<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="/stylesheet.xsl" type="text/xsl"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:podcast="https://podcastindex.org/namespace/1.0">
  <channel>
    <atom:link rel="self" type="application/rss+xml" href="https://feeds.transistor.fm/bare-metal-cyber-a725a484-8216-4f80-9a32-2bfd5efcc240" title="MP3 Audio"/>
    <atom:link rel="hub" href="https://pubsubhubbub.appspot.com/"/>
    <podcast:podping usesPodping="true"/>
    <title>Bare Metal Cyber</title>
    <generator>Transistor (https://transistor.fm)</generator>
    <itunes:new-feed-url>https://feeds.transistor.fm/bare-metal-cyber-a725a484-8216-4f80-9a32-2bfd5efcc240</itunes:new-feed-url>
    <description>Welcome to Bare Metal Cyber, the podcast that bridges cybersecurity and education in a way that’s engaging, informative, and practical. Hosted by Dr. Jason Edwards, a seasoned cybersecurity expert and educator, this weekly podcast brings to life the insights, tips, and stories from his widely-read LinkedIn articles. Each episode dives into pressing cybersecurity topics, real-world challenges, and actionable advice to empower professionals, educators, and learners alike. Whether navigating the complexities of cyber defense or looking for ways to integrate cybersecurity into education, Bare Metal Cyber delivers valuable perspectives to help you stay ahead in an ever-evolving digital world. Subscribe and join the thousands already benefiting from Jason’s expertise!</description>
    <copyright>Copyright 2025 All rights reserved.</copyright>
    <podcast:guid>9af25f2f-f465-5c56-8635-fc5e831ff06a</podcast:guid>
    <podcast:podroll>
      <podcast:remoteItem feedGuid="ac645ca7-7469-50bf-9010-f13c165e3e14" feedUrl="https://feeds.transistor.fm/baremetalcyber-dot-one"/>
      <podcast:remoteItem feedGuid="202ca6a1-6ecd-53ac-8a12-21741b75deec" feedUrl="https://feeds.transistor.fm/certified-the-isaca-aaia-audio-course"/>
      <podcast:remoteItem feedGuid="c424cfac-04e8-5c02-8ac7-4df13280735d" feedUrl="https://feeds.transistor.fm/certified-the-isaca-cisa-prepcast"/>
      <podcast:remoteItem feedGuid="143fc9c4-74e3-506c-8f6a-319fe2cb366d" feedUrl="https://feeds.transistor.fm/certified-the-cissp-prepcast"/>
      <podcast:remoteItem feedGuid="b0bba863-f5ac-53e3-ad5d-30089ff50edc" feedUrl="https://feeds.transistor.fm/certified-the-isaca-aair-audio-course"/>
      <podcast:remoteItem feedGuid="a4bd6f73-58ad-5c6b-8f9f-d58c53205adb" feedUrl="https://feeds.transistor.fm/certified-the-isaca-aaism-audio-course"/>
      <podcast:remoteItem feedGuid="12ba6b47-50a9-5caa-aebe-16bae40dbbc5" feedUrl="https://feeds.transistor.fm/cism"/>
      <podcast:remoteItem feedGuid="0a94ff8f-95c6-5b31-9262-c3761e5e5fc3" feedUrl="https://feeds.transistor.fm/certified-comptia-network"/>
      <podcast:remoteItem feedGuid="574dbf74-7929-5bb3-adfe-859278e5d7dd" feedUrl="https://feeds.transistor.fm/certified-the-comptia-linux-audio-course"/>
      <podcast:remoteItem feedGuid="6ad73685-a446-5ab3-8b2c-c25af99834f6" feedUrl="https://feeds.transistor.fm/certified-the-security-prepcast"/>
    </podcast:podroll>
    <podcast:locked owner="baremetalcyber@outlook.com">no</podcast:locked>
    <podcast:trailer pubdate="Mon, 13 Oct 2025 23:20:32 -0500" url="https://media.transistor.fm/42debba9/950598b6.mp3" length="803753" type="audio/mpeg" season="1">Trailer</podcast:trailer>
    <language>en</language>
    <pubDate>Thu, 16 Jul 2026 19:41:52 -0500</pubDate>
    <lastBuildDate>Thu, 16 Jul 2026 19:42:05 -0500</lastBuildDate>
    <link>https://baremetalcyber.com/cybersecurity-magazine</link>
    <image>
      <url>https://img.transistorcdn.com/QtY9C9fiWfC-739oKix_B-pXmpbcmMlLm2-4DUKN7kI/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9hZjI3/YTMxZTU0YzllOTRk/NzE1YzIwOTY1YjA0/ZWJiMy5wbmc.jpg</url>
      <title>Bare Metal Cyber</title>
      <link>https://baremetalcyber.com/cybersecurity-magazine</link>
    </image>
    <itunes:category text="Technology"/>
    <itunes:category text="Education"/>
    <itunes:type>episodic</itunes:type>
    <itunes:author>Dr. Jason Edwards</itunes:author>
    <itunes:image href="https://img.transistorcdn.com/QtY9C9fiWfC-739oKix_B-pXmpbcmMlLm2-4DUKN7kI/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9hZjI3/YTMxZTU0YzllOTRk/NzE1YzIwOTY1YjA0/ZWJiMy5wbmc.jpg"/>
    <itunes:summary>Welcome to Bare Metal Cyber, the podcast that bridges cybersecurity and education in a way that’s engaging, informative, and practical. Hosted by Dr. Jason Edwards, a seasoned cybersecurity expert and educator, this weekly podcast brings to life the insights, tips, and stories from his widely-read LinkedIn articles. Each episode dives into pressing cybersecurity topics, real-world challenges, and actionable advice to empower professionals, educators, and learners alike. Whether navigating the complexities of cyber defense or looking for ways to integrate cybersecurity into education, Bare Metal Cyber delivers valuable perspectives to help you stay ahead in an ever-evolving digital world. Subscribe and join the thousands already benefiting from Jason’s expertise!</itunes:summary>
    <itunes:subtitle>Welcome to Bare Metal Cyber, the podcast that bridges cybersecurity and education in a way that’s engaging, informative, and practical.</itunes:subtitle>
    <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
    <itunes:owner>
      <itunes:name>Dr. Jason Edwards</itunes:name>
      <itunes:email>baremetalcyber@outlook.com</itunes:email>
    </itunes:owner>
    <itunes:complete>No</itunes:complete>
    <itunes:explicit>No</itunes:explicit>
    <item>
      <title>The Last Legacy System</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>72</itunes:episode>
      <podcast:episode>72</podcast:episode>
      <itunes:title>The Last Legacy System</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">27bbf2ec-b5e0-41b2-88db-0360e3854334</guid>
      <link>https://share.transistor.fm/s/23f88e71</link>
      <description>
        <![CDATA[<p>Retiring a legacy system sounds simple until you realize one platform has quietly become the backbone of revenue, reporting, and regulatory history. In “The Last Legacy System: Planning for the Day You Finally Turn It Off,” the narrated version walks leaders through why one or two systems always outlive every modernization wave and why that matters for risk, resilience, and strategy. You will hear how technical entanglements, business lore, and hero culture combine to keep that last legacy system alive long after it should have been a conscious, time-bound decision.</p><p>From there, the episode follows the structure of the Wednesday “Headline” feature from Bare Metal Cyber Magazine. It explores how to move from migration talk to a true business decision, how to model and rehearse the turn-off so it fails safely instead of catastrophically, and how to handle the humans in the loop whose identities are tied to keeping the system running. It closes by looking forward: what it means to design today’s systems with explicit exit strategies, clearer ownership, and governance that treats decommissioning as a first-class concern, so you do not quietly build the next untouchable relic.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Retiring a legacy system sounds simple until you realize one platform has quietly become the backbone of revenue, reporting, and regulatory history. In “The Last Legacy System: Planning for the Day You Finally Turn It Off,” the narrated version walks leaders through why one or two systems always outlive every modernization wave and why that matters for risk, resilience, and strategy. You will hear how technical entanglements, business lore, and hero culture combine to keep that last legacy system alive long after it should have been a conscious, time-bound decision.</p><p>From there, the episode follows the structure of the Wednesday “Headline” feature from Bare Metal Cyber Magazine. It explores how to move from migration talk to a true business decision, how to model and rehearse the turn-off so it fails safely instead of catastrophically, and how to handle the humans in the loop whose identities are tied to keeping the system running. It closes by looking forward: what it means to design today’s systems with explicit exit strategies, clearer ownership, and governance that treats decommissioning as a first-class concern, so you do not quietly build the next untouchable relic.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:11:05 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/23f88e71/72fdab5b.mp3" length="48308185" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1207</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Retiring a legacy system sounds simple until you realize one platform has quietly become the backbone of revenue, reporting, and regulatory history. In “The Last Legacy System: Planning for the Day You Finally Turn It Off,” the narrated version walks leaders through why one or two systems always outlive every modernization wave and why that matters for risk, resilience, and strategy. You will hear how technical entanglements, business lore, and hero culture combine to keep that last legacy system alive long after it should have been a conscious, time-bound decision.</p><p>From there, the episode follows the structure of the Wednesday “Headline” feature from Bare Metal Cyber Magazine. It explores how to move from migration talk to a true business decision, how to model and rehearse the turn-off so it fails safely instead of catastrophically, and how to handle the humans in the loop whose identities are tied to keeping the system running. It closes by looking forward: what it means to design today’s systems with explicit exit strategies, clearer ownership, and governance that treats decommissioning as a first-class concern, so you do not quietly build the next untouchable relic.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/23f88e71/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Real-World Recovery</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>71</itunes:episode>
      <podcast:episode>71</podcast:episode>
      <itunes:title>Real-World Recovery</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">477baea3-41b9-4ae8-84b0-1109f6eeaf07</guid>
      <link>https://share.transistor.fm/s/b676148b</link>
      <description>
        <![CDATA[<p>When a major incident hits, most organizations still cling to the promise of “getting back to normal.” In this narrated Headline, “Real-World Recovery: When ‘Return to Normal’ Is the Wrong Goal,” we look at why that mindset quietly undermines resilience. The episode walks through how complex, cloud-heavy environments never truly return to a previous baseline, and why leaders are better served by thinking in terms of new, intentional steady states instead of rewinds. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine, with a focus on the decisions that shape recovery long after the alerts stop.</p><p>Across the narration, we explore the myth of “normal operations,” reframing recovery as a large-scale reconfiguration of identity, trust boundaries, and vendor dependencies. We dive into planned degraded modes and deliberate sacrifice decisions, then move into a portfolio view of recovery using named operating states rather than a single DR script. Finally, we turn to the leadership side: how to communicate that “normal has changed,” how to align boards and regulators on new baselines, and how to reward sustainable resilience instead of just fast restores. It is a practical guide for leaders who know incidents are inevitable and want their recovery story to match reality.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When a major incident hits, most organizations still cling to the promise of “getting back to normal.” In this narrated Headline, “Real-World Recovery: When ‘Return to Normal’ Is the Wrong Goal,” we look at why that mindset quietly undermines resilience. The episode walks through how complex, cloud-heavy environments never truly return to a previous baseline, and why leaders are better served by thinking in terms of new, intentional steady states instead of rewinds. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine, with a focus on the decisions that shape recovery long after the alerts stop.</p><p>Across the narration, we explore the myth of “normal operations,” reframing recovery as a large-scale reconfiguration of identity, trust boundaries, and vendor dependencies. We dive into planned degraded modes and deliberate sacrifice decisions, then move into a portfolio view of recovery using named operating states rather than a single DR script. Finally, we turn to the leadership side: how to communicate that “normal has changed,” how to align boards and regulators on new baselines, and how to reward sustainable resilience instead of just fast restores. It is a practical guide for leaders who know incidents are inevitable and want their recovery story to match reality.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:11:03 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b676148b/91e0372e.mp3" length="37828900" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>945</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When a major incident hits, most organizations still cling to the promise of “getting back to normal.” In this narrated Headline, “Real-World Recovery: When ‘Return to Normal’ Is the Wrong Goal,” we look at why that mindset quietly undermines resilience. The episode walks through how complex, cloud-heavy environments never truly return to a previous baseline, and why leaders are better served by thinking in terms of new, intentional steady states instead of rewinds. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine, with a focus on the decisions that shape recovery long after the alerts stop.</p><p>Across the narration, we explore the myth of “normal operations,” reframing recovery as a large-scale reconfiguration of identity, trust boundaries, and vendor dependencies. We dive into planned degraded modes and deliberate sacrifice decisions, then move into a portfolio view of recovery using named operating states rather than a single DR script. Finally, we turn to the leadership side: how to communicate that “normal has changed,” how to align boards and regulators on new baselines, and how to reward sustainable resilience instead of just fast restores. It is a practical guide for leaders who know incidents are inevitable and want their recovery story to match reality.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b676148b/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Culture of Disclosure</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>70</itunes:episode>
      <podcast:episode>70</podcast:episode>
      <itunes:title>Culture of Disclosure</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">fc15d05d-2eae-4872-ba0a-a71c293e6d5e</guid>
      <link>https://share.transistor.fm/s/a8308781</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Culture of Disclosure: From ‘Don’t Tell Anyone’ to ‘Report Early, Fix Faster’”, we walk through what really decides whether your organization hears the truth in time to act. You will hear how informal stories, career incentives, and leadership reactions quietly create a shadow “don’t tell anyone” policy, even when formal reporting channels exist. We connect those patterns to hard security outcomes: time-to-discovery, who finds your issues first, and how much room you have to maneuver when something goes wrong. This is a practical listen for leaders who suspect they are getting a filtered view of reality.</p><p>The episode then breaks down the architecture of a healthy disclosure culture in plain, leader-ready terms. We look at psychological safety as a security control, the design of simple pipes for early reporting, and the metrics that reward high-signal disclosures instead of only counting fires. Finally, we explore what it looks like to lead when disclosure gets painful, from late-breaking findings before a launch to regulatory and customer communications. The narration is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed to help you pressure-test your own culture of disclosure.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Culture of Disclosure: From ‘Don’t Tell Anyone’ to ‘Report Early, Fix Faster’”, we walk through what really decides whether your organization hears the truth in time to act. You will hear how informal stories, career incentives, and leadership reactions quietly create a shadow “don’t tell anyone” policy, even when formal reporting channels exist. We connect those patterns to hard security outcomes: time-to-discovery, who finds your issues first, and how much room you have to maneuver when something goes wrong. This is a practical listen for leaders who suspect they are getting a filtered view of reality.</p><p>The episode then breaks down the architecture of a healthy disclosure culture in plain, leader-ready terms. We look at psychological safety as a security control, the design of simple pipes for early reporting, and the metrics that reward high-signal disclosures instead of only counting fires. Finally, we explore what it looks like to lead when disclosure gets painful, from late-breaking findings before a launch to regulatory and customer communications. The narration is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed to help you pressure-test your own culture of disclosure.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:11:01 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/a8308781/dbe22c64.mp3" length="44351155" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1108</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Culture of Disclosure: From ‘Don’t Tell Anyone’ to ‘Report Early, Fix Faster’”, we walk through what really decides whether your organization hears the truth in time to act. You will hear how informal stories, career incentives, and leadership reactions quietly create a shadow “don’t tell anyone” policy, even when formal reporting channels exist. We connect those patterns to hard security outcomes: time-to-discovery, who finds your issues first, and how much room you have to maneuver when something goes wrong. This is a practical listen for leaders who suspect they are getting a filtered view of reality.</p><p>The episode then breaks down the architecture of a healthy disclosure culture in plain, leader-ready terms. We look at psychological safety as a security control, the design of simple pipes for early reporting, and the metrics that reward high-signal disclosures instead of only counting fires. Finally, we explore what it looks like to lead when disclosure gets painful, from late-breaking findings before a launch to regulatory and customer communications. The narration is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed to help you pressure-test your own culture of disclosure.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/a8308781/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Metrics That Move Money</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>69</itunes:episode>
      <podcast:episode>69</podcast:episode>
      <itunes:title>Metrics That Move Money</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">910e95a6-923f-45ff-bc26-75bb7fe8bb1d</guid>
      <link>https://share.transistor.fm/s/3e87825b</link>
      <description>
        <![CDATA[<p>Security budgets rarely shift because of bigger dashboards. They shift when leaders can see, in plain business terms, how specific security gaps shape financial exposure and how targeted investments change that picture. This narrated edition of Metrics That Move Money: Turning Security Data into Budget Decisions walks through how senior teams can move past activity counts and into a shared financial language for cyber risk. Grounded in my Wednesday “Headline” feature from Bare Metal Cyber Magazine, the episode explores why so many familiar metrics fail to influence funding, and how narrative metrics built around coverage, exposure, time at risk, and resilience create a clearer basis for capital allocation.</p><p>Across the article’s major sections, you’ll hear how to translate technical posture into impact ranges executives can use, how to compare very different security initiatives using a portfolio lens, and how the psychology and politics of budget conversations can either support or undermine your case. The episode also breaks down how to build a repeatable metrics operating system—one that survives tool changes, leadership turnover, and shifting business priorities. Whether you’re a CISO preparing for annual planning or a technology leader aiming to strengthen your financial storytelling, this narrative offers a durable model for making security metrics matter where it counts: in real budget decisions.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Security budgets rarely shift because of bigger dashboards. They shift when leaders can see, in plain business terms, how specific security gaps shape financial exposure and how targeted investments change that picture. This narrated edition of Metrics That Move Money: Turning Security Data into Budget Decisions walks through how senior teams can move past activity counts and into a shared financial language for cyber risk. Grounded in my Wednesday “Headline” feature from Bare Metal Cyber Magazine, the episode explores why so many familiar metrics fail to influence funding, and how narrative metrics built around coverage, exposure, time at risk, and resilience create a clearer basis for capital allocation.</p><p>Across the article’s major sections, you’ll hear how to translate technical posture into impact ranges executives can use, how to compare very different security initiatives using a portfolio lens, and how the psychology and politics of budget conversations can either support or undermine your case. The episode also breaks down how to build a repeatable metrics operating system—one that survives tool changes, leadership turnover, and shifting business priorities. Whether you’re a CISO preparing for annual planning or a technology leader aiming to strengthen your financial storytelling, this narrative offers a durable model for making security metrics matter where it counts: in real budget decisions.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:58 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3e87825b/97b590b2.mp3" length="49405329" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1234</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Security budgets rarely shift because of bigger dashboards. They shift when leaders can see, in plain business terms, how specific security gaps shape financial exposure and how targeted investments change that picture. This narrated edition of Metrics That Move Money: Turning Security Data into Budget Decisions walks through how senior teams can move past activity counts and into a shared financial language for cyber risk. Grounded in my Wednesday “Headline” feature from Bare Metal Cyber Magazine, the episode explores why so many familiar metrics fail to influence funding, and how narrative metrics built around coverage, exposure, time at risk, and resilience create a clearer basis for capital allocation.</p><p>Across the article’s major sections, you’ll hear how to translate technical posture into impact ranges executives can use, how to compare very different security initiatives using a portfolio lens, and how the psychology and politics of budget conversations can either support or undermine your case. The episode also breaks down how to build a repeatable metrics operating system—one that survives tool changes, leadership turnover, and shifting business priorities. Whether you’re a CISO preparing for annual planning or a technology leader aiming to strengthen your financial storytelling, this narrative offers a durable model for making security metrics matter where it counts: in real budget decisions.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3e87825b/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Citizen Developers Enterprise Risk</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>68</itunes:episode>
      <podcast:episode>68</podcast:episode>
      <itunes:title>Citizen Developers Enterprise Risk</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a76af7df-d290-430e-a161-52bd1bd0f904</guid>
      <link>https://share.transistor.fm/s/8d75cf00</link>
      <description>
        <![CDATA[<p>Citizen developers are no longer the exception in large enterprises; they are quietly building the workflows your business now depends on. In this narrated edition of “Citizen Developers, Enterprise Risk: Low-Code Apps You Didn’t Approve,” we explore why low-code and no-code platforms have become the default escape valve for backlogs and rigid roadmaps, and what that really means for risk. The episode walks through the core concept of citizen development as an inevitable pattern, not a fringe behavior, and reframes “unapproved” apps as a governance and ownership problem rather than a simple policy violation. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the episode unpacks the key sections of the article in practical language for security and technology leaders. You will hear the anatomy of typical low-code failures, the recurring patterns behind outages and data exposure, and a governance model that channels citizen energy into sanctioned platforms with guardrails instead of pushing it underground. We talk through the idea of a two-speed control plane, how to tier controls based on data sensitivity and blast radius, and what it means to measure and own citizen risk alongside your other technology risks. The goal is to give you a clear mental model you can carry into leadership meetings and risk discussions, not a checklist to memorize.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Citizen developers are no longer the exception in large enterprises; they are quietly building the workflows your business now depends on. In this narrated edition of “Citizen Developers, Enterprise Risk: Low-Code Apps You Didn’t Approve,” we explore why low-code and no-code platforms have become the default escape valve for backlogs and rigid roadmaps, and what that really means for risk. The episode walks through the core concept of citizen development as an inevitable pattern, not a fringe behavior, and reframes “unapproved” apps as a governance and ownership problem rather than a simple policy violation. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the episode unpacks the key sections of the article in practical language for security and technology leaders. You will hear the anatomy of typical low-code failures, the recurring patterns behind outages and data exposure, and a governance model that channels citizen energy into sanctioned platforms with guardrails instead of pushing it underground. We talk through the idea of a two-speed control plane, how to tier controls based on data sensitivity and blast radius, and what it means to measure and own citizen risk alongside your other technology risks. The goal is to give you a clear mental model you can carry into leadership meetings and risk discussions, not a checklist to memorize.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:56 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/8d75cf00/e57a69c2.mp3" length="41310515" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1032</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Citizen developers are no longer the exception in large enterprises; they are quietly building the workflows your business now depends on. In this narrated edition of “Citizen Developers, Enterprise Risk: Low-Code Apps You Didn’t Approve,” we explore why low-code and no-code platforms have become the default escape valve for backlogs and rigid roadmaps, and what that really means for risk. The episode walks through the core concept of citizen development as an inevitable pattern, not a fringe behavior, and reframes “unapproved” apps as a governance and ownership problem rather than a simple policy violation. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the episode unpacks the key sections of the article in practical language for security and technology leaders. You will hear the anatomy of typical low-code failures, the recurring patterns behind outages and data exposure, and a governance model that channels citizen energy into sanctioned platforms with guardrails instead of pushing it underground. We talk through the idea of a two-speed control plane, how to tier controls based on data sensitivity and blast radius, and what it means to measure and own citizen risk alongside your other technology risks. The goal is to give you a clear mental model you can carry into leadership meetings and risk discussions, not a checklist to memorize.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/8d75cf00/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Post-Quantum Paralysis</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>67</itunes:episode>
      <podcast:episode>67</podcast:episode>
      <itunes:title>Post-Quantum Paralysis</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4f70f8e0-a64e-4423-a973-162a80b4f645</guid>
      <link>https://share.transistor.fm/s/b0b4da32</link>
      <description>
        <![CDATA[<p>In this narrated Headline, “Post-Quantum Paralysis: Preparing for a Crypto Shift Without Freezing Roadmaps,” we unpack what post-quantum cryptography (PQC) really means for long-lived data, trust systems, and roadmaps that stretch over years. Instead of chasing a mythical “Q-day,” this episode focuses on the quieter but more dangerous problem: adversaries harvesting encrypted data now, uneven vendor timelines, and platforms that cannot evolve their crypto assumptions fast enough. You will hear how quantum risk shows up in real planning conversations and why the biggest threat is often organizational paralysis rather than a single breakthrough in a lab.</p><p>The episode walks through the key sections of the article in plain, leader-focused language. We explore how to identify the “crypto gravity wells” in PKI, identity, embedded, and vendor-heavy systems; how to treat PQC as a portfolio of bets based on data lifetime and refactor cost; and how to design for crypto agility so future algorithm changes feel like platform maintenance, not emergency surgery. Finally, we look at governance, budgets, and board communication, showing how PQC work can be integrated into existing roadmaps instead of competing with them. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated Headline, “Post-Quantum Paralysis: Preparing for a Crypto Shift Without Freezing Roadmaps,” we unpack what post-quantum cryptography (PQC) really means for long-lived data, trust systems, and roadmaps that stretch over years. Instead of chasing a mythical “Q-day,” this episode focuses on the quieter but more dangerous problem: adversaries harvesting encrypted data now, uneven vendor timelines, and platforms that cannot evolve their crypto assumptions fast enough. You will hear how quantum risk shows up in real planning conversations and why the biggest threat is often organizational paralysis rather than a single breakthrough in a lab.</p><p>The episode walks through the key sections of the article in plain, leader-focused language. We explore how to identify the “crypto gravity wells” in PKI, identity, embedded, and vendor-heavy systems; how to treat PQC as a portfolio of bets based on data lifetime and refactor cost; and how to design for crypto agility so future algorithm changes feel like platform maintenance, not emergency surgery. Finally, we look at governance, budgets, and board communication, showing how PQC work can be integrated into existing roadmaps instead of competing with them. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:54 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b0b4da32/422bda0a.mp3" length="44260250" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1106</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated Headline, “Post-Quantum Paralysis: Preparing for a Crypto Shift Without Freezing Roadmaps,” we unpack what post-quantum cryptography (PQC) really means for long-lived data, trust systems, and roadmaps that stretch over years. Instead of chasing a mythical “Q-day,” this episode focuses on the quieter but more dangerous problem: adversaries harvesting encrypted data now, uneven vendor timelines, and platforms that cannot evolve their crypto assumptions fast enough. You will hear how quantum risk shows up in real planning conversations and why the biggest threat is often organizational paralysis rather than a single breakthrough in a lab.</p><p>The episode walks through the key sections of the article in plain, leader-focused language. We explore how to identify the “crypto gravity wells” in PKI, identity, embedded, and vendor-heavy systems; how to treat PQC as a portfolio of bets based on data lifetime and refactor cost; and how to design for crypto agility so future algorithm changes feel like platform maintenance, not emergency surgery. Finally, we look at governance, budgets, and board communication, showing how PQC work can be integrated into existing roadmaps instead of competing with them. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b0b4da32/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Access Broker Auction House</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>66</itunes:episode>
