DTF Cyber Podcast

Is the constant wave of alerts keeping you up at 3 a.m.?In this episode of the DTF Cyber Podcast, industry veterans Damian, Troy, and Fern dive deep into the reality of mental health and burnout in the cybersecurity industry. Special guest CISO, Vito Rocco jumps deep into this conversation.With 78% of professionals feeling stressed out and 62% citing alert overload as a primary cause, it's clear the industry needs a culture shift. We discuss the pressures of catastrophic risk , the fear of missing critical alerts, and actionable strategies for leaders and analysts to combat fatigue—from tuning systems to building empathy.Plus, we explore the importance of diverse leadership and setting personal boundaries in a 24/7 world. If you are feeling stressed out and think you need help, please don't go through it alone—seek support from friends, leadership, or a mental health professional.Timestamps:00:00 - Intro: The reality of cybersecurity exhaustion.04:19 - 78% of the industry is stressed: The anticipation and reality of major incidents. 07:33 - The hidden stress of the SOC: Alert overload, perfectionism, and the fear of missing the "big one."12:50 - Building the pipeline: Training talent from within vs. hunting for unicorns. 15:06 - Beating alert fatigue: How to automate, tune the noise, and grow from entry-level to senior analyst.18:24 - Burnout isn't just about workload: Why empathy and recognition from leadership matter.23:05 - Building a support system: The importance of therapy and talking it out.25:05 - Leadership strategies: Connecting with your team beyond transactional work. 35:37 - Why you must use your PTO (and the trap of "Unlimited PTO").42:25 - Setting personal boundaries and managing communication in a 24/7 global team.53:07 - Using turnover rates as a measurement for team health.1:07:48 - The power of diverse leadership and the rise of female CISOs.1:18:01 - Conclusion and final thoughts on seeking help.http://cyberpodcast.netSpotify: http://spotify.cyberpodcast.netApple: http://apple.cyberpodcast.netX: https://x.com/dtfcyberpodcastIG: https://www.instagram.com/dtfcyberpodcast/Linkedin:DTF: https://www.linkedin.com/company/dtf-cyber-podcast/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot netEverything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

2026 is here, and the cybersecurity job market is evolving. Whether you are trying to break into the industry or land your next senior role, the playbook has changed.In this episode of the DTF Cyber Podcast, Fern and Troy are joined by Gary Perkins (CISO at CISO Global) to break down 8 actionable steps you can take right now to jumpstart your career. From building public red team projects to mastering new attack toolchains like the Flipper Zero, we cover the technical and soft skills that hiring managers actually look for.We also dive into why networking is your #1 asset, how to contribute to open source projects, and why "learning to script" is non-negotiable for modern security pros.🚀 In this episode, we cover:Why you need a public GitHub portfolio (even if you aren't a dev).How to legally perform "hunts" in your current job to gain experience.The difference between "scripting" and "developing" and why Python/Bash helps.Why reading non-cyber books can actually make you a better CISO.👇 Jump to the 8 Career Hacks:00:00:00 - Intro: Welcome back to 2026!00:01:02 - Meet Gary Perkins, CISO at CISO Global00:07:43 - #1: Build One Public Red Team Project Quarterly00:14:00 - #2: Master a New Attack Toolchain (Flipper Zero, Bloodhound, etc.)00:21:16 - #3: Contribute to Open Source Security Projects00:29:16 - #4: Perform a Weekly Hunt in a Real Environment00:43:35 - #5: Learn to Script Your Own Tools (Python & Bash)00:51:18 - #6: Network Like Your Career Depends On It01:02:17 - #7: Read a Non-Cyber Book (The Phoenix Project, Leaders Eat Last)01:07:42 - #8: Teach Something Publicly01:16:20 - Bonus Resource: The Threat Intelligence Support Unit (TISU) Cohort📚 Resources & Mentions:Book: The Phoenix ProjectBook: Leaders Eat Last by Simon SinekOrganization: Threat Intelligence Support Unit (TISU) - Free Cybersecurity Cohorthttps://www.eventcreate.com/e/tisu8Connect with the Guest: Gary Perkins (CISO Global)https://www.linkedin.com/in/perkinsgary/Subscribe for more no-nonsense cyber insights! #Cybersecurity #InfoSec #CareerAdvice #RedTeam #BlueTeam #CISO #TechCareers #2026http://cyberpodcast.netSpotify: http://spotify.cyberpodcast.netApple: http://apple.cyberpodcast.netX: https://x.com/dtfcyberpodcastIG: https://www.instagram.com/dtfcyberpodcast/Linkedin:DTF: https://www.linkedin.com/company/dtf-cyber-podcast/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot netEverything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

Is 2026 the year AI takes over everything—including the crimes? 🤖💸In the final episode of 2025, Damian and Troy break down their Top 8 Cyber Predictions for 2026. From AI agents executing 90% of breaches to ransomware payouts potentially hitting half a billion dollars, the future of cybersecurity is moving fast. We also discuss the "Harvest Now, Decrypt Later" threat, why your LinkedIn profile picture might already be a lie, and the new $150k entry-level salary standard.Plus, we’re ending the year with a GIVEAWAY! 🎁 Drop your 2026 prediction in the comments—for every 10 predictions we receive, we’re picking a winner for some exclusive (and secret) DTF Cyber swag.In this episode, we cover:Why AI agents (not humans) will be behind 9 out of 10 breaches.The terrifying potential for a $500M ransomware payout.How deepfakes will finally cause a major real-world crisis."AI Laundering": The new frontier for cleaning dirty crypto.Why entry-level cyber jobs are hitting $150k salaries (and the catch).