Cybersecurity Awesomeness Podcast

In this episode, Chris Steffen and Ken Buckler dissect the federal government’s evolving—and somewhat strained—approach to cybersecurity. A major catalyst for the discussion is the recent withdrawal of agencies like CISA, the FBI, and the NSA from the RSAC conference following former CISA head Jen Easterly’s appointment there. While potentially a move toward fiscal responsibility—given the $5,000 per-person total cost of the event—the hosts warn this retreat could stifle vital public-private partnerships and recruitment efforts.The discussion also tackles systemic talent issues within the military. Experts often face a "promotion trap," being moved into management just as they peak technically, while private-sector salaries can reach 10x their military pay. To counter this, units like the Maryland Air National Guard are pivoting from traditional aircraft to dedicated cyber missions. Ultimately, the hosts argue that the government risks falling behind on emerging technology adoption by absenting itself from the industry's largest collaborative forums. This "cyber-isolationism" could leave federal agencies ill-equipped to handle rapidly evolving threats.

In this episode of the Cybersecurity Awesomeness Podcast, host Chris Steffen and Simon Wijckmans, CEO of C-side, discuss the critical visibility gap in client-side security. While organizations invest heavily in infrastructure and server-side protection, the user's browser remains a largely unmonitored attack vector. Historically, solutions like Content Security Policies and JavaScript agents have proven brittle or easily bypassed by sophisticated scripts that can hide from crawlers or override security hooks.The conversation highlights a major shift driven by PCI DSS 4.0, which now mandates the monitoring and authorization of client-side scripts. Simon explains that modern browser changes regarding third-party cookies finally support more effective proxy-based approaches. This allows security teams to inspect and block malicious third-party scripts before they reach the end user, preventing data exfiltration like credit card skimming. The hosts urge security professionals to move beyond "head in the sand" tactics, emphasizing that robust browser security is now a regulatory and operational necessity for total asset protection.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler discuss a humorous yet sobering encounter with a failed AI-driven scam. Ken recently received a common "advance fee" investment scam email, but with a unique twist: the attacker accidentally sent the Python source code instead of the intended message. The code contained telltale signs of AI generation, including placeholder instructions like "replace this with the actual import" for the Gemini SDK.The hosts explain that while this specific attacker failed "successfully," the incident provides concrete proof that scammers are using generative AI to replace the broken English of past scams with highly literate, convincing phishing lures. This shift makes it increasingly difficult for users to spot fraud through traditional "tells." Chris emphasizes that manual defense is no longer sufficient against automated bot armies. To stay protected, organizations must integrate AI-driven security tools to match the speed and sophistication of these evolving threats. As Ken notes, the future of these attacks will likely escalate into deepfakes and multimodal social engineering.

In this episode, Chris Steffen and Ken Buckler are joined by Jim LaRoe, CEO of Symphion, to discuss the often-ignored threat of printer and IoT security. Jim reveals a startling set of "winning lottery numbers": printers account for 20% of network endpoints, yet 99% remain unprotected. With 67% of organizations reporting a printer-related security incident last year, these devices serve as a critical yet vulnerable vector for lateral movement and credential harvesting.Jim explains this widespread neglect through his "Five O's," citing the lack of a formal Owner and their Origin as business equipment rather than IT endpoints. Because printers process highly sensitive data and frequently lack unified management platforms, they offer a 360-degree risk landscape for cybercriminals. The conversation emphasizes that "locking the front door" by declaring a dedicated security owner and integrating print fleets into a unified security strategy is essential. Symphion provides a turnkey solution to bridge this visibility gap, ensuring these "graveyard endpoints" are hardened, monitored, and securely managed.

In this episode, Chris Steffen and Ken Buckler discuss the alarming security and privacy implications of the "Internet of All Things." The hosts highlight how manufacturers are connecting everything—from AI-powered treadmills to smart toothbrushes—often without considering the associated risks.A primary concern is the shift toward recurring revenue models, where companies gate-keep hardware features behind monthly subscriptions. Beyond the cost, Ken warns of the physical security threats posed by Bluetooth-enabled appliances. He explains how broadcasting devices can inadvertently signal a resident's presence or daily habits to malicious actors in close proximity.The discussion also addresses the myth of data anonymization, noting that aggregated consumer data is easily de-anonymized and sold to third parties. The hosts conclude that when a device offers "value-add" connectivity, the consumer’s personal data is often the actual product. They urge listeners to adopt a critical mindset regarding the risk-to-benefit ratio of every connected device they bring into their homes.

Chris Steffen and Ken Buckler from EMA discuss privacy concerns around generative AI.

Chris Steffen and Ken Buckler from EMA present their 2026 Cybersecurity Predictions.

Chris Steffen and Ken Buckler from EMA discuss API security.

Chris Steffen and Ken Buckler from EMA discuss attacks via SEO outreach on news sites.

Chris Steffen and Ken Buckler from EMA discuss what they are thankful for in cybersecurity.

Chris Steffen and Ken Buckler from EMA discuss the Cloudflare outage and what availability means in the technology space.

Chris Steffen and Ken Buckler from EMA discuss securing AI LLMs.

Chris Steffen and Ken Buckler from EMA discuss trends in network security.

Chris Steffen and Ken Buckler from EMA discuss phishing and deep fakes for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss insider threats for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss mobile device protection and public Wi-Fi concerns for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss data security and software updates for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss MFA and password managers for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss the government's investment in developing the cybersecurity workforce.

Chris Steffen and Ken Buckler from EMA discuss the increase in nation state attacks on small and medium sized businesses.