The Audit

Think you can manage industrial systems like your IT infrastructure? Think again. In this episode of The Audit, Dino Busalachi unpacks the high-stakes complexity of OT-IT convergence—and why your trusty IT playbook flatlines on the plant floor. Join the IT Audit Labs crew as we dive into the chaos of managing 10,000+ industrial assets across a sprawling landscape of vendors, protocols, and operational rules that laugh in the face of standardization. From Siemens to Rockwell to Honeywell, Dino draws sharp parallels to hospital systems juggling specialized third-party contractors—because in the world of OT, consistency is a luxury and adaptability is survival.

What happens when you cross a Tamagotchi with a Wi-Fi hacking tool? You get the Pwnagotchi—a pocket-sized device that "feeds" on Wi-Fi handshakes and learns from its environment. In this episode, Jayden Troffler and Cameron Birkland join the crew to demonstrate how this deceptively cute device can passively capture encrypted Wi-Fi credentials from any network in range, autonomously gather handshakes, share intelligence with other Pwnagotchis, and operate completely under the radar from conference floors to airplane cabins in ways that might surprise you. Key Topics Covered:  How the Pwnagotchi captures Wi-Fi handshakes through deauthentication attacks  • Why WPA3 networks are immune (and why most networks still aren't using it) Building your own Pwnagotchi vs buying a Flipper Zero with Wi-Fi dev board • Real defense strategies beyond "just turn off your Wi-Fi" The legal gray areas of passive Wi-Fi monitoring  Conference horror stories and the 600-handshake airplane incident Whether you're a security professional looking to understand emerging threats or someone curious about DIY hacking tools, this episode delivers practical insights you can use to protect your networks today. The Pwnagotchi proves that the most dangerous attacks often come in the most innocent packages. Don't let your organization become the next victim of passive Wi-Fi attacks. Like, share, and subscribe for more hands-on cybersecurity content that keeps you ahead of emerging threats! #Pwnagotchi #cybersecurity #wifihacking #ethicalhacking #infosec #flipper zero 

Your network is talking behind your back—but Pi-hole is listening. Join The Audit as Pi-hole co-founders Dan Schaefer and Adam Warner reveal how their open-source DNS sinkhole technology has become the secret weapon for over 200,000 privacy-conscious users worldwide. In this episode, we discuss: How Pi-hole evolved from a simple ad blocker to a critical network security tool Why DNS-level filtering stops threats before they reach any of your devices The performance benefits that make browsing noticeably faster Setting up Pi-hole on everything from Raspberry Pi to enterprise hardware How the global development team maintains this powerful security shield Protecting vulnerable IoT devices from malicious traffic The future roadmap for Pi-hole and opportunities to contribute Don't miss this deep dive into the technology that's reclaiming control of digital footprints one DNS request at a time. Connect with the Pi-hole community at discourse.pi-hole.net and discover why cybersecurity professionals consider this an essential defensive tool. Like, share, and subscribe for more cutting-edge cybersecurity insights and expert analysis! #pihole #DNSfiltering #networksecurity #adblocking #privacytools #cybersecurity #opensource #infosec 

Join The Audit for a news-packed episode as cybersecurity expert Matt Starland recounts a chilling near-miss with an E-Z Pass phishing scam—received just minutes after renting a car in Florida. His close call highlights how scammers exploit timing and context to deceive even seasoned professionals. In this episode, we discuss: How a security pro nearly fell for a perfectly timed phishing text The FBI's 2023 Internet Crime Report and its $16.6B warning Why nearly $5B in losses hit Americans over 60—and why many stay silent The psychological barriers victims face when reporting cybercrime The rise of the “Dead Internet Theory” and AI-generated online content How Meta and others are blurring the line between real and artificial Practical ways to spot AI-generated interactions Why maintaining human connection is key in the age of AI Don't miss this timely conversation packed with real-world insights and strategies to help you stay secure in an increasingly digital (and artificial) world. Like, share, and subscribe for more cutting-edge cybersecurity stories and expert analysis. #infosec #cybersecurity #E-ZPass #phishing #FBI #deadinternet #meta 

Join The Audit as we dive into the high-stakes intersection of critical infrastructure and cybersecurity with Tim Herman, President of InfraGard Minnesota. InfraGard is a unique public-private partnership with the FBI designed to protect the 85% of America's essential systems owned by the private sector. From power grids to transportation, the vulnerabilities are real—and increasingly complex. In this episode, we discuss: How joystick-operated tugboats on the Mississippi reveal hidden cyber risks Why tabletop exercises are vital for incident readiness Common mistakes in organizational response plans (and how to fix them)  The importance of physical backups and redundant communication systems  Actionable steps to bridge the gap between planning and execution Cybersecurity isn't just an IT issue—it's national security. Don't miss this compelling conversation on how InfraGard is helping organizations build resilience before the next breach hits. Like, share, and subscribe for more expert insights from the frontlines of cybersecurity.

