If misconfigured cloud settings are one of the most reventable causes of breaches, what happens when the gaps aren't misconfigurations at all, but known, documented vulnerabilities that simply never got patched?

This episode explores why organizations still struggle to fix what they already know is broken, covering prioritization frameworks like CVSS and EPSS, the challenge of legacy systems, the race against zero-day exploitation, and why the window between public disclosure and active attack is shrinking faster than most security teams can respond.

Listen & Follow: ⁠⁠Spotify⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠YouTube⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

If insurance can't save you from a breach, what's causing most of them in the first place?

This episode tackles one of the most underreported yet devastating causes of cloud breaches: misconfiguration.

Covers how a single wrong setting can silently expose millions of records, the shared responsibility model that trips up even the most sophisticated organizations, and the real-world cases that prove it: from Capital One's $190M lesson to a 2025 AWS DNS misconfiguration that cascaded across thousands of organizations worldwide.

Listen & Follow: Spotify⁠ | ⁠⁠YouTube⁠ | ⁠Linkedin⁠⁠⁠

If people are the last line of defense and training alone isn't enough, what happens when the breach occurs anyway?

This episode explores the booming cyber insurance market, what it actually covers, what it quietly excludes, how ransomware claims have reshaped premiums and underwriting requirements, and whether having a policy is genuinely improving security posture or simply giving organizations a false sense of comfort.

Listen & Follow: ⁠Spotify⁠⁠ | ⁠⁠⁠⁠⁠YouTube⁠⁠ | ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

If ransomware is a fully industrialized criminal enterprise, what is the last line of defense when every technical control has been bypassed?

This episode explores the human firewall, what effective security awareness training actually looks like in the age of AI, why most corporate training programs fail to change behavior, and how behavioral science is reshaping the way organizations think about their most exploited attack surface: their own people.

Listen & Follow: ⁠Spotify⁠⁠ | ⁠⁠⁠⁠⁠YouTube⁠⁠ | ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

If Zero Trust is the blueprint for securing systems, what happens when the attackers have already built a business model more sophisticated than most legitimate companies?

This episode goes beyond the technical mechanics of ransomware to explore the economy behind it, RaaS (Ransomware-as-a-Service), how cryptocurrency enables anonymous extortion, the geopolitics of attribution, and why ransomware is now a fully industrialized criminal enterprise.

Listen & Follow: ⁠Spotify⁠⁠ | ⁠⁠⁠⁠⁠YouTube⁠⁠ | ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

If human error is the biggest attack surface, what happens when even the network itself can no longer be trusted?

This episode breaks down Zero Trust Architecture, what it actually means, how organizations implement it (or fail to), and why the old castle-and-moat model of perimeter-based security is no longer enough in a world where identity, not location, defines trust.

Listen & Follow: ⁠Spotify⁠⁠ | ⁠⁠⁠⁠⁠YouTube⁠⁠ | ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

If the attacker can arrive pre-installed through a trusted vendor, what happens when the weapon isn't code at all, but a phone call, an email, or a face on a video screen?

This episode covers how AI is supercharging social engineering, from hyper-personalized phishing and AI-powered vishing to deepfake-based attacks, making human error an even bigger attack surface than ever before.

Listen & Follow: ⁠Spotify⁠⁠ | ⁠⁠⁠⁠⁠YouTube⁠⁠ | ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠

If identity controls the door, what happens when the attacker doesn't come through the door at all, but arrives pre-installed?

This episode covers software supply chain attacks, how trusted vendors and pipelines become weapons, and the real-world cases that changed how the industry thinks about trust: SolarWinds, XZ Utils, and 3CX.

Listen & Follow: ⁠Spotify⁠⁠ | ⁠⁠⁠⁠⁠YouTube⁠⁠ | ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