      <podcast:episode>66</podcast:episode>
      <itunes:title>Access Broker Auction House</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">bc38e053-9105-49c8-b99f-7fbf429aaa92</guid>
      <link>https://share.transistor.fm/s/9f894f8c</link>
      <description>
        <![CDATA[<p>This narrated episode, based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine, takes you inside the underground market where initial access brokers (IABs) quietly auction off entry into corporate networks. Across the episode, we unpack how access gets found, stabilized, and turned into inventory, and why seemingly small design choices in identity, segmentation, and remote access show up as selling points in those listings. The focus stays firmly on leader-level questions: what makes your environment easy to productize, how attackers think about your “street value,” and why this problem will matter over the next several years.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated episode, based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine, takes you inside the underground market where initial access brokers (IABs) quietly auction off entry into corporate networks. Across the episode, we unpack how access gets found, stabilized, and turned into inventory, and why seemingly small design choices in identity, segmentation, and remote access show up as selling points in those listings. The focus stays firmly on leader-level questions: what makes your environment easy to productize, how attackers think about your “street value,” and why this problem will matter over the next several years.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:52 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/9f894f8c/a018e1e9.mp3" length="35767324" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>893</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated episode, based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine, takes you inside the underground market where initial access brokers (IABs) quietly auction off entry into corporate networks. Across the episode, we unpack how access gets found, stabilized, and turned into inventory, and why seemingly small design choices in identity, segmentation, and remote access show up as selling points in those listings. The focus stays firmly on leader-level questions: what makes your environment easy to productize, how attackers think about your “street value,” and why this problem will matter over the next several years.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/9f894f8c/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>M&amp;A Malware</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>65</itunes:episode>
      <podcast:episode>65</podcast:episode>
      <itunes:title>M&amp;A Malware</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a44831ab-72c6-4c42-857b-7cd6c2555edd</guid>
      <link>https://share.transistor.fm/s/53cde046</link>
      <description>
        <![CDATA[<p>Mergers and acquisitions are great for growth, but they can be brutal for your risk profile if you treat cyber as an afterthought. In this audio version of “M&amp;A Malware: Security Debt Hidden Inside Acquisitions,” we walk through how security debt quietly rides along with deal synergies and why traditional due diligence often fails to surface what really matters. You will hear how the deal room blind spot forms, what kinds of technical, identity, data, and governance debt you are actually buying, and why the integration window is such a powerful opportunity for attackers. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the episode moves into what leaders can actually do: redesigning cyber due diligence so it relies on evidence instead of slideware, translating findings into valuation, terms, and go/no-go decisions, and staging integration to avoid turning a new business unit into a lateral movement corridor. We also dig into governance and accountability, including where the CISO fits in the M&amp;A process and what it really means to say no to a bad deal. The goal is not to scare you away from acquisitions, but to help you treat M&amp;A as a strategic security decision you can manage on purpose, instead of a malware vector you only recognize after the fact.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Mergers and acquisitions are great for growth, but they can be brutal for your risk profile if you treat cyber as an afterthought. In this audio version of “M&amp;A Malware: Security Debt Hidden Inside Acquisitions,” we walk through how security debt quietly rides along with deal synergies and why traditional due diligence often fails to surface what really matters. You will hear how the deal room blind spot forms, what kinds of technical, identity, data, and governance debt you are actually buying, and why the integration window is such a powerful opportunity for attackers. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the episode moves into what leaders can actually do: redesigning cyber due diligence so it relies on evidence instead of slideware, translating findings into valuation, terms, and go/no-go decisions, and staging integration to avoid turning a new business unit into a lateral movement corridor. We also dig into governance and accountability, including where the CISO fits in the M&amp;A process and what it really means to say no to a bad deal. The goal is not to scare you away from acquisitions, but to help you treat M&amp;A as a strategic security decision you can manage on purpose, instead of a malware vector you only recognize after the fact.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:50 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/53cde046/3aeb1d84.mp3" length="34810182" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>869</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Mergers and acquisitions are great for growth, but they can be brutal for your risk profile if you treat cyber as an afterthought. In this audio version of “M&amp;A Malware: Security Debt Hidden Inside Acquisitions,” we walk through how security debt quietly rides along with deal synergies and why traditional due diligence often fails to surface what really matters. You will hear how the deal room blind spot forms, what kinds of technical, identity, data, and governance debt you are actually buying, and why the integration window is such a powerful opportunity for attackers. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the episode moves into what leaders can actually do: redesigning cyber due diligence so it relies on evidence instead of slideware, translating findings into valuation, terms, and go/no-go decisions, and staging integration to avoid turning a new business unit into a lateral movement corridor. We also dig into governance and accountability, including where the CISO fits in the M&amp;A process and what it really means to say no to a bad deal. The goal is not to scare you away from acquisitions, but to help you treat M&amp;A as a strategic security decision you can manage on purpose, instead of a malware vector you only recognize after the fact.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/53cde046/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Timezones Timelines and Truth</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>64</itunes:episode>
      <podcast:episode>64</podcast:episode>
      <itunes:title>Timezones Timelines and Truth</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0f267c01-92c6-4b7f-82fd-bee4d7257e22</guid>
      <link>https://share.transistor.fm/s/2cea01c0</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Timezones, Timelines, and Truth: Forensics in a Planet-Scale Company,” we dig into why so many major incidents are really arguments about time. You’ll hear how global footprints, multi-region cloud services, and a sprawl of SaaS tools quietly sabotage forensic timelines, even in organizations that think they have “good logging.” We walk through the technical and human realities that make it hard to agree on when an attack truly started, what happened in which order, and how long you were exposed, all based on the clocks and pipelines you’ve already deployed. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We also step beyond the war room and look at timelines as evidence, not just memory. The episode unpacks where telemetry pipelines distort cause-and-effect, how follow-the-sun operations and chat-driven decisions fragment the human story, and why regulators and customers increasingly treat your timeline as a formal representation of truth. From there, we shift into leadership territory: designing for forensic-grade time, setting expectations with vendors, building log quality and time normalization into your platforms, and modeling “time discipline” in executive communication. If you lead security or technology in a planet-scale company, this is about turning time from a hidden liability into a deliberate part of your incident response architecture.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Timezones, Timelines, and Truth: Forensics in a Planet-Scale Company,” we dig into why so many major incidents are really arguments about time. You’ll hear how global footprints, multi-region cloud services, and a sprawl of SaaS tools quietly sabotage forensic timelines, even in organizations that think they have “good logging.” We walk through the technical and human realities that make it hard to agree on when an attack truly started, what happened in which order, and how long you were exposed, all based on the clocks and pipelines you’ve already deployed. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We also step beyond the war room and look at timelines as evidence, not just memory. The episode unpacks where telemetry pipelines distort cause-and-effect, how follow-the-sun operations and chat-driven decisions fragment the human story, and why regulators and customers increasingly treat your timeline as a formal representation of truth. From there, we shift into leadership territory: designing for forensic-grade time, setting expectations with vendors, building log quality and time normalization into your platforms, and modeling “time discipline” in executive communication. If you lead security or technology in a planet-scale company, this is about turning time from a hidden liability into a deliberate part of your incident response architecture.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:47 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2cea01c0/0aecdb5a.mp3" length="42970853" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1073</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Timezones, Timelines, and Truth: Forensics in a Planet-Scale Company,” we dig into why so many major incidents are really arguments about time. You’ll hear how global footprints, multi-region cloud services, and a sprawl of SaaS tools quietly sabotage forensic timelines, even in organizations that think they have “good logging.” We walk through the technical and human realities that make it hard to agree on when an attack truly started, what happened in which order, and how long you were exposed, all based on the clocks and pipelines you’ve already deployed. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We also step beyond the war room and look at timelines as evidence, not just memory. The episode unpacks where telemetry pipelines distort cause-and-effect, how follow-the-sun operations and chat-driven decisions fragment the human story, and why regulators and customers increasingly treat your timeline as a formal representation of truth. From there, we shift into leadership territory: designing for forensic-grade time, setting expectations with vendors, building log quality and time normalization into your platforms, and modeling “time discipline” in executive communication. If you lead security or technology in a planet-scale company, this is about turning time from a hidden liability into a deliberate part of your incident response architecture.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2cea01c0/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Sensitive by Default</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>63</itunes:episode>
      <podcast:episode>63</podcast:episode>
      <itunes:title>Sensitive by Default</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">24bb7d06-48a2-420f-a43e-4e0bbd0bb401</guid>
      <link>https://share.transistor.fm/s/44ccf1d7</link>
      <description>
        <![CDATA[<p>This narrated edition of “Sensitive by Default: Designing Systems That Assume Everything Matters” walks through what happens when you stop pretending you can neatly separate “sensitive” from “non-sensitive” data. We explore how modern stacks turn telemetry, feature flags, observability traces, and AI interactions into high-value intelligence, even when no one labeled it confidential. From there, the episode unpacks why traditional data classification schemes create a comforting mirage and how risk actually concentrates in the messy middle of real data flows, logs, and analytics platforms that leaders rarely revisit once they are wired up.</p><p>You will also hear a leader-focused tour of sensitive-by-default patterns for architecture, platform engineering, and governance. We talk about encrypt-by-default storage and messaging, identity and access management (IAM) that favors time-bound and purpose-bound access, and data minimization and transformation techniques that reduce blast radius without killing developer velocity. The episode closes on the leadership moves: funding golden paths as first-class products, choosing the right metrics, and deciding when and how to consciously relax protections. It is all based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine, translated into an audio walkthrough you can take on a commute, a flight, or a late-night architecture review.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated edition of “Sensitive by Default: Designing Systems That Assume Everything Matters” walks through what happens when you stop pretending you can neatly separate “sensitive” from “non-sensitive” data. We explore how modern stacks turn telemetry, feature flags, observability traces, and AI interactions into high-value intelligence, even when no one labeled it confidential. From there, the episode unpacks why traditional data classification schemes create a comforting mirage and how risk actually concentrates in the messy middle of real data flows, logs, and analytics platforms that leaders rarely revisit once they are wired up.</p><p>You will also hear a leader-focused tour of sensitive-by-default patterns for architecture, platform engineering, and governance. We talk about encrypt-by-default storage and messaging, identity and access management (IAM) that favors time-bound and purpose-bound access, and data minimization and transformation techniques that reduce blast radius without killing developer velocity. The episode closes on the leadership moves: funding golden paths as first-class products, choosing the right metrics, and deciding when and how to consciously relax protections. It is all based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine, translated into an audio walkthrough you can take on a commute, a flight, or a late-night architecture review.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:45 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/44ccf1d7/26828128.mp3" length="39989750" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>999</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated edition of “Sensitive by Default: Designing Systems That Assume Everything Matters” walks through what happens when you stop pretending you can neatly separate “sensitive” from “non-sensitive” data. We explore how modern stacks turn telemetry, feature flags, observability traces, and AI interactions into high-value intelligence, even when no one labeled it confidential. From there, the episode unpacks why traditional data classification schemes create a comforting mirage and how risk actually concentrates in the messy middle of real data flows, logs, and analytics platforms that leaders rarely revisit once they are wired up.</p><p>You will also hear a leader-focused tour of sensitive-by-default patterns for architecture, platform engineering, and governance. We talk about encrypt-by-default storage and messaging, identity and access management (IAM) that favors time-bound and purpose-bound access, and data minimization and transformation techniques that reduce blast radius without killing developer velocity. The episode closes on the leadership moves: funding golden paths as first-class products, choosing the right metrics, and deciding when and how to consciously relax protections. It is all based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine, translated into an audio walkthrough you can take on a commute, a flight, or a late-night architecture review.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/44ccf1d7/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Shadow AI Projects</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>62</itunes:episode>
      <podcast:episode>62</podcast:episode>
      <itunes:title>Shadow AI Projects</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">6efe4228-a45c-437b-aab4-2b0a6963539f</guid>
      <link>https://share.transistor.fm/s/1547975a</link>
      <description>
        <![CDATA[<p>Shadow AI Projects: The Models Built in Corners of the Business explores the reality that many of your “AI initiatives” never went through an official roadmap. In this narrated edition of our Wednesday “Headline” feature from Bare Metal Cyber Magazine, we walk through the quiet places where models and automations already live: vendor “AI assist” toggles, abandoned notebooks, low-code flows, and small scripts that shape real business decisions. The episode explains why smart people go rogue in the first place, how incentives and pressure drive experimentation into the shadows, and what that says about your operating model as a leader.</p><p>From there, the episode breaks the problem down into practical pieces. You will hear a clear way to segment shadow AI risk across data, decisions, intellectual property, and operational fragility, and how to move from witch hunts to a discovery program that teams actually trust. We talk through what “guardrails without gridlock” looks like in practice, how to design tiers of AI usage, and how to build an honest narrative for executives, boards, and regulators. By the end, you will have a way to talk about shadow AI that is candid, structured, and usable in your next leadership conversation.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Shadow AI Projects: The Models Built in Corners of the Business explores the reality that many of your “AI initiatives” never went through an official roadmap. In this narrated edition of our Wednesday “Headline” feature from Bare Metal Cyber Magazine, we walk through the quiet places where models and automations already live: vendor “AI assist” toggles, abandoned notebooks, low-code flows, and small scripts that shape real business decisions. The episode explains why smart people go rogue in the first place, how incentives and pressure drive experimentation into the shadows, and what that says about your operating model as a leader.</p><p>From there, the episode breaks the problem down into practical pieces. You will hear a clear way to segment shadow AI risk across data, decisions, intellectual property, and operational fragility, and how to move from witch hunts to a discovery program that teams actually trust. We talk through what “guardrails without gridlock” looks like in practice, how to design tiers of AI usage, and how to build an honest narrative for executives, boards, and regulators. By the end, you will have a way to talk about shadow AI that is candid, structured, and usable in your next leadership conversation.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:43 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1547975a/a31402eb.mp3" length="46095087" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1151</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Shadow AI Projects: The Models Built in Corners of the Business explores the reality that many of your “AI initiatives” never went through an official roadmap. In this narrated edition of our Wednesday “Headline” feature from Bare Metal Cyber Magazine, we walk through the quiet places where models and automations already live: vendor “AI assist” toggles, abandoned notebooks, low-code flows, and small scripts that shape real business decisions. The episode explains why smart people go rogue in the first place, how incentives and pressure drive experimentation into the shadows, and what that says about your operating model as a leader.</p><p>From there, the episode breaks the problem down into practical pieces. You will hear a clear way to segment shadow AI risk across data, decisions, intellectual property, and operational fragility, and how to move from witch hunts to a discovery program that teams actually trust. We talk through what “guardrails without gridlock” looks like in practice, how to design tiers of AI usage, and how to build an honest narrative for executives, boards, and regulators. By the end, you will have a way to talk about shadow AI that is candid, structured, and usable in your next leadership conversation.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1547975a/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Digital Consequences</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>61</itunes:episode>
      <podcast:episode>61</podcast:episode>
      <itunes:title>Digital Consequences</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0bdfc444-0bf2-4928-8794-cb83599bb694</guid>
      <link>https://share.transistor.fm/s/7e072dc3</link>
      <description>
        <![CDATA[<p>Hybrid threats are changing what it means to “handle an incident,” and this narrated episode walks through how that plays out when protests, outages, and digital campaigns collide. You’ll hear how physical demonstrations spill into doxxing, harassment, and pressure on online services, and why outages are increasingly used as leverage rather than just unfortunate side effects. We’ll explore how shared infrastructure—payments, cloud, identity, logistics—turns into a pressure point during social unrest, and why it leaves many organizations caught in the middle of political, regulatory, and criminal forces they do not control.</p><p>From there, the episode turns to leadership and design. It unpacks how fuzzy ownership between cyber, physical security, legal, HR, and communications amplifies chaos, and what it means to architect for graceful degradation instead of brittle heroics. You’ll hear concrete patterns for hybrid resilience, from segmentation choices to decision playbooks, and how to define a coherent posture in a politicized network where every uptime or shutdown decision is read as a signal. This audio is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine, “Digital Consequences: Protests, Outages, and Hybrid Threats.”</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Hybrid threats are changing what it means to “handle an incident,” and this narrated episode walks through how that plays out when protests, outages, and digital campaigns collide. You’ll hear how physical demonstrations spill into doxxing, harassment, and pressure on online services, and why outages are increasingly used as leverage rather than just unfortunate side effects. We’ll explore how shared infrastructure—payments, cloud, identity, logistics—turns into a pressure point during social unrest, and why it leaves many organizations caught in the middle of political, regulatory, and criminal forces they do not control.</p><p>From there, the episode turns to leadership and design. It unpacks how fuzzy ownership between cyber, physical security, legal, HR, and communications amplifies chaos, and what it means to architect for graceful degradation instead of brittle heroics. You’ll hear concrete patterns for hybrid resilience, from segmentation choices to decision playbooks, and how to define a coherent posture in a politicized network where every uptime or shutdown decision is read as a signal. This audio is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine, “Digital Consequences: Protests, Outages, and Hybrid Threats.”</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:41 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/7e072dc3/a82fbfec.mp3" length="43385668" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1084</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Hybrid threats are changing what it means to “handle an incident,” and this narrated episode walks through how that plays out when protests, outages, and digital campaigns collide. You’ll hear how physical demonstrations spill into doxxing, harassment, and pressure on online services, and why outages are increasingly used as leverage rather than just unfortunate side effects. We’ll explore how shared infrastructure—payments, cloud, identity, logistics—turns into a pressure point during social unrest, and why it leaves many organizations caught in the middle of political, regulatory, and criminal forces they do not control.</p><p>From there, the episode turns to leadership and design. It unpacks how fuzzy ownership between cyber, physical security, legal, HR, and communications amplifies chaos, and what it means to architect for graceful degradation instead of brittle heroics. You’ll hear concrete patterns for hybrid resilience, from segmentation choices to decision playbooks, and how to define a coherent posture in a politicized network where every uptime or shutdown decision is read as a signal. This audio is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine, “Digital Consequences: Protests, Outages, and Hybrid Threats.”</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/7e072dc3/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>The Great Unmanaged</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>60</itunes:episode>
      <podcast:episode>60</podcast:episode>
      <itunes:title>The Great Unmanaged</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">317b8724-f202-4485-8c27-76f144f90140</guid>
      <link>https://share.transistor.fm/s/f6f3deea</link>
      <description>
        <![CDATA[<p>When contractors, partners, and “temporary” staff never really leave your environment, their access quietly becomes part of your infrastructure. In this episode, we walk through how non-employee identities accumulate around your core systems, why joiner-mover-leaver processes that stop at the HR boundary are no longer enough, and how “temporary” access turns into permanent risk. You will hear concrete patterns from cloud and SaaS environments, where vendor portals, support logins, and one-off project accounts slowly grow into a shadow perimeter that attackers see more clearly than you do.</p><p>We then shift into the leadership moves that actually change your risk over time. The conversation covers how to design first-class lifecycles for non-employee identities, including sponsorship, expiry, and re-attestation; how to connect those mechanics to contracts, legal expectations, and third-party risk narratives for the board; and how to build a culture where turning off access is normal, not heroic. This narration is developed from “The Great Unmanaged: Contractors, Partners, and Temporary Access Gone Permanent,” a Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When contractors, partners, and “temporary” staff never really leave your environment, their access quietly becomes part of your infrastructure. In this episode, we walk through how non-employee identities accumulate around your core systems, why joiner-mover-leaver processes that stop at the HR boundary are no longer enough, and how “temporary” access turns into permanent risk. You will hear concrete patterns from cloud and SaaS environments, where vendor portals, support logins, and one-off project accounts slowly grow into a shadow perimeter that attackers see more clearly than you do.</p><p>We then shift into the leadership moves that actually change your risk over time. The conversation covers how to design first-class lifecycles for non-employee identities, including sponsorship, expiry, and re-attestation; how to connect those mechanics to contracts, legal expectations, and third-party risk narratives for the board; and how to build a culture where turning off access is normal, not heroic. This narration is developed from “The Great Unmanaged: Contractors, Partners, and Temporary Access Gone Permanent,” a Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:39 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f6f3deea/79749b80.mp3" length="42933227" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1072</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When contractors, partners, and “temporary” staff never really leave your environment, their access quietly becomes part of your infrastructure. In this episode, we walk through how non-employee identities accumulate around your core systems, why joiner-mover-leaver processes that stop at the HR boundary are no longer enough, and how “temporary” access turns into permanent risk. You will hear concrete patterns from cloud and SaaS environments, where vendor portals, support logins, and one-off project accounts slowly grow into a shadow perimeter that attackers see more clearly than you do.</p><p>We then shift into the leadership moves that actually change your risk over time. The conversation covers how to design first-class lifecycles for non-employee identities, including sponsorship, expiry, and re-attestation; how to connect those mechanics to contracts, legal expectations, and third-party risk narratives for the board; and how to build a culture where turning off access is normal, not heroic. This narration is developed from “The Great Unmanaged: Contractors, Partners, and Temporary Access Gone Permanent,” a Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f6f3deea/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Zero Signal</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>59</itunes:episode>
      <podcast:episode>59</podcast:episode>
      <itunes:title>Zero Signal</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">2d6cf48b-4b87-4633-ab08-4e7cde1481e3</guid>
      <link>https://share.transistor.fm/s/6f4e3d7c</link>
      <description>