Join The Audit as we explore the cutting-edge world of quantum computing with information security architect, Bill Harris. Quantum technology is advancing at breakneck speed, pushing the boundaries of computation, while Quantum Key Distribution (QKD) is making encrypted communications nearly unbreakable. As multiple sectors race to integrate quantum and AI, cybersecurity experts are racing to implement quantum-resistant encryption before traditional cryptographic methods become obsolete. Beyond the technical breakthroughs, quantum computing is also raising profound questions about reality itself. In this episode, we discuss: · The rise of 1,000-qubit machines and persistent error challenges · How QKD is reshaping secure communication worldwide · Microsoft's Majorana particle claims—fact or hype? · NASA's mysterious quantum shutdown in February 2024 · Google's research into quantum and unexpected findings · The cybersecurity arms race to counter quantum decryption Quantum computing isn't just the future—it's here, and it's reshaping everything from cybersecurity to our understanding of the universe. Don't miss this deep dive into the most mind-bending technology of our time! Like, share, and subscribe for more in-depth cybersecurity insights. #QuantumComputing #Cybersecurity #Encryption #AI #ParallelUniverses 

What Really Happens to Your Trash? Inside Modern Waste ManagementIs your trash really being recycled, or is it ending up in a landfill? In this episode of The Audit, we sit down with Trista Martinson, Executive Director at Ramsey Washington Recycling & Energy, to uncover the surprising technology and cybersecurity challenges behind modern waste management.Trista joins the IT Audit Labs team to reveal how AI, robotics, and environmental science are transforming recycling, while also sharing how The Audit's own Eric Brown helped strengthen her organization's cybersecurity to protect critical infrastructure.In this episode, we discuss:How AI and robotics are revolutionizing waste processingThe reality behind China's global recycling marketWhy recycling facilities are prime targets for cyberattacksThe role of cybersecurity in protecting critical infrastructureHow a military mindset influences risk assessmentThe biggest mistakes people make when disposing of trashFrom optimizing recycling with data to securing waste facilities against ransomware, this episode dives deep into the hidden world of trash, tech, and security.

Are SOC audits just another compliance requirement, or do they provide real security value? In this episode of The Audit, we sit down with Adam Russell from Schellman to debunk common misconceptions about SOC audits and explore why they're more than just a checkbox exercise—especially for startups. Adam joins the IT Audit Labs team for a deep dive into the often-misunderstood world of attestations, sharing expert insights on how organizations can effectively prepare for a SOC audit and determine which security assessments best fit their needs.  In this episode we discuss: - The biggest mistakes startups make with SOC audits - Why SOC 2 is more flexible than you might think - The myth that big companies are always secure - How SOC assessments can strengthen security culture - Gamified training & newsletters for better compliance engagement - How external auditors can empower internal teams Whether you're preparing for your first SOC audit or navigating complex compliance requirements, this episode is packed with actionable insights to help you enhance security and compliance strategies. 

Think audits are just paperwork? Think again. They're the frontline defense against security gaps, data breaches, and unchecked access. In this episode of The Audit, we break down how Elon Musk's unexpected access to FEMA's sensitive data underscores the critical role of audits in organizational security. We reveal how regular audits and third-party reviews expose vulnerabilities, enforce accountability, and strengthen cyber defenses before attackers can exploit them. Key Topics We Cover:       • How audits uncover hidden cybersecurity risks       • Finland's cutting-edge approach to cyber resilience       • Why tabletop exercises and real-world drills are game changers       • A shocking social engineering attack at a library—and what it teaches us Cyber threats evolve fast—don't wait until you're the next headline. Whether you're a cybersecurity pro or just getting started, this episode is packed with actionable insights you can't afford to miss. Like, share, and subscribe for the latest cybersecurity news and expert analysis! #Cybersecurity #Auditing #Infosec #SocialEngineering #SecurityNews 

You're Being Hacked Right Now—And You Don't Even Know It Ever wonder how cybercriminals manipulate human behavior to breach even the most secure organizations?  In this episode of The Audit, Eric Brown and Nick Mellum sit down with renowned social engineer and penetration tester Alethe Denis to break down real-world hacking techniques, red team strategies, and the shocking ways attackers exploit trust. From winning DEF CON's Black Badge Social Engineering competition to executing high-stakes red team engagements, Alith shares jaw-dropping stories and expert insights on modern security threats. Key topics we cover: The art of social engineering and why it still works Wildly effective pretexts hackers use to gain access How AI and deepfakes are shaping the future of cybercrime Physical penetration testing stories that will make you rethink office security Simple but powerful strategies to protect yourself and your organization Don't wait until your organization is the next headline. Whether you're a cybersecurity pro or just getting started, this episode is packed with eye-opening insights you can't afford to miss. Like, share, and subscribe for more in-depth security discussions! #Cybersecurity #SocialEngineering #PenTesting #EthicalHacking #RedTeam 

Discover the hidden risks of browser extensions, cybersecurity incidents, and more with hosts Eric Brown and Nick Mellum. In this episode, we dive into the dangers of tools like Honey, the fallout from Proton's global outage, and the ingenious tactics used by cybercriminals to target unsuspecting users. Eric and Nick also share their insights on using big data to enhance security, the role of AI in addressing threats, and practical tips for staying ahead of the ever-changing tech landscape in 2025. We'll cover: The surprising risks behind popular browser extensions like Honey Lessons from Proton's global outage and the importance of preparation How cybercriminals use voice phishing to exploit tech giants Practical steps to improve organizational security and educate users Balancing security and accessibility in modern systems From practical advice to thought-provoking insights, this episode delivers actionable takeaways for anyone navigating today's tech landscape. #Cybersecurity #TechNews #DataPrivacy #RiskManagement #DigitalSafety 

Dive into the transformative power of data in cybersecurity in this must-watch episode with Wade Baker, where cutting-edge insights meet real-world applications.  Hear from The Audit Team as we discover how massive data sets are reshaping risk management, AI's evolving role in combating cyber threats, and the surprising insights data can unveil about security incidents. We also dive into ransomware trends, phishing techniques, the ethics of AI, and the critical role of storytelling in decision-making, with some fun nods to fantasy swords along the way. In this episode, we discuss: Using big data to tackle cybersecurity challenges Ransomware and phishing trends The ethical debate around AI in security Unique discoveries from security data analysis Practical strategies for influencing decision-makers  Catch this insightful conversation and stay ahead of the cybersecurity curve. Like, share, and subscribe for more expert discussions on the latest security trends! #Cybersecurity #DataAnalytics #RiskManagement 

Join us for an eye-opening discussion on cybersecurity in travel with ethical hacker Matthew Wold from Ramsey County. Matthew shares how his passion for cybersecurity took root at Ramsey County, leading to collaborations with co-hosts Eric Brown and Nick Mellem. We kick things off with a lighthearted chat about survival items on a deserted island, setting the stage for a lively and insightful conversation.From RFID shields to OMG cables, we unpack practical tips for protecting your digital and personal safety while traveling. Learn how to navigate risks like compromised USB ports, hidden cameras in hotel rooms, and data privacy challenges across borders. With advice on VPNs, securing SIM cards, managing passwords, and safeguarding luggage, this episode is packed with essential strategies to ensure your travel experiences remain secure and worry-free.