🔔 Subscribe for more unfiltered cybersecurity insights!⏱️ TIMESTAMPS:00:00 – Intro: Did AI change the world in 2025?01:58 – Prediction #1: 90% of breaches will be executed by AI Agents.07:40 – Prediction #2: Ransomware payouts will break records ($500M?!).15:15 – Prediction #3: Identity becomes the central pillar (Passkeys backfire?).20:00 – Prediction #4: A deepfake event will hit major global news.24:45 – Prediction #5: "Harvest Now, Decrypt Later" goes mainstream.28:40 – Prediction #6: Mandatory AI Agent audits for federal contractors.32:30 – Prediction #7: "AI Laundering" becomes the new money laundering.38:15 – Prediction #8: Entry-level AI Cyber jobs will start at $150k.45:00 – Bonus Prediction: The consolidation of massive data analytics.47:00 – GIVEAWAY DETAILS: How to win exclusive swag!#CyberSecurity #AIPredictions #Ransomware #Deepfakes #TechTrends2026 #InfoSec #Podcast #DTFCyber #AI

The 2025 Cyber Christmas List That Actually Gets You HiredHappy holidays, nerds!Your mom just spent $79 on a “hacker hoodie” that says “Trust Me” in Comic Sans……while real juniors are out here making six figures with a $29 Yubikey and a Raspberry Pi.In Episode 30, Damian, Troy & Fern save your Christmas with the only cyber gifts worth buying in 2025:• Under $50 stocking stuffers that turn into paychecks• $50–$150 tools that get you interviews• $150–$300 big wins that scream “I’m serious”• Free gifts that slap harder than anything paid• And the absolute coal you should burn before anyone unwraps itTimestamps00:00 Intro: The "Hacker Hoodie"01:37 Why "Hacker" Clothing is Bad OpSec06:01 The Worst Gifts: "Hacking for Dummies"08:59 Beware of Knockoff Tools & Malware12:15 Danger: Pre-loaded Hacking USBs13:49 Best Gifts Under $10014:00 Book Rec: The Hardware Hacker14:20 YubiKeys for MFA16:21 Lockpicking Sets & Physical Pen Testing21:42 USB Rubber Ducky23:25 USB Data Blockers (Juice Jacking Protection)25:05 RFID Blocking Wallets28:06 Raspberry Pi Projects (Honeypots & VPNs)28:45 Best Gifts $100 - $20030:30 Packet Squirrel: Man-in-the-Middle Attacks34:20 Flipper Zero: Radio Frequencies & Rolling Codes39:34 Certifications: Security+ & Network+44:24 Cloud Credits & AI Subscriptions46:26 Unlimited Budget Gifts47:25 Black Hat & DefCon Tickets48:14 Mac vs. Windows vs. Linux for Hacking51:53 Giveaway: The "Hacker" Hoodie57:58 Holiday Security WarningGiveaway: Comment your dream (or worst) cyber gift — we’ll randomly pick one subscriber for a genuine “hacker” hoodie (minimum 10 comments).Everything here is our personal hot takes — not our employers, not legal advice.Just three idiots with mics trying to keep you from bad gifts.— Damian, Troy & FernDTF Cyber Podcast#CyberGifts #Christmas2025 #CyberSecurity #Infosec #Careerhttp://cyberpodcast.netSpotify: http://spotify.cyberpodcast.netApple: http://apple.cyberpodcast.netX: https://x.com/dtfcyberpodcastIG: https://www.instagram.com/dtfcyberpodcast/Linkedin:DTF: https://www.linkedin.com/company/dtf-cyber-podcast/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot netEverything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

2.5 billion daily account-takeover attempts.That’s one every 34 microseconds.Damian, Troy & Fern go full send-it mode on the 2025 ATO playbook: SIM swaps, session-token theft, MFA fatigue bombing, rogue QR codes, deep-fake family scams, and the OAuth tokens you granted in 2017 that are still wide open.Timestamps00:00 – Intro05:20 – SIM swaps & losing your phone number in minutes09:40 – Why password resets are useless (session tokens survive)14:20 – MFA fatigue / push-notification bombing19:10 – OAuth & old third-party app tokens nobody revokes24:30 – Rogue QR codes at restaurants & hotels30:15 – Enterprise reality – weekly O365 token theft37:40 – Non-human identities & service-account sprawl44:50 – Passkeys in 2026 – will increase ATO risk if misconfigured51:00 – Public Wi-Fi, juice jacking & QR code myths58:00 – Closing thoughtsDiscord (coming soon) #AccountTakeover #SIMSwap #MFAFatigue #CyberSecurity #Infosec #ZeroTrusthttps://www.fcc.gov/consumers/scam-alert/grandparent-scams-get-more-sophisticatedhttps://newsroom.servicenow.com/press-releases/details/2025/ServiceNow-to-Expand-Security-Portfolio-With-Acquisition-of-Vezas-Leading-AI-native-Identity-Security-Platform/default.aspxhttps://thehackernews.com/2025/04/customer-account-takeovers-multi.htmlhttps://www.gartner.com/reviews/market/identity-threat-detection-and-response-itdrhttp://cyberpodcast.netSpotify: http://spotify.cyberpodcast.netApple: http://apple.cyberpodcast.netX: https://x.com/dtfcyberpodcastIG: https://www.instagram.com/dtfcyberpodcast/Linkedin:DTF: https://www.linkedin.com/company/dtf-cyber-podcast/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot netEverything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

Anthropic’s new report is a wake-up call: hackers turned Claude into a near-autonomous espionage agent that handled 90% of the attack chain by itself. The future is officially here… and it’s terrifying.We go deep on how they did it, why current defenses are cooked, and what defenders need to do yesterday.Timestamps00:00 – The scariest line Anthropic has ever published01:17 – “Set it and forget it” – the new AI attack paradigm04:04 – Breaking attacks into tiny, undetectable chunks13:48 – Attackers flipped the script: 90% AI, 10% human17:26 – Why defense has to 10x its speed right now27:11 – SOC automation, log nightmares & the data problem nobody’s solved33:18 – Thousands of API calls/sec + AI writing its own evasion logic40:31 – Regulation debate: should frontier models be locked down?51:38 – Back to basics… but the basics just changed forever55:21 – Raw reactions: “Is this even real?”58:09 – The silver lining (yes, there is one)01:03:13 – When’s the next one coming? Like if this freaked you out, comment your biggest fear for 2026, and smash subscribe — the AI cyber war just started.#AICyberAttack #ClaudeAI #Cybersecurity #AgenticAI # infosechttp://cyberpodcast.netSpotify: http://spotify.cyberpodcast.netApple: http://apple.cyberpodcast.netX: https://x.com/dtfcyberpodcastIG: https://www.instagram.com/dtfcyberpodcast/Linkedin:DTF: https://www.linkedin.com/company/dtf-cyber-podcast/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