        <![CDATA[<p>This narrated edition of “Zero Signal: When Telemetry Costs More Than the Risk It Mitigates” walks leaders through the uncomfortable reality that security telemetry has become one of the biggest unchecked taxes in modern environments. We look at how logs, traces, and events grew from helpful debugging aids into a sprawling, expensive portfolio that often delivers more noise than signal. You will hear how the economic, operational, and cognitive costs of telemetry accumulate over time and why “log everything” is no longer a defensible default for mature organizations.</p><p>From there, the episode traces the key moves in the article: reframing telemetry as a risk instrument, exposing failure modes on both over-collection and over-pruning, and outlining what it means to design visibility on purpose instead of inheriting vendor defaults. We talk through tiered telemetry, business-critical journeys, and the governance decisions that keep costs and coverage in balance. Throughout, the narration stays grounded in leadership conversations and trade-offs, all based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated edition of “Zero Signal: When Telemetry Costs More Than the Risk It Mitigates” walks leaders through the uncomfortable reality that security telemetry has become one of the biggest unchecked taxes in modern environments. We look at how logs, traces, and events grew from helpful debugging aids into a sprawling, expensive portfolio that often delivers more noise than signal. You will hear how the economic, operational, and cognitive costs of telemetry accumulate over time and why “log everything” is no longer a defensible default for mature organizations.</p><p>From there, the episode traces the key moves in the article: reframing telemetry as a risk instrument, exposing failure modes on both over-collection and over-pruning, and outlining what it means to design visibility on purpose instead of inheriting vendor defaults. We talk through tiered telemetry, business-critical journeys, and the governance decisions that keep costs and coverage in balance. Throughout, the narration stays grounded in leadership conversations and trade-offs, all based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:36 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6f4e3d7c/e665cfc9.mp3" length="36462165" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>911</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated edition of “Zero Signal: When Telemetry Costs More Than the Risk It Mitigates” walks leaders through the uncomfortable reality that security telemetry has become one of the biggest unchecked taxes in modern environments. We look at how logs, traces, and events grew from helpful debugging aids into a sprawling, expensive portfolio that often delivers more noise than signal. You will hear how the economic, operational, and cognitive costs of telemetry accumulate over time and why “log everything” is no longer a defensible default for mature organizations.</p><p>From there, the episode traces the key moves in the article: reframing telemetry as a risk instrument, exposing failure modes on both over-collection and over-pruning, and outlining what it means to design visibility on purpose instead of inheriting vendor defaults. We talk through tiered telemetry, business-critical journeys, and the governance decisions that keep costs and coverage in balance. Throughout, the narration stays grounded in leadership conversations and trade-offs, all based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6f4e3d7c/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Purple Team Statecraft</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>58</itunes:episode>
      <podcast:episode>58</podcast:episode>
      <itunes:title>Purple Team Statecraft</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">14cecc75-4e4e-4481-9134-95d96a5f6afd</guid>
      <link>https://share.transistor.fm/s/4e768e3a</link>
      <description>
        <![CDATA[<p>Purple team exercises are showing up on more roadmaps, but many organizations still struggle to turn those war games into real movement on risk, architecture, and budget. In this narrated edition of “Purple Team Statecraft: Turning Exercises into Actual Change,” you will hear how to reframe purple teaming from a technical joint exercise into a deliberate tool of statecraft. The episode walks through what it means to design scenarios around real decisions, capture evidence that survives the room, and connect findings directly to the forums where strategy and spending are actually decided.</p><p>Across the story, the narration explores how to plug purple team outputs into governance, avoid blame theater, and build a cadence that keeps the organization in motion rather than chasing novelty. You will hear concrete examples of decision-centered exercises in areas like identity, cloud, and AI adoption, as well as practical ways to measure whether purple teaming is shaping risk appetite and roadmaps instead of just generating colorful reports. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine, giving you a leader-focused walkthrough you can absorb on the move.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Purple team exercises are showing up on more roadmaps, but many organizations still struggle to turn those war games into real movement on risk, architecture, and budget. In this narrated edition of “Purple Team Statecraft: Turning Exercises into Actual Change,” you will hear how to reframe purple teaming from a technical joint exercise into a deliberate tool of statecraft. The episode walks through what it means to design scenarios around real decisions, capture evidence that survives the room, and connect findings directly to the forums where strategy and spending are actually decided.</p><p>Across the story, the narration explores how to plug purple team outputs into governance, avoid blame theater, and build a cadence that keeps the organization in motion rather than chasing novelty. You will hear concrete examples of decision-centered exercises in areas like identity, cloud, and AI adoption, as well as practical ways to measure whether purple teaming is shaping risk appetite and roadmaps instead of just generating colorful reports. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine, giving you a leader-focused walkthrough you can absorb on the move.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:34 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/4e768e3a/b5ed18f6.mp3" length="26352789" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>658</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Purple team exercises are showing up on more roadmaps, but many organizations still struggle to turn those war games into real movement on risk, architecture, and budget. In this narrated edition of “Purple Team Statecraft: Turning Exercises into Actual Change,” you will hear how to reframe purple teaming from a technical joint exercise into a deliberate tool of statecraft. The episode walks through what it means to design scenarios around real decisions, capture evidence that survives the room, and connect findings directly to the forums where strategy and spending are actually decided.</p><p>Across the story, the narration explores how to plug purple team outputs into governance, avoid blame theater, and build a cadence that keeps the organization in motion rather than chasing novelty. You will hear concrete examples of decision-centered exercises in areas like identity, cloud, and AI adoption, as well as practical ways to measure whether purple teaming is shaping risk appetite and roadmaps instead of just generating colorful reports. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine, giving you a leader-focused walkthrough you can absorb on the move.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/4e768e3a/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Making Alerts Great Again</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>57</itunes:episode>
      <podcast:episode>57</podcast:episode>
      <itunes:title>Making Alerts Great Again</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4bc8ba20-e2cd-46f7-b821-eda3ea645916</guid>
      <link>https://share.transistor.fm/s/d4d8f9cc</link>
      <description>
        <![CDATA[<p>When you look past the wall of dashboards in most security operations centers, a tougher reality appears: leaders can see alert volumes and colorful charts, but they cannot always say which attacker behaviors they truly catch with confidence. In this narrated audio version of “Making Alerts Great Again: Detection Engineering, Not Dashboard Worship,” we walk through why that gap exists and what it means for security and technology leadership. You will hear a clear explanation of how detection engineering reframes the problem, turning raw telemetry from tools like security information and event management platforms and endpoint detection and response systems into deliberate, testable detections aligned with attacker behavior and business risk.</p><p>The episode also breaks down the system and organizational side of the story in practical terms. We explore what a real detection pipeline looks like, who should own detections inside your team, and how to measure detection quality instead of just counting alerts. Along the way, you will get language to shift board and executive conversations away from screenshot theater and toward evidence-based confidence in specific detection capabilities. This narration is based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed to help you think more clearly about where to invest your next unit of time, budget, and political capital in security operations.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When you look past the wall of dashboards in most security operations centers, a tougher reality appears: leaders can see alert volumes and colorful charts, but they cannot always say which attacker behaviors they truly catch with confidence. In this narrated audio version of “Making Alerts Great Again: Detection Engineering, Not Dashboard Worship,” we walk through why that gap exists and what it means for security and technology leadership. You will hear a clear explanation of how detection engineering reframes the problem, turning raw telemetry from tools like security information and event management platforms and endpoint detection and response systems into deliberate, testable detections aligned with attacker behavior and business risk.</p><p>The episode also breaks down the system and organizational side of the story in practical terms. We explore what a real detection pipeline looks like, who should own detections inside your team, and how to measure detection quality instead of just counting alerts. Along the way, you will get language to shift board and executive conversations away from screenshot theater and toward evidence-based confidence in specific detection capabilities. This narration is based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed to help you think more clearly about where to invest your next unit of time, budget, and political capital in security operations.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:32 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d4d8f9cc/963e2535.mp3" length="28601412" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>714</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When you look past the wall of dashboards in most security operations centers, a tougher reality appears: leaders can see alert volumes and colorful charts, but they cannot always say which attacker behaviors they truly catch with confidence. In this narrated audio version of “Making Alerts Great Again: Detection Engineering, Not Dashboard Worship,” we walk through why that gap exists and what it means for security and technology leadership. You will hear a clear explanation of how detection engineering reframes the problem, turning raw telemetry from tools like security information and event management platforms and endpoint detection and response systems into deliberate, testable detections aligned with attacker behavior and business risk.</p><p>The episode also breaks down the system and organizational side of the story in practical terms. We explore what a real detection pipeline looks like, who should own detections inside your team, and how to measure detection quality instead of just counting alerts. Along the way, you will get language to shift board and executive conversations away from screenshot theater and toward evidence-based confidence in specific detection capabilities. This narration is based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed to help you think more clearly about where to invest your next unit of time, budget, and political capital in security operations.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d4d8f9cc/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Data Gravity Wells</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>56</itunes:episode>
      <podcast:episode>56</podcast:episode>
      <itunes:title>Data Gravity Wells</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0ed828cc-59f5-4678-8456-b041811fff2d</guid>
      <link>https://share.transistor.fm/s/7dcc5c98</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Data Gravity Wells: Where Sensitive Information Inevitably Sinks,” we walk through why your most critical data rarely stays inside the neat boxes on your architecture diagram. Sensitive records drift into logs, analytics environments, collaboration suites, and emerging AI stores, quietly forming a handful of platforms that now define your real exposure. You will hear how data gravity wells emerge from integration decisions, analytics demands, and vendor ecosystems, and why they often sit outside the traditional list of “crown jewel” systems security programs are built around. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We then move through the core sections of the article in clear, leader-focused language. You will hear how systems of record become systems of exposure, how to design a practical map of your own data gravity wells, and what it means to treat those platforms as “Tier 0 for data.” We explore trade-offs around centralization, analytics, AI initiatives, and multi-cloud integration, showing where you can intentionally bend data gravity instead of discovering new wells after an incident. By the end, you will have a mental model and a set of conversations you can bring to your own teams and board about where your sensitive information actually sinks.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Data Gravity Wells: Where Sensitive Information Inevitably Sinks,” we walk through why your most critical data rarely stays inside the neat boxes on your architecture diagram. Sensitive records drift into logs, analytics environments, collaboration suites, and emerging AI stores, quietly forming a handful of platforms that now define your real exposure. You will hear how data gravity wells emerge from integration decisions, analytics demands, and vendor ecosystems, and why they often sit outside the traditional list of “crown jewel” systems security programs are built around. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We then move through the core sections of the article in clear, leader-focused language. You will hear how systems of record become systems of exposure, how to design a practical map of your own data gravity wells, and what it means to treat those platforms as “Tier 0 for data.” We explore trade-offs around centralization, analytics, AI initiatives, and multi-cloud integration, showing where you can intentionally bend data gravity instead of discovering new wells after an incident. By the end, you will have a mental model and a set of conversations you can bring to your own teams and board about where your sensitive information actually sinks.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:30 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/7dcc5c98/bc30c84d.mp3" length="40394124" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1009</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Data Gravity Wells: Where Sensitive Information Inevitably Sinks,” we walk through why your most critical data rarely stays inside the neat boxes on your architecture diagram. Sensitive records drift into logs, analytics environments, collaboration suites, and emerging AI stores, quietly forming a handful of platforms that now define your real exposure. You will hear how data gravity wells emerge from integration decisions, analytics demands, and vendor ecosystems, and why they often sit outside the traditional list of “crown jewel” systems security programs are built around. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We then move through the core sections of the article in clear, leader-focused language. You will hear how systems of record become systems of exposure, how to design a practical map of your own data gravity wells, and what it means to treat those platforms as “Tier 0 for data.” We explore trade-offs around centralization, analytics, AI initiatives, and multi-cloud integration, showing where you can intentionally bend data gravity instead of discovering new wells after an incident. By the end, you will have a mental model and a set of conversations you can bring to your own teams and board about where your sensitive information actually sinks.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/7dcc5c98/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>The API Gold Rush</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>55</itunes:episode>
      <podcast:episode>55</podcast:episode>
      <itunes:title>The API Gold Rush</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">9f3dfc79-96ee-44d9-ae92-dc67c82b6b03</guid>
      <link>https://share.transistor.fm/s/01140571</link>
      <description>
        <![CDATA[<p>In this audio edition of “The API Gold Rush: Security When Everything Becomes a Service,” you get a guided walk through what happens when APIs become the default interface for everything your organization does. The narration unpacks how an ever-expanding API surface quietly turns into the business surface, why “just one more endpoint” keeps creating new seams of risk, and where ownership tends to fall apart between product, platform, security, and partners. It is built from my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for leaders who need to see the whole landscape, not just the latest incident.</p><p>You will hear how the article moves from mapping API sprawl, to the shift from features to platforms, to concrete ownership and guardrail patterns that actually scale. The description of secure-by-default “paved roads,” partner and customer APIs as a distinct exposure class, and pragmatic measurement of API health gives you a language you can use with your own teams and board. The goal is not to memorize controls, but to internalize a mental model for owning an API surface that never stops growing, while keeping delivery fast and risk explainable.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this audio edition of “The API Gold Rush: Security When Everything Becomes a Service,” you get a guided walk through what happens when APIs become the default interface for everything your organization does. The narration unpacks how an ever-expanding API surface quietly turns into the business surface, why “just one more endpoint” keeps creating new seams of risk, and where ownership tends to fall apart between product, platform, security, and partners. It is built from my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for leaders who need to see the whole landscape, not just the latest incident.</p><p>You will hear how the article moves from mapping API sprawl, to the shift from features to platforms, to concrete ownership and guardrail patterns that actually scale. The description of secure-by-default “paved roads,” partner and customer APIs as a distinct exposure class, and pragmatic measurement of API health gives you a language you can use with your own teams and board. The goal is not to memorize controls, but to internalize a mental model for owning an API surface that never stops growing, while keeping delivery fast and risk explainable.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:28 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/01140571/4206bb09.mp3" length="50940278" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1273</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this audio edition of “The API Gold Rush: Security When Everything Becomes a Service,” you get a guided walk through what happens when APIs become the default interface for everything your organization does. The narration unpacks how an ever-expanding API surface quietly turns into the business surface, why “just one more endpoint” keeps creating new seams of risk, and where ownership tends to fall apart between product, platform, security, and partners. It is built from my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for leaders who need to see the whole landscape, not just the latest incident.</p><p>You will hear how the article moves from mapping API sprawl, to the shift from features to platforms, to concrete ownership and guardrail patterns that actually scale. The description of secure-by-default “paved roads,” partner and customer APIs as a distinct exposure class, and pragmatic measurement of API health gives you a language you can use with your own teams and board. The goal is not to memorize controls, but to internalize a mental model for owning an API surface that never stops growing, while keeping delivery fast and risk explainable.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/01140571/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Controls Without Context</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>54</itunes:episode>
      <podcast:episode>54</podcast:episode>
      <itunes:title>Controls Without Context</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">65adf5c8-a535-4232-af2a-fae1be507918</guid>
      <link>https://share.transistor.fm/s/d97721ca</link>
      <description>
        <![CDATA[<p>Compliance checklists promise clarity, but they can also turn into a parallel universe that has little to do with how your environment really works. In this narrated audio version of “Controls Without Context: When Compliance Checklists Backfire,” we walk through why control catalogs feel so comforting to leaders and how they gradually drift away from modern architectures, cloud-native services, SaaS sprawl, and AI-driven workflows. You will hear how “green” status on dashboards can coexist with real attack paths that were never modeled, and why incidents so often expose gaps that compliance paperwork never even contemplated. The focus stays squarely on senior security and technology leaders who need a more honest way to talk about assurance, risk, and defensibility.</p><p>From there, the episode unpacks the key moves that reconnect controls to reality. We explore how to put architecture and data flows back at the center of assurance, how ownership and incentives shape the quality of your control set, and how to design evidence that actually teaches you something about system behavior instead of filling binders once a year. Along the way, you will hear practical patterns for making compliance a by-product of well-run systems rather than a separate bureaucracy. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine and is designed to give you language and mental models you can use immediately with your teams, your peers, and your board.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Compliance checklists promise clarity, but they can also turn into a parallel universe that has little to do with how your environment really works. In this narrated audio version of “Controls Without Context: When Compliance Checklists Backfire,” we walk through why control catalogs feel so comforting to leaders and how they gradually drift away from modern architectures, cloud-native services, SaaS sprawl, and AI-driven workflows. You will hear how “green” status on dashboards can coexist with real attack paths that were never modeled, and why incidents so often expose gaps that compliance paperwork never even contemplated. The focus stays squarely on senior security and technology leaders who need a more honest way to talk about assurance, risk, and defensibility.</p><p>From there, the episode unpacks the key moves that reconnect controls to reality. We explore how to put architecture and data flows back at the center of assurance, how ownership and incentives shape the quality of your control set, and how to design evidence that actually teaches you something about system behavior instead of filling binders once a year. Along the way, you will hear practical patterns for making compliance a by-product of well-run systems rather than a separate bureaucracy. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine and is designed to give you language and mental models you can use immediately with your teams, your peers, and your board.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:25 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d97721ca/031d0111.mp3" length="38760954" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>968</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Compliance checklists promise clarity, but they can also turn into a parallel universe that has little to do with how your environment really works. In this narrated audio version of “Controls Without Context: When Compliance Checklists Backfire,” we walk through why control catalogs feel so comforting to leaders and how they gradually drift away from modern architectures, cloud-native services, SaaS sprawl, and AI-driven workflows. You will hear how “green” status on dashboards can coexist with real attack paths that were never modeled, and why incidents so often expose gaps that compliance paperwork never even contemplated. The focus stays squarely on senior security and technology leaders who need a more honest way to talk about assurance, risk, and defensibility.</p><p>From there, the episode unpacks the key moves that reconnect controls to reality. We explore how to put architecture and data flows back at the center of assurance, how ownership and incentives shape the quality of your control set, and how to design evidence that actually teaches you something about system behavior instead of filling binders once a year. Along the way, you will hear practical patterns for making compliance a by-product of well-run systems rather than a separate bureaucracy. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine and is designed to give you language and mental models you can use immediately with your teams, your peers, and your board.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d97721ca/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Third-Party Truth Serum</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>53</itunes:episode>
      <podcast:episode>53</podcast:episode>
      <itunes:title>Third-Party Truth Serum</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">554be53c-53db-4a1d-ab57-1cc3cd88b3f4</guid>
      <link>https://share.transistor.fm/s/49195249</link>
      <description>
        <![CDATA[<p>When a vendor says “trust us,” what are you actually trusting? In this audio edition of Third-Party Truth Serum: Getting Real Answers from Vendors Who Say “Trust Us” — From Questionnaires to Continuous Validation and Shared Fate, we walk through why traditional third-party assurance feels so polished on paper yet so fragile in practice. You will hear how questionnaires, certifications, and audit reports became the default currency of vendor risk, why they routinely create an illusion of assurance, and what a more grounded definition of “evidence” looks like for relationships that sit in your real blast radius.</p><p>From there, the episode unpacks how to move toward continuous validation, how to structure shared-fate contracts and governance, and how to operate a serious third-party program without turning into the department of no. We close by focusing on the leadership side: framing vendor dependency in plain language for boards and regulators, choosing where to push for deeper visibility, and knowing when “yes, with conditions” is the right strategic answer. This narration is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for security and technology leaders who need a more honest way to talk about third-party risk.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When a vendor says “trust us,” what are you actually trusting? In this audio edition of Third-Party Truth Serum: Getting Real Answers from Vendors Who Say “Trust Us” — From Questionnaires to Continuous Validation and Shared Fate, we walk through why traditional third-party assurance feels so polished on paper yet so fragile in practice. You will hear how questionnaires, certifications, and audit reports became the default currency of vendor risk, why they routinely create an illusion of assurance, and what a more grounded definition of “evidence” looks like for relationships that sit in your real blast radius.</p><p>From there, the episode unpacks how to move toward continuous validation, how to structure shared-fate contracts and governance, and how to operate a serious third-party program without turning into the department of no. We close by focusing on the leadership side: framing vendor dependency in plain language for boards and regulators, choosing where to push for deeper visibility, and knowing when “yes, with conditions” is the right strategic answer. This narration is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for security and technology leaders who need a more honest way to talk about third-party risk.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:23 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/49195249/0566f522.mp3" length="47777377" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1193</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When a vendor says “trust us,” what are you actually trusting? In this audio edition of Third-Party Truth Serum: Getting Real Answers from Vendors Who Say “Trust Us” — From Questionnaires to Continuous Validation and Shared Fate, we walk through why traditional third-party assurance feels so polished on paper yet so fragile in practice. You will hear how questionnaires, certifications, and audit reports became the default currency of vendor risk, why they routinely create an illusion of assurance, and what a more grounded definition of “evidence” looks like for relationships that sit in your real blast radius.</p><p>From there, the episode unpacks how to move toward continuous validation, how to structure shared-fate contracts and governance, and how to operate a serious third-party program without turning into the department of no. We close by focusing on the leadership side: framing vendor dependency in plain language for boards and regulators, choosing where to push for deeper visibility, and knowing when “yes, with conditions” is the right strategic answer. This narration is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for security and technology leaders who need a more honest way to talk about third-party risk.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/49195249/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Regulation Whiplash</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>52</itunes:episode>
      <podcast:episode>52</podcast:episode>
      <itunes:title>Regulation Whiplash</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">433c590b-2cea-42e6-a99d-c16b81036af1</guid>
      <link>https://share.transistor.fm/s/f9d2bc83</link>
      <description>
        <![CDATA[<p>Regulation whiplash is becoming a familiar feeling for leaders caught between the Digital Operational Resilience Act (DORA), the NIS2 Directive, and new SEC cybersecurity disclosure rules. In this episode, we walk through how a single incident can trigger three different sets of expectations, each with its own timelines, definitions, and pressures. You will hear how these regimes quietly converge on a core set of questions about operational resilience, governance, incident transparency, and third-party risk, and why treating them as separate projects only amplifies the pain when things go wrong.</p><p>From there, the episode follows the structure of the Wednesday “Headline” feature in Bare Metal Cyber Magazine, exploring friction points like “significant” versus “material” incidents, the design of a unified incident pipeline, and the evidence spine that can serve supervisors, investors, and boards at the same time. We close by looking ahead to future rule sets and how to build a regulatory operating model that can absorb new obligations without burning out your teams. The goal is not to turn you into a lawyer, but to give you a clear, leader-ready mental model for running one coherent security story across multiple regulators.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Regulation whiplash is becoming a familiar feeling for leaders caught between the Digital Operational Resilience Act (DORA), the NIS2 Directive, and new SEC cybersecurity disclosure rules. In this episode, we walk through how a single incident can trigger three different sets of expectations, each with its own timelines, definitions, and pressures. You will hear how these regimes quietly converge on a core set of questions about operational resilience, governance, incident transparency, and third-party risk, and why treating them as separate projects only amplifies the pain when things go wrong.</p><p>From there, the episode follows the structure of the Wednesday “Headline” feature in Bare Metal Cyber Magazine, exploring friction points like “significant” versus “material” incidents, the design of a unified incident pipeline, and the evidence spine that can serve supervisors, investors, and boards at the same time. We close by looking ahead to future rule sets and how to build a regulatory operating model that can absorb new obligations without burning out your teams. The goal is not to turn you into a lawyer, but to give you a clear, leader-ready mental model for running one coherent security story across multiple regulators.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:21 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f9d2bc83/2ba3add2.mp3" length="43194451" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1079</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Regulation whiplash is becoming a familiar feeling for leaders caught between the Digital Operational Resilience Act (DORA), the NIS2 Directive, and new SEC cybersecurity disclosure rules. In this episode, we walk through how a single incident can trigger three different sets of expectations, each with its own timelines, definitions, and pressures. You will hear how these regimes quietly converge on a core set of questions about operational resilience, governance, incident transparency, and third-party risk, and why treating them as separate projects only amplifies the pain when things go wrong.</p><p>From there, the episode follows the structure of the Wednesday “Headline” feature in Bare Metal Cyber Magazine, exploring friction points like “significant” versus “material” incidents, the design of a unified incident pipeline, and the evidence spine that can serve supervisors, investors, and boards at the same time. We close by looking ahead to future rule sets and how to build a regulatory operating model that can absorb new obligations without burning out your teams. The goal is not to turn you into a lawyer, but to give you a clear, leader-ready mental model for running one coherent security story across multiple regulators.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f9d2bc83/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Resilience over Perfection</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>51</itunes:episode>
