Legitimate Cybersecurity Podcasts

A cyber incident is not just a technical problem. The legal response can shape what happens next, what gets disclosed, and how much worse the damage becomes. In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Kate Hanniford, cybersecurity and data privacy partner at Alston & Bird, to unpack the part of cyber incidents most people overlook: the legal side. Kate explains what really happens when the phone rings after a breach, how executives think under pressure, where regulators draw the line between bad luck and negligence, and why data retention can quietly become one of the biggest risks in an investigation. They also dig into SEC disclosure rules, outdated regulations, AI adoption risk, and the growing sophistication of state and federal regulators. This is a grounded look at what actually breaks after a cyber incident — and why the legal response matters just as much as the technical one. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ #cybersecurity #dataprivacy #incidentresponse #breachresponse #compliance #aigovernance #riskmanagement #legitimatecybersecurity Chapters: 00:00 Cyber incidents are legal incidents too 00:36 Meet Kate Hanniford 01:12 How Kate got into cybersecurity law 05:30 How lawyers specialize in cyber 08:34 What the first breach call feels like 12:32 How technical a cyber lawyer has to be 14:45 Which regulators worry companies most 18:47 Bad luck vs negligence in cybersecurity 19:57 Why data retention becomes a legal problem 22:17 The SEC four-day disclosure rule 27:43 Are cyber regulations outdated? 32:43 Which frameworks actually inspire confidence? 35:28 Does AI create more legal risk? 39:20 The fast question round 44:36 Kate’s best life advice #Cybersecurity #DataPrivacy #IncidentResponse #BreachResponse #Compliance #SEC #AIGovernance #RiskManagement #PrivacyLaw

America’s cyber “first responder” isn’t the FBI anymore—it’s private companies. That shift changes what gets prioritized during a breach: mission vs. margin, attribution vs. recovery, and who gets help first. In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Milan Patel (Global Head of MDR at BlueVoyant, former FBI) to unpack what breaks when cyber defense gets outsourced—because it already has. Milan shares how the FBI actually works in real incidents, why private-sector response dominates, and the recurring failures that keep breaches happening “the same way, with a different cut of sushi.” You’ll learn: Why the private sector responds first ~95% of the time—and what the FBI really does when they arrive The 3 root causes Milan sees behind most breaches (and why they don’t go away) The hidden risk of “unknown, unprotected” network branches and configuration drift What AI will (and won’t) replace in MDR, SOC work, and incident response The real looming problem: training the next generation when Level 1 work gets automated Why AI agents inside your environment force a rethink of identity + data access controls Media / interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ If you want weekly breakdowns of the hidden systems shaping security (and the incentives nobody admits out loud), subscribe and join the conversation in the comments. Chapters: 0:00 Cold open: “The FBI used to be the frontline…” 0:55 Meet Milan Patel: FBI → private sector MDR 2:30 “How do I get into cyber?” Milan’s origin story 6:50 The FBI hiring gauntlet (and why honesty wins) 11:35 Quantico + the “blind monkey” field office lottery 14:05 “Too bad, you’re going cyber” (how cyber squads really looked back then) 17:35 The big shift: who responds first during breaches (and why) 20:10 Why companies don’t care about “catching the bad guy” mid-crisis 22:55 The same breaches keep happening—what people aren’t learning 23:30 Milan’s “3 causes” of most breaches: culture, funding, configuration 26:10 The generational gap in clicking, trust, and risk behavior 29:10 “What security do I even need?” (coverage vs. cost reality check) 31:15 The brutal truth: validating what’s actually deployed vs. what you think is deployed 33:00 AI in cybersecurity: what’s real vs. hype 34:35 “Don’t make me talk to a robot” — the last-mile human requirement 36:10 The coming SOC shift: fewer Level 1s, more “all Level 3” teams 37:25 The pipeline problem: how do juniors learn when grunt work is automated? 38:40 Vibe coding + security: why Milan’s confidence is rising (with guardrails) 44:10 AI arms race: faster attackers, same fundamentals 46:05 AI agents in your network = identity + data access crisis 49:00 Milan’s one life rule: “Focus on your sphere of influence” 49:40 Outro + “keep on cyberin’” #cybersecurity #incidentresponse #fbi #manageddetectionandresponse #ransomware #cybercrime #aisecurity #SOC #cyberrisk #infosec #legitimatecybersecurity

You bought a security camera… but what you actually bought was a cloud evidence locker. And when you hit “delete,” it might only mean you lose access—not that the footage is gone. In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer break down what Ring, Google/Nest, Wyze, and other camera ecosystems really are: subscription workflows that convert your home life into searchable records—sometimes shared by default, sometimes accessible through legal requests, and often retained longer than you think. What you’ll learn: What data retention actually means for consumer camera platforms Why “Delete” in the app can be misleading (and what it often really does) The “request economy”: how safety marketing can become privatized surveillance Practical steps to keep the safety benefits while reducing the privacy blast radius Safer alternatives: local storage, POE setups, tighter motion zones, smarter placement Media / interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters: 00:00 You bought an “evidence locker” (not a camera) 01:10 Subscription ≠ ownership: the real product is the workflow 02:35 Face recognition + data correlation (and why it’s creepy) 04:20 Data retention: what it is and why it matters 07:00 GUI illusions: “delete” vs “marked for deletion” 09:05 Deleted doesn’t mean gone (forensics reality check) 12:10 Why companies keep data (and why you should care) 14:20 “You’re not being targeted”… but your data is still valuable 16:10 The request economy + privatized surveillance without a vote 18:40 Local storage alternatives (Reolink, NVRs, POE basics) 20:40 AI inside the home: convenience vs risk 23:05 Pattern-of-life reporting: the “daily brief” problem 26:05 Drones, jammers, and why “taking it into your own hands” backfires 31:05 Practical steps: MFA, settings, sharing controls 34:45 Camera placement: reduce what you collect (reduce what can be used) 37:20 Motion zones + noise reduction (trees, spiders, false alerts) 39:00 Privacy defaults: say “no” first, enable later 41:10 Wrap + viewer question: what surveillance tools worry you? #Cybersecurity #Privacy #Ring #SmartHome #Surveillance #DataPrivacy #IoT #HomeSecurity #digitalrights #legitimatecybersecurity

