysts

54:35 – Wrap-up & see you next week!

Subscribe so you never miss the raw truth about cybersecurity.

🔔 Turn on notifications – new episode every Monday!

💬 Comment: How many security tools does YOUR org actually use?

#Cybersecurity #ToolSprawl #CybersecurityTools #CISO #BestOfBreed #SecurityConsolidation #DTFCyberPodcast

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

CEO Teams Scam EXPOSED: $106M Louvre Heist Used Password ‘louvre’

Mon, 10 Nov 2025 09:00:00 -0700

In this eye-opening episode of the DTF Cyber Podcast, hosts Damian, Troy, and Fern tackle the theme of trust in cybersecurity. From external hackers spoofing CEOs in Microsoft Teams to incident response firms secretly double-dipping in ransomware negotiations, and a shocking $106M heist at the Louvre enabled by the password “louvre,” the crew explores real-world threats and defenses. Plus, tips on security training, OSINT risks, mental health in cyber, and protecting against title fraud.

Whether you’re in security or just curious, this episode reminds us: trust but verify—or pay the price.

Timestamps:

00:00 – Intro

01:00 – Microsoft Teams Spoofing Vulnerability Exposed

04:30 – Process Over Tech: Training for Wire Fraud & Deepfakes

08:00 – Data & Identity: Top CISO Concerns

15:32 – CEO Outreach? Double-Check the Source

17:31 – Gamified Training: Making Awareness Stick

20:06 – Why Annual Training Fails—Go Quarterly

26:34 – Instincts Matter: If It Feels Off, Verify

28:18 – IR Brokers Gone Rogue: Representing Both Sides

39:49 – Vetting Vendors & Diversifying Suppliers

42:31 – White-Collar Crime Triggers & Mental Health Support

46:04 – If There’s Money, Expect Cheaters

47:28 – The Louvre Heist: Bucket Trucks & Weak Passwords

50:06 – Camera Password “Louvre” Since 2014

52:10 – Complacency Kills: Beyond Default Passwords

01:07:13 – Title Fraud Scams: Lock Your House & Car Titles

01:10:05 – AI-Fueled Fraud in the Digital Age

01:12:35 – Threat Spectrum: External to Insider Risks

01:15:11 – Pro Tip: Ask a Security Expert—Don’t Guess

Subscribe for unfiltered cyber insights every week.

🔔 Enable notifications—don’t miss an episode!

💬 Comment below: Ever spot a spoofed message in Teams? Share your story!

#Cybersecurity #DTFCyberPodcast #MicrosoftTeams #Ransomware #LouvreHeist #TrustButVerify #InsiderThreats #SecurityTraining

Articles:

https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html

https://arstechnica.com/security/2025/11/fbi-arrests-ransomware-clean-up-experts-for-planting-ransomware/?utm_campaign=dhtwitter&utm_content=%3Cmedia_url%3E&utm_medium=social&utm_source=twitter

https://cybernews.com/news/louvre-password-heist/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Do You Need Cybersecurity Certs for a 6-Figure Job? #DTF025

Mon, 03 Nov 2025 08:00:00 -0700

Dive into the wild world of cybersecurity certifications on this episode of the DTF Cyber Podcast! Hosts Damien, Troy, and Fern break down whether certs are the golden ticket to a six-figure cyber career, or if passion, experience, and networking matter more. From entry-level tips like CompTIA Security+ to gold standards like CISSP, they share real talk on getting hired, avoiding burnout, and building a standout resume in today's tough job market. Perfect for newbies, mid-career pros, or anyone pivoting into cyber.

🔥 Key Topics:

Do you really need certs to break into cyber?

Best beginner certs vs. advanced ones

The power of home labs, side projects, and networking

Avoiding the "cert collector" trap

Mid-career advice for layoffs and upskilling

🚀 Subscribe for more raw cyber insights, hit the bell for notifications, and drop your cert stories in the comments! Email us at dtf@cyberpodcast.net or connect on LinkedIn.

Timestamps:

00:00 - From data breaches to six-figure hacker-hunter dreams

03:15 - Fern's confession

06:24 - Continuing education like doctors – Do you need certs to start?

08:03 - No "one cert" guarantees a job – Stand out with initiative

11:08 - Chasing money vs. passion: Burnout risks in cyber

15:35 - "Love your job, never work a day" – Finding your cyber niche

18:19 - New grads: Focus on certs, experience, or networking first?

19:29 - Damien's hiring advice: Internships over Ivy League degrees

22:31 - Entry-level picks: CompTIA Security+, CEH – Show initiative

23:28 - Home labs & side projects: Build and talk about them!

29:33 - Python scripting: The invaluable skill that lands big roles

32:31 - Mid-career: CISSP for screening, but tailor to your path

36:15 - Avoid silos: Broaden skills in big vs. small companies

38:35 - SANS certs: Pricey but powerful

40:14 - Retention: Invest in training, build culture

46:36 - Beat AI resume scanners: Network to bypass bots

50:21 - Salary expectations & red flags in job apps

53:23 - Late-career: Network trumps certs

54:04 - Final tips: Local meetups, be bold, ask for what you want

58:05 - Pro networking hack:

59:27 - Magic tricks as icebreakers?

#Cybersecurity #Certs #CISSP #SecurityPlus #CyberCareer #DTFPodcast

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

CISO Budget Hacks: $2B Negotiator Reveals How to Win Funding & Crush Vendor BS | #DTF024

Wed, 29 Oct 2025 09:00:00 -0700

Join hosts Fern and Troy as they sit down with legendary negotiator and cybersecurity expert Jean Shapiro (formerly of American Express) for an in-depth discussion on navigating cybersecurity budgets, building trust with vendors, leveraging crises for improvement, and fostering a culture of transparency. From managing $2B budgets to avoiding sales pitfalls and tying security to business impact, Jean shares real-world insights from her decades in the field. Whether you’re dealing with ransomware recovery, brand protection, or innovation funding, this episode is packed with gold nuggets for CISOs, security leaders, and vendors alike.

If you enjoy raw, unfiltered conversations on cyber defense, hit that LIKE button, SUBSCRIBE for more episodes, and drop a comment below: What’s your biggest budgeting challenge in cybersecurity?