      <podcast:episode>51</podcast:episode>
      <itunes:title>Resilience over Perfection</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">31d7d42c-3533-439a-b801-e8dd652bdb0f</guid>
      <link>https://share.transistor.fm/s/c7729313</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Resilience over Perfection: Leading When ‘Secure’ Is Never Done,” we walk through why the old promise of being “secure enough” no longer matches how modern digital businesses actually operate. You will hear how familiar tools like maturity models drift into theater, why green dashboards quietly undermine trust, and how to shift board conversations toward what really matters: how the organization bends under stress and recovers from a serious hit. This episode is drawn from the Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for senior leaders who want a more honest, usable picture of cyber risk.</p><p>From there, the narration digs into survivability as a more practical north star. We explore concrete, leader-ready measures such as demonstrated recovery performance, tolerable impact windows, and critical dependency exposure, and how they sit alongside other enterprise resilience metrics your board already knows. You will hear how to extract better signals from incidents and exercises, how to teach directors to live with permanent incompleteness without giving up on accountability, and how to lead a culture that trains for hits instead of chasing perfection. It is a practical listen for any Chief Information Security Officer (CISO) or technology executive rethinking how they tell the security story.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Resilience over Perfection: Leading When ‘Secure’ Is Never Done,” we walk through why the old promise of being “secure enough” no longer matches how modern digital businesses actually operate. You will hear how familiar tools like maturity models drift into theater, why green dashboards quietly undermine trust, and how to shift board conversations toward what really matters: how the organization bends under stress and recovers from a serious hit. This episode is drawn from the Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for senior leaders who want a more honest, usable picture of cyber risk.</p><p>From there, the narration digs into survivability as a more practical north star. We explore concrete, leader-ready measures such as demonstrated recovery performance, tolerable impact windows, and critical dependency exposure, and how they sit alongside other enterprise resilience metrics your board already knows. You will hear how to extract better signals from incidents and exercises, how to teach directors to live with permanent incompleteness without giving up on accountability, and how to lead a culture that trains for hits instead of chasing perfection. It is a practical listen for any Chief Information Security Officer (CISO) or technology executive rethinking how they tell the security story.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:19 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/c7729313/41a7fdce.mp3" length="38584368" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>964</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Resilience over Perfection: Leading When ‘Secure’ Is Never Done,” we walk through why the old promise of being “secure enough” no longer matches how modern digital businesses actually operate. You will hear how familiar tools like maturity models drift into theater, why green dashboards quietly undermine trust, and how to shift board conversations toward what really matters: how the organization bends under stress and recovers from a serious hit. This episode is drawn from the Wednesday “Headline” feature in Bare Metal Cyber Magazine and is designed for senior leaders who want a more honest, usable picture of cyber risk.</p><p>From there, the narration digs into survivability as a more practical north star. We explore concrete, leader-ready measures such as demonstrated recovery performance, tolerable impact windows, and critical dependency exposure, and how they sit alongside other enterprise resilience metrics your board already knows. You will hear how to extract better signals from incidents and exercises, how to teach directors to live with permanent incompleteness without giving up on accountability, and how to lead a culture that trains for hits instead of chasing perfection. It is a practical listen for any Chief Information Security Officer (CISO) or technology executive rethinking how they tell the security story.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/c7729313/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Autonomous Agents Unattended Risk</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>50</itunes:episode>
      <podcast:episode>50</podcast:episode>
      <itunes:title>Autonomous Agents Unattended Risk</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5b2d0f35-2dad-4c86-ba29-1c527f69baa7</guid>
      <link>https://share.transistor.fm/s/02af2989</link>
      <description>
        <![CDATA[<p>Autonomous agents are quietly shifting from helpful copilots to operational actors, and that shift becomes very real the moment a bot starts opening tickets for you. In this narrated edition of “Autonomous Agents, Unattended Risk: When Bots Start Opening Tickets for You,” we unpack why ticketing is not a low-stakes sandbox, but a high-privilege interface into your systems of record. You will hear how autonomous agents move from suggestion to participation, how their tickets shape perception of risk and work, and why leaders need to see these bots as semi-privileged identities instead of clever experiments. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>Across the walkthrough, we explore the key sections of the article in plain language: the shift from copilots to colleagues, tickets as powerful input and output, the failure modes when automation goes sideways, and the practical design of safe autonomy levels. We close with the human side of the story, focusing on ownership, governance, and culture when agents are allowed to act unattended in IT and security workflows. The goal is to give security and technology leaders a clear mental model and vocabulary to discuss these agents with their teams, boards, and regulators, and to decide where autonomy is welcome and where it is reckless.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Autonomous agents are quietly shifting from helpful copilots to operational actors, and that shift becomes very real the moment a bot starts opening tickets for you. In this narrated edition of “Autonomous Agents, Unattended Risk: When Bots Start Opening Tickets for You,” we unpack why ticketing is not a low-stakes sandbox, but a high-privilege interface into your systems of record. You will hear how autonomous agents move from suggestion to participation, how their tickets shape perception of risk and work, and why leaders need to see these bots as semi-privileged identities instead of clever experiments. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>Across the walkthrough, we explore the key sections of the article in plain language: the shift from copilots to colleagues, tickets as powerful input and output, the failure modes when automation goes sideways, and the practical design of safe autonomy levels. We close with the human side of the story, focusing on ownership, governance, and culture when agents are allowed to act unattended in IT and security workflows. The goal is to give security and technology leaders a clear mental model and vocabulary to discuss these agents with their teams, boards, and regulators, and to decide where autonomy is welcome and where it is reckless.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:17 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/02af2989/3edcb433.mp3" length="35086057" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>876</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Autonomous agents are quietly shifting from helpful copilots to operational actors, and that shift becomes very real the moment a bot starts opening tickets for you. In this narrated edition of “Autonomous Agents, Unattended Risk: When Bots Start Opening Tickets for You,” we unpack why ticketing is not a low-stakes sandbox, but a high-privilege interface into your systems of record. You will hear how autonomous agents move from suggestion to participation, how their tickets shape perception of risk and work, and why leaders need to see these bots as semi-privileged identities instead of clever experiments. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>Across the walkthrough, we explore the key sections of the article in plain language: the shift from copilots to colleagues, tickets as powerful input and output, the failure modes when automation goes sideways, and the practical design of safe autonomy levels. We close with the human side of the story, focusing on ownership, governance, and culture when agents are allowed to act unattended in IT and security workflows. The goal is to give security and technology leaders a clear mental model and vocabulary to discuss these agents with their teams, boards, and regulators, and to decide where autonomy is welcome and where it is reckless.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/02af2989/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Deepfake Governance</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>49</itunes:episode>
      <podcast:episode>49</podcast:episode>
      <itunes:title>Deepfake Governance</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">1ba140b8-6ff5-43e9-9219-25de1575aa94</guid>
      <link>https://share.transistor.fm/s/20ddb10b</link>
      <description>
        <![CDATA[<p>When deepfakes become cheap and convincing, the hardest question inside an enterprise is no longer “Was this compromised?” but “Did this ever really happen?” In this narrated audio version of “Deepfake Governance: Policy, Evidence, and the New ‘I Didn’t Say That’ Defense,” we explore how synthetic media erodes trust in real recordings, chats, and logs. You will hear how the liar’s dividend plays out in executive disputes, harassment claims, incident narratives, and market-moving conversations, and why security and technology leaders need to think about evidence integrity as seriously as they think about endpoint security or identity. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, we walk through the core elements of a deepfake-aware governance model: tightening what counts as official communication, mapping the weak points in your current evidence stack, and designing authenticity architectures that favor provenance over gimmicks. We then connect those design choices to the moments that really matter: internal investigations, board briefings, regulator conversations, and public disputes where both sides can point to “proof.” Along the way, you will get language to use with legal, HR, and business leaders so you can frame deepfake governance as a strategic capability, not just another AI problem.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When deepfakes become cheap and convincing, the hardest question inside an enterprise is no longer “Was this compromised?” but “Did this ever really happen?” In this narrated audio version of “Deepfake Governance: Policy, Evidence, and the New ‘I Didn’t Say That’ Defense,” we explore how synthetic media erodes trust in real recordings, chats, and logs. You will hear how the liar’s dividend plays out in executive disputes, harassment claims, incident narratives, and market-moving conversations, and why security and technology leaders need to think about evidence integrity as seriously as they think about endpoint security or identity. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, we walk through the core elements of a deepfake-aware governance model: tightening what counts as official communication, mapping the weak points in your current evidence stack, and designing authenticity architectures that favor provenance over gimmicks. We then connect those design choices to the moments that really matter: internal investigations, board briefings, regulator conversations, and public disputes where both sides can point to “proof.” Along the way, you will get language to use with legal, HR, and business leaders so you can frame deepfake governance as a strategic capability, not just another AI problem.</p>]]>
      </content:encoded>
      <pubDate>Thu, 16 Jul 2026 13:10:14 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/20ddb10b/4f02f683.mp3" length="35519676" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>887</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When deepfakes become cheap and convincing, the hardest question inside an enterprise is no longer “Was this compromised?” but “Did this ever really happen?” In this narrated audio version of “Deepfake Governance: Policy, Evidence, and the New ‘I Didn’t Say That’ Defense,” we explore how synthetic media erodes trust in real recordings, chats, and logs. You will hear how the liar’s dividend plays out in executive disputes, harassment claims, incident narratives, and market-moving conversations, and why security and technology leaders need to think about evidence integrity as seriously as they think about endpoint security or identity. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, we walk through the core elements of a deepfake-aware governance model: tightening what counts as official communication, mapping the weak points in your current evidence stack, and designing authenticity architectures that favor provenance over gimmicks. We then connect those design choices to the moments that really matter: internal investigations, board briefings, regulator conversations, and public disputes where both sides can point to “proof.” Along the way, you will get language to use with legal, HR, and business leaders so you can frame deepfake governance as a strategic capability, not just another AI problem.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/20ddb10b/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Red Team Blue Models</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>48</itunes:episode>
      <podcast:episode>48</podcast:episode>
      <itunes:title>Red Team Blue Models</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c679e4ce-8af9-4afd-b733-14c1a0bd7d8a</guid>
      <link>https://share.transistor.fm/s/4b2d7851</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Red Team, Blue Models: Adversarial Testing in an AI-First World,” we walk through what happens when “we did a red team” becomes a comforting slogan instead of real assurance. You’ll hear how AI-first systems create a new attack surface that extends far beyond jailbreak demos, into the messy intersection of models, prompts, plugins, data, and identity. We break down why adversarial testing has to focus on attacker goals, long-lived systems, and cross-layer behaviors if you want a risk picture that actually matches the stakes for your organization. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the discussion moves into the practical choices leaders have to make. We explore what a serious AI red team function looks like, how “blue models” can continuously simulate and detect abuse, and what it takes to integrate adversarial testing into AI delivery without strangling product velocity. You’ll get leadership-level patterns for governance, evidence, and metrics that go beyond counting jailbreaks and toward measuring real exposure. If you are signing off on AI features, building AI platforms, or advising boards on AI risk, this episode gives you language and mental models you can use in the rooms where those decisions get made.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Red Team, Blue Models: Adversarial Testing in an AI-First World,” we walk through what happens when “we did a red team” becomes a comforting slogan instead of real assurance. You’ll hear how AI-first systems create a new attack surface that extends far beyond jailbreak demos, into the messy intersection of models, prompts, plugins, data, and identity. We break down why adversarial testing has to focus on attacker goals, long-lived systems, and cross-layer behaviors if you want a risk picture that actually matches the stakes for your organization. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the discussion moves into the practical choices leaders have to make. We explore what a serious AI red team function looks like, how “blue models” can continuously simulate and detect abuse, and what it takes to integrate adversarial testing into AI delivery without strangling product velocity. You’ll get leadership-level patterns for governance, evidence, and metrics that go beyond counting jailbreaks and toward measuring real exposure. If you are signing off on AI features, building AI platforms, or advising boards on AI risk, this episode gives you language and mental models you can use in the rooms where those decisions get made.</p>]]>
      </content:encoded>
      <pubDate>Wed, 15 Jul 2026 03:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/4b2d7851/1ef334c3.mp3" length="44196509" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1104</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Red Team, Blue Models: Adversarial Testing in an AI-First World,” we walk through what happens when “we did a red team” becomes a comforting slogan instead of real assurance. You’ll hear how AI-first systems create a new attack surface that extends far beyond jailbreak demos, into the messy intersection of models, prompts, plugins, data, and identity. We break down why adversarial testing has to focus on attacker goals, long-lived systems, and cross-layer behaviors if you want a risk picture that actually matches the stakes for your organization. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, the discussion moves into the practical choices leaders have to make. We explore what a serious AI red team function looks like, how “blue models” can continuously simulate and detect abuse, and what it takes to integrate adversarial testing into AI delivery without strangling product velocity. You’ll get leadership-level patterns for governance, evidence, and metrics that go beyond counting jailbreaks and toward measuring real exposure. If you are signing off on AI features, building AI platforms, or advising boards on AI risk, this episode gives you language and mental models you can use in the rooms where those decisions get made.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/4b2d7851/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Prompt Leaks and Side Channels</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>47</itunes:episode>
      <podcast:episode>47</podcast:episode>
      <itunes:title>Prompt Leaks and Side Channels</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e1886e56-255c-4b02-86c2-2c1185cff7c9</guid>
      <link>https://share.transistor.fm/s/5c45004c</link>
      <description>
        <![CDATA[<p>In this audio edition of “Prompt Leaks and Side Channels: When ‘Internal Only’ Isn’t,” we walk through why hidden prompts, routing logic, and subtle model behaviors are rapidly becoming part of your exposed attack surface. You’ll hear how prompt leaks actually unfold in production systems, why side channels show up in ordinary UX and error handling decisions, and what that means for AI-enabled security programs over the next few years. The focus stays on leader-level decisions: where you encode policy, how you treat prompts as assets, and how much inadvertent transparency you are comfortable living with. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We also explore a more constructive path forward: designing for bounded exposure instead of pretending prompts are perfectly secret. You’ll hear practical examples of replacing sensitive details with abstractions, normalizing error messages so they do not act as policy oracles, and treating prompt libraries with the same change control and classification you expect for critical configurations. The goal is not fear, but clarity. By the end, you should have a sharper mental model for what adversaries can learn from your prompts and side channels, and a set of questions to bring back to your own AI and security teams.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this audio edition of “Prompt Leaks and Side Channels: When ‘Internal Only’ Isn’t,” we walk through why hidden prompts, routing logic, and subtle model behaviors are rapidly becoming part of your exposed attack surface. You’ll hear how prompt leaks actually unfold in production systems, why side channels show up in ordinary UX and error handling decisions, and what that means for AI-enabled security programs over the next few years. The focus stays on leader-level decisions: where you encode policy, how you treat prompts as assets, and how much inadvertent transparency you are comfortable living with. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We also explore a more constructive path forward: designing for bounded exposure instead of pretending prompts are perfectly secret. You’ll hear practical examples of replacing sensitive details with abstractions, normalizing error messages so they do not act as policy oracles, and treating prompt libraries with the same change control and classification you expect for critical configurations. The goal is not fear, but clarity. By the end, you should have a sharper mental model for what adversaries can learn from your prompts and side channels, and a set of questions to bring back to your own AI and security teams.</p>]]>
      </content:encoded>
      <pubDate>Wed, 08 Jul 2026 03:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5c45004c/255f3a39.mp3" length="33634691" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>840</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this audio edition of “Prompt Leaks and Side Channels: When ‘Internal Only’ Isn’t,” we walk through why hidden prompts, routing logic, and subtle model behaviors are rapidly becoming part of your exposed attack surface. You’ll hear how prompt leaks actually unfold in production systems, why side channels show up in ordinary UX and error handling decisions, and what that means for AI-enabled security programs over the next few years. The focus stays on leader-level decisions: where you encode policy, how you treat prompts as assets, and how much inadvertent transparency you are comfortable living with. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>We also explore a more constructive path forward: designing for bounded exposure instead of pretending prompts are perfectly secret. You’ll hear practical examples of replacing sensitive details with abstractions, normalizing error messages so they do not act as policy oracles, and treating prompt libraries with the same change control and classification you expect for critical configurations. The goal is not fear, but clarity. By the end, you should have a sharper mental model for what adversaries can learn from your prompts and side channels, and a set of questions to bring back to your own AI and security teams.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5c45004c/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>LLM Roulette: When Every Employee Has a Different AI in Their Browser</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>46</itunes:episode>
      <podcast:episode>46</podcast:episode>
      <itunes:title>LLM Roulette: When Every Employee Has a Different AI in Their Browser</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">fcd5905c-3b2d-417c-a1ce-331c03c91653</guid>
      <link>https://share.transistor.fm/s/f2d3af2a</link>
      <description>
        <![CDATA[<p>This audio edition of “LLM Roulette: When Every Employee Has a Different AI in Their Browser” walks through what really happens when large language models (LLMs) arrive one browser tab at a time instead of through a formal program. You will hear how shadow AI tools quietly become a decision layer across sales, engineering, marketing, finance, and legal, shaping tone, risk appetite, and customer experience without ever showing up on an architecture diagram. The episode explains why this is not just a data loss issue, but a deeper question of who effectively owns your organization’s decision engine. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This audio edition of “LLM Roulette: When Every Employee Has a Different AI in Their Browser” walks through what really happens when large language models (LLMs) arrive one browser tab at a time instead of through a formal program. You will hear how shadow AI tools quietly become a decision layer across sales, engineering, marketing, finance, and legal, shaping tone, risk appetite, and customer experience without ever showing up on an architecture diagram. The episode explains why this is not just a data loss issue, but a deeper question of who effectively owns your organization’s decision engine. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Wed, 01 Jul 2026 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f2d3af2a/9966ad9d.mp3" length="37190517" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>929</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This audio edition of “LLM Roulette: When Every Employee Has a Different AI in Their Browser” walks through what really happens when large language models (LLMs) arrive one browser tab at a time instead of through a formal program. You will hear how shadow AI tools quietly become a decision layer across sales, engineering, marketing, finance, and legal, shaping tone, risk appetite, and customer experience without ever showing up on an architecture diagram. The episode explains why this is not just a data loss issue, but a deeper question of who effectively owns your organization’s decision engine. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f2d3af2a/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Bios, Chips, and Implants: Cybersecurity When the Endpoint Is a Human</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>45</itunes:episode>
      <podcast:episode>45</podcast:episode>
      <itunes:title>Bios, Chips, and Implants: Cybersecurity When the Endpoint Is a Human</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">68d4aea9-966f-47b7-b476-7204206c5468</guid>
      <link>https://share.transistor.fm/s/2e8d3036</link>
      <description>
        <![CDATA[<p>When the “endpoint” is part of a person’s body, the stakes of cybersecurity change. In this narrated audio version of Bios, Chips, and Implants: Cybersecurity When the Endpoint Is a Human, we walk through how pacemakers, insulin pumps, exoskeletons, augmented reality headsets, and other bio-digital devices are already intersecting with your networks and decisions. You will hear how threat models evolve when attackers can seek leverage through harm, coercion, or intimate exposure, and why traditional endpoint thinking breaks down when devices cannot simply be reimaged or replaced. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When the “endpoint” is part of a person’s body, the stakes of cybersecurity change. In this narrated audio version of Bios, Chips, and Implants: Cybersecurity When the Endpoint Is a Human, we walk through how pacemakers, insulin pumps, exoskeletons, augmented reality headsets, and other bio-digital devices are already intersecting with your networks and decisions. You will hear how threat models evolve when attackers can seek leverage through harm, coercion, or intimate exposure, and why traditional endpoint thinking breaks down when devices cannot simply be reimaged or replaced. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Wed, 24 Jun 2026 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2e8d3036/8b52f11b.mp3" length="31745554" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>793</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When the “endpoint” is part of a person’s body, the stakes of cybersecurity change. In this narrated audio version of Bios, Chips, and Implants: Cybersecurity When the Endpoint Is a Human, we walk through how pacemakers, insulin pumps, exoskeletons, augmented reality headsets, and other bio-digital devices are already intersecting with your networks and decisions. You will hear how threat models evolve when attackers can seek leverage through harm, coercion, or intimate exposure, and why traditional endpoint thinking breaks down when devices cannot simply be reimaged or replaced. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2e8d3036/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Spaceborne Security: Defending Satellites, Ground Stations, and the Links Between</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>44</itunes:episode>
      <podcast:episode>44</podcast:episode>
      <itunes:title>Spaceborne Security: Defending Satellites, Ground Stations, and the Links Between</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d4c9ebc0-436a-4e0f-8ec4-349f3a29ba98</guid>
      <link>https://share.transistor.fm/s/037500a9</link>
      <description>
        <![CDATA[<p>Spaceborne Security: Defending Satellites, Ground Stations, and the Links Between explores how satellites, ground stations, and the radio and network links between them have quietly become critical digital infrastructure. In this narrated Wednesday “Headline” feature from Bare Metal Cyber Magazine, we walk through why spaceborne systems are no longer a niche concern, how familiar enterprise weaknesses show up in orbit, and what realistic failure actually looks like when you cannot roll a truck to the data center. The episode focuses on the integrated attack surface across the space segment, the ground segment, and the communications links that adversaries can chain together.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Spaceborne Security: Defending Satellites, Ground Stations, and the Links Between explores how satellites, ground stations, and the radio and network links between them have quietly become critical digital infrastructure. In this narrated Wednesday “Headline” feature from Bare Metal Cyber Magazine, we walk through why spaceborne systems are no longer a niche concern, how familiar enterprise weaknesses show up in orbit, and what realistic failure actually looks like when you cannot roll a truck to the data center. The episode focuses on the integrated attack surface across the space segment, the ground segment, and the communications links that adversaries can chain together.</p>]]>