From Gmail 2FA bypass warnings to SEO poisoning campaigns, we're diving into the latest cybersecurity headlines reshaping the industry.  We explore how attackers are using hyper-specific search terms—like the legality of Bengal cats—to deliver malware and manipulate search results. Plus, we discuss advancements in AI-powered behavioral analytics, from cutting down false alerts to streamlining incident response. With real-world insights and actionable tips, this episode is packed with must-know updates for IT professionals navigating today's ever-evolving threat landscape. In this episode, we'll discuss: Gmail session cookie theft and bypassing two-factor authentication. SEO poisoning campaigns delivering malware via niche search terms. AI-driven behavioral analytics improving incident response. Real-world social engineering and user behavior risks. Balancing usability and security with tools like passkeys. Thanks for tuning into The Audit. Subscribe on Spotify, Apple Podcasts, or YouTube to stay informed on the latest in cybersecurity. Don't forget to follow us on social media and share with your network! #CybersecurityNews #2FA #BehavioralAnalytics #IncidentResponse #SEOPoisoning #ITSecurity #DataProtection 

In this episode of The Audit, we dive into key takeaways from a top cybersecurity event. From IoT hacking and RFID bypasses to AI governance and vishing bots, we explore the tools and strategies shaping security. Plus, real-world lessons, social engineering insights, and a few unexpected laughs—because security isn't always all business.  In This Episode We'll Cover: RFID hacking and social engineering insights from WWHF. Cameron's IoT hacking training highlights. AI advancements and governance takeaways. Challenges with regulations and compliance in cybersecurity. Project management lessons inspired by Elon Musk.  Thanks for joining us for this glimpse into one of the year's most unique cybersecurity events. Don't forget to subscribe and share this episode with your team—we'll see you at the next conference. #WWHackinFest #InfoSecConferences #Cybersecurity #AIThreats #IoTSecurity #SocialEngineering 

In this episode, we dive into emerging tech with Marsha Maxwell, co-founder of If These Lands Could Talk and Head of Innovation at Atlanta International School. Marsha shares insights on empowering indigenous and underserved communities through AI and VR, the ethical challenges of integrating AI, and the importance of digital inclusion. We discuss the impact of AI on knowledge, culture, and education and examine how to responsibly bridge gaps in tech access worldwide. In this episode we cover: Exploring AI and VR for indigenous and underserved communities Bridging digital divides: Tech access for all Ethical challenges in AI and identity How to navigate digital authenticity in the age of deepfakes The future of AI in creative and cultural spaces Practical strategies for blending AI with education and learning Tune in for a compelling look at the intersection of technology, education, and culture. Don't forget to like, subscribe, and share to stay updated with our latest episodes! #ArtificialIntelligence #EmergingTech #DigitalInclusion #CyberSecurity #DataProtection #AIinSecurity 

Building secure software isn't optional—It's critical. Here's how you can do it right!  In this episode of The Audit presented by IT Audit Labs, we're joined by Francis Ofungwu, CEO of DevSecFlow, to break down the urgent topic of software security. Together with Nick Mellom and Bill Harris, we dive into the common security threats developers face today and discuss the vital steps every company should take to secure their software development lifecycle. In this episode, we'll cover: The biggest software security threats developers face in 2024 How to integrate security seamlessly into the software development lifecycle The convergence of infrastructure security and software security The role of AI in secure coding and software development The importance of threat modeling and attack surface reviews How to create a more resilient software supply chain and manage risk effectively Whether you're a developer, security pro, or IT decision-maker, this episode is packed with actionable insights to elevate your security strategy and ensure your software is built to withstand today's evolving cyber threats. Don't forget to hit that subscribe button and drop a comment below on your top takeaway! #CyberSecurity #DevSecOps #SoftwareSecurity #AICoding #IncidentResponse  #ITSecurity #CloudSecurity #RiskManagement

In this episode of The Audit by IT Audit Labs, we sit down for an in-depth conversation with Eric Brown to explore the crucial topic of personal information security.  Eric breaks down essential strategies for protecting your data, starting with freezing your credit, leveraging password managers, and implementing multi-factor authentication. He also dives into how these personal security measures directly tie into a broader corporate security posture. In this episode, we cover: Credit freezes and why they're your first line of defense How email breaches occur and what to do when your account is compromised Why password managers and passphrases are game changers for security The role of multi-factor authentication in thwarting attackers Tips for maintaining privacy in an era of data mining and social engineering Stay tuned as we dive into the details and explore how securing your personal data can help protect your organization from threats. Make sure to subscribe to The Audit on your preferred podcast platform to stay up to date on the latest insights from IT Audit Labs! #cybersecurity #datasecurity #personalinformationsecurity #informationsecurity 