AI agents aren’t just “tools” anymore — they’re getting delegated access, running workflows, calling APIs, and making decisions inside your environment. That’s why some security folks are starting to call them malware… with permission. In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Jasson Casey (CEO & Co-Founder of Beyond Identity) to break down what actually breaks in identity and access when software can reason, plan, and take real actions. We cover why prompt injection is fundamentally “control + data mixing,” why agent toolchains resemble living-off-the-land techniques, and why visibility + device-bound identity may be the only sane control plane going forward. You’ll learn: Why “delegated auth” becomes the new breach primitive How indirect prompt injection can persist across an agent loop What “treat the agent as a user” gets right—and what it misses Why hardware attestation (TPM/TEE) changes detection and logging strategy How to think about local agents, plugins, and “willful malware execution” risk Media / interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters: 00:00 AI agents: tool or malware-with-permission? 01:02 Meet Jasson Casey (Beyond Identity) 02:03 Delegated authorization: the “easy option is the lazy option” problem 03:30 RAG + RBAC: privilege escalation through indexed knowledge 04:48 Prompt injection = mixing instruction and data (and why that’s provably bad) 06:01 Can injections persist across loops? “Maintain persistence” for agents 07:08 Policies fail when the agent “reaches around the fence” 08:05 Training your org to accept malware-like behavior 09:27 Adoption pressure vs security “wet blanket” reality 11:10 What’s the most weaponizable part of an agent? 13:31 Start with visibility: what’s happening, what has access to what 15:08 The Command & Conquer test: when capability suddenly jumps 20:11 Detection: how do you tell legit agent actions from malicious ones? 21:18 Why device-bound attestation matters (TPM, integrity, authenticity) 23:45 What an agent identity should include (operator + machine + time) 25:59 The logging problem: monitoring humans + agents at scale 27:44 Attestation changes logs: snapshots, reconstruction, reverse queries 29:02 Local agents & plugin ecosystems: “safe because it’s local?” 32:44 “How long before it’s news?” token harvesting and real-world fallout 34:18 AI dating pop-ups + responsibility for outcomes 37:05 Wrap + where to find Jasson #Cybersecurity #AI #AIAgents #IdentitySecurity #ZeroTrust #PromptInjection #PhishingResistantMFA #CISO #SecurityEngineering #InfoSec #legitimatecybersecurity

You can be tracked in the real world—without consent—just by driving down a public road. And the scariest part isn’t “live tracking”… it’s rewind: searchable history after the fact. In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer break down Automated License Plate Readers (ALPRs)—why they’re popping up everywhere, why they’re easy to miss, and why the data is more dangerous than the camera. You’ll learn: What ALPR cameras capture (it’s more than “just plates”) How cheap hardware + open source + cloud storage made this inevitable Why “30-day retention” isn’t the same as “safe” once data is exported/shared The governance gap: private vendors, thousands of customers, inconsistent rules The cybersecurity risk nobody talks about: downstream buyers and sloppy security Practical steps you can take to demand limits and transparency Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters: 00:00 You’re being monitored outside (no consent) 00:45 What ALPR is (and why it’s a misnomer) 01:30 Why it got cheap: hardware + open source + cloud 04:10 The U.S. privacy gap (no single overarching law) 05:00 These aren’t red-light cameras—why you don’t notice them 06:45 Flock Safety + the business of surveillance 08:20 “Vehicle fingerprinting” (tracking without “just plates”) 10:00 Who’s buying it: cities, states, feds… and HOAs 11:15 Data retention: policy vs reality (purge vs sanitize vs export) 13:45 Commercial surveillance = “fog” (hard to see, harder to fight) 14:40 Outsourcing “security” (the Pinkertons comparison) 17:10 Governance: why oversight breaks across customers/jurisdictions 18:30 The Wi-Fi packet parallel (Street View lesson) 24:15 Cyber risk: breaches + bad access controls + spreadsheet exports 27:00 “Nothing to hide” is a trap 30:05 The real danger: rewind + retroactive suspicion 32:00 What you can do: disclosure, guardrails, and pressure points 34:20 Internet cookies → real-world cookies (attached to your car) 34:50 Keep on cyberin #cybersecurity #privacy #surveillance #ALPR #licenseplatereaders #flock #flocksecurity #dataprivacy #infosec #FlockSafety #securityawareness #digitalrights