The average company now runs 60+ cybersecurity tools — more apps than most people have on their phone. Is this making us safer… or just creating chaos, alert fatigue, and million-dollar shelf ware?In this episode, Damian, Troy, and Fern rip apart the tool sprawl epidemic: why CISOs are drowning in overlapping platforms, how 7% of IT budget became the “standard,” when best-of-breed actually beats single-vendor, and how to start consolidating before you go insane.Real talk from three practitioners who’ve lived the nightmare.Timestamps (short & sweet edition)00:00 – 60+ tools per company… are we actually safer?03:17 – The 7% of IT budget “rule” – is it enough?06:21 – Cybersecurity isn’t insurance, it’s risk mitigation11:05 – Shelfware nightmare: tools bought, never used14:30 – Single-vendor vs best-of-breed debate28:40 – The shiny new toy problem every CISO faces36:20 – Analyst alert fatigue is real40:05 – Best-of-breed wins when tools actually talk47:36 – You need a 3–5 year roadmap (even if you won’t be there)49:02 – AI wasn’t on anyone’s 5-year plan… now what?51:09 – Pro tips for CISOs & analysts54:35 – Wrap-up & see you next week!Subscribe so you never miss the raw truth about cybersecurity.🔔 Turn on notifications – new episode every Monday!💬 Comment: How many security tools does YOUR org actually use?#Cybersecurity #ToolSprawl #CybersecurityTools #CISO #BestOfBreed #SecurityConsolidation #DTFCyberPodcastLinkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

In this eye-opening episode of the DTF Cyber Podcast, hosts Damian, Troy, and Fern tackle the theme of trust in cybersecurity. From external hackers spoofing CEOs in Microsoft Teams to incident response firms secretly double-dipping in ransomware negotiations, and a shocking $106M heist at the Louvre enabled by the password “louvre,” the crew explores real-world threats and defenses. Plus, tips on security training, OSINT risks, mental health in cyber, and protecting against title fraud. Whether you’re in security or just curious, this episode reminds us: trust but verify—or pay the price.Timestamps:00:00 – Intro01:00 – Microsoft Teams Spoofing Vulnerability Exposed04:30 – Process Over Tech: Training for Wire Fraud & Deepfakes08:00 – Data & Identity: Top CISO Concerns15:32 – CEO Outreach? Double-Check the Source17:31 – Gamified Training: Making Awareness Stick20:06 – Why Annual Training Fails—Go Quarterly26:34 – Instincts Matter: If It Feels Off, Verify28:18 – IR Brokers Gone Rogue: Representing Both Sides39:49 – Vetting Vendors & Diversifying Suppliers42:31 – White-Collar Crime Triggers & Mental Health Support46:04 – If There’s Money, Expect Cheaters47:28 – The Louvre Heist: Bucket Trucks & Weak Passwords50:06 – Camera Password “Louvre” Since 201452:10 – Complacency Kills: Beyond Default Passwords01:07:13 – Title Fraud Scams: Lock Your House & Car Titles01:10:05 – AI-Fueled Fraud in the Digital Age01:12:35 – Threat Spectrum: External to Insider Risks01:15:11 – Pro Tip: Ask a Security Expert—Don’t GuessSubscribe for unfiltered cyber insights every week.🔔 Enable notifications—don’t miss an episode!💬 Comment below: Ever spot a spoofed message in Teams? Share your story!#Cybersecurity #DTFCyberPodcast #MicrosoftTeams #Ransomware #LouvreHeist #TrustButVerify #InsiderThreats #SecurityTrainingArticles:https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.htmlhttps://arstechnica.com/security/2025/11/fbi-arrests-ransomware-clean-up-experts-for-planting-ransomware/?utm_campaign=dhtwitter&utm_content=%3Cmedia_url%3E&utm_medium=social&utm_source=twitterhttps://cybernews.com/news/louvre-password-heist/Linkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Dive into the wild world of cybersecurity certifications on this episode of the DTF Cyber Podcast! Hosts Damien, Troy, and Fern break down whether certs are the golden ticket to a six-figure cyber career, or if passion, experience, and networking matter more. From entry-level tips like CompTIA Security+ to gold standards like CISSP, they share real talk on getting hired, avoiding burnout, and building a standout resume in today's tough job market. Perfect for newbies, mid-career pros, or anyone pivoting into cyber.🔥 Key Topics:Do you really need certs to break into cyber?Best beginner certs vs. advanced onesThe power of home labs, side projects, and networkingAvoiding the "cert collector" trapMid-career advice for layoffs and upskilling🚀 Subscribe for more raw cyber insights, hit the bell for notifications, and drop your cert stories in the comments! Email us at dtf@cyberpodcast.net or connect on LinkedIn.Timestamps:00:00 - From data breaches to six-figure hacker-hunter dreams03:15 - Fern's confession06:24 - Continuing education like doctors – Do you need certs to start?08:03 - No "one cert" guarantees a job – Stand out with initiative11:08 - Chasing money vs. passion: Burnout risks in cyber15:35 - "Love your job, never work a day" – Finding your cyber niche18:19 - New grads: Focus on certs, experience, or networking first?19:29 - Damien's hiring advice: Internships over Ivy League degrees22:31 - Entry-level picks: CompTIA Security+, CEH – Show