In this special edition recorded live at RSA Conference, Joseph Carson is joined by Gerasimos Marketos (gmar), Chief Product Officer at Hack The Box.

They explore how AI is reshaping cybersecurity skills, why traditional education is struggling to keep up, and how hands-on platforms are redefining how defenders and ethical hackers are trained. From real-world fraud detection to AI-powered CTF competitions, this episode dives into the evolving relationship between humans and machines in cybersecurity.

🔑 Key Themes & Topics

• AI vs Humans in cybersecurity competitions
• Why AI is an accelerator, not a replacement
• The evolution from traditional training → hands-on gamified learning
• Closing the cybersecurity skills gap
• Red, Blue, and Purple team upskilling
• AI governance, risk, and agentic threats
• The future of cybersecurity careers and hiring

⏱️ Chapters

• 00:00 – Introduction & RSA Conference insights
• 02:00 – GMar’s journey: Data → Fraud → Cybersecurity
• 06:30 – Who and What is Hack The Box?
• 10:30 – AI vs Humans: CTF research findings
• 13:00 – AI as a productivity multiplier
• 15:30 – Real-world example: AI winning competitions
• 16:00 – RSAC trends: AI everywhere
• 17:00 – AI governance & emerging risks
• 18:00 – AI for security vs security for AI
• 19:00 – Staying relevant in cybersecurity

🚀 Hack The Box Explained

Hack The Box is a cybersecurity upskilling platform offering:

• 🎓 Academy – Structured learning paths
• 🧩 Challenges & Labs – Hands-on environments
• 🏁 CTFs (Capture The Flag) – Competitive exercises
• 🏢 Pro Labs – Enterprise-scale simulations
• 🔎 Talent Search – Connecting skilled professionals with employers

It supports:

• Red Teams (Offense)
• Blue Teams (Defense)
• Purple Teams (Collaboration)

Resources:

https://www.hackthebox.com/

https://www.linkedin.com/in/gmarketos/

https://www.hackthebox.com/ai-augmented-cyber-workforce-report

In this episode, Fernando Montenegro shares his journey into the cybersecurity industry, insights on industry analysis, and the evolving trends shaping cybersecurity today. Discover how analysts bridge the gap between vendors, buyers, investors, and academia, and learn practical tips for engaging effectively with industry experts.

key Takeaways

• Role of industry analysts in cybersecurity
• Emerging trends in cybersecurity including AI and attack surface expansion
• Effective engagement with analysts for decision support
• Strategic cybersecurity budgeting and investment
• Influence of economics and incentives on security decisions

sound bites

"Understanding what's going on in the world"

"Good enough security can be effective"

"Workload AI versus workforce AI"

Chapters

00:00 Introduction to Security by Default Podcast

00:53 Fernando Montenegro's Origin Story

05:16 The Role of an Industry Analyst

08:55 Maximizing Value from Analyst Interactions

13:16 Understanding AI in Conversations

15:44 Choosing the Right Solutions

16:40 Decision-Making in Technology and Business

17:13 Trends in Cybersecurity and AI

18:26 Understanding Workload vs. Workforce AI

19:40 The Evolving Role of Security Professionals

21:43 The Strategic Importance of Cybersecurity

23:58 Incentives and Decision-Making in Security

25:53 The Shift Left Approach in Development

27:16 Budgeting for Cybersecurity Investments

30:47 Navigating Cybersecurity Budgets

32:26 Engaging with Analysts and Staying Informed

34:33 Curating Information in a Data-Driven World

36:55 Balancing Operational and Strategic Insights

37:51 Connecting with Analysts and Final Thoughts

Resources

LinkedIn Profile of Fernando Montenegro - https://www.linkedin.com/in/fsmontenegro/

Futurum Group - https://futurumgroup.com/

Obsidian Knowledge Management System - https://obsidian.md/

Book: Why Most Security Budgets Go to Waste by Ross Young - https://a.co/d/02BZPwdO

Join cybersecurity expert Joseph Carson and guest Gary as they explore innovative ways to make cybersecurity engaging, fun, and accessible. Discover how humor, storytelling, and community involvement can transform the industry and attract new talent.