Discover the vital intersection of safety science and cybersecurity, where human psychology meets technical innovation. In this episode of The Audit, special guest John Benninghoff shares his expertise in safety science and how its principles can improve cybersecurity. From applying safety protocols in the tech industry to enhancing security culture through proactive human behaviors, we dive into a range of topics. Plus, we discuss how risk quantification and ergonomics can drive better security outcomes. In this episode, we'll cover: How safety science principles can enhance cybersecurity practices The role of human behavior and psychology in security outcomes Lessons from aviation safety and their application in risk management Real-life examples of security clutter and how to reduce it for better outcomes The importance of risk quantification and proactive system maintenance Join us as we explore key insights and practical tips on blending safety science with cybersecurity, and don't forget to subscribe to The Audit podcast for more insightful discussions covering the full spectrum of cybersecurity. #Cybersecurity #SafetyScience #RiskManagement #DataProtection 

In this episode of The Audit, we're joined by Mick Leach from Abnormal to discuss the evolving landscape of email security and how AI is transforming both the threats and defenses in this space.  From QR code phishing to the rise of sophisticated AI-driven attacks, Mick shares insights on how organizations can stay ahead of these challenges, leveraging AI for good. We also touch on the latest trends in SaaS security and what the future of cybersecurity might look like. We'll cover: The rise of AI-driven phishing attacks How CrowdStrike's recent issues tie into broader security concerns The evolving role of security tools like Abnormal in email protection The growing threat of QR code phishing and how to mitigate it Insights on SaaS applications and their vulnerabilities Strategies for organizations to combat AI-generated threats  Stay ahead of emerging email threats and learn how AI can protect your organization by subscribing today! #CyberSecurity #EmailSecurity #EmailCybersecurity #AI #Phishing #Quishing 

Stay informed with The Audit, your go-to podcast for the latest in cybersecurity insights, best practices, news and trends. In this month's news episode, we tackle the most significant developments shaping the industry today.  We'll cover: The latest insights from CrowdStrike on evolving cybersecurity threats The impact of the Supreme Court ruling on cybersecurity regulations The massive 10 billion password leak and how to protect your organization Guard Zoo malware targeting military personnel in the Middle East How AI is transforming proactive cybersecurity measures Best practices for password management and multi-factor authentication The role of AI in optimizing and simplifying policy management in organizations  New episodes air every 2 weeks -- Don't miss out on expert insights that will help fortify your defenses against emerging cyber threats. #Cybersecurity #AI #TechNews #ITSecurity #Malware 

Discover the fascinating world of OSINT (Open Source Intelligence) with expert insights from Melisa Stivaletti on this episode of The Audit! Hosted by Eric Brown and Nick Mellem from IT Audit Labs, we sit down with Melisa Stivaletti, Chair at Epic and OSINT Director at GuideHouse. Melisa shares her remarkable journey from working at the Department of Commerce to the Department of the Army. We dive deep into the world of OSINT, discussing the nuances of open source research, tradecraft, and the transformative power of AI. Plus, Melisa shares valuable advice for those looking to break into the OSINT field and highlights the importance of lifelong learning. In this episode, we cover:  ▪ The difference between open source research and OSINT  ▪ The tradecraft involved in OSINT, including the use of sock puppets  ▪ How AI is transforming OSINT and the guardrails needed to manage its use  ▪ The critical role of data governance and compliance in OSINT  ▪ The future of OSINT and the importance of lifelong learning in this field  ▪ Personal stories and advice for those looking to enter the OSINT community Don't miss out on Melisa's unique insights and experiences. Listen now and elevate your understanding of cybersecurity and OSINT. #Cybersecurity #OSINT #InformationSecurity #ITSecurity #SecurityInnovation 

Join us for the July 2024, live news episode of 'The Audit', where we cover the latest cybersecurity threats, ransomware updates, and AI advancements. In this news episode, we tackle some of the most pressing cybersecurity issues of the month. Ever wondered how a ransomware attack could shut down a public library? We dive into the recent attack on the Seattle Public Library and explore a massive $37 million phishing scam that hit Coinbase Pro users. We also unravel the sophisticated gift card fraud by the Moroccan cybercrime group Storm 0539. But that's not all. We discuss the potential threat of DNS bomb DDoS attacks and the intriguing use of Flipper Zero devices to hijack event wristbands. And for those interested in the intersection of law and cybersecurity, we examine the implications of the Supreme Court's recent ruling on cybersecurity regulation. Amidst all the tech talk, we find time to ponder the existence of UFOs and share some personal stories about unexplained phenomena. In this episode we'll cover: Seattle Public Library ransomware attack and its impact $37 million phishing scam targeting Coinbase Pro users Moroccan cybercrime group Storm 0539's gift card fraud Potential threat of DNS bomb DDoS attacks Flipper Zero devices hijacking event wristbands Supreme Court's ruling on cybersecurity regulation Stay ahead of cyber threats and AI innovations by watching the full episode. Don't forget to like, subscribe, and share your thoughts in the comments! #Cybersecurity #Ransomware #AI #TechNews #Phishing #ITSecurity #CyberLaw 

Unlock the secrets behind the powerful HAC5 Pineapple tool in this episode of The Audit.  Hosts Eric Brown and Nick Mellum, joined by Cameron Birkeland, explore the tool's functionalities and features, offering practical insights and real-world applications. Discover how the HAC5 Pineapple can enhance your cybersecurity measures, with discussions on model comparisons, security implications, and best practices. In this episode we'll cover What is the HAC5 Pineapple? Comparing the Tetra and Mark 7 models Real-world uses and case studies for the Pineapple Key security implications and best practices Cool features of the Pineapple and a live demo How to generate detailed reports with the Pineapple Join us for an engaging discussion packed with valuable information for cybersecurity professionals and enthusiasts alike. Don't miss out on our latest insights and tips! #Cybersecurity #HAC5Pineapple #PenTesting #EthicalHacking #WiFiSecurity #CyberThreats  