      </content:encoded>
      <pubDate>Wed, 17 Jun 2026 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/037500a9/fe7eed02.mp3" length="44598856" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1114</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Spaceborne Security: Defending Satellites, Ground Stations, and the Links Between explores how satellites, ground stations, and the radio and network links between them have quietly become critical digital infrastructure. In this narrated Wednesday “Headline” feature from Bare Metal Cyber Magazine, we walk through why spaceborne systems are no longer a niche concern, how familiar enterprise weaknesses show up in orbit, and what realistic failure actually looks like when you cannot roll a truck to the data center. The episode focuses on the integrated attack surface across the space segment, the ground segment, and the communications links that adversaries can chain together.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/037500a9/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Privacy Promises vs. Product Reality: When Growth Outruns Governance</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>43</itunes:episode>
      <podcast:episode>43</podcast:episode>
      <itunes:title>Privacy Promises vs. Product Reality: When Growth Outruns Governance</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">165ba99f-7018-44cf-bbc8-8ab8c1077c75</guid>
      <link>https://share.transistor.fm/s/3e0c2798</link>
      <description>
        <![CDATA[<p>When growth teams move fast and products evolve weekly, privacy stories written a year ago can quietly drift away from what actually happens in production. This narrated episode, based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine, explores that drift as a leadership problem rather than a purely legal one. You will hear how shadow data, consent drift, and hidden flows emerge from normal product decisions, and why the gap between privacy promises and product reality has become one of the most important trust risks for modern digital businesses.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When growth teams move fast and products evolve weekly, privacy stories written a year ago can quietly drift away from what actually happens in production. This narrated episode, based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine, explores that drift as a leadership problem rather than a purely legal one. You will hear how shadow data, consent drift, and hidden flows emerge from normal product decisions, and why the gap between privacy promises and product reality has become one of the most important trust risks for modern digital businesses.</p>]]>
      </content:encoded>
      <pubDate>Wed, 10 Jun 2026 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3e0c2798/7f7f88e7.mp3" length="41653276" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1040</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When growth teams move fast and products evolve weekly, privacy stories written a year ago can quietly drift away from what actually happens in production. This narrated episode, based on the Wednesday “Headline” feature in Bare Metal Cyber Magazine, explores that drift as a leadership problem rather than a purely legal one. You will hear how shadow data, consent drift, and hidden flows emerge from normal product decisions, and why the gap between privacy promises and product reality has become one of the most important trust risks for modern digital businesses.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3e0c2798/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>42</itunes:episode>
      <podcast:episode>42</podcast:episode>
      <itunes:title>Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">f63a6e30-0ce0-4e71-8387-e0e88c519394</guid>
      <link>https://share.transistor.fm/s/1d57df55</link>
      <description>
        <![CDATA[<p>Secrets used to mean a few privileged accounts and maybe a shared root password. Now they are everywhere: in CI/CD pipelines, SaaS connectors, infrastructure automation, and AI prompts. In this narrated edition of “Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI,” we walk through how normal development, operations, and AI workflows quietly generate a tangle of keys, tokens, and passwords that no vault dashboard really captures. You’ll hear how this sprawl emerges, why “we have a secrets manager” is not enough, and where the real blast radius hides in everyday work. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Secrets used to mean a few privileged accounts and maybe a shared root password. Now they are everywhere: in CI/CD pipelines, SaaS connectors, infrastructure automation, and AI prompts. In this narrated edition of “Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI,” we walk through how normal development, operations, and AI workflows quietly generate a tangle of keys, tokens, and passwords that no vault dashboard really captures. You’ll hear how this sprawl emerges, why “we have a secrets manager” is not enough, and where the real blast radius hides in everyday work. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Wed, 03 Jun 2026 05:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1d57df55/474f5a35.mp3" length="43759792" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1093</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Secrets used to mean a few privileged accounts and maybe a shared root password. Now they are everywhere: in CI/CD pipelines, SaaS connectors, infrastructure automation, and AI prompts. In this narrated edition of “Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI,” we walk through how normal development, operations, and AI workflows quietly generate a tangle of keys, tokens, and passwords that no vault dashboard really captures. You’ll hear how this sprawl emerges, why “we have a secrets manager” is not enough, and where the real blast radius hides in everyday work. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1d57df55/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>41</itunes:episode>
      <podcast:episode>41</podcast:episode>
      <itunes:title>Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d3e6b534-796a-4545-8bae-71f490ff9862</guid>
      <link>https://share.transistor.fm/s/ecff6c28</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users,” we walk through the long, boring, critical work that quietly defines your real risk surface. You will hear how non-human identities pile up across cloud platforms, directories, Kubernetes clusters, and CI pipelines, and why they are so hard to question once they are in place. The episode explains why immortal service accounts are not a tooling glitch but the predictable output of incentives that make creation easy, retirement scary, and ownership fuzzy. It is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users,” we walk through the long, boring, critical work that quietly defines your real risk surface. You will hear how non-human identities pile up across cloud platforms, directories, Kubernetes clusters, and CI pipelines, and why they are so hard to question once they are in place. The episode explains why immortal service accounts are not a tooling glitch but the predictable output of incentives that make creation easy, retirement scary, and ownership fuzzy. It is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Wed, 27 May 2026 05:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ecff6c28/563acaac.mp3" length="41296970" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1031</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users,” we walk through the long, boring, critical work that quietly defines your real risk surface. You will hear how non-human identities pile up across cloud platforms, directories, Kubernetes clusters, and CI pipelines, and why they are so hard to question once they are in place. The episode explains why immortal service accounts are not a tooling glitch but the predictable output of incentives that make creation easy, retirement scary, and ownership fuzzy. It is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ecff6c28/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>40</itunes:episode>
      <podcast:episode>40</podcast:episode>
      <itunes:title>Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">37988253-14f6-4d4b-b76a-7c18bfdfad91</guid>
      <link>https://share.transistor.fm/s/080104cd</link>
      <description>
        <![CDATA[<p>This narrated edition of “Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy” takes you inside the modern Cybercrime-as-a-Service (CaaS) landscape and treats it like what it has become: a franchise-style industry with brands, affiliates, and repeatable revenue. Across the episode, we unpack how cybercrime evolved from lone operators and small crews into a structured economy with tool developers, infrastructure providers, initial access brokers, and money-movers all playing defined roles. You’ll hear why understanding those roles, incentives, and dependencies gives security and technology leaders far better levers than simply chasing the latest gang name or malware family.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated edition of “Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy” takes you inside the modern Cybercrime-as-a-Service (CaaS) landscape and treats it like what it has become: a franchise-style industry with brands, affiliates, and repeatable revenue. Across the episode, we unpack how cybercrime evolved from lone operators and small crews into a structured economy with tool developers, infrastructure providers, initial access brokers, and money-movers all playing defined roles. You’ll hear why understanding those roles, incentives, and dependencies gives security and technology leaders far better levers than simply chasing the latest gang name or malware family.</p>]]>
      </content:encoded>
      <pubDate>Wed, 20 May 2026 06:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/080104cd/97abb996.mp3" length="42512180" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1062</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated edition of “Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy” takes you inside the modern Cybercrime-as-a-Service (CaaS) landscape and treats it like what it has become: a franchise-style industry with brands, affiliates, and repeatable revenue. Across the episode, we unpack how cybercrime evolved from lone operators and small crews into a structured economy with tool developers, infrastructure providers, initial access brokers, and money-movers all playing defined roles. You’ll hear why understanding those roles, incentives, and dependencies gives security and technology leaders far better levers than simply chasing the latest gang name or malware family.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/080104cd/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Shadow Security: The Unofficial Defenders Fixing Things After Hours</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>39</itunes:episode>
      <podcast:episode>39</podcast:episode>
      <itunes:title>Shadow Security: The Unofficial Defenders Fixing Things After Hours</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c08f7dda-ae60-4ba2-a61c-cc78ad3007ef</guid>
      <link>https://share.transistor.fm/s/ab582e8c</link>
      <description>
        <![CDATA[<p>The unofficial defenders in your organization are already hard at work: senior engineers, platform specialists, and security leads quietly fixing real risks after hours. In this narrated edition of Shadow Security: The Unofficial Defenders Fixing Things After Hours, we unpack why that shadow security layer exists and what it means for your leadership decisions. The episode walks through the lived reality of midnight hotfixes, off-calendar changes, and undocumented scripts, and explains how structures like the change advisory board (CAB) and the security operations center (SOC) unintentionally push smart people off the official path. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>The unofficial defenders in your organization are already hard at work: senior engineers, platform specialists, and security leads quietly fixing real risks after hours. In this narrated edition of Shadow Security: The Unofficial Defenders Fixing Things After Hours, we unpack why that shadow security layer exists and what it means for your leadership decisions. The episode walks through the lived reality of midnight hotfixes, off-calendar changes, and undocumented scripts, and explains how structures like the change advisory board (CAB) and the security operations center (SOC) unintentionally push smart people off the official path. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:38:55 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ab582e8c/2f4857e3.mp3" length="36533275" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>912</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>The unofficial defenders in your organization are already hard at work: senior engineers, platform specialists, and security leads quietly fixing real risks after hours. In this narrated edition of Shadow Security: The Unofficial Defenders Fixing Things After Hours, we unpack why that shadow security layer exists and what it means for your leadership decisions. The episode walks through the lived reality of midnight hotfixes, off-calendar changes, and undocumented scripts, and explains how structures like the change advisory board (CAB) and the security operations center (SOC) unintentionally push smart people off the official path. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ab582e8c/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Security Talent Reboot: Building Teams in a Burnout Era</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>38</itunes:episode>
      <podcast:episode>38</podcast:episode>
      <itunes:title>Security Talent Reboot: Building Teams in a Burnout Era</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b7b50df8-bae1-40f7-88ed-8a78b70520c3</guid>
      <link>https://share.transistor.fm/s/552f8ea3</link>
      <description>
        <![CDATA[<p>In this narrated edition of “Security Talent Reboot: Building Teams in a Burnout Era,” we explore why so many security organizations look healthy on slides while feeling exhausted in real life. You will hear how burnout shows up long before resignations, why “fully staffed” can still mean functionally underpowered, and how architecture, process, and tooling quietly tax the people you depend on most. The focus stays squarely on decisions leaders control: what you reward, how you design work, and which trade-offs you are willing to make to protect your team’s ability to think clearly.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of “Security Talent Reboot: Building Teams in a Burnout Era,” we explore why so many security organizations look healthy on slides while feeling exhausted in real life. You will hear how burnout shows up long before resignations, why “fully staffed” can still mean functionally underpowered, and how architecture, process, and tooling quietly tax the people you depend on most. The focus stays squarely on decisions leaders control: what you reward, how you design work, and which trade-offs you are willing to make to protect your team’s ability to think clearly.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:38:08 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/552f8ea3/3e14f28b.mp3" length="44099369" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1102</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of “Security Talent Reboot: Building Teams in a Burnout Era,” we explore why so many security organizations look healthy on slides while feeling exhausted in real life. You will hear how burnout shows up long before resignations, why “fully staffed” can still mean functionally underpowered, and how architecture, process, and tooling quietly tax the people you depend on most. The focus stays squarely on decisions leaders control: what you reward, how you design work, and which trade-offs you are willing to make to protect your team’s ability to think clearly.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/552f8ea3/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Backup Betrayal: Ransomware vs. Recovery Plans No One Tested</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>37</itunes:episode>
      <podcast:episode>37</podcast:episode>
      <itunes:title>Backup Betrayal: Ransomware vs. Recovery Plans No One Tested</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">32f1c063-40ef-43e0-a109-c9e991ab2dd8</guid>
      <link>https://share.transistor.fm/s/3c48df6d</link>
      <description>
        <![CDATA[<p>This narrated edition of “Backup Betrayal: Ransomware vs. Recovery Plans No One Tested” walks you through the moment every security leader fears: when “we have backups” collides with a real ransomware incident. You will hear how seemingly healthy backup dashboards hide untested assumptions, why modern attackers deliberately aim at backup and recovery infrastructure, and how that changes the real risk picture for your organization. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine and is designed for leaders who own both resilience promises and board expectations.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated edition of “Backup Betrayal: Ransomware vs. Recovery Plans No One Tested” walks you through the moment every security leader fears: when “we have backups” collides with a real ransomware incident. You will hear how seemingly healthy backup dashboards hide untested assumptions, why modern attackers deliberately aim at backup and recovery infrastructure, and how that changes the real risk picture for your organization. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine and is designed for leaders who own both resilience promises and board expectations.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:37:20 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3c48df6d/ce111c91.mp3" length="37262606" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>931</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated edition of “Backup Betrayal: Ransomware vs. Recovery Plans No One Tested” walks you through the moment every security leader fears: when “we have backups” collides with a real ransomware incident. You will hear how seemingly healthy backup dashboards hide untested assumptions, why modern attackers deliberately aim at backup and recovery infrastructure, and how that changes the real risk picture for your organization. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine and is designed for leaders who own both resilience promises and board expectations.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3c48df6d/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Contact Lists and Chaos: The Human Reality of Incident Command</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>36</itunes:episode>
      <podcast:episode>36</podcast:episode>
      <itunes:title>Contact Lists and Chaos: The Human Reality of Incident Command</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">f235134d-cbff-4f76-a3be-d145aa49e597</guid>
      <link>https://share.transistor.fm/s/28523832</link>
      <description>
        <![CDATA[<p>In this episode, we walk through “Contact Lists and Chaos: The Human Reality of Incident Command,” the audio edition of my Wednesday “Headline” feature from Bare Metal Cyber Magazine. Instead of focusing on tools and runbooks, we unpack the human system that actually shows up in the war room: who people really call at 2:17 a.m., how trust and credibility override the neat org chart, and why static escalation matrices keep failing when the stakes are high. It is a grounded, leader-focused look at incident command as it actually operates, not as your policy documents pretend it works.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we walk through “Contact Lists and Chaos: The Human Reality of Incident Command,” the audio edition of my Wednesday “Headline” feature from Bare Metal Cyber Magazine. Instead of focusing on tools and runbooks, we unpack the human system that actually shows up in the war room: who people really call at 2:17 a.m., how trust and credibility override the neat org chart, and why static escalation matrices keep failing when the stakes are high. It is a grounded, leader-focused look at incident command as it actually operates, not as your policy documents pretend it works.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:36:44 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/28523832/04b8255d.mp3" length="28011082" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>699</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we walk through “Contact Lists and Chaos: The Human Reality of Incident Command,” the audio edition of my Wednesday “Headline” feature from Bare Metal Cyber Magazine. Instead of focusing on tools and runbooks, we unpack the human system that actually shows up in the war room: who people really call at 2:17 a.m., how trust and credibility override the neat org chart, and why static escalation matrices keep failing when the stakes are high. It is a grounded, leader-focused look at incident command as it actually operates, not as your policy documents pretend it works.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/28523832/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Disaster by Design: Proving Your Business Can Survive Its Own Kill Switch</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>35</itunes:episode>
      <podcast:episode>35</podcast:episode>
      <itunes:title>Disaster by Design: Proving Your Business Can Survive Its Own Kill Switch</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a401cc1d-b9ad-42fe-8e5d-3e2d89eaf414</guid>
      <link>https://share.transistor.fm/s/252e628f</link>
      <description>
        <![CDATA[<p>Disasters rarely look like the neat scenarios in your continuity binder. In this narrated Headline, we explore “Disaster by Design: Proving Your Business Can Survive Its Own Kill Switch” as a practical playbook for leaders who want evidence, not comfort. You will hear how hidden kill switches emerge from identity platforms, cloud control planes, device agents, and vendor dependencies, and why traditional disaster recovery (DR) and business continuity planning (BCP) tests so often lie. The story stays focused on the decisions executives make when they choose to pull their own plug in a controlled way, and what that reveals about real resilience. This episode is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Disasters rarely look like the neat scenarios in your continuity binder. In this narrated Headline, we explore “Disaster by Design: Proving Your Business Can Survive Its Own Kill Switch” as a practical playbook for leaders who want evidence, not comfort. You will hear how hidden kill switches emerge from identity platforms, cloud control planes, device agents, and vendor dependencies, and why traditional disaster recovery (DR) and business continuity planning (BCP) tests so often lie. The story stays focused on the decisions executives make when they choose to pull their own plug in a controlled way, and what that reveals about real resilience. This episode is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:35:44 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/252e628f/131b29e5.mp3" length="35381803" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>884</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Disasters rarely look like the neat scenarios in your continuity binder. In this narrated Headline, we explore “Disaster by Design: Proving Your Business Can Survive Its Own Kill Switch” as a practical playbook for leaders who want evidence, not comfort. You will hear how hidden kill switches emerge from identity platforms, cloud control planes, device agents, and vendor dependencies, and why traditional disaster recovery (DR) and business continuity planning (BCP) tests so often lie. The story stays focused on the decisions executives make when they choose to pull their own plug in a controlled way, and what that reveals about real resilience. This episode is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/252e628f/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Insurance Plot Twist: The Day Your Claim Says ‘Denied</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>34</itunes:episode>
      <podcast:episode>34</podcast:episode>
      <itunes:title>Cyber Insurance Plot Twist: The Day Your Claim Says ‘Denied</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d66be914-825b-4162-8b93-ef101c4a2923</guid>
      <link>https://share.transistor.fm/s/debd90fb</link>
      <description>
        <![CDATA[<p>This narrated audio version of <strong>“Cyber Insurance Plot Twist: The Day Your Claim Says ‘Denied’”</strong> walks you through that sickening moment when the carrier pushes back and your assumed safety net evaporates. We unpack how policy structures, exclusions, and underwriting assumptions really behave on claims day, using composite incident scenarios that feel uncomfortably familiar. You will hear how quiet decisions made during applications, renewals, and risk reviews can either set you up for a clean payout or hand the insurer leverage to narrow or deny coverage. The episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated audio version of <strong>“Cyber Insurance Plot Twist: The Day Your Claim Says ‘Denied’”</strong> walks you through that sickening moment when the carrier pushes back and your assumed safety net evaporates. We unpack how policy structures, exclusions, and underwriting assumptions really behave on claims day, using composite incident scenarios that feel uncomfortably familiar. You will hear how quiet decisions made during applications, renewals, and risk reviews can either set you up for a clean payout or hand the insurer leverage to narrow or deny coverage. The episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:35:03 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/debd90fb/93c05d0e.mp3" length="29717458" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>742</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated audio version of <strong>“Cyber Insurance Plot Twist: The Day Your Claim Says ‘Denied’”</strong> walks you through that sickening moment when the carrier pushes back and your assumed safety net evaporates. We unpack how policy structures, exclusions, and underwriting assumptions really behave on claims day, using composite incident scenarios that feel uncomfortably familiar. You will hear how quiet decisions made during applications, renewals, and risk reviews can either set you up for a clean payout or hand the insurer leverage to narrow or deny coverage. The episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/debd90fb/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>CISO Exit Wounds: What Surfaces When the Security Leader Walks</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>33</itunes:episode>
      <podcast:episode>33</podcast:episode>
      <itunes:title>CISO Exit Wounds: What Surfaces When the Security Leader Walks</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">7fe4520d-0d0f-4d3e-bf08-5c9324e6fbb9</guid>
      <link>https://share.transistor.fm/s/e6892b02</link>
      <description>
        <![CDATA[<p>When a Chief Information Security Officer (CISO) walks out the door, what really leaves with them. In this narrated audio version of “CISO Exit Wounds: What Surfaces When the Security Leader Walks,” we unpack why CISO turnover is more than a talent problem and why it behaves like an x-ray on how your organization truly manages risk. The episode focuses on what surfaces in the days and weeks after the goodbye email, giving security and technology leaders language to talk about risk debt, ownership, and trust without turning it into blame theater.</p><p>Across the episode, we walk through the key arcs of the article: the moment after the badge stops working, risk decisions that finally hit the ledger, governance in the leadership vacuum, team shockwaves and narrative control, and how to design security to fail gracefully when leaders move on. We close by rethinking the CISO role itself so exit wounds shrink instead of grow with each transition. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine and developed by Bare Metal Cyber for leaders who want fewer surprises when the next CISO change inevitably comes.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When a Chief Information Security Officer (CISO) walks out the door, what really leaves with them. In this narrated audio version of “CISO Exit Wounds: What Surfaces When the Security Leader Walks,” we unpack why CISO turnover is more than a talent problem and why it behaves like an x-ray on how your organization truly manages risk. The episode focuses on what surfaces in the days and weeks after the goodbye email, giving security and technology leaders language to talk about risk debt, ownership, and trust without turning it into blame theater.</p><p>Across the episode, we walk through the key arcs of the article: the moment after the badge stops working, risk decisions that finally hit the ledger, governance in the leadership vacuum, team shockwaves and narrative control, and how to design security to fail gracefully when leaders move on. We close by rethinking the CISO role itself so exit wounds shrink instead of grow with each transition. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine and developed by Bare Metal Cyber for leaders who want fewer surprises when the next CISO change inevitably comes.</p>]]>
      </content:encoded>
      <pubDate>Mon, 18 May 2026 22:34:06 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/e6892b02/294021de.mp3" length="38936535" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>972</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When a Chief Information Security Officer (CISO) walks out the door, what really leaves with them. In this narrated audio version of “CISO Exit Wounds: What Surfaces When the Security Leader Walks,” we unpack why CISO turnover is more than a talent problem and why it behaves like an x-ray on how your organization truly manages risk. The episode focuses on what surfaces in the days and weeks after the goodbye email, giving security and technology leaders language to talk about risk debt, ownership, and trust without turning it into blame theater.</p><p>Across the episode, we walk through the key arcs of the article: the moment after the badge stops working, risk decisions that finally hit the ledger, governance in the leadership vacuum, team shockwaves and narrative control, and how to design security to fail gracefully when leaders move on. We close by rethinking the CISO role itself so exit wounds shrink instead of grow with each transition. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine and developed by Bare Metal Cyber for leaders who want fewer surprises when the next CISO change inevitably comes.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/e6892b02/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Your First Step into Tech with CompTIA Tech+</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>32</itunes:episode>
      <podcast:episode>32</podcast:episode>
      <itunes:title>Certified: Your First Step into Tech with CompTIA Tech+</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">541468a6-3a27-49ff-93fa-6c9f7ef1d4dc</guid>
      <link>https://share.transistor.fm/s/812c660b</link>
      <description>