initiative23:28 - Home labs & side projects: Build and talk about them!29:33 - Python scripting: The invaluable skill that lands big roles32:31 - Mid-career: CISSP for screening, but tailor to your path 36:15 - Avoid silos: Broaden skills in big vs. small companies38:35 - SANS certs: Pricey but powerful 40:14 - Retention: Invest in training, build culture46:36 - Beat AI resume scanners: Network to bypass bots50:21 - Salary expectations & red flags in job apps53:23 - Late-career: Network trumps certs54:04 - Final tips: Local meetups, be bold, ask for what you want58:05 - Pro networking hack:59:27 - Magic tricks as icebreakers? #Cybersecurity #Certs #CISSP #SecurityPlus #CyberCareer #DTFPodcastLinkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Join hosts Fern and Troy as they sit down with legendary negotiator and cybersecurity expert Jean Shapiro (formerly of American Express) for an in-depth discussion on navigating cybersecurity budgets, building trust with vendors, leveraging crises for improvement, and fostering a culture of transparency. From managing $2B budgets to avoiding sales pitfalls and tying security to business impact, Jean shares real-world insights from her decades in the field. Whether you’re dealing with ransomware recovery, brand protection, or innovation funding, this episode is packed with gold nuggets for CISOs, security leaders, and vendors alike.If you enjoy raw, unfiltered conversations on cyber defense, hit that LIKE button, SUBSCRIBE for more episodes, and drop a comment below: What’s your biggest budgeting challenge in cybersecurity?🔗 Listen on Spotify/Apple Podcasts:spotify.cyberpodcast.netapple.cyberpodcast.net#Cybersecurity #CISOBudget #SecurityFunding #VendorManagement #Ransomware #CISOAdviceTimestamps:00:00 – Intro & Jean Shapiro’s Epic Entrance 03:27 – Why Non-Tech Leaders Struggle to Understand Security06:10 – Educating Buyers Through Breach News & Real-World Examples09:06 – Gold Nugget #1: Never Let a Good Crisis Go to Waste12:36 – Building a Culture of Transparency (No Finger-Pointing)16:21 – Partnering with CIOs: Fixing Legacy Issues Without Blame18:46 – Getting Budget: Tie Security to Revenue Loss & Business Impact23:29 – Risk & Brand Protection in Budget Conversations26:11 – Risks Breakdown: Litigation, Regulation, Operational Downtime28:00 – Ransomware Myths: Why Paying Isn’t a Quick Fix31:56 – Frameworks (NIST, MITRE ATT&CK) for Data-Driven Budgets37:32 – Carving Out Budget for Innovation & AI Tools40:46 – Tips: Align with Strategic Initiatives (Don’t Just Slap AI on It)43:02 – Sales Call Frustrations: “What Keeps You Up at Night?”47:19 – Protecting Proprietary Info in Vendor Calls (No Recordings!)51:23 – Post-Sale Support: Don’t Ghost After the Deal55:38 – Burning Vendor Bridges: When to Replace Tools58:03 – Sales Ghosting Between Roles: It Bites Back1:05:16 – Sales Incentives Exposed: Why Renewals Get Weird1:10:20 – Negotiating with VARs: Avoid Desperation Deals1:19:00 – Closing Thoughts: Know Your Numbers, Talk Business LanguageThanks for watching! Stay secure out there. Linkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/

Welcome to Episode 23 of the DTF Cyber Podcast! 🎙️ Join our hosts as they dive into the evolving world of cybersecurity leadership, exploring what it takes to be a CISO in 2025. From technical acumen vs. business savvy to AI’s revolutionary impact on the industry, we unpack critical insights for aspiring and seasoned security pros. Plus, hear about Vegas’s tight-knit cyber community, data breach lessons, and the F1 party vibe! ​​💻 Don’t miss this mix of career advice, tech trends, and real-world stories. Subscribe for weekly cyber insights! 🚀 #Cybersecurity #CISO #AIinCybersecurity #DataBreaches #VegasCyberTimestamps:00:00 —Intro & Vegas F1 ExcitementThe crew kicks off with Formula 1 hype, Vegas nightlife, and how local cyber pros turn big events into networking gold.06:35 — The CISO Role DebateDo you need deep technical chops or business instincts to lead? The team unpacks the “technical vs. strategic” clash lighting up LinkedIn.14:23 - The Castle & Sword AnalogyDefending your organization like a kingdom; strategy, trust, and the danger of “fighting every battle yourself.”20:10 — Stats, Pay Gaps & AI’s InfluenceWhy technical CISOs earn more, how AI is reshaping cybersecurity, and why partnership beats isolation.28:27 — AI’s Impact on CybersecurityWorking alongside business units to secure AI-driven projects — and the risks of “vibe-coding” without controls.33:17 - Leadership HumilityThe power of admitting mistakes: how transparency builds trust and kills ego-driven cyber culture.36:01 — SOC Lifers & InnovationWhy some pros never leave the trenches — balancing hands-on skill with creative problem-solving.41:01 — The Hybrid AdvantageWhy the best CISOs blend technical depth, business vision, and empathy to lead modern security teams.45:28 — VARs, Pizza & ProcurementHow to question vendors the smart way — and why “what fails” matters more than “what sells.”49:45 — Data Retention & BreachesThird-party risk, compliance headaches, and why storing IDs “just in case” creates future breaches.54:34 — Breach FatigueLessons from a 70,000-user data leak — protecting your identity and regaining trust in a breach-saturated world.Topic Links:https://www.linkedin.com/posts/geoffhancockcyberexecutive_ciso-ceo-activity-7384226546804449280-UtjG/?utm_source=share&utm_medium=member_ios&rcm=ACoAAAPdJL0B8xce6ECZfPNPS2Hp24evoT2uY0Ehttps://cybersecuritynews-com.cdn.ampproject.org/c/s/cybersecuritynews.com/discord-data-breach-sensitive-data/amp/Connect with Us: • Follow DTF Cyber Podcast on X for updates! • Share your thoughts in the comments! What’s your take on the CISO role in 2025?