🔗 Listen on Spotify/Apple Podcasts:

spotify.cyberpodcast.net

apple.cyberpodcast.net

#Cybersecurity #CISOBudget #SecurityFunding #VendorManagement #Ransomware #CISOAdvice

Timestamps:

00:00 – Intro & Jean Shapiro’s Epic Entrance

03:27 – Why Non-Tech Leaders Struggle to Understand Security

06:10 – Educating Buyers Through Breach News & Real-World Examples

09:06 – Gold Nugget #1: Never Let a Good Crisis Go to Waste

12:36 – Building a Culture of Transparency (No Finger-Pointing)

16:21 – Partnering with CIOs: Fixing Legacy Issues Without Blame

18:46 – Getting Budget: Tie Security to Revenue Loss & Business Impact

23:29 – Risk & Brand Protection in Budget Conversations

26:11 – Risks Breakdown: Litigation, Regulation, Operational Downtime

28:00 – Ransomware Myths: Why Paying Isn’t a Quick Fix

31:56 – Frameworks (NIST, MITRE ATT&CK) for Data-Driven Budgets

37:32 – Carving Out Budget for Innovation & AI Tools

40:46 – Tips: Align with Strategic Initiatives (Don’t Just Slap AI on It)

43:02 – Sales Call Frustrations: “What Keeps You Up at Night?”

47:19 – Protecting Proprietary Info in Vendor Calls (No Recordings!)

51:23 – Post-Sale Support: Don’t Ghost After the Deal

55:38 – Burning Vendor Bridges: When to Replace Tools

58:03 – Sales Ghosting Between Roles: It Bites Back

1:05:16 – Sales Incentives Exposed: Why Renewals Get Weird

1:10:20 – Negotiating with VARs: Avoid Desperation Deals

1:19:00 – Closing Thoughts: Know Your Numbers, Talk Business Language

Thanks for watching! Stay secure out there.

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

The Battle of the CISOs: Technical vs Non-Technical #DTF023

Fri, 24 Oct 2025 07:00:00 -0700

Welcome to Episode 23 of the DTF Cyber Podcast! 🎙️ Join our hosts as they dive into the evolving world of cybersecurity leadership, exploring what it takes to be a CISO in 2025. From technical acumen vs. business savvy to AI’s revolutionary impact on the industry, we unpack critical insights for aspiring and seasoned security pros. Plus, hear about Vegas’s tight-knit cyber community, data breach lessons, and the F1 party vibe! 💻 Don’t miss this mix of career advice, tech trends, and real-world stories. Subscribe for weekly cyber insights! 🚀 #Cybersecurity #CISO #AIinCybersecurity #DataBreaches #VegasCyber

Timestamps:

00:00 —Intro & Vegas F1 Excitement

The crew kicks off with Formula 1 hype, Vegas nightlife, and how local cyber pros turn big events into networking gold.

06:35 — The CISO Role Debate

Do you need deep technical chops or business instincts to lead? The team unpacks the “technical vs. strategic” clash lighting up LinkedIn.

14:23 - The Castle & Sword Analogy

Defending your organization like a kingdom; strategy, trust, and the danger of “fighting every battle yourself.”

20:10 — Stats, Pay Gaps & AI’s Influence

Why technical CISOs earn more, how AI is reshaping cybersecurity, and why partnership beats isolation.

28:27 — AI’s Impact on Cybersecurity

Working alongside business units to secure AI-driven projects — and the risks of “vibe-coding” without controls.

33:17 - Leadership Humility

The power of admitting mistakes: how transparency builds trust and kills ego-driven cyber culture.

36:01 — SOC Lifers & Innovation

Why some pros never leave the trenches — balancing hands-on skill with creative problem-solving.

41:01 — The Hybrid Advantage

Why the best CISOs blend technical depth, business vision, and empathy to lead modern security teams.

45:28 — VARs, Pizza & Procurement

How to question vendors the smart way — and why “what fails” matters more than “what sells.”

49:45 — Data Retention & Breaches

Third-party risk, compliance headaches, and why storing IDs “just in case” creates future breaches.

54:34 — Breach Fatigue

Lessons from a 70,000-user data leak — protecting your identity and regaining trust in a breach-saturated world.

Topic Links:

https://www.linkedin.com/posts/geoffhancockcyberexecutive_ciso-ceo-activity-7384226546804449280-UtjG/?utm_source=share&utm_medium=member_ios&rcm=ACoAAAPdJL0B8xce6ECZfPNPS2Hp24evoT2uY0E

https://cybersecuritynews-com.cdn.ampproject.org/c/s/cybersecuritynews.com/discord-data-breach-sensitive-data/amp/

Connect with Us:

• Follow DTF Cyber Podcast on X for updates!

• Share your thoughts in the comments! What’s your take on the CISO role in 2025?

Trust But Verify: The Hidden Cost of AI Hallucinations #DTF022

Mon, 13 Oct 2025 09:00:00 -0700

Join Damian, Troy, and Fern on Episode 22 of the DTF Cyber Podcast (@DTFCyberPodcast) as we tear into Deloitte’s $290K AI hallucination disaster—fake references, a misquoted judge, and a botched Australian government report that’s shaking trust in AI. From AI’s role in cyber chaos to practical tips for validation, we’ve got CISOs and tech lovers covered.

Timestamps (Extracted from Transcript):

00:00 – 01:26 | Intro: AI Hallucinations & Holiday Banter

01:26 – 15:34 | Cyber News: Deloitte’s AI-Generated Report

15:34 – 30:06 | Deep Dive: Accountability & Ethics Fallout

30:06 – 43:10 | AI Ethics in Security & Vendor Data Use

43:10 – 57:12 | Audits, Maturity Scores & Frameworks

57:12 – 01:09:49 | Outro: Real Talk on Jobs, AI & Accountability

Links:

• Fortune Article: https://fortune.com/2025/10/07/deloitte-ai-australia-government-report-hallucinations-technology-290000-refund/

• NIST AI RMF: https://www.nist.gov/itl/ai-risk-management-framework

• Join us on X: https://x.com/DTFCyberPodcast

• AI Ethics Cheat Sheet: [Link to PDF - TBD]

Subscribe: Catch our weekly cyber takedowns! Smash that bell and join the DTF crew fighting hype, one ethical byte at a time. 🛡️

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Ransomware Hits Europe's Airports – Travel Cyber Survival Guide! #DTF021

Mon, 06 Oct 2025 09:00:00 -0700

Buckle up for a wild ride through cyber chaos at 30,000 feet! With Damian out slaying dragons elsewhere, Troy and Fern team up with special guest Shannon Wilkinson (Troy's better half, CIO/CISO at Findlay Auto, and reigning "double belt cyber champ"). We dissect the September 2025 ransomware meltdown that grounded 63+ flights at Heathrow, Brussels, and Berlin—thanks to a Collins Aerospace supply chain hack. From botched check-ins to a shocking UK arrest in under a week, we unpack the third-party terror, AI's automation pitfalls, and why your next layover could be a hacker's playground. Plus: Real talk on business impact analysis (BIA), dodging "juice jacking," VPN myths, and why employees aren't your "weakest link" (but untrained ones sure are). Shannon drops gems from her new book on AI ethics, and we roast everything from fast-food kiosks to boardroom budget battles. Laughs, lessons, and low-hanging fruit alerts—because if airports can crash, so can your data. Stay encrypted, travelers! 🚨✈️

Timestamps:

00:00 - Ransomware Grounds Europe – Collins hack chaos.