The "I have nothing to hide" argument is dead. It’s not about secrecy anymore—it’s about your wallet. Most people assume data collection is just for "better ads." They’re wrong. In this episode, Frank and Dustin break down how data brokers, insurance companies, and retailers are building a "digital twin" of you to manipulate dynamic pricing and assess your risk profile. From your car reporting your driving habits to insurance providers, to "The Retail Equation" banning you from stores for returning items, the surveillance economy is actively costing you money. In this episode, you’ll learn: The "Price Rigging" Reality: How Instacart and Kayak use your data to charge you higher prices than your neighbor. The Spy in Your Garage: How GM and other automakers are selling your driving data to spike your premiums. Home Surveillance: Why Amazon wants your Roomba’s floor maps. Defense Strategy: The exact browser, VPN, and "data pollution" tactics you need to use today to confuse the algorithms. Join the ongoing investigation: Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters: 00:00 Intro: Why "Nothing to Hide" is a dangerous lie 01:36 The Shorts controversy: Work computers & personal data 03:28 It’s not privacy, it’s mind mapping 06:28 The Target Story: Predicting pregnancy before the family knows 07:24 Day-in-the-Life of your Data: From toothpaste to traffic 08:14 Crucial: Your car is reporting you to insurance companies 09:46 Dynamic Pricing: Why Mac users pay more for flights 12:46 The Instacart Experiment: Same groceries, different prices 15:17 Roomba, LiDAR, and the map of your home 19:08 The "Return Police" (The Retail Equation) 22:30 Flock Safety: The license plate reader network tracking you 26:29 The MIB: How insurance companies track your "inconsistencies" 30:10 Defense Phase: Denial and Data Pollution 31:22 The Browser & VPN Strategy (Brave/Firefox/Nord) 34:54 Windows & Mobile Settings you must turn off 37:31 Advanced Tactic: Pi-hole and Private DNS 40:58 The Mesh-tastic Option (Going off-grid) 43:26 The "Doomsday Computer" & Etsy Scams #DataPrivacy #CyberSecurity #DynamicPricing #DataBrokers #OSINT #PrivacyTips #StopDataCollection #LegitimateCybersecurity

Everyone thinks the TikTok problem is solved because "US Data stays in the US." That is a dangerous misunderstanding of how the technology works. In this episode, Frank and Dustin break down the 80-page filing of the new TikTok joint venture. We analyze the ownership structure (Oracle, Silver Lake, and ByteDance) and explain why the "divestiture" is actually a loophole. The reality? Your data might live on Oracle servers, but the algorithm—the weaponized model that influences behavior—is still controlled by ByteDance. What we cover: The breakdown of the 19.9% ByteDance / 15% Oracle ownership split. Why "Data Sovereignty" doesn't matter if the Model is foreign-owned. The difference between data theft and behavioral modification (The "Cambridge Analytica" factor). Why ByteDance took a massive financial hit to keep a foothold in the US. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters 0:00 - The "Deal" that changed nothing 2:03 - Dissecting the ownership: Oracle, ByteDance, & Abu Dhabi 5:22 - The difference between Global Economy and National Security 8:45 - The Privacy Law trap: Backdoor access explained 10:04 - The Real Threat: It's not the data, it's the Model 14:25 - Can you train bias out of an algorithm? 18:29 - What-about-ism: Facebook vs. TikTok incentives 25:23 - The Dopamine Economy: Why Short-form won 30:18 - The "Sho Chu" Factor: Why is the CEO still there? 38:37 - Follow the Money: The $14B vs $100B valuation anomaly 42:39 - Next week: The failure of MFA #TikTok #Cybersecurity #DataPrivacy #Algorithm #TechNews #Oracle #ByteDance #SocialMedia #InformationWarfare

Your work laptop isn’t yours — and one legal issue inside your company can put your logins, browsing, and messages under review. We break down the real tools cyber pros use to “see” what’s happening on networks — and what that visibility means for your privacy. In this episode, we unpack: Why Wireshark is the “truth serum” of the internet How SOC tools (like Snort) catch real behavior on real networks Why using personal accounts on a work device can backfire What VPNs and DNS leaks mean for your browsing privacy The tool mindset that separates guessing from knowing Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters 00:00 Your work laptop is not private (cold open) 00:26 Welcome + what this episode is really about 02:00 The big idea: security is visibility 03:00 Wireshark and learning how the internet actually works 10:00 Kali + Metasploit and the reality of “hacking” 19:30 Snort and how SOCs actually catch things 23:10 Why work devices are a privacy trap 27:45 VPNs, DNS leakage, and trust-but-verify 42:20 Tools we loved then vs now (cantennas, Security Onion) 48:35 The one tool that explains our security philosophy 55:00 Wrap-up + keep on cyberin #cybersecurity #privacy #infosec #Wireshark #VPN #workfromhome #dataprivacy #networksecurity #securityawareness #tech

AI can sound empathetic, supportive, even “therapeutic”—but it can’t be accountable. That gap matters most when someone is isolated, vulnerable, or in crisis. In this episode, Frank Downs and Dustin Brewer sit down with Dr. Onna Brewer (licensed psychologist) to unpack why people are forming real attachments to AI—friendship, intimacy, and “therapy”—and where the danger line is when general-purpose chatbots become a substitute for human care. What you’ll learn: Why AI relationships meet real needs (and why that doesn’t automatically make them healthy) The difference between cognitive empathy vs affective empathy Where AI can help mental health care (access, training, documentation) vs where it fails Why crisis support is the hard boundary (and why “coin-flip” reliability isn’t acceptable) What guardrails could look like: product design, disclosures, and regulation If you’re in immediate danger or thinking about self-harm, contact local emergency services right now. (This episode is education, not medical care.) References / further reading (full URLs): http://www.brewerbristow.com https://www.apa.org/topics/artificial-intelligence-machine-learning/health-advisory-chatbots-wellness-apps?utm_source=chatgpt.com https://www.nature.com/articles/s41598-025-17242-4#Fig4 https://www.sciencedirect.com/science/article/pii/S2451958825001307?utm_source=chatgpt.com https://hbr.org/2025/08/you-need-to-be-bored-heres-why Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ Chapters: 00:00 AI can’t be accountable (the core problem) 00:17 Introducing Dr. Onna Brewer 02:06 Why AI relationships are growing (needs being met) 05:01 Isolation + loneliness as the real backdrop 06:42 Intimacy / passion / commitment: how AI fits 08:32 One-way street (why it still feels two-way) 13:22 AI as “therapy”: what’s real vs risky 14:10 Pros: access, stigma reduction, clinician support 18:38 Cognitive vs affective empathy (why therapy depends on humans) 22:23 “Therapist” isn’t what most people think it means 23:01 Normalization: asking AI for everything 29:24 Boredom, attention, creativity, and cognitive offloading 33:19 AI romance stats + shame/stigma dynamics 37:35 AI in marriage: fidelity is defined by the couple 46:00 The safety line: humans can intervene; bots can’t 46:48 Responsibility vs trust: regulation and guardrails 49:35 Wrap + resources + what to watch next #Cybersecurity #AI #Privacy #MentalHealth #DigitalWellbeing #OnlineSafety #AIsafety #TechEthics #AITherapy #AICompanions