Welcome to the latest episode of "The Audit," where we bring you the most pressing news, issues and insights in cybersecurity. In this live episode, we cover the recent ransomware attack on the Seattle Public Library, the $37 million theft from Coinbase Pro users, and the sophisticated gift card fraud by the Moroccan cybercrime group, Storm 0539. We share our insights on how these attacks happened, their impacts, and practical advice on how to protect yourself and your organization. We also explore a theoretical DNS bomb DDoS attack and the intriguing use of Flipper Zero devices to control wristbands at large events. Seattle Public Library ransomware attack and its impact $37 million phishing scam targeting Coinbase Pro users Moroccan cybercrime group Storm 0539's gift card fraud Potential threat of DNS bomb DDoS attack Flipper Zero devices hijacking event wristbands Thanks for tuning in! Don't forget to like, subscribe, and share your thoughts in the comments. #CybersecurityNews #Cybersecurity #Ransomware #Phishing #ITSecurity #TechNews  

Explore the intriguing intersection of quantum computing and cybersecurity... It's closer than you think. In this episode, special guest Bernie Leung from Autodesk shares his expert insights on how quantum computing is reshaping the cybersecurity landscape. Discover the challenges and breakthroughs in encryption practices as Bernie breaks down complex concepts like the Shor Algorithm and discusses practical steps for adapting to this new era of cybersecurity.    In this episode, we dive into: The essentials of quantum computing and how it could revolutionize encryption. Current encryption vulnerabilities that quantum computing could exploit. An introduction to post-quantum cryptography and the new standards on the horizon. Practical uses of quantum computing in cybersecurity today and what we might see in the future. How governments and businesses are preparing for quantum threats, including updates in regulations and security protocols. This discussion is not just theoretical; it's a guide to understanding and preparing for the quantum leap in data protection. #QuantumComputing #FutureOfCybersecurity #Cybersecurity #InfoSec #PostQuantumCryptography 

Discover cutting-edge IoT cybersecurity strategies with insights from expert Eric Johansen. Join us as we delve into the world of IoT cybersecurity with Eric Johansen from Phosphorus. Eric discusses the challenges and solutions for managing IoT devices at scale, the critical importance of asset inventory, and the significant risks posed by outdated technology. This episode is perfect for IT pros, cybersecurity experts, and business leaders looking to enhance their cybersecurity knowledge. In this episode, we'll cover: Managing IoT devices at scale: Best practices and solutions The importance of asset inventory in IoT security Identifying and mitigating risks from outdated technology Real-world examples of IoT vulnerabilities Innovative solutions from Phosphorus for IoT security Eric Johansen's insights provide valuable knowledge for anyone involved in managing and securing connected devices. Don't miss this episode for practical advice and expert perspectives on tackling IoT security challenges. #IoT #Cybersecurity #TechTrends #OTSecurity #SmartDevices #IoTSecurity #TechInnovation 

Get ready for a special episode of The Audit! We're celebrating our 40th episode with Brian Johnson, host of the 7-Minute Security podcast, as we talk cybersecurity, social engineering, and some wild stories that you won't want to miss. We'll explore the role of tabletop exercises in shoring up a company's security and dive into the fascinating world of open-source intelligence. We'll uncover what it takes to protect against cyber threats, why pen testing matters, and how social engineering tests can be a rollercoaster of nerves. Brian also shares his journey from being a Christmas caroler in "Jingle All the Way" to being a cybersecurity consultant and podcast host. This episode is packed with insights, laughs, and even some hairless cats. Brian Johnson's journey from Christmas caroler in "Jingle All the Way" to cybersecurity consultant and podcast host The role of tabletop exercises in improving a company's security posture Pen testing insights: why it matters and how it's done Social engineering stories: the highs and lows of testing human vulnerabilities Open-source intelligence: what it is and why it's important for cybersecurity Unexpected surprises: including stories about skydiving and hairless cats If you're interested in cybersecurity and want to hear some great stories from the industry, this episode has you covered. Enjoy the laughs and insights, and don't forget to like, share, and subscribe for more content from The Audit. #Cybersecurity #PenTesting #SocialEngineering #Skydiving 

In this episode we explore the intersection of AI and cybersecurity in the construction industry with John Massie, Technology Director at Journey Group. John shares his insights on integrating technology to enhance cybersecurity and operational efficiency within the construction sector. The discussion covers a range of topics from combatting sophisticated phishing attacks to the strategic use of AI tools like ChatGPT and Copilot. Delve into the challenges of AI-generated content, governance, intellectual property concerns, and the transformative impact of AI on traditional business models. In this episode we cover: Best practices for AI in non-tech sectors Cybersecurity policies for AI Mitigating cyber security risks in construction AI's role in the construction industry Ethical challenges of AI-generated content Future trends in AI governance AI's implications for industry standards  Stay tuned for more insights into the future of IT technology and its transformative effects on the business landscape. #AIcybersecurity #Cybersecurity #Infosec #ConstructionTech #AIPolicies 

Join us on The Audit for a critical examination of cybersecurity's latest frontiers: threats to our water system and the push for global IoT security standards.  In this episode, our team of cybersecurity experts, Eric Brown and Nick Mellum, dissect the Biden administration's recent warnings about cyber-attacks on U.S. water utilities and delve into the newly announced IoT device security specifications by The Cloud Security Alliance (CSA). From nation-state actors targeting essential infrastructure to the complexities of securing IoT devices in your home, this discussion offers invaluable insights into safeguarding our digital and physical worlds. What You'll Learn: The significance of recent cybersecurity warnings regarding the water sector. The importance of a unified cybersecurity standard for IoT devices. Strategies for securing IoT devices within corporate and home networks. The role of cybersecurity in ensuring the safety and reliability of essential public utilities. 