        <![CDATA[<p>The narrated version of our Monday “Certified” feature walks you through CompTIA Tech+ (Tech+) in simple, practical language. You will hear what Tech+ actually is, how it differs from heavier technical certifications, and why it is such a good fit for tech-curious beginners and early-career professionals. We explore who this certification is designed for, the kinds of real-world situations it expects you to understand, and how it helps you turn everyday experience with devices, apps, and cloud tools into solid digital fundamentals. The tone stays calm, friendly, and focused on helping you feel less overwhelmed and more confident.</p><p> </p><p>You will also get a clear sense of what the Tech+ exam really tests, how it connects to later steps like CompTIA A+ and security or cloud paths, and where it can fit in a realistic early-career roadmap. The narration is based on the Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structure, examples, and guidance in an audio-friendly format. If you want to go deeper, you can continue your journey with the dedicated Tech+ audio course inside the Bare Metal Cyber Audio Academy, designed to fit into your commute, walks, or gym time.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>The narrated version of our Monday “Certified” feature walks you through CompTIA Tech+ (Tech+) in simple, practical language. You will hear what Tech+ actually is, how it differs from heavier technical certifications, and why it is such a good fit for tech-curious beginners and early-career professionals. We explore who this certification is designed for, the kinds of real-world situations it expects you to understand, and how it helps you turn everyday experience with devices, apps, and cloud tools into solid digital fundamentals. The tone stays calm, friendly, and focused on helping you feel less overwhelmed and more confident.</p><p> </p><p>You will also get a clear sense of what the Tech+ exam really tests, how it connects to later steps like CompTIA A+ and security or cloud paths, and where it can fit in a realistic early-career roadmap. The narration is based on the Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structure, examples, and guidance in an audio-friendly format. If you want to go deeper, you can continue your journey with the dedicated Tech+ audio course inside the Bare Metal Cyber Audio Academy, designed to fit into your commute, walks, or gym time.</p>]]>
      </content:encoded>
      <pubDate>Mon, 16 Mar 2026 06:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/812c660b/82febac1.mp3" length="26686143" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>666</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>The narrated version of our Monday “Certified” feature walks you through CompTIA Tech+ (Tech+) in simple, practical language. You will hear what Tech+ actually is, how it differs from heavier technical certifications, and why it is such a good fit for tech-curious beginners and early-career professionals. We explore who this certification is designed for, the kinds of real-world situations it expects you to understand, and how it helps you turn everyday experience with devices, apps, and cloud tools into solid digital fundamentals. The tone stays calm, friendly, and focused on helping you feel less overwhelmed and more confident.</p><p> </p><p>You will also get a clear sense of what the Tech+ exam really tests, how it connects to later steps like CompTIA A+ and security or cloud paths, and where it can fit in a realistic early-career roadmap. The narration is based on the Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structure, examples, and guidance in an audio-friendly format. If you want to go deeper, you can continue your journey with the dedicated Tech+ audio course inside the Bare Metal Cyber Audio Academy, designed to fit into your commute, walks, or gym time.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/812c660b/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Concrete and Code: Smart Buildings as the Quiet New Attack Surface</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>31</itunes:episode>
      <podcast:episode>31</podcast:episode>
      <itunes:title>Concrete and Code: Smart Buildings as the Quiet New Attack Surface</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">66895103-c996-43c2-a01c-5925cfdbe6ab</guid>
      <link>https://share.transistor.fm/s/863bd6b0</link>
      <description>
        <![CDATA[<p>Smart buildings used to be a facilities concern; now they behave like distributed systems that can be probed, abused, or ransomed. In this narrated edition of “Concrete and Code: Smart Buildings as the Quiet New Attack Surface,” we walk through how access control, building management systems, cloud dashboards, and vendor VPNs have converged into a single, often unowned, cyber-physical domain. You’ll hear why leaders need to treat operational technology (OT) and smart building stacks with the same architectural seriousness as cloud and identity, and how long-lived capital decisions quietly shape your risk posture for decades.</p><p> </p><p>Across the episode, we unpack the core sections of the Wednesday “Headline” feature from Bare Metal Cyber Magazine: the evolution from static buildings to software-defined environments, the real anatomy of smart building stacks, the ways buildings become ransom assets, and the governance vacuum that often surrounds them. We finish with pragmatic leadership moves: reference architectures for campuses, non-negotiables for vendor access and segmentation, and procurement levers that turn vague “smart” upgrades into defensible, testable systems. If you’re responsible for risk, resilience, or technology strategy, this is a chance to rethink how you see the walls around your data and people.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Smart buildings used to be a facilities concern; now they behave like distributed systems that can be probed, abused, or ransomed. In this narrated edition of “Concrete and Code: Smart Buildings as the Quiet New Attack Surface,” we walk through how access control, building management systems, cloud dashboards, and vendor VPNs have converged into a single, often unowned, cyber-physical domain. You’ll hear why leaders need to treat operational technology (OT) and smart building stacks with the same architectural seriousness as cloud and identity, and how long-lived capital decisions quietly shape your risk posture for decades.</p><p> </p><p>Across the episode, we unpack the core sections of the Wednesday “Headline” feature from Bare Metal Cyber Magazine: the evolution from static buildings to software-defined environments, the real anatomy of smart building stacks, the ways buildings become ransom assets, and the governance vacuum that often surrounds them. We finish with pragmatic leadership moves: reference architectures for campuses, non-negotiables for vendor access and segmentation, and procurement levers that turn vague “smart” upgrades into defensible, testable systems. If you’re responsible for risk, resilience, or technology strategy, this is a chance to rethink how you see the walls around your data and people.</p>]]>
      </content:encoded>
      <pubDate>Wed, 11 Mar 2026 07:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/863bd6b0/bc34aba3.mp3" length="40541501" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1013</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Smart buildings used to be a facilities concern; now they behave like distributed systems that can be probed, abused, or ransomed. In this narrated edition of “Concrete and Code: Smart Buildings as the Quiet New Attack Surface,” we walk through how access control, building management systems, cloud dashboards, and vendor VPNs have converged into a single, often unowned, cyber-physical domain. You’ll hear why leaders need to treat operational technology (OT) and smart building stacks with the same architectural seriousness as cloud and identity, and how long-lived capital decisions quietly shape your risk posture for decades.</p><p> </p><p>Across the episode, we unpack the core sections of the Wednesday “Headline” feature from Bare Metal Cyber Magazine: the evolution from static buildings to software-defined environments, the real anatomy of smart building stacks, the ways buildings become ransom assets, and the governance vacuum that often surrounds them. We finish with pragmatic leadership moves: reference architectures for campuses, non-negotiables for vendor access and segmentation, and procurement levers that turn vague “smart” upgrades into defensible, testable systems. If you’re responsible for risk, resilience, or technology strategy, this is a chance to rethink how you see the walls around your data and people.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/863bd6b0/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Keeping API Keys, Tokens, and Passwords Out of the Wrong Hands</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>30</itunes:episode>
      <podcast:episode>30</podcast:episode>
      <itunes:title>Keeping API Keys, Tokens, and Passwords Out of the Wrong Hands</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">44944830-3952-477e-997e-7ce2bceefaa1</guid>
      <link>https://share.transistor.fm/s/7cb7cabb</link>
      <description>
        <![CDATA[<p>Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.</p><p> </p><p>The episode also explores where secrets management shows up in real workflows, from CI pipelines and microservices to admin tools and support processes. We unpack quick wins like removing hard-coded credentials from source control, as well as deeper patterns such as dynamic credentials and just-in-time access. Along the way, you will get a clear view of the benefits, trade-offs, common failure modes, and healthy signals that show secrets are being treated as real operational assets, not just background details.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.</p><p> </p><p>The episode also explores where secrets management shows up in real workflows, from CI pipelines and microservices to admin tools and support processes. We unpack quick wins like removing hard-coded credentials from source control, as well as deeper patterns such as dynamic credentials and just-in-time access. Along the way, you will get a clear view of the benefits, trade-offs, common failure modes, and healthy signals that show secrets are being treated as real operational assets, not just background details.</p>]]>
      </content:encoded>
      <pubDate>Tue, 10 Mar 2026 07:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/7cb7cabb/9c84b635.mp3" length="30634820" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>765</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.</p><p> </p><p>The episode also explores where secrets management shows up in real workflows, from CI pipelines and microservices to admin tools and support processes. We unpack quick wins like removing hard-coded credentials from source control, as well as deeper patterns such as dynamic credentials and just-in-time access. Along the way, you will get a clear view of the benefits, trade-offs, common failure modes, and healthy signals that show secrets are being treated as real operational assets, not just background details.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/7cb7cabb/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Launching Your Project Management Journey with CompTIA Project+</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>29</itunes:episode>
      <podcast:episode>29</podcast:episode>
      <itunes:title>Certified: Launching Your Project Management Journey with CompTIA Project+</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">3b9478e5-91a6-4d23-9db9-99762a6a3b98</guid>
      <link>https://share.transistor.fm/s/3943a964</link>
      <description>
        <![CDATA[<p>This episode walks through CompTIA Project+ (Project+) as a practical first step into project leadership for early-career IT and cybersecurity professionals. You will hear what the certification actually covers, who it is designed for, and how it helps you move from “just doing tasks” to guiding real projects with scope, timelines, risks, and stakeholders. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine and keeps the focus on clear, real-world language instead of heavy jargon or rigid frameworks.</p><p> </p><p>You will also get a grounded look at what the exam really tests, how it feels in terms of scenarios and decision-making, and where Project+ fits in a broader career and certification path. That includes how hiring managers tend to view it, why it pairs well with technical certifications, and when it makes sense to pursue more advanced project credentials. If you want to go deeper, there is a full audio course for CompTIA Project+ inside the Bare Metal Cyber Audio Academy that expands on these ideas and supports a more structured study plan.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode walks through CompTIA Project+ (Project+) as a practical first step into project leadership for early-career IT and cybersecurity professionals. You will hear what the certification actually covers, who it is designed for, and how it helps you move from “just doing tasks” to guiding real projects with scope, timelines, risks, and stakeholders. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine and keeps the focus on clear, real-world language instead of heavy jargon or rigid frameworks.</p><p> </p><p>You will also get a grounded look at what the exam really tests, how it feels in terms of scenarios and decision-making, and where Project+ fits in a broader career and certification path. That includes how hiring managers tend to view it, why it pairs well with technical certifications, and when it makes sense to pursue more advanced project credentials. If you want to go deeper, there is a full audio course for CompTIA Project+ inside the Bare Metal Cyber Audio Academy that expands on these ideas and supports a more structured study plan.</p>]]>
      </content:encoded>
      <pubDate>Mon, 09 Mar 2026 05:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3943a964/7a4d6d1f.mp3" length="28594146" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>714</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This episode walks through CompTIA Project+ (Project+) as a practical first step into project leadership for early-career IT and cybersecurity professionals. You will hear what the certification actually covers, who it is designed for, and how it helps you move from “just doing tasks” to guiding real projects with scope, timelines, risks, and stakeholders. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine and keeps the focus on clear, real-world language instead of heavy jargon or rigid frameworks.</p><p> </p><p>You will also get a grounded look at what the exam really tests, how it feels in terms of scenarios and decision-making, and where Project+ fits in a broader career and certification path. That includes how hiring managers tend to view it, why it pairs well with technical certifications, and when it makes sense to pursue more advanced project credentials. If you want to go deeper, there is a full audio course for CompTIA Project+ inside the Bare Metal Cyber Audio Academy that expands on these ideas and supports a more structured study plan.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3943a964/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>SaaS Chain Reactions: When One App’s Breach Becomes Everyone’s Incident</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>28</itunes:episode>
      <podcast:episode>28</podcast:episode>
      <itunes:title>SaaS Chain Reactions: When One App’s Breach Becomes Everyone’s Incident</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">64757136-5acb-4cd5-81d0-0f4faf8314ff</guid>
      <link>https://share.transistor.fm/s/6f702031</link>
      <description>
        <![CDATA[<p>This narrated episode explores what happens when a “small” tool in your Software as a Service (SaaS) estate becomes the catalyst for everyone’s incident. You will hear a breach story unfold from the war room perspective and then step back into the deeper architecture and governance patterns that made the chain reaction possible. The focus is on how integrations, identity providers, and automation platforms quietly accumulate risk, and why traditional vendor risk approaches that look at each provider in isolation are no longer enough for senior security and technology leaders. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>From there, the episode walks through the key sections of the article in clear, leader-friendly language. It examines how the SaaS mesh forms, how blast radius is effectively “designed in” through common OAuth patterns and tenant-wide permissions, and how procurement and ownership models can leave security holding the bill when a partner is breached. It then turns to pragmatic moves: shaping your SaaS architecture for containment, using SaaS security posture management (SSPM) and identity tools to expose risky integrations, and building playbooks for third-party incidents that cross organizational boundaries. The goal is to leave you with a sharper mental model, better questions, and a concrete way to pressure-test your own environment.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated episode explores what happens when a “small” tool in your Software as a Service (SaaS) estate becomes the catalyst for everyone’s incident. You will hear a breach story unfold from the war room perspective and then step back into the deeper architecture and governance patterns that made the chain reaction possible. The focus is on how integrations, identity providers, and automation platforms quietly accumulate risk, and why traditional vendor risk approaches that look at each provider in isolation are no longer enough for senior security and technology leaders. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>From there, the episode walks through the key sections of the article in clear, leader-friendly language. It examines how the SaaS mesh forms, how blast radius is effectively “designed in” through common OAuth patterns and tenant-wide permissions, and how procurement and ownership models can leave security holding the bill when a partner is breached. It then turns to pragmatic moves: shaping your SaaS architecture for containment, using SaaS security posture management (SSPM) and identity tools to expose risky integrations, and building playbooks for third-party incidents that cross organizational boundaries. The goal is to leave you with a sharper mental model, better questions, and a concrete way to pressure-test your own environment.</p>]]>
      </content:encoded>
      <pubDate>Wed, 04 Mar 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6f702031/facb24e5.mp3" length="41366004" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1033</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated episode explores what happens when a “small” tool in your Software as a Service (SaaS) estate becomes the catalyst for everyone’s incident. You will hear a breach story unfold from the war room perspective and then step back into the deeper architecture and governance patterns that made the chain reaction possible. The focus is on how integrations, identity providers, and automation platforms quietly accumulate risk, and why traditional vendor risk approaches that look at each provider in isolation are no longer enough for senior security and technology leaders. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>From there, the episode walks through the key sections of the article in clear, leader-friendly language. It examines how the SaaS mesh forms, how blast radius is effectively “designed in” through common OAuth patterns and tenant-wide permissions, and how procurement and ownership models can leave security holding the bill when a partner is breached. It then turns to pragmatic moves: shaping your SaaS architecture for containment, using SaaS security posture management (SSPM) and identity tools to expose risky integrations, and building playbooks for third-party incidents that cross organizational boundaries. The goal is to leave you with a sharper mental model, better questions, and a concrete way to pressure-test your own environment.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6f702031/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Turning SIEM Events Into Actionable Signals</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>27</itunes:episode>
      <podcast:episode>27</podcast:episode>
      <itunes:title>Insight: Turning SIEM Events Into Actionable Signals</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">11229dae-7871-4134-85f8-b008f767ca3f</guid>
      <link>https://share.transistor.fm/s/402d24b8</link>
      <description>
        <![CDATA[<p>If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”</p><p> </p><p>We also explore everyday SIEM use cases teams lean on, from quick-win detections around authentication and admin activity to deeper, strategic patterns that tie identity, endpoint, and cloud data together. Along the way, we talk through the benefits, trade-offs, and limits of investing in SIEM use case design, plus the red flags and healthy signals that show whether your current content is working. This narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”</p><p> </p><p>We also explore everyday SIEM use cases teams lean on, from quick-win detections around authentication and admin activity to deeper, strategic patterns that tie identity, endpoint, and cloud data together. Along the way, we talk through the benefits, trade-offs, and limits of investing in SIEM use case design, plus the red flags and healthy signals that show whether your current content is working. This narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Tue, 03 Mar 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/402d24b8/f9c7d88c.mp3" length="30444638" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>760</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”</p><p> </p><p>We also explore everyday SIEM use cases teams lean on, from quick-win detections around authentication and admin activity to deeper, strategic patterns that tie identity, endpoint, and cloud data together. Along the way, we talk through the benefits, trade-offs, and limits of investing in SIEM use case design, plus the red flags and healthy signals that show whether your current content is working. This narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/402d24b8/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Hands-On Server Confidence with CompTIA Server+</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>26</itunes:episode>
      <podcast:episode>26</podcast:episode>
      <itunes:title>Certified: Hands-On Server Confidence with CompTIA Server+</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">07431270-e0b2-47ec-bd02-f713541580c2</guid>
      <link>https://share.transistor.fm/s/8fedfa06</link>
      <description>
        <![CDATA[<p>This narrated edition of our Monday “Certified” feature from Bare Metal Cyber Magazine walks you through CompTIA Server+ (Server+) in clear, practical language. You’ll hear what the certification is designed to prove, who it’s really for, and how it fits between entry-level support work and more advanced infrastructure roles. Along the way, we connect the dots between physical hardware, virtualization, storage, networking, and troubleshooting so you can picture the environments Server+ expects you to understand.</p><p> </p><p>In this episode, we also break down what the Server+ exam really tests, how the questions feel, and how the credential fits into a bigger career path that might include security, cloud, or platform-specific certifications. If you want to go beyond a single walkthrough, you can dive into the full audio course for Server+ inside the Bare Metal Cyber Audio Academy for deeper, step-by-step exam prep.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated edition of our Monday “Certified” feature from Bare Metal Cyber Magazine walks you through CompTIA Server+ (Server+) in clear, practical language. You’ll hear what the certification is designed to prove, who it’s really for, and how it fits between entry-level support work and more advanced infrastructure roles. Along the way, we connect the dots between physical hardware, virtualization, storage, networking, and troubleshooting so you can picture the environments Server+ expects you to understand.</p><p> </p><p>In this episode, we also break down what the Server+ exam really tests, how the questions feel, and how the credential fits into a bigger career path that might include security, cloud, or platform-specific certifications. If you want to go beyond a single walkthrough, you can dive into the full audio course for Server+ inside the Bare Metal Cyber Audio Academy for deeper, step-by-step exam prep.</p>]]>
      </content:encoded>
      <pubDate>Mon, 02 Mar 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/8fedfa06/6497b43b.mp3" length="28950440" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>723</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated edition of our Monday “Certified” feature from Bare Metal Cyber Magazine walks you through CompTIA Server+ (Server+) in clear, practical language. You’ll hear what the certification is designed to prove, who it’s really for, and how it fits between entry-level support work and more advanced infrastructure roles. Along the way, we connect the dots between physical hardware, virtualization, storage, networking, and troubleshooting so you can picture the environments Server+ expects you to understand.</p><p> </p><p>In this episode, we also break down what the Server+ exam really tests, how the questions feel, and how the credential fits into a bigger career path that might include security, cloud, or platform-specific certifications. If you want to go beyond a single walkthrough, you can dive into the full audio course for Server+ inside the Bare Metal Cyber Audio Academy for deeper, step-by-step exam prep.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/8fedfa06/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Multi-Cloud Mirage: More Providers, Same Fragile Backbone</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>25</itunes:episode>
      <podcast:episode>25</podcast:episode>
      <itunes:title>Multi-Cloud Mirage: More Providers, Same Fragile Backbone</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">8173aec6-59f4-4714-9f5b-3b64da6c2470</guid>
      <link>https://share.transistor.fm/s/264bb58d</link>
      <description>
        <![CDATA[<p>This narrated edition of <strong>“Multi-Cloud Mirage: More Providers, Same Fragile Backbone”</strong> digs into the gap between the slideware story of multi-cloud resilience and the reality of how most environments are actually built. You will hear how identity, connectivity, automation, and data paths quietly converge into a single fragile spine, even as logos multiply. We walk through why adding providers often does less for concentration risk than boards, regulators, and insurers believe, and why the real conversation needs to shift toward failure domains and control planes instead of marketing diagrams. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p><p>In the second half, the narration takes you through the key sections of the article in practical, leader-focused language. We explore hidden shared backbones, failure domains that are not truly independent, and the way centralized control planes turn into elegant single points of failure. From there, we move into what real isolation looks like in architectures and operations, and how to own the trade-offs honestly in the boardroom. By the end, you will have a clearer mental model for deciding where multi-cloud genuinely adds resilience, where single-cloud plus strong recovery is enough, and how to explain those choices with confidence.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated edition of <strong>“Multi-Cloud Mirage: More Providers, Same Fragile Backbone”</strong> digs into the gap between the slideware story of multi-cloud resilience and the reality of how most environments are actually built. You will hear how identity, connectivity, automation, and data paths quietly converge into a single fragile spine, even as logos multiply. We walk through why adding providers often does less for concentration risk than boards, regulators, and insurers believe, and why the real conversation needs to shift toward failure domains and control planes instead of marketing diagrams. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p><p>In the second half, the narration takes you through the key sections of the article in practical, leader-focused language. We explore hidden shared backbones, failure domains that are not truly independent, and the way centralized control planes turn into elegant single points of failure. From there, we move into what real isolation looks like in architectures and operations, and how to own the trade-offs honestly in the boardroom. By the end, you will have a clearer mental model for deciding where multi-cloud genuinely adds resilience, where single-cloud plus strong recovery is enough, and how to explain those choices with confidence.</p>]]>
      </content:encoded>
      <pubDate>Wed, 25 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/264bb58d/46a302d1.mp3" length="45804643" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1144</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated edition of <strong>“Multi-Cloud Mirage: More Providers, Same Fragile Backbone”</strong> digs into the gap between the slideware story of multi-cloud resilience and the reality of how most environments are actually built. You will hear how identity, connectivity, automation, and data paths quietly converge into a single fragile spine, even as logos multiply. We walk through why adding providers often does less for concentration risk than boards, regulators, and insurers believe, and why the real conversation needs to shift toward failure domains and control planes instead of marketing diagrams. This audio is developed from my Wednesday “Headline” feature in Bare Metal Cyber Magazine.</p><p>In the second half, the narration takes you through the key sections of the article in practical, leader-focused language. We explore hidden shared backbones, failure domains that are not truly independent, and the way centralized control planes turn into elegant single points of failure. From there, we move into what real isolation looks like in architectures and operations, and how to own the trade-offs honestly in the boardroom. By the end, you will have a clearer mental model for deciding where multi-cloud genuinely adds resilience, where single-cloud plus strong recovery is enough, and how to explain those choices with confidence.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/264bb58d/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Third-Party Risk Questions That Actually Matter</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>24</itunes:episode>
      <podcast:episode>24</podcast:episode>
      <itunes:title>Insight: Third-Party Risk Questions That Actually Matter</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">02718789-3d08-4dcc-891e-2488ecf39d89</guid>
      <link>https://share.transistor.fm/s/1a2fd87d</link>
      <description>
        <![CDATA[<p>This audio episode explores Third-Party Risk Management (TPRM) as a practical, everyday part of how your organization works with vendors, cloud platforms, and service providers. In clear language, it walks through what TPRM is, where it fits in your governance and technical stack, and why “we’re secure” is never enough when a third party wants access to your data or systems. You will hear how TPRM turns vague assurances into specific questions about data flows, access paths, and incident responsibilities before any new connection goes live.</p><p> </p><p>Building on that foundation, the episode then walks through how TPRM works in practice, with real-world use cases that range from approving new SaaS tools to managing high-privilege service providers and renewals. It unpacks the major benefits and trade-offs, the limits of what you can realistically know about a vendor, and the failure modes that turn TPRM into paperwork instead of decision support. The narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine, giving you a structured but accessible way to strengthen how your organization plugs vendors into its world.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This audio episode explores Third-Party Risk Management (TPRM) as a practical, everyday part of how your organization works with vendors, cloud platforms, and service providers. In clear language, it walks through what TPRM is, where it fits in your governance and technical stack, and why “we’re secure” is never enough when a third party wants access to your data or systems. You will hear how TPRM turns vague assurances into specific questions about data flows, access paths, and incident responsibilities before any new connection goes live.</p><p> </p><p>Building on that foundation, the episode then walks through how TPRM works in practice, with real-world use cases that range from approving new SaaS tools to managing high-privilege service providers and renewals. It unpacks the major benefits and trade-offs, the limits of what you can realistically know about a vendor, and the failure modes that turn TPRM into paperwork instead of decision support. The narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine, giving you a structured but accessible way to strengthen how your organization plugs vendors into its world.</p>]]>