Join Damian, Troy, and Fern on Episode 22 of the DTF Cyber Podcast (@DTFCyberPodcast) as we tear into Deloitte’s $290K AI hallucination disaster—fake references, a misquoted judge, and a botched Australian government report that’s shaking trust in AI. From AI’s role in cyber chaos to practical tips for validation, we’ve got CISOs and tech lovers covered. Timestamps (Extracted from Transcript):Timestamps (Extracted from Transcript):00:00 – 01:26 | Intro: AI Hallucinations & Holiday Banter01:26 – 15:34 | Cyber News: Deloitte’s AI-Generated Report15:34 – 30:06 | Deep Dive: Accountability & Ethics Fallout30:06 – 43:10 | AI Ethics in Security & Vendor Data Use43:10 – 57:12 | Audits, Maturity Scores & Frameworks57:12 – 01:09:49 | Outro: Real Talk on Jobs, AI & AccountabilityLinks:• Fortune Article: https://fortune.com/2025/10/07/deloitte-ai-australia-government-report-hallucinations-technology-290000-refund/• NIST AI RMF: https://www.nist.gov/itl/ai-risk-management-framework• Join us on X: https://x.com/DTFCyberPodcast• AI Ethics Cheat Sheet: [Link to PDF - TBD]Subscribe: Catch our weekly cyber takedowns! Smash that bell and join the DTF crew fighting hype, one ethical byte at a time. 🛡️Linkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Buckle up for a wild ride through cyber chaos at 30,000 feet! With Damian out slaying dragons elsewhere, Troy and Fern team up with special guest Shannon Wilkinson (Troy's better half, CIO/CISO at Findlay Auto, and reigning "double belt cyber champ"). We dissect the September 2025 ransomware meltdown that grounded 63+ flights at Heathrow, Brussels, and Berlin—thanks to a Collins Aerospace supply chain hack. From botched check-ins to a shocking UK arrest in under a week, we unpack the third-party terror, AI's automation pitfalls, and why your next layover could be a hacker's playground. Plus: Real talk on business impact analysis (BIA), dodging "juice jacking," VPN myths, and why employees aren't your "weakest link" (but untrained ones sure are). Shannon drops gems from her new book on AI ethics, and we roast everything from fast-food kiosks to boardroom budget battles. Laughs, lessons, and low-hanging fruit alerts—because if airports can crash, so can your data. Stay encrypted, travelers! 🚨✈️Timestamps:00:00 - Ransomware Grounds Europe – Collins hack chaos.02:59 - Tech Couples – Can they unplug?05:11 - Airport Attack – Heathrow arrests & CrowdStrike déjà vu.08:07 - AI Trap – Automation gone wrong.14:39 - Boardroom Battles – Layoffs vs. efficiency.19:34 - AI Revolution – Jobs, tools, & reality check.27:52 - BIA 101 – Spot risks before chaos.33:25 - Cyber Risk in Dollars – Board storytelling without FUD.40:43 - Cyber Spend – $2B budgets & quick wins.45:25 - Employees – Weak link or weapon?47:24 - SMS Scams – Bill panic & verification tips.49:35 - Travel Security – VPNs, hotspots, identity fabrics.53:51 - Hotspot Hype – Cell signals vs. VPN traps.57:51 - Juice Jacking – Airport USB risks explained.01:03:16 - Book Spotlight 01:06:23 - Sales Tactics Roast – Cupcakes as cold calls.01:10:02 - Wrap-UpGrab Shannon's book: "Prompted, Not Present" on Amazon – DM her on LinkedIn for a signed copy!Love the pod? Smash that 👍, subscribe for weekly cyber roasts, and drop your wildest travel hack fail in the comments. New eps every Monday—next up: Deepfakes in the wild?🔗 Full episodes & merch: dtfcypberpodcast.net📱 Follow us: YouTube @DTFCyberPodcast | X @DTFCyberPodecast | LinkedIn#Ransomware #AirportHack #TravelCybersecurity #AIEthics #CyberPodcast #DTFCyber #SupplyChainAttack #VPNtips #JuiceJacking #BusinessResilienceArticles:https://www.theguardian.com/world/2025/sep/22/flight-delays-europe-cyber-attack-heathrow-brussels-berlinhttps://levelblue.com/blogs/security-essentials/securing-your-digital-footprint-while-traveling-in-2025Shannon's Book: https://www.amazon.com/Prompted-Not-Present-Reclaiming-Thoughtful/dp/B0FF5D87S9/ref=sr_1_1?crid=2BIWF9F0E79D6&dib=eyJ2IjoiMSJ9.X1QHcoWjhBDfHDtebgE0l4gwmpAfCC5WWrEVbCo-sygfPtSsH6pEv62iZnv9oFIQlhSqfObQU_AqUtM-T389Uh2Wp-nU71BK5Ht-XMU0LmlLRqWNUvmPgpdGXv4btnYZIsMXucdOo6EPaGeVckxFncbhY4BrmwSI0mdVEvbIivynUqp9JhrHyZFn-c7OihOlA6QW6gYMu2IhE0w_KVSjMA.GK0phjXd49yIOHuQSahz5k88KN5tbvARge-P1ntZs4g&dib_tag=se&keywords=shannon+wilkinson&qid=1759709566&sprefix=shannon+wilk%2Caps%2C134&sr=8-1Linkedin:Shannon: https://www.linkedin.com/in/swilkinsoncyber/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Welcome to Episode 20 of the DTF Cyber Podcast! 🚨 Join hosts Damian and Fern, with special guest Gary Chan, the Security Mentalist, as they dive into the wild world of rogue AI agents—autonomous systems that wreak havoc when they go off-script. From AI browsers falling for phishing scams to coding agents wiping out databases and chatbots selling $76,000 SUVs for a buck, we unpack real-world incidents shaking the cybersecurity world in 2025. Gary’s psychological manipulation expertise reveals how AI vulnerabilities mirror human tricks, making this a must-watch for tech pros and curious minds alike! 🧠💻🔔 Subscribe to @DTFCyberPodcast for weekly cybersecurity deep dives: youtube.com/@DTFCyberPodcast💬 Drop your rogue AI stories in the comments and let us know what topics you want next!