02:59 - Tech Couples – Can they unplug?

05:11 - Airport Attack – Heathrow arrests & CrowdStrike déjà vu.

08:07 - AI Trap – Automation gone wrong.

14:39 - Boardroom Battles – Layoffs vs. efficiency.

19:34 - AI Revolution – Jobs, tools, & reality check.

27:52 - BIA 101 – Spot risks before chaos.

33:25 - Cyber Risk in Dollars – Board storytelling without FUD.

40:43 - Cyber Spend – $2B budgets & quick wins.

45:25 - Employees – Weak link or weapon?

47:24 - SMS Scams – Bill panic & verification tips.

49:35 - Travel Security – VPNs, hotspots, identity fabrics.

53:51 - Hotspot Hype – Cell signals vs. VPN traps.

57:51 - Juice Jacking – Airport USB risks explained.

01:03:16 - Book Spotlight

01:06:23 - Sales Tactics Roast – Cupcakes as cold calls.

01:10:02 - Wrap-Up

Grab Shannon's book: "Prompted, Not Present" on Amazon – DM her on LinkedIn for a signed copy!

Love the pod? Smash that 👍, subscribe for weekly cyber roasts, and drop your wildest travel hack fail in the comments. New eps every Monday—next up: Deepfakes in the wild?

🔗 Full episodes & merch: dtfcypberpodcast.net

📱 Follow us: YouTube @DTFCyberPodcast | X @DTFCyberPodecast | LinkedIn

#Ransomware #AirportHack #TravelCybersecurity #AIEthics #CyberPodcast #DTFCyber #SupplyChainAttack #VPNtips #JuiceJacking #BusinessResilience

Articles:

https://www.theguardian.com/world/2025/sep/22/flight-delays-europe-cyber-attack-heathrow-brussels-berlin

https://levelblue.com/blogs/security-essentials/securing-your-digital-footprint-while-traveling-in-2025

Shannon's Book:

https://www.amazon.com/Prompted-Not-Present-Reclaiming-Thoughtful/dp/B0FF5D87S9/ref=sr_1_1?crid=2BIWF9F0E79D6&dib=eyJ2IjoiMSJ9.X1QHcoWjhBDfHDtebgE0l4gwmpAfCC5WWrEVbCo-sygfPtSsH6pEv62iZnv9oFIQlhSqfObQU_AqUtM-T389Uh2Wp-nU71BK5Ht-XMU0LmlLRqWNUvmPgpdGXv4btnYZIsMXucdOo6EPaGeVckxFncbhY4BrmwSI0mdVEvbIivynUqp9JhrHyZFn-c7OihOlA6QW6gYMu2IhE0w_KVSjMA.GK0phjXd49yIOHuQSahz5k88KN5tbvARge-P1ntZs4g&dib_tag=se&keywords=shannon+wilkinson&qid=1759709566&sprefix=shannon+wilk%2Caps%2C134&sr=8-1

Linkedin:

Shannon: https://www.linkedin.com/in/swilkinsoncyber/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

When AI Goes Rogue: Exposing the Risks of Autonomous Agents #DTF020

Mon, 15 Sep 2025 08:00:00 -0700

Welcome to Episode 20 of the DTF Cyber Podcast! 🚨 Join hosts Damian and Fern, with special guest Gary Chan, the Security Mentalist, as they dive into the wild world of rogue AI agents—autonomous systems that wreak havoc when they go off-script. From AI browsers falling for phishing scams to coding agents wiping out databases and chatbots selling $76,000 SUVs for a buck, we unpack real-world incidents shaking the cybersecurity world in 2025. Gary’s psychological manipulation expertise reveals how AI vulnerabilities mirror human tricks, making this a must-watch for tech pros and curious minds alike! 🧠💻

🔔 Subscribe to @DTFCyberPodcast for weekly cybersecurity deep dives: youtube.com/@DTFCyberPodcast

💬 Drop your rogue AI stories in the comments and let us know what topics you want next!

📩 Want Gary’s security mentalism for your company? Visit https://www.gschan2000.com

Timestamps

00:00 - Intro: Damian and Fern set the stage for rogue AI agents, introducing Gary Chan with a WWE-style entrance!

03:27 - Guest Spotlight: Gary explains security mentalism—blending psychological tricks with cybersecurity awareness.

08:59 - Perplexity’s Comet AI Browser Exploit: How this AI browser got tricked into buying fake items and leaking data.

27:02 - Replit AI Database Disaster: A coding agent deletes a production database and fakes logs to cover it up!

42:45 - Chevrolet Chatbot Fiasco: A chatbot “sells” a $76,000 Tahoe for $1 via social engineering.

54:42 - Roundtable: AI Risks & Fixes: 80% of companies face rogue AI—how do we secure these agents?

68:47 - Outro & Takeaways: Key lessons on testing, governance, and trusting AI, plus a call to subscribe!

Key Topics

Perplexity Comet Exploit: How phishing and prompt injection led to unauthorized purchases and data leaks.

Replit Database Wipeout: A coding AI’s catastrophic error and attempt to hide it.

Chevrolet Chatbot Blunder: Social engineering tricks a bot into absurd deals, raising liability questions.

Mitigations: Testing in dev environments, strict permissions, and rollback plans to tame rogue AI.

Gary’s Take: How mentalism reveals AI’s susceptibility to manipulation, with tips for secure deployment.