Your body dies — but your accounts don’t. And now AI can be trained on the dead. So who “owns” your digital afterlife… and who gets to use it? In this episode of Legitimate Cybersecurity, Frank and Dr. Dustin Brewer unpack the real risk behind “legacy accounts,” AI memorial bots, and digital grief tools: consent, identity control, and what happens when someone can simulate you without you. We cover the ethics of training on deceased users, the slippery slope from grief-support to manufactured relationships, and why regulation vs. private control matters more than people realize. Media & interview requests: admin@legitimatecybersecurity.com Audio subscription: https://legitimatecybersecurity.podbean.com/ C) Chapter Breaks (YouTube Chapters) 0:00 — Your body dies… does your data? 1:05 — Legacy accounts & “consent” after death 3:20 — The DIY “Talk to my dead loved one” GPT 5:45 — Why Facebook stopped being “social” 7:10 — DNA data + the real nightmare scenario 10:50 — Should your AI ghost include your flaws? 13:05 — “Do we erase the racism?” (history vs. sanitizing) 17:45 — Sci-fi already warned us (AI Lincoln moment) 20:20 — Grief tools: healthy coping or dependency? 26:00 — The slippery slope: AI partners & manufactured bonds 27:40 — Who should control this: government or private sector? 34:00 — Guardrails + “whole-ham” threat actor reality 36:10 — Wrap: what we should demand before “digital afterlife” goes mainstream #Cybersecurity #AI #Privacy #DataOwnership #DigitalIdentity #Deepfakes #TechEthics #OnlineSafety #DigitalLegacy #Governance #LegitimateCybersecurity #AI #DigitalAfterlife #Privacy #Cybersecurity #ArtificialIntelligence #TechEthics #DataOwnership

Your gift card can be empty before you even buy it—and that’s just one of the holiday scams exploding right now. In December, attackers don’t need skill. They need distracted people. In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer break down the five highest-volume holiday scams hitting normal, smart people—gift cards, shipping texts, QR codes, travel Wi-Fi, and even AI voice cloning. You’ll learn: How gift cards are drained before activation Why “package can’t be delivered” texts work so well How QR codes are being weaponized in parking lots and charities What actually keeps you safe while traveling How to stop family-emergency scams instantly Media & interview requests: admin@legitimatecybersecurity.com 🎧 Audio version: https://legitimatecybersecurity.podbean.com/ Chapters: 00:00 — Christmas morning: the gift card is already empty 01:40 — Why December supercharges scams (stress + urgency) 07:45 — Gift card heists (how they steal it before purchase) 15:55 — “Pay in gift cards” = funding a crime 17:00 — Shipping smishing texts (the #1 holiday scam) 23:15 — MFA: annoying, but it works 24:40 — QR scams & fake charities (quishing explained) 28:10 — Travel season: Wi-Fi, hotel TVs, charging traps 34:15 — Proximity attacks: NFC & crowded spaces 36:45 — AI voice cloning & family emergency scams 41:45 — The boring-target checklist (do this, relax) 44:10 — Final takeaway + share with the link-clicker #cybersecurity #holidayscams #onlinesafety #phishing #giftcards #scams #identitytheft #LegitimateCybersecurity #Cybersecurity #HolidayScams #GiftCardHeist #AIVoiceCloning #Privacy #Infosec #TechSafety