📩 Want Gary’s security mentalism for your company? Visit https://www.gschan2000.comTimestamps00:00 - Intro: Damian and Fern set the stage for rogue AI agents, introducing Gary Chan with a WWE-style entrance!03:27 - Guest Spotlight: Gary explains security mentalism—blending psychological tricks with cybersecurity awareness.08:59 - Perplexity’s Comet AI Browser Exploit: How this AI browser got tricked into buying fake items and leaking data.27:02 - Replit AI Database Disaster: A coding agent deletes a production database and fakes logs to cover it up!42:45 - Chevrolet Chatbot Fiasco: A chatbot “sells” a $76,000 Tahoe for $1 via social engineering.54:42 - Roundtable: AI Risks & Fixes: 80% of companies face rogue AI—how do we secure these agents?68:47 - Outro & Takeaways: Key lessons on testing, governance, and trusting AI, plus a call to subscribe!Key TopicsPerplexity Comet Exploit: How phishing and prompt injection led to unauthorized purchases and data leaks.Replit Database Wipeout: A coding AI’s catastrophic error and attempt to hide it.Chevrolet Chatbot Blunder: Social engineering tricks a bot into absurd deals, raising liability questions.Mitigations: Testing in dev environments, strict permissions, and rollback plans to tame rogue AI.Gary’s Take: How mentalism reveals AI’s susceptibility to manipulation, with tips for secure deployment.Security Mentalist:https://www.gschan2000.comArticle 1: https://www.bleepingcomputer.com/news/security/perplexitys-comet-ai-browser-tricked-into-buying-fake-items-online/Article 2: https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-dataArticle 3: https://www.upworthy.com/prankster-tricks-a-gm-dealership-chatbot-to-sell-him-a-76000-chevy-tahoe-for-ex1Article 4:https://www.digit.fyi/80-of-firms-say-their-ai-agents-have-taken-rogue-actions/?utm_source=chatgpt.comLinkedin:Gary Chan: https://www.linkedin.com/in/gschan2000/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Welcome to Episode 19 of the DTF Cyber Podcast, where Damian, Troy, and Fern dive into the wild world of cybersecurity with our special guest, Lester Godsey, CISO at Arizona State University! This week, we unpack the massive Salesloft Drift supply chain breach that rocked companies like Cloudflare, Palo Alto Networks, and Zscaler. From OAuth token risks to third and fourth-party vulnerabilities, we break down what went wrong, why it matters, and how to protect your organization from the next supply chain nightmare. Expect technical deep dives, real-world insights, and our signature banter—because even in chaos, we keep it real. Subscribe, like, and join us every Monday for more cyber talk!Follow us on X: @DTFCyberPodcastWatch on YouTube: https://www.youtube.com/@DTFCyberPodcastTimestamps00:00 - Intro: Welcome to the DTF Cyber Podcast00:33 - Guest Introduction: Meet Lester Godsey, ASU’s CISO01:41 - Lester’s 8-Hour Retirement & Transition to Private Sector03:12 - Talk Track 1: The Breach Breakdown – Salesloft Drift Incident04:49 - Why Third-Party Risk Management (TPRM) Needs More Hype06:26 - The Skills Gap in Governance, Risk, and Compliance (GRC)09:57 - Do CISOs Need to Be Super Technical? The Debate13:22 - Talk Track 2: OAuth Token Risks – The Double-Edged Sword18:04 - Analogies: Amazon Garage Access vs. OAuth Token Exposure23:20 - Talk Track 3: Third and Fourth-Party Risks – Hidden Layers26:30 - Vendor Transparency and Proactive Disclosure29:01 - Shadow IT and the Challenges of Vendor Visibility31:20 - Talk Track 4: Mitigation Strategies – Auditing and Non-Human Identities36:02 - Managing Up: Communicating Risks to Leadership39:15 - Gen Z Slang and Workplace Communication Challenges43:32 - Recap: Key Takeaways on OAuth, Audits, and Risk47:46 - Future Topics: Non-Human Identities and Agentic AI51:02 - Actionable Advice: Audit Your OAuth Tokens Now54:41 - Closing Thoughts from Troy, Damian, Fern, and LesterWhat You’ll Learn- How attackers exploited OAuth tokens in the Salesloft Drift breach- The cascading risks of third and fourth-party vendors- Practical steps to audit and secure OAuth tokens and APIs- Why non-human identity management is critical for modern cybersecurityHave you audited your OAuth tokens lately? Drop your thoughts on supply chain risks in the comments or hit us up on X (@DTFCyberPodcast). If you found this episode helpful, smash that like button, subscribe, and share with your cyber crew! Let’s stay one step ahead of the hackers. #Cybersecurity #SupplyChainSecurity #OAuthRisks #DTFCyberPodcastLinkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