In this episode of The Audit, we dive into the world of phishing to uncover the sophisticated tactics that make these scams the leading threat in cybersecurity. Join us as Jamie Arndt, a cybersecurity expert with extensive experience in reverse engineering and analyzing malicious emails, shares his insights and stories from the front lines. We'll cover: • The rise of generative AI in crafting phishing emails that bypass traditional detection methods. • Real-world stories of phishing attacks, from impersonating school communications to exploiting professional relationships. • The psychological tactics used by attackers to exploit human nature and gain access to sensitive information. • Innovative defense strategies and tools that organizations can employ to protect themselves against phishing attempts. • Practical advice for individuals on recognizing phishing attempts and safeguarding personal information. This episode arms you with the knowledge of what to look for in phishing emails, emphasizing the importance of vigilance and education in the digital age. 

How exposed are your 3D printing operations to cyber threats? Is the intellectual property involved in 3D printing at risk, and can 3D printers themselves become targets for hackers?   As 3D printing technology becomes more integrated into various industries, its cybersecurity implications cannot be ignored. This episode sheds light on the exciting world of 3D printing, focusing on its potential for innovation while addressing the significant cybersecurity challenges it faces. We'll explore: • The basics of 3D printing technology and its cybersecurity implications. • Protecting intellectual property in the realm of 3D printing. • The vulnerabilities of 3D printers to hacking and how to safeguard them. • Strategies for securing 3D printing operations against cyber threats. • Real-world examples of cybersecurity breaches in 3D printing. Whether you're a cybersecurity professional, a 3D printing enthusiast, or someone interested in the intersection of technology and security, this episode offers valuable insights into protecting your 3D printing projects.   

How secure is a VPN, really? Can a VPN server be hacked, and are these services truly safe? In this episode of The Audit, Joshua, Nick, and Eric tackle these pressing questions head-on.  As the cybersecurity landscape evolves, Virtual Private Networks (VPNs) are increasingly common among cybersecurity professionals and enthusiasts alike... but how secure are they? In this episode, we take you through the mechanics of VPNs, their role in safeguarding your data, and the vulnerabilities that can expose users to risk.  We'll cover: •  What are VPNs and how do they work? •  How to choose the right VPN provider: Considerations and pitfalls. •  The difference between corporate and personal VPN use and their unique challenges. •  How to mitigate risks associated with VPN usage. •  The recent Ivanti VPN breach  If you care about your digital privacy, curious about how VPNs fit into your life, or pondering the real benefits and risks of using VPN services, then this episode is for you.  #VPNsecurity #Cybersecurity #DataProtection #OnlinePrivacy 

It should come as no surprise that building a team can be challenging for cybersecurity professionals. However, we've found that individuals who have served in the military often possess a unique focus and drive, setting them apart in the cyber world. Clifton Robinson, a former Army logistician and healthcare market analyst, joins our team to discuss his journey to becoming a cybersecurity professional.  Topics covered: How military service helps individuals transition into cybersecurity Why employers appreciate military service in cybersecurity candidates Why are veterans drawn to the field of cybersecurity? How joining the military changed Clifton's life The importance of mentorship and networking for veterans If you're a veteran considering a career in cybersecurity or seeking a fresh perspective on the cybersecurity industry, don't miss the latest episode of The Audit! 

Is your digital footprint secure? In our latest episode we unravel the complexities of email and mobile security. Join Dean Morstad, a seasoned cybersecurity expert, as he shares invaluable insights and practical tips to enhance your digital safety. The conversation includes: - Why and how are most of us viewed as a “product”?  - Practical email security tips and best practices - How to avoid phishing scams and other social engineering strategies - Mobile device and location tracking insights - Organizational security policy tips  - Why use a password manager 

This episode offers more than just insights; it's a chance to meet the minds who have been combatting cyber threats for decades. We explore topics like ransomware, effective data breach responses, and the integration of AI in cybersecurity. Discover strategies and insights from industry leaders and learn how to fortify your digital defenses in an ever-evolving cyber landscape. Topics Covered: How to navigate a ransomware attack Data breach response methods Cyber insurance challenges AI, cybersecurity, and the legal considerations Social engineering audits Gain valuable insights into current trends and practical approaches to enhance your organization's security posture. Be sure to subscribe today! 

In this episode of The Audit, Leah McLean shares her insights from over 10 years in cybersecurity and IT with companies like Cisco, and now Mastercard.  We'll cover: How to get a job in cybersecurity Navigating the ethical challenges of AI in Cybersecurity Work-life balance in cybersecurity jobs Perspectives on success for cybersecurity leadership Emerging infosec technologies Mental health for infosec professionals  We navigate the shifting terrain of cybersecurity talent acquisition, stressing the need for aptitude and ongoing education. Leah delves into AI's role and ethical dilemmas in cybersecurity, provides tips for balancing work and life in remote contexts, and examines upcoming cybersecurity technologies. The discussion also highlights veterans' vital roles in cybersecurity, underscores the importance of mental health in stressful settings, and gives a sneak peek into future 'Elevate Exchange' podcast episodes on topics like AI and quantum computing. 

The Audit - Episode 30 - Join us as we speak with cybersecurity expert and hacking hardware enthusiast Cameron Birkland, who introduces us to the world of the Flipper Zero. The brainchild of a successful Kickstarter campaign in 2020, the Flipper Zero might look cute with its dolphin avatar, but it's a potent tool capable of manipulating control systems like RFID and NFC tags, radio remotes, and digital access keys. What would you do if your garage door opener could be hacked? Cameron walks us through how this is possible with his own garage door opener. Don't forget, if you prefer video, check out every episode of The Audit on our YouTube channel. 