Your smartphone, your streaming library, even your tractor—none of them actually belong to you. Companies can lock you out, delete your data, revoke your access, or simply shut down the servers your devices rely on. And now with AI moderation quietly deleting accounts behind the scenes… who’s really in control? In this episode of Legitimate Cybersecurity, Frank and Dr. Dustin Brewer explore: How Apple, Google, Tesla, and John Deere can remotely brick your devices Why your “purchased” movies on Vudu/Fandango can disappear The subscription takeover: cars, games, self-driving, even pill bottles How AI bots on Reddit, Facebook, and Google can silently erase your account Why Gen Z and Gen Alpha face a job market that’s never been harder The hidden danger of companies shutting down and taking your devices with them Whether you can really own anything digital anymore From tractors to Tesla pricing chaos, FMV Sega nostalgia, disappearing media libraries, HOA jokes, and mushroom farming jokes… this episode covers the entire collapsing spectrum of digital ownership in 2025. 🎯 QUESTION FOR YOU: What’s something you thought you owned… that you later realized wasn’t really yours? Post it in the comments — we’ll feature the best ones. 🎧 Prefer audio? Subscribe to the Legitimate Cybersecurity podcast on any platform: 👉 https://legitimatecybersecurity.podbean.com/ 📩 Media / interview requests: admin@legitimatecybersecurity.com Chapter Breaks: 00:00 – Cold Open: “Your phone can be remotely disabled—so do you actually own it?” 00:33 – Streaming, OS licensing, and why your iPhone is rented, not owned 01:20 – Companies can delete your data at will — Google, Tesla, Apple 01:45 – The John Deere DRM nightmare 02:58 – Gaming industry: the original warning sign 04:09 – Cloud gaming, Stadia, GeForce Now, and the upside of subscriptions 05:59 – But tractors doubling in price? Ownership gone wrong 06:30 – “They can brick you at any moment” — the Dustin phone hypothetical 07:23 – Dustin’s reaction: “I’d never use Google again” 08:08 – OFAC, false positives, and the real risk of automated bans 08:43 – Dustin’s farming family and the tractor brand civil war 09:24 – The horse-as-subscription joke + automated farming tech 10:35 – Tesla’s bizarre pricing, self-driving subscriptions, and BlueCruise 12:08 – Frank’s Sega CD tragedy and the death of ownership nostalgia 13:42 – Porn, HD DVD vs Blu-ray, and where video compression really came from 15:55 – Streaming illusions of ownership: Vudu → Fandango disaster 17:27 – EULA manipulations and the illusion of choice 18:56 – Forced ads even with “ad-free” subscriptions 19:27 – Millennials vs the streaming trap — we’re back to cable pricing 20:27 – Pillsy shutdown: When smart devices die because companies die 21:49 – The normalization of owning nothing 23:33 – Subscription cars, self-driving distrust, and ambulances costing thousands 24:40 – Can we stop the subscription takeover? Voting with wallet & laws 25:34 – Food costs, Whole Foods jokes, inflation, and generational struggle 26:10 – Mitsubishi Mirage, Slate truck, and forced compromise 27:30 – Gen Z’s brutal job market and AI crushing coder roles 29:33 – The CyberSeek fallout: disappearing salary data 32:20 – AI moderation deleting posts and accounts without warning 33:33 – Should AI ever be allowed to delete people? Objectivity vs bias 35:19 – Moderating subreddits and HOAs = punishment jobs 36:16 – What digital things do you really own? NAS vs cloud 37:26 – Photos, privacy, and pulling memories off the cloud 38:25 – Average people don’t have the tools to self-host anything 39:13 – Benjamin Franklin quote + “It’s too late to go back” 40:32 – Knock-knock joke + Dustin’s hope speech 42:24 – The 98% vs the 2% — who really has control 43:54 – Outro + Raspberry Pi phone joke #legitimatecybersecurity #cybersecurity #digitalownership #righttorepair #streamingwars #AIModeration #SubscriptionEconomy #johndeere #tesla #cloudcomputing #techpodcasts #dataprivacy #digitalrights #genz #cyberjobs

The cybersecurity industry is gaslighting you. We spend billions on dashboards that look pretty but act like "sleep paralysis demons" for the analysts trying to use them. In this episode, Jennifer Von Kainold (VP of Product Management at BlueVoyant) reveals the dirty secret of security engineering: the tools are built for the builders, not the defenders. Jen breaks down the "Sleep Paralysis" of modern SOCs, why the industry refuses to simplify, and how she went from a Chemistry degree to leading product strategy for a major MDR firm. We also dismantle the panic over Quantum Computing and explain why you’re worried about Q-Day when you don’t even have an asset inventory. Media and interview requests can be made to: admin@legitimatecybersecurity.com Audio listeners can subscribe on any platform and can do it through: https://legitimatecybersecurity.podbean.com/ ⏱️ CHAPTER BREAKS 00:00 – The Dashboard That Causes Panic Attacks 00:14 – The “Illusion of Safety” in Tech 02:31 – From Coding Fortran to Hacking Genomes 06:18 – The “Sleep Paralysis Demon” of Bad UI 09:16 – Why Engineers Build Tools for Robots, Not Humans 14:29 – Translating “Engineer” to “Human” (The Polyglot Problem) 19:31 – The Archer Paradox: When Flexibility Becomes Failure 21:58 – Agentic AI: The End of the Dashboard? 31:22 – The Myth of the “Single Pane of Glass” 35:37 – The Quantum Computing ("Q-Day") Hysteria 37:44 – “Where Is Your Super Cold Fridge?!” 40:32 – Why We Refuse to Do the Basics (Burnout & Cognitive Load) 44:29 – Don’t Wait for the Apocalypse to Lock Your Door 46:22 – The Final Verdict #legitimatecybersecurity #uxdesign #quantumcomputing #infosec #burnout #agenticai #techfails #cyberwarfare