Security Mentalist:

https://www.gschan2000.com

Article 1:

https://www.bleepingcomputer.com/news/security/perplexitys-comet-ai-browser-tricked-into-buying-fake-items-online/

Article 2:

https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-data

Article 3:

https://www.upworthy.com/prankster-tricks-a-gm-dealership-chatbot-to-sell-him-a-76000-chevy-tahoe-for-ex1

Article 4:

https://www.digit.fyi/80-of-firms-say-their-ai-agents-have-taken-rogue-actions/?utm_source=chatgpt.com

Linkedin:

Gary Chan: https://www.linkedin.com/in/gschan2000/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Why Third-Party Apps Can Put You at Risk! #DTF019

Mon, 08 Sep 2025 08:00:00 -0700

Welcome to Episode 19 of the DTF Cyber Podcast, where Damian, Troy, and Fern dive into the wild world of cybersecurity with our special guest, Lester Godsey, CISO at Arizona State University! This week, we unpack the massive Salesloft Drift supply chain breach that rocked companies like Cloudflare, Palo Alto Networks, and Zscaler. From OAuth token risks to third and fourth-party vulnerabilities, we break down what went wrong, why it matters, and how to protect your organization from the next supply chain nightmare. Expect technical deep dives, real-world insights, and our signature banter—because even in chaos, we keep it real. Subscribe, like, and join us every Monday for more cyber talk!

Watch on YouTube: https://www.youtube.com/@DTFCyberPodcast

Timestamps

00:00 - Intro: Welcome to the DTF Cyber Podcast

00:33 - Guest Introduction: Meet Lester Godsey, ASU’s CISO

01:41 - Lester’s 8-Hour Retirement & Transition to Private Sector

03:12 - Talk Track 1: The Breach Breakdown – Salesloft Drift Incident

04:49 - Why Third-Party Risk Management (TPRM) Needs More Hype

06:26 - The Skills Gap in Governance, Risk, and Compliance (GRC)

09:57 - Do CISOs Need to Be Super Technical? The Debate

13:22 - Talk Track 2: OAuth Token Risks – The Double-Edged Sword

18:04 - Analogies: Amazon Garage Access vs. OAuth Token Exposure

23:20 - Talk Track 3: Third and Fourth-Party Risks – Hidden Layers

26:30 - Vendor Transparency and Proactive Disclosure

29:01 - Shadow IT and the Challenges of Vendor Visibility

31:20 - Talk Track 4: Mitigation Strategies – Auditing and Non-Human Identities

36:02 - Managing Up: Communicating Risks to Leadership

39:15 - Gen Z Slang and Workplace Communication Challenges

43:32 - Recap: Key Takeaways on OAuth, Audits, and Risk

47:46 - Future Topics: Non-Human Identities and Agentic AI

51:02 - Actionable Advice: Audit Your OAuth Tokens Now

54:41 - Closing Thoughts from Troy, Damian, Fern, and Lester

What You’ll Learn

- How attackers exploited OAuth tokens in the Salesloft Drift breach

- The cascading risks of third and fourth-party vendors

- Practical steps to audit and secure OAuth tokens and APIs

- Why non-human identity management is critical for modern cybersecurity

Have you audited your OAuth tokens lately? Drop your thoughts on supply chain risks in the comments or hit us up on X (@DTFCyberPodcast). If you found this episode helpful, smash that like button, subscribe, and share with your cyber crew! Let’s stay one step ahead of the hackers.

#Cybersecurity #SupplyChainSecurity #OAuthRisks #DTFCyberPodcast

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Why Cybersecurity Training is Often Ignored #DTF018

Mon, 01 Sep 2025 07:00:00 -0700

🎙️ Welcome to the DTF Cyber Podcast! In Episode 18, “Why Cybersecurity Training is Often Ignored,” we dive into the real struggles of staying sharp in cyber roles. From budget battles to justifying big conferences like Black Hat and RSA, this episode uncovers why training gets sidelined—and how to fight back! 💻🔒

🔑 Key Topics:

• Why training costs (like $8,000 SANS courses) scare off CEOs

• Budget hacks: Vendor deals, free meetups (e.g., Phoenix East Valley), and LinkedIn Learning

• Justifying conferences with ROI (reports, team training)

• Employee initiative vs. leadership responsibility

• Training as part of compensation and culture

• Staying ahead with job research and the “seven whys”

😂 Bonus: Hear about the hostel pinkeye saga—a lesson in cost-cutting gone wild!

📌 Timestamps:

0:00:00 - Intro: Staying Up-to-Date

0:02:34 - Budgeting Challenges

0:09:05 - Vendor Training Tricks

0:18:23 - Justifying Conferences

0:36:02 - Free Training Options

0:43:10 - Employee & Leader Roles

0:54:26 - Black Hat Cost Breakdown

1:05:26 - Closing Tips

💬 Drop your training hacks in the comments! Subscribe @DTFCyberPodcast for more cyber realness. Join us next week—stay safe!

🔗 Full Episode: [Link to Episode 18]

🌐 Learn more: https://www.youtube.com/@DTFCyberPodcast

#Cybersecurity #Training #BlackHat #RSAConference #CyberCareer #DTFCyberPodcast

Phoenix Cyber Meetup:

EVSec https://www.meetup.com/evsecaz

SANS pricing:

https://www.sans.org/cyber-security-courses/advanced-security-essentials-enterprise-defender

UI/UX:

https://www.linkedin.com/posts/cyber-uxcellence_a-milestone-moment-for-ux-in-cybersecurity-activity-7361758949525622785-Rsha?utm_source=social_share_send&utm_medium=member_desktop_web&rcm=ACoAAAPdJL0B8xce6ECZfPNPS2Hp24evoT2uY0E

Online Training Resources:

https://explore.skillbuilder.aws/learn (AWS Skill Builder – Security Learning Plans)

https://www.cloudskillsboost.google/ (Google Cloud Skills Boost – Security Labs & Quests)

Use of "Five Why's" :

https://www.corporatecomplianceinsights.com/want-better-incident-response-keep-asking-why/

Phoenix Community Meetup Groups:

https://owasp.org/www-chapter-phoenix/ (OWASP Phoenix)

https://engage.isaca.org/phoenixchapter/home (ISACA Phoenix Chapter)

https://isc2chapterphoenix.org/ (ISC2 Phoenix Chapter)

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Is Your Mobile Phone Secretly at Risk? #DFT017

Mon, 25 Aug 2025 07:00:00 -0700

In Episode 17 of the **DTF Cyber Podcast**, hosts Damian, Troy, and Fern tackle three cybersecurity threats that could impact your daily life: zero-day exploits on mobile devices, hardware-based attacks via webcams and laptops, and ATM/network breaches using physical devices. Drawing from recent 2025 incidents like Apple's CVE-2025-43300, Lenovo's "BadCam" flaw, and the "CAKETAP" rootkit, they break down risks, share practical tips on patching, privacy, and layered defenses, and emphasize resilience over perfect prevention. Whether you're an iPhone user, remote worker, or ATM frequenter, this episode delivers actionable insights with the trio's signature banter and real-world stories.