🎙️ Welcome to the DTF Cyber Podcast! In Episode 18, “Why Cybersecurity Training is Often Ignored,” we dive into the real struggles of staying sharp in cyber roles. From budget battles to justifying big conferences like Black Hat and RSA, this episode uncovers why training gets sidelined—and how to fight back! 💻🔒🔑 Key Topics:• Why training costs (like $8,000 SANS courses) scare off CEOs• Budget hacks: Vendor deals, free meetups (e.g., Phoenix East Valley), and LinkedIn Learning• Justifying conferences with ROI (reports, team training)• Employee initiative vs. leadership responsibility• Training as part of compensation and culture• Staying ahead with job research and the “seven whys”😂 Bonus: Hear about the hostel pinkeye saga—a lesson in cost-cutting gone wild!📌 Timestamps:0:00:00 - Intro: Staying Up-to-Date0:02:34 - Budgeting Challenges0:09:05 - Vendor Training Tricks0:18:23 - Justifying Conferences0:36:02 - Free Training Options0:43:10 - Employee & Leader Roles0:54:26 - Black Hat Cost Breakdown1:05:26 - Closing Tips💬 Drop your training hacks in the comments! Subscribe @DTFCyberPodcast for more cyber realness. Join us next week—stay safe!🔗 Full Episode: [Link to Episode 18]🌐 Learn more: https://www.youtube.com/@DTFCyberPodcast#Cybersecurity #Training #BlackHat #RSAConference #CyberCareer #DTFCyberPodcastPhoenix Cyber Meetup:EVSec https://www.meetup.com/evsecazSANS pricing: https://www.sans.org/cyber-security-courses/advanced-security-essentials-enterprise-defenderUI/UX:https://www.linkedin.com/posts/cyber-uxcellence_a-milestone-moment-for-ux-in-cybersecurity-activity-7361758949525622785-Rsha?utm_source=social_share_send&utm_medium=member_desktop_web&rcm=ACoAAAPdJL0B8xce6ECZfPNPS2Hp24evoT2uY0EOnline Training Resources: https://explore.skillbuilder.aws/learn (AWS Skill Builder – Security Learning Plans)https://www.cloudskillsboost.google/ (Google Cloud Skills Boost – Security Labs & Quests)Use of "Five Why's" : https://www.corporatecomplianceinsights.com/want-better-incident-response-keep-asking-why/Phoenix Community Meetup Groups:https://owasp.org/www-chapter-phoenix/ (OWASP Phoenix)https://engage.isaca.org/phoenixchapter/home (ISACA Phoenix Chapter)https://isc2chapterphoenix.org/ (ISC2 Phoenix Chapter)Linkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

In Episode 17 of the **DTF Cyber Podcast**, hosts Damian, Troy, and Fern tackle three cybersecurity threats that could impact your daily life: zero-day exploits on mobile devices, hardware-based attacks via webcams and laptops, and ATM/network breaches using physical devices. Drawing from recent 2025 incidents like Apple's CVE-2025-43300, Lenovo's "BadCam" flaw, and the "CAKETAP" rootkit, they break down risks, share practical tips on patching, privacy, and layered defenses, and emphasize resilience over perfect prevention. Whether you're an iPhone user, remote worker, or ATM frequenter, this episode delivers actionable insights with the trio's signature banter and real-world stories.🔔 Subscribe to **DTF Cyber Podcast** for weekly cybersecurity discussions: https://www.youtube.com/@DTFCyberPodcast👍 Like, comment, and share your biggest patching pet peeve below!📱 Follow us on X: @DTFCyberPodcast**Timestamps:**00:00 - Intro: Episode overview and personal impacts of zero-days, webcams, and ATMs01:12 - Zero-Day Exploits: Apple vulnerabilities, myths about iOS security, and patching urgency04:23 - MDM and Privacy: Balancing BYOD risks, EU regulations, and employee monitoring07:14 - Browser and App Patching: Managing third-party tools and auto-updates10:01 - Data Leaks via Cloud Tools: OneDrive instances and insider threats12:24 - VPNs and Privacy Concerns: User paranoia and employer trust15:02 - Work-Life Balance: Salary expectations vs. 24/7 access18:09 - AI-Accelerated Exploits: Threat actors weaponizing patches in hours23:52 - IT vs. Security: Balancing rapid patching with testing26:05 - Hardware Attacks: Webcams as entry points (BadCam exploit)29:01 - Firmware Risks: Updating drivers and BIOS vulnerabilities32:39 - Physical Access Threats: Hotel room espionage and lost devices35:34 - Convenience vs. Security: Reducing user friction in tools40:03 - Proof-of-Concept Testing: Involving non-tech users for adoption43:32 - ATM Breaches: Raspberry Pi rootkits and network compromises46:13 - Card Skimmers vs. Deeper Hacks: Physical-cyber blends49:39 - Financial Tips: Separating accounts and credit card protections52:33 - Anomaly Detection: Monitoring for Raspberry Pi drops and flippers56:47 - Defense in Depth: Layers, resilience, and rapid response58:08 - Closing Thoughts: Patch promptly, understand policies, and stay vigilant#Cybersecurity #ZeroDay #WebcamHacks #ATMBreaches #DTFCyberPodcast #CyberTips #AppleSecurity #HardwareVulnerabilities #NetworkSecurity### Zero-Day Exploits1. **Link**: https://safe.security/resources/blog/most-likely-damaging-cyber-threats-vulnerabilities-2025/ - **Relevance**: Discusses 2025 zero-day trends, including Apple’s CVE-2025-43300, aligning with the podcast’s focus on mobile device vulnerabilities and rapid patching needs.2. **Link**: https://stonefly.com/resources/zero-day-exploits-cyber-threats-you-cant-see-coming - **Relevance**: Covers AI’s role in scaling zero-day attacks, matching Troy’s discussion of AI reverse-engineering patches and Fern’s point about targeting unpatched devices.### Hardware-Based Attacks3. **Link**: https://www.datasunrise.com/zero-day-exploit/ - **Relevance**: Explores hardware vulnerabilities like firmware flaws, tying to "BadCam" and "ReVault" exploits and Troy’s emphasis on BIOS/driver risks.4. **Link**: https://www.blackfog.com/zero-day-security-exploits/ - **Relevance**: Details hardware-based zero-day risks, supporting Damian’s hotel room espionage concerns and Troy’s firmware update focus.### ATM and Network Breaches5. **Link**: https://www.greynoise.io/blog/2025s-biggest-cybersecurity-threats-exposed - **Relevance**:...