      </content:encoded>
      <pubDate>Tue, 24 Feb 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1a2fd87d/2049183e.mp3" length="31937801" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>797</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This audio episode explores Third-Party Risk Management (TPRM) as a practical, everyday part of how your organization works with vendors, cloud platforms, and service providers. In clear language, it walks through what TPRM is, where it fits in your governance and technical stack, and why “we’re secure” is never enough when a third party wants access to your data or systems. You will hear how TPRM turns vague assurances into specific questions about data flows, access paths, and incident responsibilities before any new connection goes live.</p><p> </p><p>Building on that foundation, the episode then walks through how TPRM works in practice, with real-world use cases that range from approving new SaaS tools to managing high-privilege service providers and renewals. It unpacks the major benefits and trade-offs, the limits of what you can realistically know about a vendor, and the failure modes that turn TPRM into paperwork instead of decision support. The narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine, giving you a structured but accessible way to strengthen how your organization plugs vendors into its world.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1a2fd87d/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Breaking into Tech from Zero with CompTIA IT Fundamentals (ITF+)</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>23</itunes:episode>
      <podcast:episode>23</podcast:episode>
      <itunes:title>Certified: Breaking into Tech from Zero with CompTIA IT Fundamentals (ITF+)</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">1dd3c717-d047-45d1-adf7-afec4f944b02</guid>
      <link>https://share.transistor.fm/s/16b53692</link>
      <description>
        <![CDATA[<p>This week on Certified, we break down CompTIA IT Fundamentals (ITF+), the gentle on-ramp for anyone who feels “tech-curious” but not yet “tech-confident.” Developed by Bare Metal Cyber, this episode walks through what ITF+ actually covers, who it’s built for, and how it can help you decide whether a path into IT or cybersecurity makes sense for you.</p><p>You’ll hear how the exam turns everyday technology into a structured skill set: basic hardware and operating systems, simple networking, data and databases, and the security habits that protect people at home and at work. We talk about how long to study, what kind of prep is realistic for busy adults, and how ITF+ can support a career change, a first job in tech, or better conversations with your IT and security teams.</p><p> </p><p>If you’re standing at the edge of the field wondering whether you belong in IT, this Certified episode gives you a clear, honest look at ITF+ as a low-pressure test of your interest and potential next steps toward A+, Network+, or Security+.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This week on Certified, we break down CompTIA IT Fundamentals (ITF+), the gentle on-ramp for anyone who feels “tech-curious” but not yet “tech-confident.” Developed by Bare Metal Cyber, this episode walks through what ITF+ actually covers, who it’s built for, and how it can help you decide whether a path into IT or cybersecurity makes sense for you.</p><p>You’ll hear how the exam turns everyday technology into a structured skill set: basic hardware and operating systems, simple networking, data and databases, and the security habits that protect people at home and at work. We talk about how long to study, what kind of prep is realistic for busy adults, and how ITF+ can support a career change, a first job in tech, or better conversations with your IT and security teams.</p><p> </p><p>If you’re standing at the edge of the field wondering whether you belong in IT, this Certified episode gives you a clear, honest look at ITF+ as a low-pressure test of your interest and potential next steps toward A+, Network+, or Security+.</p>]]>
      </content:encoded>
      <pubDate>Mon, 23 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/16b53692/293376db.mp3" length="22404171" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>559</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This week on Certified, we break down CompTIA IT Fundamentals (ITF+), the gentle on-ramp for anyone who feels “tech-curious” but not yet “tech-confident.” Developed by Bare Metal Cyber, this episode walks through what ITF+ actually covers, who it’s built for, and how it can help you decide whether a path into IT or cybersecurity makes sense for you.</p><p>You’ll hear how the exam turns everyday technology into a structured skill set: basic hardware and operating systems, simple networking, data and databases, and the security habits that protect people at home and at work. We talk about how long to study, what kind of prep is realistic for busy adults, and how ITF+ can support a career change, a first job in tech, or better conversations with your IT and security teams.</p><p> </p><p>If you’re standing at the edge of the field wondering whether you belong in IT, this Certified episode gives you a clear, honest look at ITF+ as a low-pressure test of your interest and potential next steps toward A+, Network+, or Security+.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/16b53692/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Platform Captivity: Life Inside a Single Cloud’s Walled Garden</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>22</itunes:episode>
      <podcast:episode>22</podcast:episode>
      <itunes:title>Platform Captivity: Life Inside a Single Cloud’s Walled Garden</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">9ae8b6c6-b0bf-4327-b528-752eba3ce95f</guid>
      <link>https://share.transistor.fm/s/3c8b44d7</link>
      <description>
        <![CDATA[<p>Cloud promises agility, savings, and simplicity, but for many organizations it has quietly become a walled garden with only one gate. In this audio edition of “Platform Captivity: Life Inside a Single Cloud’s Walled Garden,” we walk through how “all in” decisions on a single provider turn into deep architectural, commercial, and regulatory dependencies. You will hear how comfort and standardization evolve into structural lock-in, and why platform captivity should be treated as its own risk domain, not just a technical complaint. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>We then move through the key decision points leaders face: the lure of integrated native services, the difference between decorative multi-cloud and real strategic options, and what it means to negotiate from inside the fence. Along the way, we explore practical ways to recover leverage without launching an unrealistic great escape project, and how to design new systems with exit in mind from day one. If you are responsible for cloud strategy, resilience, or security, this episode will help you see where your organization is truly benefiting from focus and where it is quietly giving away future freedom.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Cloud promises agility, savings, and simplicity, but for many organizations it has quietly become a walled garden with only one gate. In this audio edition of “Platform Captivity: Life Inside a Single Cloud’s Walled Garden,” we walk through how “all in” decisions on a single provider turn into deep architectural, commercial, and regulatory dependencies. You will hear how comfort and standardization evolve into structural lock-in, and why platform captivity should be treated as its own risk domain, not just a technical complaint. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>We then move through the key decision points leaders face: the lure of integrated native services, the difference between decorative multi-cloud and real strategic options, and what it means to negotiate from inside the fence. Along the way, we explore practical ways to recover leverage without launching an unrealistic great escape project, and how to design new systems with exit in mind from day one. If you are responsible for cloud strategy, resilience, or security, this episode will help you see where your organization is truly benefiting from focus and where it is quietly giving away future freedom.</p>]]>
      </content:encoded>
      <pubDate>Wed, 18 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3c8b44d7/7cd8a60f.mp3" length="56242198" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1405</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Cloud promises agility, savings, and simplicity, but for many organizations it has quietly become a walled garden with only one gate. In this audio edition of “Platform Captivity: Life Inside a Single Cloud’s Walled Garden,” we walk through how “all in” decisions on a single provider turn into deep architectural, commercial, and regulatory dependencies. You will hear how comfort and standardization evolve into structural lock-in, and why platform captivity should be treated as its own risk domain, not just a technical complaint. This narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>We then move through the key decision points leaders face: the lure of integrated native services, the difference between decorative multi-cloud and real strategic options, and what it means to negotiate from inside the fence. Along the way, we explore practical ways to recover leverage without launching an unrealistic great escape project, and how to design new systems with exit in mind from day one. If you are responsible for cloud strategy, resilience, or security, this episode will help you see where your organization is truly benefiting from focus and where it is quietly giving away future freedom.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3c8b44d7/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: When Source Code Spills Keys, Tokens, and Credentials</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>21</itunes:episode>
      <podcast:episode>21</podcast:episode>
      <itunes:title>Insight: When Source Code Spills Keys, Tokens, and Credentials</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4f25285a-ebf5-42ba-8b77-e21181769c0a</guid>
      <link>https://share.transistor.fm/s/37ab0c84</link>
      <description>
        <![CDATA[<p>When secrets leak into source code, they rarely announce themselves with flashing lights. In this audio companion to Bare Metal Cyber’s Tuesday “Insights” feature, we walk through what “secrets in source code” really means for working teams: the keys, tokens, passwords, and other sensitive values that quietly end up in repositories and stick around for years. You will hear where these secrets tend to hide in real environments, how they move through developer laptops, branches, and pipelines, and where secret scanning and better handling practices actually fit into your existing stack.</p><p> </p><p>The episode then turns to day-to-day use: how secret scanning flows through CI/CD pipelines and code reviews, what realistic quick wins look like for smaller teams, and how more mature programs tie scanning into central secrets management and ownership. Along the way, we unpack the benefits, trade-offs, and limits of these approaches, and spend time on the failure modes and healthy signals that show whether your efforts are really working. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted into a clear, story-driven walkthrough you can listen to on the go.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When secrets leak into source code, they rarely announce themselves with flashing lights. In this audio companion to Bare Metal Cyber’s Tuesday “Insights” feature, we walk through what “secrets in source code” really means for working teams: the keys, tokens, passwords, and other sensitive values that quietly end up in repositories and stick around for years. You will hear where these secrets tend to hide in real environments, how they move through developer laptops, branches, and pipelines, and where secret scanning and better handling practices actually fit into your existing stack.</p><p> </p><p>The episode then turns to day-to-day use: how secret scanning flows through CI/CD pipelines and code reviews, what realistic quick wins look like for smaller teams, and how more mature programs tie scanning into central secrets management and ownership. Along the way, we unpack the benefits, trade-offs, and limits of these approaches, and spend time on the failure modes and healthy signals that show whether your efforts are really working. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted into a clear, story-driven walkthrough you can listen to on the go.</p>]]>
      </content:encoded>
      <pubDate>Tue, 17 Feb 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/37ab0c84/5006d154.mp3" length="38440207" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>960</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When secrets leak into source code, they rarely announce themselves with flashing lights. In this audio companion to Bare Metal Cyber’s Tuesday “Insights” feature, we walk through what “secrets in source code” really means for working teams: the keys, tokens, passwords, and other sensitive values that quietly end up in repositories and stick around for years. You will hear where these secrets tend to hide in real environments, how they move through developer laptops, branches, and pipelines, and where secret scanning and better handling practices actually fit into your existing stack.</p><p> </p><p>The episode then turns to day-to-day use: how secret scanning flows through CI/CD pipelines and code reviews, what realistic quick wins look like for smaller teams, and how more mature programs tie scanning into central secrets management and ownership. Along the way, we unpack the benefits, trade-offs, and limits of these approaches, and spend time on the failure modes and healthy signals that show whether your efforts are really working. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted into a clear, story-driven walkthrough you can listen to on the go.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
    </item>
    <item>
      <title>Certified: How CompTIA Cloud+ Builds Real-World Cloud Confidence</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>20</itunes:episode>
      <podcast:episode>20</podcast:episode>
      <itunes:title>Certified: How CompTIA Cloud+ Builds Real-World Cloud Confidence</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">ceb82605-f5d8-4b0e-86aa-ae93c33bfad4</guid>
      <link>https://share.transistor.fm/s/af67ab66</link>
      <description>
        <![CDATA[<p>CompTIA Cloud+ (Cloud+) is built for people who already know their way around servers, networks, and virtualization, and are now being asked to make it all work in the cloud. In this episode, we walk through what Cloud+ really covers, who benefits most from it, and how it helps you handle real hybrid and multi-cloud environments instead of just one vendor’s platform. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structured breakdown in an easy, listenable format.</p><p> </p><p>You will hear how the exam is organized, what kinds of scenarios and decisions it emphasizes, and why it rewards applied understanding more than pure memorization. We also explore how Cloud+ fits into a broader certification path, how hiring managers tend to read it on a résumé, and where it can open doors in infrastructure and cloud engineering roles. If you want to go deeper after this episode, you can keep building your skills with the full Cloud+ audio course inside the Bare Metal Cyber Audio Academy.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>CompTIA Cloud+ (Cloud+) is built for people who already know their way around servers, networks, and virtualization, and are now being asked to make it all work in the cloud. In this episode, we walk through what Cloud+ really covers, who benefits most from it, and how it helps you handle real hybrid and multi-cloud environments instead of just one vendor’s platform. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structured breakdown in an easy, listenable format.</p><p> </p><p>You will hear how the exam is organized, what kinds of scenarios and decisions it emphasizes, and why it rewards applied understanding more than pure memorization. We also explore how Cloud+ fits into a broader certification path, how hiring managers tend to read it on a résumé, and where it can open doors in infrastructure and cloud engineering roles. If you want to go deeper after this episode, you can keep building your skills with the full Cloud+ audio course inside the Bare Metal Cyber Audio Academy.</p>]]>
      </content:encoded>
      <pubDate>Mon, 16 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/af67ab66/fb69176c.mp3" length="35395377" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>884</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>CompTIA Cloud+ (Cloud+) is built for people who already know their way around servers, networks, and virtualization, and are now being asked to make it all work in the cloud. In this episode, we walk through what Cloud+ really covers, who benefits most from it, and how it helps you handle real hybrid and multi-cloud environments instead of just one vendor’s platform. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structured breakdown in an easy, listenable format.</p><p> </p><p>You will hear how the exam is organized, what kinds of scenarios and decisions it emphasizes, and why it rewards applied understanding more than pure memorization. We also explore how Cloud+ fits into a broader certification path, how hiring managers tend to read it on a résumé, and where it can open doors in infrastructure and cloud engineering roles. If you want to go deeper after this episode, you can keep building your skills with the full Cloud+ audio course inside the Bare Metal Cyber Audio Academy.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/af67ab66/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Machine Identity Riot: Certificates, Tokens, and Bots Gone Wild</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>19</itunes:episode>
      <podcast:episode>19</podcast:episode>
      <itunes:title>Machine Identity Riot: Certificates, Tokens, and Bots Gone Wild</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">ca14c91c-7dbd-4fd7-ab9f-439c1881e2c8</guid>
      <link>https://share.transistor.fm/s/29ad8fe2</link>
      <description>
        <![CDATA[<p>In this audio edition of “Machine Identity Riot: Certificates, Tokens, and Bots Gone Wild,” we walk leaders through the trust fabric that actually runs their business. You will hear how certificates, tokens, API keys, service accounts, and bots have quietly become the dominant identity layer in most organizations, far outnumbering human users. The episode explains where this machine identity surface comes from, how it is stitched together across PKI, identity providers, cloud platforms, and automation tools, and why it has become such a powerful driver of both outages and attacker leverage.</p><p> </p><p>From there, the narration moves through the key sections of the Headline article: the common failure modes that accumulate risk without constant explosions, the shift to lifecycle thinking for issuance, rotation, and revocation, and the case for running machine identity as a shared platform instead of a series of one-off projects. It also looks ahead to AI agents, software supply chain signing, and edge deployments, showing how today’s decisions about authorities, key lifetimes, and automation interfaces will either calm or fuel the next machine identity riot. This episode is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this audio edition of “Machine Identity Riot: Certificates, Tokens, and Bots Gone Wild,” we walk leaders through the trust fabric that actually runs their business. You will hear how certificates, tokens, API keys, service accounts, and bots have quietly become the dominant identity layer in most organizations, far outnumbering human users. The episode explains where this machine identity surface comes from, how it is stitched together across PKI, identity providers, cloud platforms, and automation tools, and why it has become such a powerful driver of both outages and attacker leverage.</p><p> </p><p>From there, the narration moves through the key sections of the Headline article: the common failure modes that accumulate risk without constant explosions, the shift to lifecycle thinking for issuance, rotation, and revocation, and the case for running machine identity as a shared platform instead of a series of one-off projects. It also looks ahead to AI agents, software supply chain signing, and edge deployments, showing how today’s decisions about authorities, key lifetimes, and automation interfaces will either calm or fuel the next machine identity riot. This episode is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Wed, 11 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/29ad8fe2/5c75edcc.mp3" length="43465123" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1086</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this audio edition of “Machine Identity Riot: Certificates, Tokens, and Bots Gone Wild,” we walk leaders through the trust fabric that actually runs their business. You will hear how certificates, tokens, API keys, service accounts, and bots have quietly become the dominant identity layer in most organizations, far outnumbering human users. The episode explains where this machine identity surface comes from, how it is stitched together across PKI, identity providers, cloud platforms, and automation tools, and why it has become such a powerful driver of both outages and attacker leverage.</p><p> </p><p>From there, the narration moves through the key sections of the Headline article: the common failure modes that accumulate risk without constant explosions, the shift to lifecycle thinking for issuance, rotation, and revocation, and the case for running machine identity as a shared platform instead of a series of one-off projects. It also looks ahead to AI agents, software supply chain signing, and edge deployments, showing how today’s decisions about authorities, key lifetimes, and automation interfaces will either calm or fuel the next machine identity riot. This episode is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/29ad8fe2/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Building Security Into CI/CD Without the Buzzwords</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>18</itunes:episode>
      <podcast:episode>18</podcast:episode>
      <itunes:title>Insight: Building Security Into CI/CD Without the Buzzwords</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4616db2c-5571-40e5-9392-18b7d7bd8567</guid>
      <link>https://share.transistor.fm/s/23c608ca</link>
      <description>
        <![CDATA[<p>This narrated episode explores DevSecOps in CI/CD pipelines as a practical way to build security into the same paths your code already takes from commit to production. You’ll hear what DevSecOps in CI/CD pipelines really means, where it fits in modern delivery stacks, and how security checks can live alongside familiar build, test, and deploy stages. The episode walks through the flow of a typical change, showing how tools, pipelines, and people work together to catch issues earlier without turning every release into a negotiation.</p><p> </p><p>We also dig into everyday use cases and patterns, from simple “shift-left” hygiene checks on pull requests to more advanced policy-as-code and standardized secure pipeline templates. Along the way, the episode unpacks key benefits, the trade-offs between speed and safety, and the failure modes that make DevSecOps feel like empty buzzwords when it is not done well. This audio is developed by Bare Metal Cyber and is based on my Tuesday “Insights” feature in Bare Metal Cyber Magazine, so you get a clear, vendor-neutral view designed for real-world teams.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated episode explores DevSecOps in CI/CD pipelines as a practical way to build security into the same paths your code already takes from commit to production. You’ll hear what DevSecOps in CI/CD pipelines really means, where it fits in modern delivery stacks, and how security checks can live alongside familiar build, test, and deploy stages. The episode walks through the flow of a typical change, showing how tools, pipelines, and people work together to catch issues earlier without turning every release into a negotiation.</p><p> </p><p>We also dig into everyday use cases and patterns, from simple “shift-left” hygiene checks on pull requests to more advanced policy-as-code and standardized secure pipeline templates. Along the way, the episode unpacks key benefits, the trade-offs between speed and safety, and the failure modes that make DevSecOps feel like empty buzzwords when it is not done well. This audio is developed by Bare Metal Cyber and is based on my Tuesday “Insights” feature in Bare Metal Cyber Magazine, so you get a clear, vendor-neutral view designed for real-world teams.</p>]]>
      </content:encoded>
      <pubDate>Tue, 10 Feb 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/23c608ca/e1415dd5.mp3" length="33555306" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>838</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated episode explores DevSecOps in CI/CD pipelines as a practical way to build security into the same paths your code already takes from commit to production. You’ll hear what DevSecOps in CI/CD pipelines really means, where it fits in modern delivery stacks, and how security checks can live alongside familiar build, test, and deploy stages. The episode walks through the flow of a typical change, showing how tools, pipelines, and people work together to catch issues earlier without turning every release into a negotiation.</p><p> </p><p>We also dig into everyday use cases and patterns, from simple “shift-left” hygiene checks on pull requests to more advanced policy-as-code and standardized secure pipeline templates. Along the way, the episode unpacks key benefits, the trade-offs between speed and safety, and the failure modes that make DevSecOps feel like empty buzzwords when it is not done well. This audio is developed by Bare Metal Cyber and is based on my Tuesday “Insights” feature in Bare Metal Cyber Magazine, so you get a clear, vendor-neutral view designed for real-world teams.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/23c608ca/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: GIAC Security Essentials (GSEC): A Hands-On Baseline for Early-Career Defenders</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>17</itunes:episode>
      <podcast:episode>17</podcast:episode>
      <itunes:title>Certified: GIAC Security Essentials (GSEC): A Hands-On Baseline for Early-Career Defenders</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">694bcc25-bc42-44f4-86ef-4bd7eb751230</guid>
      <link>https://share.transistor.fm/s/0bfb9137</link>
      <description>
        <![CDATA[<p>The GIAC Security Essentials (GSEC) narrated episode walks you through what this certification really is, who it serves, and why it sits in that sweet spot between basic awareness and deep specialization. You’ll hear a clear breakdown of how GSEC treats security as a practical, hands-on discipline: reading logs, understanding network behavior, and recognizing the early signs that something is wrong. The episode is based on my Monday “Certified” feature in Bare Metal Cyber Magazine, so the structure matches what you’d see in the written breakdown while staying friendly for listeners who are newer to the field.</p><p> </p><p>From there, the narration explores what the GSEC exam actually tests, the kinds of scenarios you can expect, and how this certification fits into a bigger career path across roles like SOC analyst, security engineer, or security-focused sysadmin. You’ll also hear guidance on how to think about your own starting point, whether you are coming from help desk, general IT, or a career change into cyber. To go deeper, you can pair this episode with the full audio course for GSEC inside the Bare Metal Cyber Audio Academy, which is built to support focused exam preparation over time.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>The GIAC Security Essentials (GSEC) narrated episode walks you through what this certification really is, who it serves, and why it sits in that sweet spot between basic awareness and deep specialization. You’ll hear a clear breakdown of how GSEC treats security as a practical, hands-on discipline: reading logs, understanding network behavior, and recognizing the early signs that something is wrong. The episode is based on my Monday “Certified” feature in Bare Metal Cyber Magazine, so the structure matches what you’d see in the written breakdown while staying friendly for listeners who are newer to the field.</p><p> </p><p>From there, the narration explores what the GSEC exam actually tests, the kinds of scenarios you can expect, and how this certification fits into a bigger career path across roles like SOC analyst, security engineer, or security-focused sysadmin. You’ll also hear guidance on how to think about your own starting point, whether you are coming from help desk, general IT, or a career change into cyber. To go deeper, you can pair this episode with the full audio course for GSEC inside the Bare Metal Cyber Audio Academy, which is built to support focused exam preparation over time.</p>]]>
      </content:encoded>
      <pubDate>Mon, 09 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/0bfb9137/1b1fb387.mp3" length="28820999" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>720</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>The GIAC Security Essentials (GSEC) narrated episode walks you through what this certification really is, who it serves, and why it sits in that sweet spot between basic awareness and deep specialization. You’ll hear a clear breakdown of how GSEC treats security as a practical, hands-on discipline: reading logs, understanding network behavior, and recognizing the early signs that something is wrong. The episode is based on my Monday “Certified” feature in Bare Metal Cyber Magazine, so the structure matches what you’d see in the written breakdown while staying friendly for listeners who are newer to the field.</p><p> </p><p>From there, the narration explores what the GSEC exam actually tests, the kinds of scenarios you can expect, and how this certification fits into a bigger career path across roles like SOC analyst, security engineer, or security-focused sysadmin. You’ll also hear guidance on how to think about your own starting point, whether you are coming from help desk, general IT, or a career change into cyber. To go deeper, you can pair this episode with the full audio course for GSEC inside the Bare Metal Cyber Audio Academy, which is built to support focused exam preparation over time.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/0bfb9137/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Leadership in the Age of AI Coworkers</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>16</itunes:episode>
      <podcast:episode>16</podcast:episode>
      <itunes:title>Cyber Leadership in the Age of AI Coworkers</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">42561491-e168-4d6e-b348-92a62719d86d</guid>
      <link>https://share.transistor.fm/s/a08c21d0</link>
      <description>