🔔 Subscribe to **DTF Cyber Podcast** for weekly cybersecurity discussions: https://www.youtube.com/@DTFCyberPodcast

👍 Like, comment, and share your biggest patching pet peeve below!

📱 Follow us on X: @DTFCyberPodcast

**Timestamps:**

00:00 - Intro: Episode overview and personal impacts of zero-days, webcams, and ATMs

01:12 - Zero-Day Exploits: Apple vulnerabilities, myths about iOS security, and patching urgency

04:23 - MDM and Privacy: Balancing BYOD risks, EU regulations, and employee monitoring

07:14 - Browser and App Patching: Managing third-party tools and auto-updates

10:01 - Data Leaks via Cloud Tools: OneDrive instances and insider threats

12:24 - VPNs and Privacy Concerns: User paranoia and employer trust

15:02 - Work-Life Balance: Salary expectations vs. 24/7 access

18:09 - AI-Accelerated Exploits: Threat actors weaponizing patches in hours

23:52 - IT vs. Security: Balancing rapid patching with testing

26:05 - Hardware Attacks: Webcams as entry points (BadCam exploit)

29:01 - Firmware Risks: Updating drivers and BIOS vulnerabilities

32:39 - Physical Access Threats: Hotel room espionage and lost devices

35:34 - Convenience vs. Security: Reducing user friction in tools

40:03 - Proof-of-Concept Testing: Involving non-tech users for adoption

43:32 - ATM Breaches: Raspberry Pi rootkits and network compromises

46:13 - Card Skimmers vs. Deeper Hacks: Physical-cyber blends

49:39 - Financial Tips: Separating accounts and credit card protections

52:33 - Anomaly Detection: Monitoring for Raspberry Pi drops and flippers

56:47 - Defense in Depth: Layers, resilience, and rapid response

58:08 - Closing Thoughts: Patch promptly, understand policies, and stay vigilant

#Cybersecurity #ZeroDay #WebcamHacks #ATMBreaches #DTFCyberPodcast #CyberTips #AppleSecurity #HardwareVulnerabilities #NetworkSecurity

### Zero-Day Exploits

1. **Link**: https://safe.security/resources/blog/most-likely-damaging-cyber-threats-vulnerabilities-2025/

- **Relevance**: Discusses 2025 zero-day trends, including Apple’s CVE-2025-43300, aligning with the podcast’s focus on mobile device vulnerabilities and rapid patching needs.

2. **Link**: https://stonefly.com/resources/zero-day-exploits-cyber-threats-you-cant-see-coming

- **Relevance**: Covers AI’s role in scaling zero-day attacks, matching Troy’s discussion of AI reverse-engineering patches and Fern’s point about targeting unpatched devices.

### Hardware-Based Attacks

3. **Link**: https://www.datasunrise.com/zero-day-exploit/

- **Relevance**: Explores hardware vulnerabilities like firmware flaws, tying to "BadCam" and "ReVault" exploits and Troy’s emphasis on BIOS/driver risks.

4. **Link**: https://www.blackfog.com/zero-day-security-exploits/

- **Relevance**: Details hardware-based zero-day risks, supporting Damian’s hotel room espionage concerns and Troy’s firmware update focus.

### ATM and Network Breaches

5. **Link**: https://www.greynoise.io/blog/2025s-biggest-cybersecurity-threats-exposed

- **Relevance**: Addresses infrastructure attacks, aligning with the CAKETAP rootkit incident and the hosts’ discussion of physical device vulnerabilities.

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Cyber Risks Unmasked: Reporting the Threats #DTF016

Mon, 18 Aug 2025 09:00:00 -0700

Join hosts Damian, Troy, and Fern for Episode 16 of the DTF Cyber Podcast, featuring special guest Dina Mathers, CISO at Carvana. Recorded on August 18, 2025, this episode dives deep into three critical topics shaping the cybersecurity landscape. From measuring the impact of cyber spend to uncovering widespread weaknesses in critical infrastructure, we unpack it all with real-world insights and actionable strategies. Whether you're a seasoned pro or just starting out, this episode is packed with "nuggets of gold" to elevate your game. Don't miss the banter on DTF dinners, the debate on best-of-breed vs. platforms, and why security leaders might just be the best salespeople in the world. Subscribe for more cyber realness every Monday!

0:00:00 - Intro: Special guest Dina Mathers

0:05:51 - Metrics debate: Spend as % of revenue/IT budget vs. data-driven approaches

0:07:24 - Key KPIs: MTTD/MTTR, patching speed, phishing rates

0:09:16 - Budgeting strategies: Industry benchmarks, risk-based cases, storytelling

0:12:20 - Tool overlap woes: 30% waste per Gartner 2023; best-of-breed vs. platforms

0:14:52 - Pro tips: Carve innovation funds for startups/POCs; audit tools yearly for ROI

0:25:00 - How poor metrics blindspot funding, leaving orgs vulnerable

0:28:40 - Real-world angles: Procurement pushback, business use cases

0:32:32 - Career advice: Be proactive, relate news to your env, automate tasks

0:40:00 - Basics failures: Weak creds, poor segmentation, no logging

0:45:26 - Critical infra gaps: 16 domains, antiquated systems, public-private partnerships

0:52:07 - Fixes: Layer security, asset inventory, periodic table mapping, empower teams

0:58:25 - Tease: Non-human identities (NHI) as future ep topic

1:00:01 - Fern's thought: Security leaders as elite salespeople

1:03:42 - Nuggets: Don't store creds in browsers; strong infra passwords; storytelling sells

1:05:46 - Shoutouts to Dina, past eps references, listen twice for gold

1:06:15 - Outro

Articles:

https://www.wsj.com/articles/how-to-measure-cybersecurity-spending-wsj-readers-weigh-in-12e2b06b

https://securityboulevard.com/2025/08/cisa-coast-guard-hunt-engagement-offer-path-to-protect-critical-infrastructure/

"Periodic Table" :

https://www.balbix.com/blog/six-step-cyber-insurance-policy-playbook/

Linkedin:

Dina Mathers: https://www.linkedin.com/in/dinamathers/

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

What Really Happened at Black Hat This Year? #DTF015

Mon, 11 Aug 2025 11:00:00 -0700

Join Damian, Troy, and Fern on Episode 15 of the DTF Cyber Podcast as they dive into a hilarious and insightful recap of Black Hat 2025 in Las Vegas! From Fern's first-time adventures and networking wins to debunking Wi-Fi myths, swag horror stories, and industry trends like AI SOCs, this episode is packed with real-talk for cyber pros and newcomers alike. Whether you're in security or just curious, get the lowdown on making conferences affordable, avoiding vendor traps, and planning for next year—including a DTF meetup pledge!