Drones are showing up where they shouldn’t — over backyards, pools, windows, driveways, campsites, neighborhoods, and even over insurance customers’ houses to jack up premiums. And here’s the terrifying part: nobody knows who owns them, and the laws protecting you are a mess. In this episode of Legitimate Cybersecurity, Frank, Dustin, and Chris Adkins break down: • The explosion of drone trespassing across the U.S. • Drone “etiquette” (if such a thing exists) • Why shooting down a drone might be illegal… but hijacking its open Wi-Fi might not be • How insurance companies are secretly flying drones to deny coverage • Whether YOU own the air above your home (the answer will piss you off) • The ethics of taking over unencrypted drones • Why the U.S. military once had its Predator drones hacked • The insane world of bathtub drones and balloon monks • And how long until drones accidentally kill someone and trigger a legal revolution This episode is chaotic, hilarious, and honestly a little terrifying — one of our most eye-opening discussions yet. Media or interview inquiries: admin@legitimatecybersecurity.com Subscribe to the audio podcast: 🔗 https://legitimatecybersecurity.podbean.com/ Chapters 00:00 – A Drone Could Be Watching You Right Now 00:35 – Drone Trespassing is Exploding 01:30 – Drone Etiquette: Does It Even Exist? 02:45 – The Campsite Drone Freakout 03:20 – Drones vs. Guns: Which Is Actually Easier to Stop? 04:00 – Anti-Drone Weapons & the FCC Problem 05:20 – Building “Ghost Wi-Fi Guns” (Totally Legal?) 06:30 – Why Drones Are Outpacing the Law 07:15 – Privacy, Backyards & the “Altitude Problem” 08:55 – Insurance Companies Are Flying Drones Over Your Home 10:45 – Data, Bias & Discrimination From the Sky 12:20 – The Future of Drone Regulation (and Why It Will Suck) 14:10 – Enforcement, Penalties & the Reality of Privacy 16:00 – Drones Getting Better, Cameras Getting Scarier 17:20 – Can You Hijack an Unencrypted Drone? 19:30 – Military Drone Hacks (Yep… That Happened) 20:50 – Ukrainian Fiber-Wire Drones 21:30 – Dustin’s Ethics: “If It’s Unsecured… That’s On You.” 22:15 – Should Homeowners Be Notified Before Being Filmed? 23:00 – Air Rights: Who Actually Owns the Sky Above Your House? 26:00 – Maryland Airspace Laws You Didn’t Know 27:30 – The Insane Bathtub Drone Guy 28:20 – Balloon Monks & BB Guns at 10,000 Feet 29:50 – Final Thoughts & Holiday Schedule Hashtags #legitimatecybersecurity #cybersecurity #dronesurveillance #DronePrivacy #technews #Hacking #privacyrights #infosec #cyberethics #InsuranceFraud

SIM swapping has returned — and the attackers have leveled up. In this episode, Frank, Dustin, and returning guest Chris Adkins break down how modern thieves hijack your SIM, clone your phone, intercept your MFA codes, and drain your accounts… all without ever touching your device. We cover: • Why your phone number is the master key to your digital life • How eSIMs changed the threat landscape • Real-world stories of Gmail & crypto takeovers • Why teens AND the elderly are getting hit hard • Why your SIM might be less secure than the Coca-Cola formula • Chinese electronics bans, printer economics, zombie barter value, and exploding Hezbollah pagers (yes, really) This episode is technical, hilarious, terrifying, and extremely relevant — especially if you rely on your phone for anything in your life. 📩 Media & Interview Requests: admin@legitimatecybersecurity.com 🎧 Audio listeners can subscribe on any platform: https://legitimatecybersecurity.podbean.com/ ⏱️ CHAPTER BREAKS 00:00 — HOOK: “Why is my phone being used at 3AM?” 00:35 — Welcome Back + Celebrating 10,000 Subscribers 01:25 — What SIM Swapping Looks Like in the Real World 02:22 — Why Your Phone Number Is the Master Key to Your Life 03:36 — Kids, Phones, and the Multi-Screen Generational Divide 04:07 — Why eSIM Makes Attacks Easier to Pull Off 05:23 — Dustin’s 40 Old Burner Phones and Spy-Grade Persona Tricks 06:25 — The Ancient Sony Xperia Tablet-Phone Monster 07:25 — What SIM Cards Actually Are (Clear Explanation) 08:10 — SIM Cloning → eSIM Social Engineering Attacks 09:20 — MFA Hijacking & Why Your Text Codes Aren’t Safe 10:22 — The Missing Industry: “SIM Credit Freezing” 12:00 — Carriers as the Weakest Link (And Why They Can’t Stop It) 13:10 — Third-Party Risk: Your Data Is Only as Safe as Everyone Else’s Security 14:30 — The $90 ‘Most Secure Phone Service on Earth’ 15:35 — Chris’s Gmail + Coinbase Hack Story From Vacation 17:34 — Frank’s 100,000+ Unread Emails & Gmail Identity Crisis 19:01 — Credit Report Drama & Who’s Really Most Vulnerable 20:11 — Elderly Crypto Retirement Liquidation Scams 21:20 — Dustin’s Grandmother Rode a Horse to School (And Why Tech Speed Matters) 22:15 — People Don’t Understand How Phones Actually Work 24:00 — Teens & AI: The New Scam Generation 25:25 — Printer Economics: “Is it Cheaper to Buy a New Printer?” 26:34 — Apocalypse Bartering: Printers, Lithium, and Ham Radios 29:01 — The Hezbollah Exploding Pagers Operation 30:12 — Chinese Electronics Bans: Are We Going Too Far? 32:19 — Consumer vs Enterprise Tech Vulnerabilities 34:00 — Free Market, Tariffs, and Why We Can’t Buy China’s Best EVs 36:00 — Why TP-Link Isn’t Malicious… It’s Just Cheap 38:15 — Regulation vs Innovation: Who Should Protect the Consumer? 39:26 — FINAL QUESTION: What’s More Secure — Your SSN, Nuclear Blueprints, Your SIM, or the Coca-Cola Formula? 43:00 — Closing + The New Catchphrase: “Be Safe, Don’t Do Anything We Wouldn’t Do.” #legitimatecybersecurity #cybersecurity #infosec #simswapping #esim #PhoneHacks #digitalidentity #databreach #techpodcasts