Chapters

00:00 Welcome to the Cybersecurity Chaos

02:32 From Fear to Fun in Cybersecurity

05:27 The Journey of a Cyber Advocate

08:09 The Importance of Community and Collaboration

10:45 Bringing Laughter Back to Cybersecurity

13:13 Rebranding Cybersecurity for New Talent

16:00 The Power of Words in Cybersecurity

18:43 Innovative Approaches to Cyber Awareness

21:29 Lessons from Kids: Simplifying Cybersecurity

24:39 The Inner Child and Cognitive Dissonance

26:40 Gamification and Learning Innovations

28:19 Storytelling in Cybersecurity

29:15 Cybersecurity Starts at Home

30:36 Community Engagement and Employee Connection

32:14 The Importance of Acknowledgment

34:13 Finding Joy in Everyday Life

35:11 Humor as a Coping Mechanism

40:04 The Power of Positive Thinking

45:02 Mission Accomplished: Fun and Safety

Resources

Cyber Heroes Comics - https://cyberheroescomics.com/

Gary's LinkedIn Profile - https://www.linkedin.com/in/gary-berman/

Join Joseph Carson in this insightful episode as he interviews cybersecurity expert Chris Kubecka. They discuss critical infrastructure security, cyber warfare, geopolitical risks, and the evolving landscape of digital threats, providing valuable lessons for cybersecurity professionals and policymakers.

Key Topics

Cybersecurity in critical infrastructure

Geopolitical cyber threats and hybrid warfare

Evolving landscape of digital threats and resilience

Sound bites

"GPS jamming has been a massive challenge."

"Digital Empires: China, Europe, and the US."

"Radio communications are a vital fallback."

Chapters

1. 00:00 Introduction and Background of Chris Kubecka
2. 01:37 Cybersecurity Challenges in Critical Infrastructure
3. 03:37 Evolving Nature of Cyber Threats
4. 05:45 The Role of Drones in Modern Warfare
5. 07:25 Hybrid Warfare and Global Diplomacy
6. 10:10 The Shift in Global Cybersecurity Dynamics
7. 12:18 The Importance of International Cooperation
8. 14:33 Privacy and Ethics in Cybersecurity
9. 16:50 Historical Context and Regional Cooperation
10. 18:55 Cyber Attacks on Civilian Infrastructure
11. 22:04 Personal Experiences in Estonia
12. 24:10 Geopolitical Tensions and Cybersecurity
13. 25:52 Challenges in Maritime Connectivity
14. 28:16 Critical Infrastructure Vulnerabilities
15. 30:22 The Role of Radio in Authoritarian Regimes
16. 33:43 International Maritime Law and Cybersecurity
17. 37:46 Recent Projects and Activism in Cybersecurity
18. 39:51 Staying Informed in a Rapidly Changing Landscape

Resources

Chris Kubecka's LinkedIn - https://www.linkedin.com/in/chriskubecka/

Field Tested: How to Hack a Modern Dictatorship with AI - https://www.amazon.com/dp/B0C7F4XYZ

In this episode of the Security by Default podcast, host Joe Carson speaks with Ian Austin, co-founder of Pwned Labs, about his journey in cybersecurity, the evolution of learning in the field, and the challenges of Cloud and AI security. Ian shares insights on transitioning into cybersecurity roles, the importance of community engagement, and the need for continuous learning in an ever-evolving industry. They discuss the significance of gamification in training and the current trends in cloud security, emphasizing the importance of hands-on experience and collaboration.

Key Takeaways

1. Ian Austin is a co-founder of Pwned Labs, specializing in cloud and AI security training.
2. His journey in cybersecurity began with help desk roles and evolved into penetration testing.
3. Creating content is a great way to learn and contribute to the community.
4. Cloud security presents unique challenges that require ongoing education and adaptation.
5. Gamification in training enhances engagement but should not overshadow practical learning.
6. Community involvement is crucial for personal and professional growth in cybersecurity.
7. Transitioning into security roles can be done from various backgrounds, including sysadmin and help desk.
8. Continuous learning is essential in the fast-paced cybersecurity landscape.
9. Mentorship can significantly impact career development and confidence.
10. Cloud security is a growing field with increasing demand for skilled professionals.

sound bites

"Learning is a great way to learn."

"Community is a powerful thing."

"Cloud is hard to secure."

Chapters

00:00 Introduction to the Podcast and Guest

00:40 Ian Austin's Journey in Cybersecurity

06:40 Transitioning into Security Roles

10:54 Evolution of Learning in Cybersecurity

16:19 The Importance of Community in Learning

22:58 Challenges in Cloud Security

28:46 Staying Updated in the Cybersecurity Field

Resources:

https://pwnedlabs.io/

https://www.linkedin.com/in/ian-austin/

In this episode of the Security by Default podcast, host Joe Carson welcomes Evil Mog, an expert in password cracking and cybersecurity. They discuss the importance of Hacker Jeopardy in making cybersecurity fun, the ongoing challenges with passwords, and the evolving role of AI in password cracking. The conversation also touches on incident response, the significance of documentation, and the future trends in cybersecurity, including the shift towards passwordless authentication and the impact of AI on both attackers and defenders.