The Audit - Episode 29 - Ready to uncover the world of crypto? Join us in our latest episode as we dive into the realm of cryptocurrency with Matt Starland. Let's embark on a journey from the origins of Bitcoin to the frenzy of meme stocks making headlines. Tune in to understand how cryptocurrency is shaking the foundation of economies with unstable governments, and how secure, hardware-based crypto wallets can be your ultimate safe vault.We didn't stop at Bitcoin. Matt Starland, our resident crypto expert, took us on a ride through the volatile landscape of cryptocurrency trading, tackling the challenges of its mainstream adoption and the potential risks. Discover how to set up a hardware wallet and get an inside scoop on the cryptographic algorithms that are its backbone and the all-important recovery seed. By the end of this, you'll be well-versed in the nitty-gritty details of crypto trading and equipped to safeguard your digital assets.In the final leg of our crypto exploration, we help you navigate the process of setting up a new cryptocurrency wallet, emphasizing the significance of secure offline backup and tightening the security measures. We shed light on the workings of a Bitcoin wallet, the associated fees, and how to maximize its security. Then, we take you through the features of hardware wallets, the processes of buying and selling from a wallet, and the risks of leaving money on an exchange. So sit back, tune in and prepare for a deep dive into the thrilling world of cryptocurrency!

The Audit - Episode 28 - We are pleased to introduce you to Andre Champagne, an expert in the intriguing world of cyber and digital forensics. Andre's journey, from the Anoka County Sheriff's Office, through the Illinois Attorney General's Office, to the state of Minnesota, provides fascinating insights into a career in stopping cyber-crime.  Andre also recounts his time managing a digital forensics laboratory, shedding light on the intricate balance between risk and technology in the digital landscape. He shares stories about investigating arson cases, using phone evidence to reveal the diversity of online predators. His anecdotes provide a sobering perspective on the challenges and rewards of a career in cyber forensics.   Finally, Andre breaks down the reality of the cyber security field beyond what you see in TV and film. His experiences range from putting together reports for the courtroom, dealing with data breaches and ransomware, to handling HR investigations. The conversation takes a darker tone as we address the chilling reality of online predators while Andre provides valuable advice on ways to keep children safe online.

The Audit - Episode 27 - Imagine managing over a million orders per minute during a high-stakes sales event like Black Friday! That's the reality Jeff White from Cockroach faced during his time at Best Buy. We sit down with him in a lively discussion, unpacking the intricacies of running a successful online store, the immense pressure involved, and strategies to guard against malicious acts and bots. Jeff enlightens us about the challenges of scaling an Oracle database to handle a mass influx of orders, sharing insightful anecdotes from his own experience.Ever wondered how to improve your security posture and reduce organizational risk? Jeff is here to share some answers from a tech perspective. He delves into the unique features of Cockroach DB, a system he played a vital role in developing. Learn how it's designed to run on various operating systems and its resilience to node failure. Jeff also sheds light on distributed data replication, an intriguing aspect of Cockroach DB. If you're a tech enthusiast or involved in e-commerce, this episode is packed with valuable nuggets of information to take your knowledge several notches higher.As we wrap up our conversation, we navigate towards Jeff's interest in renewable energy. We delve into his journey with solar power and electric vehicles, outlining the financial benefits of such investments. He shares his solar installation experience and future plans. We also touch on the critical role of a robust team in conducting successful security assessments. Lastly, we consider a new venue for our game night, since our usual spot isn't available. Tune in for this enlightening episode full of expert insights and real-world experiences.

The Audit - Episode 26 - Ready to decode the future of data storage technology? We guarantee that you'll be fascinated by our in-depth exploration into this rapidly evolving landscape. Together with our esteemed guest, Bill Harris, we probe into the intricacies of current storage mediums, such as hard disk drives, flash drives, and magnetic tapes, while also introducing you to emerging technologies like 5D, DNA, and molecular memory. How are companies managing their data storage amidst ever-shrinking IT budgets? How are advancements like heat-assisted magnetic recording and microwave magnetic recording redefining hard drive technology? Brace yourself, as we take you on a journey to decipher these challenges and discoveries, along with Harris, a pioneer in the field. The conversation gets even more exciting as we delve into futuristic concepts like holographic and DNA storage, both promising yet fraught with challenges worth discussing. But we don't stop there. As we dig deeper into the impact of increasing storage capacities, it's evident that a revolution in the way we use and perceive data is imminent. From holographic and 5D crystal storage to DNA storage, we ponder the implications and potential of these advancements on the future of technology. Tune in, let's explore this fascinating world of storage technology together!

In Part 2 of the Tech Lessons Series by Bill Harris, get ready to unravel the mystery of quantum computing? Brace yourselves as we, your hosts, and our esteemed guest, Bill Harris, take you on a whirlwind tour of this fascinating technology that's set to redefine the future. Possessing the potential to disrupt major industries and even cryptography, quantum computing is a topic you certainly can't afford to miss. Imagine a computer that can process information at superluminal speeds. That's the magic of quantum computing! From its application in fields as diverse as healthcare and AI to the challenges it poses, we've got it all covered in this episode. But it doesn't stop there. We discuss the potential threat quantum computers pose to current encryption technologies and the prodigious task of developing quantum-safe encryption techniques. Finally, we examine the present landscape of quantum computing, key players in the field, and IBM's quantum roadmap. Are you curious about how a linguist might relate to all this tech talk? Listen in as Alan, an IT professional, ties it all together with his son's choice of major. We wrap up with a hilarious segment discussing our favorite physicists and resources, where you may just find your next good read! Get ready for a deep dive into a future shaped by quantum computing!