Don't miss out—subscribe to the DTF Cyber Podcast for weekly cyber insights: https://link.cyberpodcast.net

Timestamps:

00:00:00 - Intro: Welcome to Black Hat Recap Week

00:00:37 - Fern’s First Black Hat: Late Nights and Cool Vibes

00:01:38 - Debunking Wi-Fi/Bluetooth Myths at Hacker Cons

00:05:51 - Meeting Fans and Approaching Cyber Celebs

00:08:20 - Helping Newcomers: Introducing Stephanie to Luminaries

00:11:27 - Networking Without a Ticket: Black Hat on a Budget

00:12:25 - Rising Costs Push Networking to Hallways and Bars

00:15:40 - Affordable Vegas: $500 for Flights, Hotels, and Fun

00:16:54 - Sessions vs. Stealth Demos: What’s Worth It?

00:21:20- UI/UX Excellence Awards: Judging, Categories, and Passion for Intuitive Cyber Tools

00:37:48 - AI SOCs, Cloud Backups, and Ransomware Trends

00:38:12 - Swag Fails: Urinal Cakes and Branded Alexas

00:44:06 - Vendor Raffles: Super Bowl Tickets and Hidden Agendas

00:47:00 - AI Notetakers in Sales: Privacy vs. Convenience

00:51:53 - Branded Shirts and Avoiding LinkedIn Disasters

00:53:00 - Wrapping Up: Missed Events and DEF CON FOMO

00:56:21 - DTF Meetup Pledge for Black Hat 2026

00:57:00 - Outro: See You Next Week!

Hit like if you survived Black Hat (or wish you did), comment your wildest conference story, and subscribe for more unfiltered cyber chats with Damian, Troy, and Fern! #DTFCyber #BlackHat2025 #CybersecurityPodcast

Cyber UXcellence Awards

https://www.prnewswire.com/news-releases/mindgrub-announces-winners-of-inaugural-cyber-uxcellence-awards-at-black-hat-usa-2025-302523814.html

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Shadow AI: The Costly Threat Lurking in Your Company! #DTF014

Mon, 04 Aug 2025 09:00:00 -0700

DTF Cyber Podcast Episode 14

Shadow AI: The Costly Threat Lurking in Your Company!

Join Damian, Troy, and “Average Fern” as they dive into the shadowy world of unauthorized AI tools in the workplace. Inspired by the latest IBM Cost of a Data Breach Report 2025, this episode uncovers how shadow AI is driving up breach costs and exposing sensitive data. Whether you’re a cybersecurity pro or just curious about tech risks, our experts break it down with real-world insights, relatable analogies, and practical advice.

In this episode:

• Damian and Troy explain what shadow AI really means and why it’s exploding.

• Fern asks the tough questions on risks, costs, and how to fight back.

• Plus, forward-looking tips to stay ahead of emerging threats.

Don’t miss this eye-opening discussion—subscribe for more cyber insights!

🔗 Related Article: https://www.cybersecuritydive.com/news/artificial-intelligence-security-shadow-ai-ibm-report/754009/

🔗 IBM Report: Search for “IBM Cost of a Data Breach Report 2025”

🔗 Follow us on X: @DTFCyberPodcast

Timestamps:

0:00 - Intro: Welcome to DTF Cyber with Damian, Troy, and Fern

2:15 - What is Shadow AI? Defining the term and its rise 5:40 - How common is it? Stats from the IBM report (20% of breaches)

10:20 - Cost Breakdown: Why shadow AI adds $670K to breaches

15:05 - Data Risks: PII and IP exposure (65% and 40% stats)

20:30 - Security Holes: Lack of access controls (97% of cases)

25:45 - Spotting and Controlling Shadow AI: Practical steps for businesses

30:10 - Employee Tips: Avoiding risks as a non-IT user 35:25 - Governance Gap: Regulations vs. company responsibility

40:50 - Future Threats: What’s next for shadow AI? 45:15 - Key Advice: One tip for leaders to prevent breaches

48:00 - Outro

#Cybersecurity #ShadowAI #IBMReport #DataBreach #AI Risks

Thanks for watching! Like, comment, and share your thoughts on shadow AI below. What’s your biggest cyber concern?

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Cyber Chaos: VPN Hacks, Breaches & Chatbot Blunders! #DTF013

Mon, 28 Jul 2025 10:00:00 -0700

In this episode of the DTF Cyber Podcast (DTF013 v1), hosts Damian Chung, Troy, and Fern Rojas dive deep into the latest cybersecurity headlines, unpacking real-world incidents and sharing actionable insights to help you strengthen your defenses. From VPN breaches to third-party risks and AI chatbot vulnerabilities, we explore the common threads of identity management and zero-trust strategies that every security pro needs to know.

Key Topics Covered:

• Ingram Micro VPN Attack: Analyzing a credential compromise that highlights the dangers of weak MFA and lateral movement in networks. Learn why zero-trust access and user education are non-negotiable.

• Qantas Airlines Data Breach: Up to 6 million customer records exposed via a third-party platform—without financial data at risk, but a stark reminder of vendor oversight challenges. We discuss audits, prioritization, and why compliance isn’t enough.

• McDonald’s AI Hiring Chatbot Vulnerability: Default credentials left unchanged, potentially leaking PII from millions of applicants. A classic case of shadow IT gone wrong, with tips on SSO, governance, and cross-departmental collaboration.

Timestamps:

00:00 - Intro

01:53 - Ingram Micro Incident Breakdown

25:31 - Qantas Breach Analysis

43:06 - McDonald’s Chatbot Vulnerability

Whether you’re a cybersecurity veteran or just starting out, this episode arms you with practical lessons from recent events. Don’t forget to like, subscribe, and hit the bell for more cyber deep dives! Share your thoughts in the comments—what’s your biggest third-party risk headache?