Takeaways

1. Hacker Jeopardy is a fun way to engage with cybersecurity.
2. Teaching others helps reinforce your own knowledge.
3. Passwords will remain a necessary evil in security.
4. AI is enhancing password cracking methodologies.
5. Documentation is crucial in incident response.
6. The cost of hacking is increasing due to advanced techniques.
7. Collaboration between red and blue teams is essential.
8. Insider threats are on the rise in cybersecurity.
9. Password management is fundamentally an asset management issue.
10. Future trends indicate a shift towards passwordless authentication.

Sound bites

"Teaching helps you learn better."

"Security is about enabling the business."

"The cost of hacking is rising."

Chapters

1. 00:00 Introduction to Evil Mog and Hacker Jeopardy
2. 02:37 The Importance of Community and Teaching in Cybersecurity
3. 05:22 Password Security: The Louvre Incident
4. 07:59 The Evolution of Authentication Methods
5. 10:35 Challenges in Asset Management and Password Management
6. 13:15 Operational Technology (OT) Security Challenges
7. 15:53 The Role of Documentation in Cybersecurity
8. 18:42 AI in Cybersecurity: Automation and Password Recovery
9. 21:52 AI in Password Cracking
10. 24:56 Enhancing Human Capabilities with AI
11. 27:18 The Evolution of Cybercrime
12. 30:02 Trends and Predictions for Cybersecurity
13. 34:41 Collaboration in Cybersecurity
14. 37:24 The Future of Cybercrime and AI
15. 40:59 Connecting with Evil Mog

In this episode of the Security by Default podcast, host Joe Carson speaks with Charles Chase about his journey into the cybersecurity field, focusing on identity security and privilege access management. They discuss the evolving trends in identity security, the importance of maintaining identity hygiene, and the impact of regulations like NIST 2 and DORA on organizational practices. The conversation also covers the shift towards passwordless security, the role of AI in identity management, and resources for those looking to enter the field. The episode concludes with reflections on the importance of identities in business and society.

Takeaways

1. Charles Chase fell into cybersecurity from a military background.
2. The importance of understanding what you don't know in identity security.
3. Organizations often have dormant accounts that pose security risks.
4. Regulatory bodies are pushing organizations to improve their identity security practices.
5. The shift towards passwordless security is gaining momentum.
6. AI is becoming a valuable tool in identity management.
7. Identity hygiene is crucial for reducing risks in organizations.
8. The commoditization of identity solutions allows smaller businesses to implement security measures.
9. Engaging with customers is key to understanding their unique identity security needs.
10. The future of identity management is focused on user experience and automation.

Sound bites

"What do I not know?"

"It's a learning tool."

"It's a fun industry."

Chapters

1. 00:00 Introduction to the Podcast and Guest
2. 00:47 Charles Chase's Journey into Cybersecurity
3. 02:22 Trends in Identity Security and Best Practices
4. 05:54 Understanding Dormant Accounts and Their Risks
5. 09:54 The Shift Towards Passwordless Security
6. 12:45 The Role of AI in Identity Management
7. 18:35 The Importance of Digital Identity in Society
8. 26:45 Resources for Entering the Identity Space
9. 30:49 Conclusion and Final Thoughts

Keywords

cybersecurity, identity security, privilege access management, trends, best practices, passwordless security, AI in identity management, regulatory impact, identity hygiene, resources for cybersecurity

In this episode of the Security by Default podcast, host Joseph Carson engages with the Grugq, a cybersecurity expert and PhD student, discussing his journey into the field, the evolution of cybersecurity practices, and the complexities of information warfare. The Grugq shares insights on anti-forensics, the importance of understanding human behavior in cybersecurity, and the current landscape of cyber warfare, particularly in the context of the ongoing conflict in Ukraine. The conversation highlights the challenges and changes in the cybersecurity field, emphasizing the need for clarity and understanding in a chaotic information environment.

Takeaways

1. The Grugq's journey into cybersecurity began with a Unix book.
2. He transitioned from internships to freelancing in cybersecurity.
3. Moving to Thailand helped reduce living costs while consulting.
4. Understanding anti-forensics is crucial for effective cybersecurity.
5. The rules of cyber warfare differ significantly from peacetime operations.
6. Information warfare involves changing how people interpret information.
7. The Grugq emphasizes the importance of human behavior in cybersecurity.
8. Staying updated in cybersecurity requires monitoring current events and engaging with experts.
9. The evolution of cybersecurity tools has made it easier for new actors to operate.
10. The Grugq's PhD research focuses on the realities of cyber warfare.

Additional Resources:

https://x.com/thegrugq

https://github.com/grugq