The Audit - Episode 24In Part 1 of the Tech Lessons Series by Bill Harris, prepare to be transported into the future of computing resources, with our fascinating guest, Bill Harris from IT Audit Labs. We're opening up the world of processor design and specialized workloads, discussing the intricacies of chip fabrication, the genius behind improving processor speeds, and the art of creating modern processors. Get ready to discover a realm of substrates, lithographies, and elements that form the backbone of future processors.Ever wondered about the application of Moore's Law in real life, or what really behind processor clock speeds? This episode answers all that and more, bringing in exciting insights into the clever tactics used to amplify modern computation. Dive into the mechanics of how assembly is utilized to build processors and learn about the advanced technologies such as 3D NAND, chiplets, and SSL acceleration that are revolutionizing the field.As we look forward to the future of computing and the exciting investment opportunities it presents, we delve into the potential of semiconductors, the massive CERN particle collider and the intricate challenges of breaking into the semiconductor industry. Don't miss out on our spirited conversation on the potential of DNA and crystalline molecular storage, and the role of quantum computing in enhancing processor speeds. And remember, amidst all this tech talk, the importance of security, risk and compliance controls to safeguard our clients' data remains paramount. So, buckle up and come along on this exhilarating journey into the future of computing!

Wouldn't it be great if you could navigate the treacherous landscape of software vulnerabilities like a pro? That's exactly what we're serving up in our latest podcast episode. Together with our dedicated team, we dissect the upsurge of these vulnerabilities, the recent discovery of a toolkit targeting Apple, Mac OS, and stolen chat GPT credentials. We even do a deep dive into the complex CVE system. Our insightful discussion sheds light on how these vulnerabilities have grown over time, largely due to the evolution of software development.Are you constantly second-guessing whether to update your software due to the fear of breaking things? You're far from alone. Hang out with us as we share our personal anecdotes dealing with software updates, security patches and the puzzling catch-22 situation that arises. In an alarming revelation, we also walk you through the recent compromise of over 101,000 OpenAI chat GPT account credentials. If you're a user, this is an episode you can't afford to miss. Imagine living in a world where data breaches are the new golden age. That's the reality we're grappling with, and there's no denying the risks associated with storing data on an internet-connected database. From discussing malicious targeted ad campaigns to delving into the dangers of certain browsers, this episode is a rollercoaster of cybersecurity insight. We round off by examining how data breaches have shaped cybersecurity history. Tune in and arm yourself with the knowledge to combat the rapidly evolving world of software vulnerabilities and cybersecurity.

The Audit - Episode 22Want to understand the dark underbelly of cyberspace? Join us as we take a deep dive into recent data breaches at T-Mobile, discussing why fewer customers were impacted this time around compared to the January API attack. Get insights on how negligence in security could lead to government oversight and understand the power consumers can wield by voting with their feet. Learn how the fines collected from such breaches could fund cybersecurity improvements in vulnerable entities such as school districts.Curious about the consequences of data breaches? We shed light on the implications of the cover-up by Uber's former CSO, who narrowly escaped jail time, and the devastating impact of the Next Gen Healthcare breach affecting a million individuals. We also explore the rise of bug bounties as a popular tool among companies and stress the importance of credibility in the realm of ethical hacking. Ever wondered about the value of your personal information to hackers? We break down how hackers can misuse social security numbers, addresses, and names, and discuss the increasingly specialized roles within a cyber attack. Discover the sinister world of data brokers, who split and resell your personal information, and the challenges of resetting social security numbers. We also delve into how medical records can be weaponized and highlight the need for cybersecurity audits to safeguard data. Listen in, as we offer a compelling analysis of the attacker's viewpoint, the significance of logging activities, and why some attackers end up dwelling within systems for long periods. We also discuss the security maturity needed to protect a company from future breaches once they've been hit. If you're at all concerned about the safety of your personal data, you won't want to miss this deep dive into the murky world of data breaches and cybersecurity.

For this episdoe we are joined by Eric Pesik, the Deputy General Counsel at Seagate Technology. Eric, walks us through how he has been using generative AI tools, including ChatGPT, AI image generators and AI voice overs to speed up his workflow when creating presentations for his colleagues. The crew also discusses how AI will broadly impact other sectors.  

A conversation between Nick Mellem, Eric Palms, and Matt Starland about the future of passwords through the lens of IT. The team notes a general lag time behind current threats and the technology already available to upgrade security protocols and the lack of large-scale adoption and upgrades. Passwords may eventually have to be left behind for new technologies such as biometrics. It is largely agreed that there needs to be a change to a password-less approach to mitigate end-user security risks. Join us for this stimulating and timely discussion. Help us spread this important info by liking, downloading, subscribing and inviting your friends to listen to The Audit. Video version now available on our YouTube channel.

A discussion with ITAL members Eric Brown and Scott Rysdahl with Micah Kryzer. Micah is a pentester by day but also works alongside the ITAL team. In this episode the crew overviews certificates, a big topic that transcends any one vendor or environment. Certificates are like an electronic passport meant to uniquely identify a person, computer or application on a network. This specific family of vulnerabilities discussed affects the Microsoft Active Directory certificate services, which is Microsoft's own built-in PKI or public key infrastructure included with Window's servers and domains. Micah walks us through a pentest demo illustrating the ways this system can be exploited as well as providing tips on how to protect business networks from this attack. 

An in-depth conversation with former CISO (Chief Information Security Officer) of the Minnesota Judicial and Metropolitan Council, Gretchen White. ITAL's own Eric Brown and Gretchen discuss topics including the day-to-day grind of advocating for funding and implementing security protocols, how to prioritize security needs and access risk on a budget, reporting structure, and how to effectively impact change within an organization. Chalk full of tips, Gretchen, has expertise in communicating organizational needs to decision makers and has some priceless nuggets to share with up-and-coming CISO's and those who work under their guidance.  #cybersecurity #CISO #chiefinformationsecurityofficer #careeradvice #organizational #leadership #communication #security #influence #metropolitancouncil #minnesotajudicial #pointofrisk 

This week, we are speaking with Dennis Pelton about his expertise in hardware. He makes badges for all the major security conferences and loves to share his knowledge in this space. #security #hacking #wifi #rubberducky #hardware #defcon #schmoo #defcon #bsides