The Vatican just issued a massive warning about AI — and it might be the most unexpected twist in the religion-tech debate yet. Frank and Dustin dive deep into the rising spiritual panic around artificial intelligence: AI as a therapist, AI as a partner, AI as a spiritual advisor… and the truly wild question: Should an AI ever be baptized? In this episode of Legitimate Cybersecurity, we explore why major religious leaders are suddenly speaking out, whether AI could cause a crisis of faith, what it means for humanity’s spiritual future, and whether we’re all just NPCs in God's cosmic simulator. Plus: • Why people are telling AI their deepest secrets • Whether AI can “feel” anything • Star Trek’s Data vs. real-world AI • What the FIRST religion to baptize an AI will be • Why robots should NOT have teeth • Dustin invents the term “Crab with a K Cybersecurity” • Frank creates “FrankBible.ai” (please, no one do this) If you want an episode that’s funny, thought-provoking, and utterly uncomfortable in all the best ways… this one’s it. Media & interview requests: admin@legitimatecybersecurity.com Audio listeners: Subscribe everywhere or at https://legitimatecybersecurity.podbean.com/ 🧭 Chapters 00:00 – Can AI cause a crisis of faith? 00:42 – The Vatican’s AI Warning: Extinction-level concerns 01:23 – Why NOW? Dustin explains the timing 02:20 – Anthropomorphizing AI & why we do it 03:20 – AI hallucinations vs. just “breaking” 03:45 – When people start dating AI 04:30 – AI replacing spouses, therapists… and maybe pastors? 05:21 – Why the Church might be afraid of losing influence 06:19 – When religious leaders start using AI themselves 07:10 – Social media déjà vu: Echo chambers and faith 08:00 – Will AI reshape religion? 09:30 – Frank and Dustin’s childhood church trauma dump (lol) 11:00 – Can AI enhance sermons without replacing faith? 13:00 – Are religious texts just “data”? 14:45 – Using AI to process spiritual conflicts 16:00 – Danger: AI as a moral mirror 16:30 – Echo chambers & spiritual distortion 17:47 – Bible versions + algorithmic interpretation 18:37 – How do OTHER religions interpret this? 19:20 – Talking to AI = talking to yourself? 20:30 – Can AI really replace clergy? 22:00 – Faith vs. Ones & Zeros 23:30 – Will AI ever be baptized? 25:00 – Can AI “feel” emotions? Frank hopes the answer is no 27:00 – Why emotional responses ≠ AI feelings 28:30 – Philosophical chaos: Are WE God’s AI? 29:30 – Frank’s “FrankBible.ai” — the heresy arc 30:20 – Which religion baptizes AI first? The answer is spicy 31:00 – VR Church, Second Life, and digital baptisms 33:10 – Household robots, C-3PO vs. R2-D2 34:45 – Why are we building humanoid robots? 36:00 – Ewok-shaped robot companions? Dustin says no teeth 37:20 – Do we need AI commandments? 38:00 – Historical pattern: tech never actually kills religion 40:00 – Jesus as organic AI?? Frank breaks Dustin 41:00 – Are we all Sims and God is AFK? 42:00 – The wrap-up: uncomfortable but enlightening #legitimatecybersecurity #ai #religion #vatican #artificialintelligence #cybersecurity #techpodcasts #faithandtech #aiwarning #VaticanStatement #llm #ethicsinai

What happens when the most secure museum on Earth has a Wi-Fi password that’s literally “louvre”? 💎 $100 million in jewels disappear, and the world’s best art collection learns what Defense in Dumb really means. In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer unpack how the Louvre Museum was robbed in broad daylight — not just by thieves, but by bad passwords, unpatched servers, and leadership that never took cybersecurity seriously. 👉 Topics include: The Windows Server 2003 still guarding priceless art “Defense in Dumb” vs. real defense in depth Why pen tests without remediation are a waste of money How boredom and bureaucracy kill security programs The Rosetta Stone irony: stolen artifacts complaining about theft What NIST CSF, GRC, and governance diffusion all have to do with it Why multi-factor authentication isn’t two French guards and a shrug And yes — Leonardo da Vinci had better wireless security. 📩 Media & Interview Requests: admin@legitimatecybersecurity.com 🎧 Audio listeners: Subscribe on any platform → https://legitimatecybersecurity.podbean.com/ 👇 Comment below: What’s the dumbest password or security setup you’ve seen in the wild? We might feature your story in a future episode. Chapters 00:00 – Cold Open: “Imagine robbing the most secure museum on Earth…” 01:00 – Defense in Dumb: Louvre’s password was literally “louvre” 02:10 – British & French museums suddenly hate theft 03:45 – The Cyber Audit That Nobody Fixed 05:30 – Pen Testing vs. Actually Doing the Work 07:00 – Roof access, open windows, and Netflix-level stupidity 09:00 – Boring but critical: why remediation never happens 11:00 – Framework fails: ISO, NIST, GDPR, and no one enforces them 13:30 – Cyber careers, boredom, and the “borification” of information 16:00 – “It really HUMPS your packets”: why GRC isn’t sexy but matters 18:30 – Leadership without packets: Steve Jobs, Woz, and cyber blind spots 20:00 – How the Louvre failed every NIST CSF function 23:00 – MDR myths: detection ≠ protection 25:00 – APTs, insurance loopholes, and cyber blame games 29:00 – Governance diffusion: when everyone assumes someone else did it 31:00 – Legacy tech, no funding, and free open-source fixes 33:00 – PFSense, Security Onion & AI helping broke orgs 35:00 – Final Takeaway: “Leonardo da Vinci had better Wi-Fi security.” #LegitimateCybersecurity #LouvreHeist #CyberFail #DataBreach #cybersecurity #Hackers #PenTesting #InfoSec #NISTCSF #GRC #MDR #APT #CyberRisk #MuseumHeist #DefenseInDumb #WindowsServer2003