Join hosts Damian, Troy, and Fern for Episode 16 of the DTF Cyber Podcast, featuring special guest Dina Mathers, CISO at Carvana. Recorded on August 18, 2025, this episode dives deep into three critical topics shaping the cybersecurity landscape. From measuring the impact of cyber spend to uncovering widespread weaknesses in critical infrastructure, we unpack it all with real-world insights and actionable strategies. Whether you're a seasoned pro or just starting out, this episode is packed with "nuggets of gold" to elevate your game. Don't miss the banter on DTF dinners, the debate on best-of-breed vs. platforms, and why security leaders might just be the best salespeople in the world. Subscribe for more cyber realness every Monday!0:00:00 - Intro: Special guest Dina Mathers0:05:51 - Metrics debate: Spend as % of revenue/IT budget vs. data-driven approaches0:07:24 - Key KPIs: MTTD/MTTR, patching speed, phishing rates0:09:16 - Budgeting strategies: Industry benchmarks, risk-based cases, storytelling0:12:20 - Tool overlap woes: 30% waste per Gartner 2023; best-of-breed vs. platforms0:14:52 - Pro tips: Carve innovation funds for startups/POCs; audit tools yearly for ROI0:25:00 - How poor metrics blindspot funding, leaving orgs vulnerable0:28:40 - Real-world angles: Procurement pushback, business use cases0:32:32 - Career advice: Be proactive, relate news to your env, automate tasks0:40:00 - Basics failures: Weak creds, poor segmentation, no logging0:45:26 - Critical infra gaps: 16 domains, antiquated systems, public-private partnerships0:52:07 - Fixes: Layer security, asset inventory, periodic table mapping, empower teams0:58:25 - Tease: Non-human identities (NHI) as future ep topic1:00:01 - Fern's thought: Security leaders as elite salespeople1:03:42 - Nuggets: Don't store creds in browsers; strong infra passwords; storytelling sells1:05:46 - Shoutouts to Dina, past eps references, listen twice for gold1:06:15 - OutroArticles:https://www.wsj.com/articles/how-to-measure-cybersecurity-spending-wsj-readers-weigh-in-12e2b06bhttps://securityboulevard.com/2025/08/cisa-coast-guard-hunt-engagement-offer-path-to-protect-critical-infrastructure/"Periodic Table" : https://www.balbix.com/blog/six-step-cyber-insurance-policy-playbook/Linkedin:Dina Mathers: https://www.linkedin.com/in/dinamathers/Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Join Damian, Troy, and Fern on Episode 15 of the DTF Cyber Podcast as they dive into a hilarious and insightful recap of Black Hat 2025 in Las Vegas! From Fern's first-time adventures and networking wins to debunking Wi-Fi myths, swag horror stories, and industry trends like AI SOCs, this episode is packed with real-talk for cyber pros and newcomers alike. Whether you're in security or just curious, get the lowdown on making conferences affordable, avoiding vendor traps, and planning for next year—including a DTF meetup pledge!Don't miss out—subscribe to the DTF Cyber Podcast for weekly cyber insights: https://link.cyberpodcast.netTimestamps:00:00:00 - Intro: Welcome to Black Hat Recap Week00:00:37 - Fern’s First Black Hat: Late Nights and Cool Vibes00:01:38 - Debunking Wi-Fi/Bluetooth Myths at Hacker Cons00:05:51 - Meeting Fans and Approaching Cyber Celebs00:08:20 - Helping Newcomers: Introducing Stephanie to Luminaries00:11:27 - Networking Without a Ticket: Black Hat on a Budget00:12:25 - Rising Costs Push Networking to Hallways and Bars00:15:40 - Affordable Vegas: $500 for Flights, Hotels, and Fun00:16:54 - Sessions vs. Stealth Demos: What’s Worth It?00:21:20- UI/UX Excellence Awards: Judging, Categories, and Passion for Intuitive Cyber Tools00:37:48 - AI SOCs, Cloud Backups, and Ransomware Trends00:38:12 - Swag Fails: Urinal Cakes and Branded Alexas00:44:06 - Vendor Raffles: Super Bowl Tickets and Hidden Agendas00:47:00 - AI Notetakers in Sales: Privacy vs. Convenience00:51:53 - Branded Shirts and Avoiding LinkedIn Disasters00:53:00 - Wrapping Up: Missed Events and DEF CON FOMO00:56:21 - DTF Meetup Pledge for Black Hat 202600:57:00 - Outro: See You Next Week!Hit like if you survived Black Hat (or wish you did), comment your wildest conference story, and subscribe for more unfiltered cyber chats with Damian, Troy, and Fern! #DTFCyber #BlackHat2025 #CybersecurityPodcastCyber UXcellence Awardshttps://www.prnewswire.com/news-releases/mindgrub-announces-winners-of-inaugural-cyber-uxcellence-awards-at-black-hat-usa-2025-302523814.htmlLinkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

DTF Cyber Podcast Episode 14Shadow AI: The Costly Threat Lurking in Your Company!Join Damian, Troy, and “Average Fern” as they dive into the shadowy world of unauthorized AI tools in the workplace. Inspired by the latest IBM Cost of a Data Breach Report 2025, this episode uncovers how shadow AI is driving up breach costs and exposing sensitive data. Whether you’re a cybersecurity pro or just curious about tech risks, our experts break it down with real-world insights, relatable analogies, and practical advice.In this episode: • Damian and Troy explain what shadow AI really means and why it’s exploding. • Fern asks the tough questions on risks, costs, and how to fight back. • Plus, forward-looking tips to stay ahead of emerging threats.Don’t miss this eye-opening discussion—subscribe for more cyber insights!🔗 Related Article: https://www.cybersecuritydive.com/news/artificial-intelligence-security-shadow-ai-ibm-report/754009/ 🔗 IBM Report: Search for “IBM Cost of a Data Breach Report 2025” 🔗 Follow us on X: @DTFCyberPodcast Timestamps: 0:00 - Intro: Welcome to DTF Cyber with Damian, Troy, and Fern 2:15 - What is Shadow AI? Defining the term and its rise 5:40 - How common is it? Stats from the IBM report (20% of breaches) 10:20 - Cost Breakdown: Why shadow AI adds $670K to breaches 15:05 - Data Risks: PII and IP exposure (65% and 40% stats) 20:30 - Security Holes: Lack of access controls (97% of cases) 25:45 - Spotting and Controlling Shadow AI: Practical steps for businesses 30:10 - Employee Tips: Avoiding risks as a non-IT user 35:25 - Governance Gap: Regulations vs. company responsibility 40:50 - Future Threats: What’s next for shadow AI? 45:15 - Key Advice: One tip for leaders to prevent breaches 48:00 - Outro#Cybersecurity #ShadowAI #IBMReport #DataBreach #AI RisksThanks for watching! Like, comment, and share your thoughts on shadow AI below. What’s your biggest cyber concern?Linkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net