Articles:

https://www.darkreading.com/threat-intelligence/ingram-micro-ransomware-attack

https://www.darkreading.com/cyberattacks-data-breaches/qantas-airlines-breached-6m-customers

https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Cybersecurity Skills Shortage: Landing Jobs for New Grads #DTF012

Mon, 21 Jul 2025 09:00:00 -0700

Welcome to Episode 12 of the DTF Cyber Podcast! 🎙️ Join hosts Damian, Troy, and Fern as they dive into the hottest topic in cybersecurity: breaking into the industry. 🛡️

In this episode, we tackle the cybersecurity skills gap, exploring why hiring managers struggle to find talent while many with cyber degrees face challenges landing roles. From the importance of networking and building trust to overcoming imposter syndrome, we share practical advice for job seekers and hiring managers alike. 🌐

Key topics include:

➡ Navigating the skills gap and unrealistic job requirements (3-5 years for "entry-level"? 🤔)

➡ The power of internships, referrals, and soft skills in landing your dream cyber job

➡ Addressing diversity in cybersecurity, including challenges faced by women and underrepresented groups

➡ Personal stories and actionable tips for building a career in this dynamic field

Whether you're a recent grad, a career switcher, or a hiring manager looking to build a strong team, this episode is packed with insights to help you succeed. Don’t miss out—subscribe now and join us every Monday for more cybersecurity discussions! 🚀

#Cybersecurity #CareerAdvice #SkillsGap #Networking #DiversityInTech #DTFCyberPodcast

📌 Hit that subscribe button to help us reach 500 subscribers and stay tuned for Episode 13!

00:00:00 — Cyber Degrees, No Jobs — What’s the Problem?

00:02:21 — Skills Gap? Or Networking Gap?

00:08:28 — Trust, Hiring, and the Risk of New Talent

00:14:07 — The Broken Job Description Problem

00:18:46 — Internships, Career Shifting & Building Loyalty

00:22:20 — Soft Skills: Showing Up, Speaking Up & Self-Improvement

00:31:07 — The Soft Skill Nobody Teaches: Clarity in Communication

00:38:20 — Diversity, Imposter Syndrome & The Confidence Gap

00:47:02 — Networking: The Real Career Cheat Code

00:55:06 — Leadership’s Role in the Hiring Problem

Associated Article

https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Why Did the DOJ Go After a Ransomware Negotiator? #DTF011

Tue, 15 Jul 2025 09:00:00 -0700

#Cybersecurity #GoogleFine #Ransomware #EthicsInTech #Overemployment #RemoteWork #DTFCyberPodcast #Defcon2025

🎙️ DTF Cyber Podcast – Episode 011

Check out this week's episode of the DTF Cyber Podcast! On Monday, July 14th, hosts Damian, Troy, and Fern are joined by their very first special guest, Mike Manrod (CISO at Grand Canyon Education), also known as "DoubleM."

The team dives into the complex world of tech ethics with three major stories:

First, they tackle the news that Google has been ordered to pay $314 million for misusing Android users' cellular data. Is this a major privacy violation, or a low-priority risk for corporations focused on bigger threats? The hosts debate the real-world impact versus getting distracted by "shiny objects."

Next, the conversation turns to a developing story where a former ransomware negotiator is being investigated by the Department of Justice for allegedly taking kickbacks from cybercriminals. This sparks a broader discussion on business ethics, from accepting vendor gifts to the pressures facing tech leaders.

Finally, they explore the controversial topic of "overemployment". Is it unethical to work multiple remote jobs at once? The group discusses the difference between disclosed, ethical side-hustles and deceiving employers with mouse jigglers and C-minus work. This leads to a candid look at the "return to office" debate and what the future of work looks like in a post-COVID world.

Tune in for expert insights, hot takes, and a look at the ethical gray areas of cybersecurity.

Find our guest, Mike Manrod, presenting at Defcon Demo Labs!

TIMESTAMPS:

00:00:00 - Intro & Topics

00:01:02 - Welcoming Our First Special Guest: Mike Manrod

00:05:04 - Google Ordered to Pay $314M for Cellular Data Use

00:24:22 - DOJ Investigates Ransomware Negotiator for Kickbacks

00:29:43 - Discussion: The Ethics of Vendor Gifts

00:45:30 - The Ethics of Being "Overemployed"

00:54:12 - The Great "Return to Office" Debate

01:04:05 - The Myth of Being a CISO

01:06:58 - Final Thoughts & Outro

Articles in this Episode:

https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html

https://www.bleepingcomputer.com/news/security/doj-investigates-ex-ransomware-negotiator-over-extortion-kickbacks/

https://therecord.media/russian-basketball-player-arrested-in-france-ransomware

https://www.businessinsider.com/overemployed-lessons-pros-cons-secretly-working-multiple-remote-jobs-2025-6

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Hacking a Company to Sell to Them? What??? #DTF010

Mon, 30 Jun 2025 10:00:00 -0700

What are some of the cyber risks to small mid-sized businesses? The latest report is out! There was also someone hacking into these small companies then trying to sell them cyber services. Is that ethical? We also cover the IntelBroker getting caught even though he was using Monero privacy coins. And finally we touch on Whatsapp being banned. What about other unauthorized encrypted communications apps? Checkout #DTF010

00:00 - Intro

01:22 - SMB Threat Report

20:43 - Unethical Hacking

39:30 - IntelBroker caught?

56:43 - WhatsApp banned on US GOV devices

Articles this episode:

https://securelist.com/smb-threat-report-2025/116830/

https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/

https://www.darkreading.com/cyberattacks-data-breaches/intebroker-suspect-arrested-charged-breaches

https://www.reuters.com/world/us/whatsapp-banned-us-house-representatives-devices-memo-2025-06-23/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Is this the end of Bitcoin? Quantum Computing vs Crypto #DTF009

Mon, 30 Jun 2025 09:00:00 -0700

Google Outage, Quantum Computing vs Crypto, North Korean Fake IT Workers, How to get a Cyber Job! DTF Cyber Podcast EP009

What can we learn from the massive Google outage? Some really good discussion on trying to prepare for feature changes and potential issues. Change control? A big topic lately is Quantum Computing vs Bitcoin. Does this spell out the end of cryptocurrencies as we know it? Should you still invest in crypto? And finally for everyone looking for a new cyber job, how did Troy land his new role? What are some of his tips to get that job?

Buy Shannon Wilkinson's lates book here:

https://www.amazon.com/dp/B0FF4D663H

00:00 - Intro

01:21 - Google Outage Lessons

21:04 - US Seizes 7.74M Crypto

35:58 - Quantum Computing breaking Bitcoin

50:35 - Troy's big announcement

51:31 - Tips to get a Cyber Job

Articles in this Episode:

https://www.cnbc.com/2025/06/16/google-cloud-outage-apology.html

https://www.forbes.com/sites/bernardmarr/2025/06/12/will-quantum-computing-kill-bitcoin/

https://thehackernews.com/2025/06/us-seizes-774m-in-crypto-tied-to-north.html

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Airlines Selling Traveler Data? Security Leader Burnout! #DTF008

Mon, 30 Jun 2025 08:00:00 -0700

DTF Cyber Podcast EP008

Airlines selling your travel data to the government. Is this a privacy concern? Should they be allowed to sell your information? The government already has the travel data for no-fly lists, but should they even need to "buy" this info? What about the news article on smartwatches breaching air gapped systems? Are devices spying on you? And for the Security Leaders and CISOs.... Are you burning out earlier than normal? This latest article says most CISOs are looking to leave their jobs. Check out this week's cyber news commentary!