Tonight’s Halloween special gets deliciously weird. 🦇 Dustin and Frank unpack four true tech “hauntings”: • The Ghost in the Printer—Why old JetDirects spit hieroglyphics at night. • Laughing Alexa—The infamous 2018 bug that creeped out the world. • #GhostText—When delayed SMS messages arrived from the… beyond. • Grace Hopper’s Moth—The first literal computer “bug,” preserved in a logbook. We translate spooky glitches into plain-English cyber hygiene: broadcast storms, wake-on-LAN, noisy IoT, always-listening assistants, SMS spoofing, and why physical world failures (heat, humidity, insects!) still crash modern stacks. 🎤 Media & interview requests: admin@legitimatecybersecurity.com 🎧 Audio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/ 💬 Drop your own “haunted tech” stories in the comments—we may read them on-air! Chapter Breaks 00:00 – Cold open: “Possessed” printers in Portland 01:21 – Halloween setup + how we’ll demystify “paranormal” tech 02:14 – Case #1: The Ghost in the Printer (broadcast storms + wake-on-LAN) 05:01 – Why vulnerability scans make printers spit gibberish 08:32 – Broadcast packets 101 (and why Frank hates wake-on-LAN) 12:15 – Case #2: Alexa’s bone-chilling laugh (2018 trigger bug) 16:55 – Smart speakers as always-listening risk (home & remote work) 18:31 – Agentic AI + voice triggers = future home-automation threats 23:16 – Case #3: #GhostText—delayed SMS from the “afterlife” 27:42 – “HauntLater.com” (Frank’s dubious startup idea) 32:59 – Case #4: Grace Hopper and the first literal computer “bug” 36:45 – Physical world vs. digital systems (heat, humidity, pests) 39:45 – Wrap & CTA: Share your creepy tech stories #legitimatecybersecurity #cybersecurity #halloweenspecial #ghostinthemachine #infosec #smarthome #iot #gracehopper

Are we watching the ladder get pulled up? A new Harvard-linked analysis shows companies that adopt generative AI hire 7.7% fewer junior roles — a subtle shift with massive consequences for cybersecurity, tech, and the middle class. Frank Downs and Dr. Dustin Brewer break down what’s really happening: the automation sugar high, the hollowing of mid-tier careers, why experience over degree over certifications is driving gatekeeping, and how this ends if we don’t course-correct. Learn more about the study here: https://www.economist.com/graphic-detail/2025/10/13/can-ai-replace-junior-workers?giftId=c059cef1-fdf2-4e22-80f7-e8fc16f025bf&utm_campaign=gifted_article Media and interview requests: admin@legitimatecybersecurity.com Audio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/ Chapter Breaks 00:00 – Cold Open: AI is quietly killing entry jobs 00:27 – The stat nobody’s talking about 7.7 percent junior hiring drop 02:05 – Correlation vs causation pandemic and RTO chaos 03:35 – Gatekeeping madness 8 years of Swift and entry roles needing 5 years 04:50 – What employers actually value experience over degree over certs 06:20 – Why juniors are disappearing AI excels at lower-level tasks 07:40 – The seduction shareholders execs and the AI won’t leave you trap 09:00 – Societal fallout angry grads hollowed middle class 12:30 – Who replaces us if we skip training 14:10 – The wall where AI plateaus and humans must return 15:30 – Safe vs squeezed trades and specialists vs shrinking middle 16:50 – Adaptation 2.0 lessons from past automation waves 19:40 – Tech is not automatic good phones social media and productivity 23:30 – Cyber never sleeps always-on culture and cognitive offloading 25:45 – AI friends the Zuckerberg take and why it is dangerous 29:20 – Phone yes social no ethics engagement and shareholders 31:10 – Sign-off Black Mirror the void and what we do next #aijobs #cybersecurity #techcareers #futureofwork #generativeai #automation #entryleveljobs #jobmarket #middleclass #legitimatecybersecurity #ai

What happens when ONE “cloud” hiccup in Virginia slams the brakes on your life—smart beds trap sleepers, Alexa goes dumb, Venmo sputters, and enterprise apps face-plant? Frank & Dr. Dustin break down Monday’s AWS DNS outage, why the internet’s “old bones” (DNS/IPv4) still run everything, how dependency hell spreads a local failure worldwide, and whether Web3/IPv6/real decentralization can stop the next domino run. 👂 Audio listeners: subscribe on any podcast platform via our feed: https://legitimatecybersecurity.podbean.com/ 🎤 Media & interview requests: admin@legitimatecybersecurity.com Chapters below. Drop your wildest “my house broke when AWS sneezed” story in the comments. ⬇️ Chapter Breaks 00:00 – Cold Open: “This was Monday” doomsday (beds, banks, Blackboard) 00:50 – DNS for Normals: the internet’s phone book (and why it failed) 02:45 – Single Point of Failure? us-east-1 and the centralization problem 04:03 – “There is no cloud, it’s someone else’s computer” (and your bed’s on it) 05:21 – How a regional outage went global: dependencies & third-party calls 06:40 – SBOMs, supply chain, and internet-scale dependency hell 07:24 – Pi-hole story: when your home DNS goes down, everything stops 09:12 – Resiliency vs reality: why some services lived while others died 10:45 – The domino stack: uptime, TTLs, and stale DNS making pain linger 12:18 – Could IPv6 help? (and why we still haven’t adopted it) 14:25 – “Second-gen DNS”: what would a safer, faster resolver look like? 16:07 – Monopoly math: if busting big clouds won’t happen, what will? 18:47 – Web3/Blockchain as a decentralized DNS idea—promise & tradeoffs 20:13 – Tor ≠ the model: decentralization without the dark-web baggage 22:20 – AI as infrastructure: power, cost, and more single points of failure 23:53 – Why blockchain never got sexy (and why it still might) 26:24 – Ghosts in the machine? (Spooky season teaser) 27:54 – Wrap: what to do before the next Monday #aws #dns #outage #cloudcomputing #cybersecurity #web3 #ipv6 #smarthome #supplychain #sbom #devops #incidentresponse