0:00 - Intro

02:39 - ARC selling your information

26:51 - SmartAttack via watches

40:35- CISO burnout

Articles in this Episode:

https://www.malwarebytes.com/blog/news/2025/06/us-airline-industry-quietly-selling-flight-data-to-dhs

https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/

https://www.csoonline.com/article/3998246/53-of-cyber-department-leaders-eyeing-the-exit.html

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

ChatGPT Privacy Concerns? AT&T Data Breach! #DTF007

Mon, 09 Jun 2025 09:00:00 -0700

DTF Cyber Podcast EP007

Recent news highlights how OpenAI must retain ChatGPT logs, raising concerns about user privacy. Additionally, the AT&T hack from 2021 has resurfaced, potentially exposing sensitive information again. These events underscore the importance of data privacy and cybersecurity in the digital age. #OpenAI #ChatGPT #DataPrivacy #ATTHack #sensitiveinformation

Use code: cyberpodcast10

Get 10% off the registration for CruiseCon West, the Flagship of Cybersecurity

https://cruisecon.com/

2:00- Open AI Court Order

26:00 - AT&T Breach Data Released

40:30 - CruiseCon West 2025

45:55 - Cyber Resilience

Articles:

https://arstechnica.com/tech-policy/2025/06/openai-says-court-forcing-it-to-save-all-chatgpt-logs-is-a-privacy-nightmare/

https://www.theverge.com/news/681280/openai-storing-deleted-chats-nyt-lawsuit

https://www.bleepingcomputer.com/news/security/old-atandt-data-leak-repackaged-to-link-ssns-dobs-to-49m-phone-numbers/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

cyberpodcast.net

Did Reddit Just Get Fooled By AI Bots? Fake AI Company? #DTF006

Mon, 09 Jun 2025 09:00:00 -0700

DTF Cyber Podcast EP006

Was it ethical for researchers to us AI on reddit in conversations without letting users know? This AI successfully persuaded users. Should we be worried in the the information wars with AI bots? We also discuss the Getty lawsuit against an AI platform for using their images to train their LLM. What about an AI company that used real developers vs the AI they said they were using? Check out this episode of the DTF Cyber Podcast!

00:00 - Intro

01:00 - Reddit AI Experiment

14:00 - Getty Lawsuit

31:30 - Builder AI - Fake AI

49:20 - Crypto Kidnapping

Articles in this Episode:

https://www.newscientist.com/article/2478336-reddit-users-were-subjected-to-ai-powered-experiment-without-consent/

https://www.cnbc.com/2025/05/28/getty-ceo-stability-ai-lawsuit-doesnt-cover-industry-mass-theft.html

https://www.binance.com/en/square/post/24723372076545

https://abcnews.go.com/US/nypd-detectives-crypto-torture-kidnapping-case/story?id=122325180

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Is Your Browser Safe From Dangerous Extensions? $400M Cyber Incident! #DTF005

Mon, 26 May 2025 09:00:00 -0700

DTF Cyber Podcast EP005

What's up with these chrome extensions? 100s of malicious ones removed by Google. What are the threats and how should you protect your organization? Marks and Spencer in the UK also reported losses of $400M due to a cyber incident. How much should a cyber program spend to protect against this type of risk? Check out the full episode!

00:00:00 - Topics Intro

00:01:21 - Google Chrome Extensions Hijacking your information

00:17:30 - Marks and Spencer $400M Incident

00:37:40 - Text Scams around Toll Road Fees

00:48:59 - Krebs On Security DDOS Attack

Joe Sullivan Charity

https://www.joesullivansecurity.com/ukraine-friends/

Articles:

https://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html

https://www.bleepingcomputer.com/news/security/marks-and-spencer-faces-402-million-profit-hit-after-cyberattack/

https://www.bankinfosecurity.com/change-healthcare-attack-cost-estimate-reaches-nearly-29b-a-26541

https://appleinsider.com/articles/25/05/06/googles-default-search-payments-to-apple-at-risk-in-antitrust-lawsuit

https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

Coinbase Data Exfiltrated: $20M Hacker Bounty. AI is changing cyber careers #DTF004

Mon, 26 May 2025 09:00:00 -0700

DTF Cyber Podcast EP004

Coinbase has insiders exfiltrate data and someone tries to make $20M off the data via extortion/ransom. Coinbase turns the tables and offers $20M for a bounty on the hackers! There is a discussion on what happened to cause the data loss in the first place and how we rate the Coinbase response.

There is a study suggesting that AI will change jobs. How does AI impact cyber jobs for anyone in growing their career, or looking to graduate soon?

The FBI issues a deepfake voice and video message warning. Check out this week's cyber discussions with Damian, Troy, and Fern.

00:00:00 - Intro

00:00:53 - Coinbase: Was it ransomware or extortion?

00:30:01 - Offshore labor, low-cost risk, and insider threats

00:45:01 - AI is coming for your job — or is it?

01:02:21 - FBI warns AI is impersonating officials

Articles:

https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html

https://www.linkedin.com/pulse/ai-driven-agentification-work-impact-jobs-20242030-poweredbywiti-zbyfc/

https://www.cnn.com/2025/05/15/politics/fbi-warning-hackers-ai-voice-messages

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

$4M Crypto Stolen! Google AI Browser, Malvertising Threats #DTF003

Mon, 12 May 2025 10:00:00 -0700

0:00 - Episode Topic Review

04:35:00 - Crypto Concerns around Social Engineering Scams and Robberies

18:50:00 - Browser Attacks and how Google is Leveraging AI to combat the risk

36:50:00 - Malvertising imitates a free tool used by many tech teams - RVTools

Linkedin:

Damian: https://www.linkedin.com/in/damianchung/

Troy: https://www.linkedin.com/in/kosovotroy/

Fern: https://www.linkedin.com/in/fernrojasaz/

Business Inquiries: dtf at cyberpodcast dot net

RSA Recap, Zoom HIjacking, Remote Worker Scams

Mon, 05 May 2025 10:00:00 -0700

00:04:08 : RSA Recap

00:27:10 : Remote Worker Scams

00:52:29: Unprotected S3 Buckets

1:05:19 : Recap