        <![CDATA[<p>In this audio edition of <strong>Cyber Leadership in the Age of AI Coworkers</strong>, we explore what changes when artificial intelligence (AI) stops being a sidecar and starts acting like part of your team. As coding assistants, ops copilots, and AI agents shape code, incidents, and risk narratives, leaders are left with a harder question than “where can we use AI?”—they have to decide how much agency to grant these systems and how to stay accountable for their decisions. This narration is designed for security and technology leaders who already see AI in their workflows and need a clearer mental model for owning the risk.</p><p>Across this episode, we walk through the key moves from the Wednesday “Headline” feature in Bare Metal Cyber Magazine. You will hear how the shift from tools to teammates changes basic assumptions about identity, access, and logs; why giving AI coworkers distinct “badges” and lifecycles matters; and how human over-delegation shows up as quiet erosion of judgment. We also dig into what real guardrails look like in architecture and process, and how to lead the culture shift so AI coworkers extend human judgment instead of replacing it.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this audio edition of <strong>Cyber Leadership in the Age of AI Coworkers</strong>, we explore what changes when artificial intelligence (AI) stops being a sidecar and starts acting like part of your team. As coding assistants, ops copilots, and AI agents shape code, incidents, and risk narratives, leaders are left with a harder question than “where can we use AI?”—they have to decide how much agency to grant these systems and how to stay accountable for their decisions. This narration is designed for security and technology leaders who already see AI in their workflows and need a clearer mental model for owning the risk.</p><p>Across this episode, we walk through the key moves from the Wednesday “Headline” feature in Bare Metal Cyber Magazine. You will hear how the shift from tools to teammates changes basic assumptions about identity, access, and logs; why giving AI coworkers distinct “badges” and lifecycles matters; and how human over-delegation shows up as quiet erosion of judgment. We also dig into what real guardrails look like in architecture and process, and how to lead the culture shift so AI coworkers extend human judgment instead of replacing it.</p>]]>
      </content:encoded>
      <pubDate>Wed, 04 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/a08c21d0/275d51b1.mp3" length="42500662" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1062</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this audio edition of <strong>Cyber Leadership in the Age of AI Coworkers</strong>, we explore what changes when artificial intelligence (AI) stops being a sidecar and starts acting like part of your team. As coding assistants, ops copilots, and AI agents shape code, incidents, and risk narratives, leaders are left with a harder question than “where can we use AI?”—they have to decide how much agency to grant these systems and how to stay accountable for their decisions. This narration is designed for security and technology leaders who already see AI in their workflows and need a clearer mental model for owning the risk.</p><p>Across this episode, we walk through the key moves from the Wednesday “Headline” feature in Bare Metal Cyber Magazine. You will hear how the shift from tools to teammates changes basic assumptions about identity, access, and logs; why giving AI coworkers distinct “badges” and lifecycles matters; and how human over-delegation shows up as quiet erosion of judgment. We also dig into what real guardrails look like in architecture and process, and how to lead the culture shift so AI coworkers extend human judgment instead of replacing it.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/a08c21d0/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Turning MITRE ATT&amp;CK into a Defense Roadmap</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>15</itunes:episode>
      <podcast:episode>15</podcast:episode>
      <itunes:title>Insight: Turning MITRE ATT&amp;CK into a Defense Roadmap</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">803c9368-9f02-4b4b-89df-bbe90aad7e68</guid>
      <link>https://share.transistor.fm/s/96cdc794</link>
      <description>
        <![CDATA[<p>Threat-informed defense can feel abstract until you connect it directly to how real attackers move through your environment. In this narrated breakdown, we walk through how to use the MITRE ATT&amp;CK framework (ATT&amp;CK) as a practical map for planning security improvements. You will hear plain-language explanations of what threat-informed defense is, where ATT&amp;CK fits in a modern stack, and how to use tactics and techniques as the backbone for a more focused roadmap. The goal is to help you see past marketing labels and start thinking in terms of concrete attacker behaviors you can actually see, block, and respond to.</p><p>From there, the episode moves into everyday use: how teams use ATT&amp;CK to organize detections, tune alerts, sharpen incident response, and align architecture changes with real threat scenarios. We talk through quick wins for smaller teams, deeper program ideas for more mature environments, and the real benefits, trade-offs, and limits of this approach. You will also hear common failure modes, like “matrix theater,” and the healthy signals that show threat-informed defense is truly driving decisions. The narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine so you can listen, reflect, and bring the ideas back to your own environment.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Threat-informed defense can feel abstract until you connect it directly to how real attackers move through your environment. In this narrated breakdown, we walk through how to use the MITRE ATT&amp;CK framework (ATT&amp;CK) as a practical map for planning security improvements. You will hear plain-language explanations of what threat-informed defense is, where ATT&amp;CK fits in a modern stack, and how to use tactics and techniques as the backbone for a more focused roadmap. The goal is to help you see past marketing labels and start thinking in terms of concrete attacker behaviors you can actually see, block, and respond to.</p><p>From there, the episode moves into everyday use: how teams use ATT&amp;CK to organize detections, tune alerts, sharpen incident response, and align architecture changes with real threat scenarios. We talk through quick wins for smaller teams, deeper program ideas for more mature environments, and the real benefits, trade-offs, and limits of this approach. You will also hear common failure modes, like “matrix theater,” and the healthy signals that show threat-informed defense is truly driving decisions. The narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine so you can listen, reflect, and bring the ideas back to your own environment.</p>]]>
      </content:encoded>
      <pubDate>Tue, 03 Feb 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/96cdc794/bc0a9575.mp3" length="34459136" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>861</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Threat-informed defense can feel abstract until you connect it directly to how real attackers move through your environment. In this narrated breakdown, we walk through how to use the MITRE ATT&amp;CK framework (ATT&amp;CK) as a practical map for planning security improvements. You will hear plain-language explanations of what threat-informed defense is, where ATT&amp;CK fits in a modern stack, and how to use tactics and techniques as the backbone for a more focused roadmap. The goal is to help you see past marketing labels and start thinking in terms of concrete attacker behaviors you can actually see, block, and respond to.</p><p>From there, the episode moves into everyday use: how teams use ATT&amp;CK to organize detections, tune alerts, sharpen incident response, and align architecture changes with real threat scenarios. We talk through quick wins for smaller teams, deeper program ideas for more mature environments, and the real benefits, trade-offs, and limits of this approach. You will also hear common failure modes, like “matrix theater,” and the healthy signals that show threat-informed defense is truly driving decisions. The narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine so you can listen, reflect, and bring the ideas back to your own environment.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/96cdc794/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: CompTIA A+ as Your First Real Checkpoint in IT and Cybersecurity</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>14</itunes:episode>
      <podcast:episode>14</podcast:episode>
      <itunes:title>Certified: CompTIA A+ as Your First Real Checkpoint in IT and Cybersecurity</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">3822bde9-7041-4d16-a99f-84bdf7827908</guid>
      <link>https://share.transistor.fm/s/964b4246</link>
      <description>
        <![CDATA[<p>CompTIA A+ is where an interest in tech turns into real-world IT support skills that employers can see and trust. In this Monday “Certified” episode developed by Bare Metal Cyber, we break down how A+ proves you can handle everyday devices, operating systems, and networks when real users are stuck and the clock is ticking. You’ll hear how the two Core exams map to the work of help desk and desktop support, why performance-based questions matter so much, and how solid troubleshooting habits set you up for roles in both IT operations and entry-level cybersecurity.</p><p> </p><p>Whether you’re aiming for your first help desk job, pivoting into tech from another field, or laying the groundwork for future security certifications, this walkthrough gives you a clear picture of what A+ really tests and how it fits into a longer career path. Tune in to turn “good with computers” into a credentialed, job-ready story.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>CompTIA A+ is where an interest in tech turns into real-world IT support skills that employers can see and trust. In this Monday “Certified” episode developed by Bare Metal Cyber, we break down how A+ proves you can handle everyday devices, operating systems, and networks when real users are stuck and the clock is ticking. You’ll hear how the two Core exams map to the work of help desk and desktop support, why performance-based questions matter so much, and how solid troubleshooting habits set you up for roles in both IT operations and entry-level cybersecurity.</p><p> </p><p>Whether you’re aiming for your first help desk job, pivoting into tech from another field, or laying the groundwork for future security certifications, this walkthrough gives you a clear picture of what A+ really tests and how it fits into a longer career path. Tune in to turn “good with computers” into a credentialed, job-ready story.</p>]]>
      </content:encoded>
      <pubDate>Mon, 02 Feb 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/964b4246/d2b696f8.mp3" length="23965248" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>598</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>CompTIA A+ is where an interest in tech turns into real-world IT support skills that employers can see and trust. In this Monday “Certified” episode developed by Bare Metal Cyber, we break down how A+ proves you can handle everyday devices, operating systems, and networks when real users are stuck and the clock is ticking. You’ll hear how the two Core exams map to the work of help desk and desktop support, why performance-based questions matter so much, and how solid troubleshooting habits set you up for roles in both IT operations and entry-level cybersecurity.</p><p> </p><p>Whether you’re aiming for your first help desk job, pivoting into tech from another field, or laying the groundwork for future security certifications, this walkthrough gives you a clear picture of what A+ really tests and how it fits into a longer career path. Tune in to turn “good with computers” into a credentialed, job-ready story.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/964b4246/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Identity Bankruptcy: When Your Organization Runs Out of Trust</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>13</itunes:episode>
      <podcast:episode>13</podcast:episode>
      <itunes:title>Identity Bankruptcy: When Your Organization Runs Out of Trust</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">1d2b6c0e-2e0a-4df5-a9cd-0d59468005e4</guid>
      <link>https://share.transistor.fm/s/7622fd5c</link>
      <description>
        <![CDATA[<p>When your identity data stops matching reality, every dashboard and control you rely on starts to wobble. In this audio edition of “Identity Bankruptcy: When Your Organization Runs Out of Trust,” we walk through what it looks like when a mature organization quietly runs out of confidence in its own answers to “who is this” and “what should they be able to do.” The episode unpacks identity debt, the idea of an “identity balance sheet,” and the ways mergers, SaaS sprawl, and rushed cloud programs corrode trust long before a breach hits the news. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>You will hear a leader-focused walkthrough of the key sections of the article: how organizations drift into identity bankruptcy, what happens when trust signals stop making sense, and how to restructure the “identity economy” without stalling business transformation. We dig into practical leadership moves like setting identity “credit limits,” planning write-offs of legacy identity debt, and choosing a small set of metrics that actually describe identity health to boards and regulators. If you are responsible for risk, architecture, or trust at scale, this episode gives you language and mental models to challenge the state of identity in your own environment.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When your identity data stops matching reality, every dashboard and control you rely on starts to wobble. In this audio edition of “Identity Bankruptcy: When Your Organization Runs Out of Trust,” we walk through what it looks like when a mature organization quietly runs out of confidence in its own answers to “who is this” and “what should they be able to do.” The episode unpacks identity debt, the idea of an “identity balance sheet,” and the ways mergers, SaaS sprawl, and rushed cloud programs corrode trust long before a breach hits the news. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>You will hear a leader-focused walkthrough of the key sections of the article: how organizations drift into identity bankruptcy, what happens when trust signals stop making sense, and how to restructure the “identity economy” without stalling business transformation. We dig into practical leadership moves like setting identity “credit limits,” planning write-offs of legacy identity debt, and choosing a small set of metrics that actually describe identity health to boards and regulators. If you are responsible for risk, architecture, or trust at scale, this episode gives you language and mental models to challenge the state of identity in your own environment.</p>]]>
      </content:encoded>
      <pubDate>Wed, 28 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/7622fd5c/5f79be5b.mp3" length="43960401" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1098</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When your identity data stops matching reality, every dashboard and control you rely on starts to wobble. In this audio edition of “Identity Bankruptcy: When Your Organization Runs Out of Trust,” we walk through what it looks like when a mature organization quietly runs out of confidence in its own answers to “who is this” and “what should they be able to do.” The episode unpacks identity debt, the idea of an “identity balance sheet,” and the ways mergers, SaaS sprawl, and rushed cloud programs corrode trust long before a breach hits the news. This narration is based on the Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p> </p><p>You will hear a leader-focused walkthrough of the key sections of the article: how organizations drift into identity bankruptcy, what happens when trust signals stop making sense, and how to restructure the “identity economy” without stalling business transformation. We dig into practical leadership moves like setting identity “credit limits,” planning write-offs of legacy identity debt, and choosing a small set of metrics that actually describe identity health to boards and regulators. If you are responsible for risk, architecture, or trust at scale, this episode gives you language and mental models to challenge the state of identity in your own environment.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/7622fd5c/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Triage 101 – What Really Happens After an Alert Fires</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>12</itunes:episode>
      <podcast:episode>12</podcast:episode>
      <itunes:title>Insight: Triage 101 – What Really Happens After an Alert Fires</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">8bbe199c-1a04-4d16-89dc-6d972c3c0fcd</guid>
      <link>https://share.transistor.fm/s/ba5badde</link>
      <description>
        <![CDATA[<p>When a security alert fires, what really happens in those first few minutes? This narrated edition of our Tuesday “Insights” feature in Bare Metal Cyber Magazine walks through the real work of alert triage, from the moment a signal lands in the queue to the decision to close, monitor, investigate, or escalate. You will hear how triage fits into the wider security operations flow and why it acts as the front door to incident response rather than just another tool screen to stare at.</p><p>The episode also explores everyday use cases, quick wins for small or overworked teams, and deeper ways to use triage outcomes as data to tune detections and refine processes. Along the way, it highlights the genuine benefits of strong triage, the trade-offs and limits you should expect, and the failure modes that show up when alert handling slips into chaos. It is developed by Bare Metal Cyber to give you a grounded, vendor-neutral view of turning noisy alerts into clear security decisions.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When a security alert fires, what really happens in those first few minutes? This narrated edition of our Tuesday “Insights” feature in Bare Metal Cyber Magazine walks through the real work of alert triage, from the moment a signal lands in the queue to the decision to close, monitor, investigate, or escalate. You will hear how triage fits into the wider security operations flow and why it acts as the front door to incident response rather than just another tool screen to stare at.</p><p>The episode also explores everyday use cases, quick wins for small or overworked teams, and deeper ways to use triage outcomes as data to tune detections and refine processes. Along the way, it highlights the genuine benefits of strong triage, the trade-offs and limits you should expect, and the failure modes that show up when alert handling slips into chaos. It is developed by Bare Metal Cyber to give you a grounded, vendor-neutral view of turning noisy alerts into clear security decisions.</p>]]>
      </content:encoded>
      <pubDate>Tue, 27 Jan 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ba5badde/9d54df6c.mp3" length="32547046" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>813</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When a security alert fires, what really happens in those first few minutes? This narrated edition of our Tuesday “Insights” feature in Bare Metal Cyber Magazine walks through the real work of alert triage, from the moment a signal lands in the queue to the decision to close, monitor, investigate, or escalate. You will hear how triage fits into the wider security operations flow and why it acts as the front door to incident response rather than just another tool screen to stare at.</p><p>The episode also explores everyday use cases, quick wins for small or overworked teams, and deeper ways to use triage outcomes as data to tune detections and refine processes. Along the way, it highlights the genuine benefits of strong triage, the trade-offs and limits you should expect, and the failure modes that show up when alert handling slips into chaos. It is developed by Bare Metal Cyber to give you a grounded, vendor-neutral view of turning noisy alerts into clear security decisions.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ba5badde/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: CompTIA Network+ – The Early-Career Guide to Real-World Networking</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>11</itunes:episode>
      <podcast:episode>11</podcast:episode>
      <itunes:title>Certified: CompTIA Network+ – The Early-Career Guide to Real-World Networking</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">9ca0829b-8fac-4444-ad9b-103a95ba8525</guid>
      <link>https://share.transistor.fm/s/15540e13</link>
      <description>
        <![CDATA[<p>This episode takes you inside the CompTIA Network+ (Network+) certification from an early-career point of view, focusing on what the credential actually means for people who live in and around day-to-day IT work. You will hear a clear walkthrough of what Network+ covers, the kinds of environments it is built for, and how it helps you move from basic support tasks toward understanding real infrastructure. We unpack what the exam really tests, how the domains translate into everyday scenarios, and the type of thinking that leads to better answers when you are faced with incomplete or confusing network symptoms. The narration is drawn from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you are getting a structured, article-quality tour in audio form.</p><p> </p><p>You will also hear how Network+ can shape your long-term roadmap, whether you want to become a network engineer, a systems administrator, or a cybersecurity professional who needs strong network fundamentals. We talk about where the certification usually fits in a broader path, how hiring managers tend to view it, and why combining it with hands-on practice is so powerful. Along the way, you will get practical guidance on building a simple, sustainable study plan and using everyday troubleshooting as prep. If you want to go beyond this overview, there is a full audio course for Network+ inside the Bare Metal Cyber Audio Academy that lets you keep learning during commutes, workouts, or any time you are away from the keyboard.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode takes you inside the CompTIA Network+ (Network+) certification from an early-career point of view, focusing on what the credential actually means for people who live in and around day-to-day IT work. You will hear a clear walkthrough of what Network+ covers, the kinds of environments it is built for, and how it helps you move from basic support tasks toward understanding real infrastructure. We unpack what the exam really tests, how the domains translate into everyday scenarios, and the type of thinking that leads to better answers when you are faced with incomplete or confusing network symptoms. The narration is drawn from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you are getting a structured, article-quality tour in audio form.</p><p> </p><p>You will also hear how Network+ can shape your long-term roadmap, whether you want to become a network engineer, a systems administrator, or a cybersecurity professional who needs strong network fundamentals. We talk about where the certification usually fits in a broader path, how hiring managers tend to view it, and why combining it with hands-on practice is so powerful. Along the way, you will get practical guidance on building a simple, sustainable study plan and using everyday troubleshooting as prep. If you want to go beyond this overview, there is a full audio course for Network+ inside the Bare Metal Cyber Audio Academy that lets you keep learning during commutes, workouts, or any time you are away from the keyboard.</p>]]>
      </content:encoded>
      <pubDate>Mon, 26 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/15540e13/512bec10.mp3" length="35949264" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>898</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This episode takes you inside the CompTIA Network+ (Network+) certification from an early-career point of view, focusing on what the credential actually means for people who live in and around day-to-day IT work. You will hear a clear walkthrough of what Network+ covers, the kinds of environments it is built for, and how it helps you move from basic support tasks toward understanding real infrastructure. We unpack what the exam really tests, how the domains translate into everyday scenarios, and the type of thinking that leads to better answers when you are faced with incomplete or confusing network symptoms. The narration is drawn from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you are getting a structured, article-quality tour in audio form.</p><p> </p><p>You will also hear how Network+ can shape your long-term roadmap, whether you want to become a network engineer, a systems administrator, or a cybersecurity professional who needs strong network fundamentals. We talk about where the certification usually fits in a broader path, how hiring managers tend to view it, and why combining it with hands-on practice is so powerful. Along the way, you will get practical guidance on building a simple, sustainable study plan and using everyday troubleshooting as prep. If you want to go beyond this overview, there is a full audio course for Network+ inside the Bare Metal Cyber Audio Academy that lets you keep learning during commutes, workouts, or any time you are away from the keyboard.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/15540e13/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Copilot or Co-Conspirator? AI Helpdesks and the Next Social Engineering Wave</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>10</itunes:episode>
      <podcast:episode>10</podcast:episode>
      <itunes:title>Copilot or Co-Conspirator? AI Helpdesks and the Next Social Engineering Wave</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">ebbf9c7d-1f25-44f1-863a-ab84115ddc78</guid>
      <link>https://share.transistor.fm/s/b5acd980</link>
      <description>
        <![CDATA[<p>In this episode, we unpack how AI helpdesks and support copilots are quietly becoming a new social engineering surface. Instead of just worrying about phishing human agents, leaders now have to think about attackers shaping what the model believes, what it reveals, and which workflows it triggers. We walk through how these AI front doors are wired into ticketing, HR, and identity systems, why that turns them into privileged brokers, and where prompt injection, context hijacking, and over-helpful responses start to bend your trust boundaries. The narration is based on a Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, we move into the leadership decisions that will determine whether your copilot stays an asset or drifts toward becoming a co-conspirator. You will hear how deterministic policies collide with probabilistic model behavior, how the helpdesk trust contract needs to be rewritten for an AI-first front line, and what it means to design secure copilots from the start. We close by looking ahead at a world where attackers bring their own AI agents to probe your helpdesk at scale, and we offer a practical lens for constraining authority, improving observability, and keeping high-risk actions anchored in strong identity and human verification.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we unpack how AI helpdesks and support copilots are quietly becoming a new social engineering surface. Instead of just worrying about phishing human agents, leaders now have to think about attackers shaping what the model believes, what it reveals, and which workflows it triggers. We walk through how these AI front doors are wired into ticketing, HR, and identity systems, why that turns them into privileged brokers, and where prompt injection, context hijacking, and over-helpful responses start to bend your trust boundaries. The narration is based on a Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, we move into the leadership decisions that will determine whether your copilot stays an asset or drifts toward becoming a co-conspirator. You will hear how deterministic policies collide with probabilistic model behavior, how the helpdesk trust contract needs to be rewritten for an AI-first front line, and what it means to design secure copilots from the start. We close by looking ahead at a world where attackers bring their own AI agents to probe your helpdesk at scale, and we offer a practical lens for constraining authority, improving observability, and keeping high-risk actions anchored in strong identity and human verification.</p>]]>
      </content:encoded>
      <pubDate>Wed, 21 Jan 2026 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b5acd980/6e6b9c91.mp3" length="51860890" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1296</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we unpack how AI helpdesks and support copilots are quietly becoming a new social engineering surface. Instead of just worrying about phishing human agents, leaders now have to think about attackers shaping what the model believes, what it reveals, and which workflows it triggers. We walk through how these AI front doors are wired into ticketing, HR, and identity systems, why that turns them into privileged brokers, and where prompt injection, context hijacking, and over-helpful responses start to bend your trust boundaries. The narration is based on a Wednesday “Headline” feature from Bare Metal Cyber Magazine.</p><p>From there, we move into the leadership decisions that will determine whether your copilot stays an asset or drifts toward becoming a co-conspirator. You will hear how deterministic policies collide with probabilistic model behavior, how the helpdesk trust contract needs to be rewritten for an AI-first front line, and what it means to design secure copilots from the start. We close by looking ahead at a world where attackers bring their own AI agents to probe your helpdesk at scale, and we offer a practical lens for constraining authority, improving observability, and keeping high-risk actions anchored in strong identity and human verification.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b5acd980/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Reading Your Environment Through Logs, Events, and Alerts</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>9</itunes:episode>
      <podcast:episode>9</podcast:episode>
      <itunes:title>Insight: Reading Your Environment Through Logs, Events, and Alerts</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">993c57ba-50ef-4e65-a93f-81c1e0d822e0</guid>
      <link>https://share.transistor.fm/s/70a98634</link>
      <description>
        <![CDATA[<p>In this episode of Bare Metal Cyber’s Tuesday “Insights” feature, we unpack how security logs, events, and alerts can move from noisy fragments to a clear, trustworthy security story. You’ll hear a plain-language walkthrough of what each layer really is, where it fits across identity, network, endpoint, and cloud, and how they work together as a narrative pipeline. We follow a small end-to-end example so you can picture how scattered records turn into a coherent incident timeline instead of a pile of disconnected clues on a dashboard.</p><p>The narration, developed by Bare Metal Cyber from our Tuesday “Insights” feature in Bare Metal Cyber Magazine, also explores everyday use cases, from quick-win coverage around logins and admin changes to deeper applications in threat hunting and post-incident reviews. You’ll hear about the real benefits of treating your data as a story, the trade-offs in storage, tuning, and skills, and the failure modes that lead to alert fatigue and missing chapters. By the end, you’ll have a practical mental model you can apply the next time you open your SIEM or XDR console and need to explain “what actually happened” with confidence.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of Bare Metal Cyber’s Tuesday “Insights” feature, we unpack how security logs, events, and alerts can move from noisy fragments to a clear, trustworthy security story. You’ll hear a plain-language walkthrough of what each layer really is, where it fits across identity, network, endpoint, and cloud, and how they work together as a narrative pipeline. We follow a small end-to-end example so you can picture how scattered records turn into a coherent incident timeline instead of a pile of disconnected clues on a dashboard.</p><p>The narration, developed by Bare Metal Cyber from our Tuesday “Insights” feature in Bare Metal Cyber Magazine, also explores everyday use cases, from quick-win coverage around logins and admin changes to deeper applications in threat hunting and post-incident reviews. You’ll hear about the real benefits of treating your data as a story, the trade-offs in storage, tuning, and skills, and the failure modes that lead to alert fatigue and missing chapters. By the end, you’ll have a practical mental model you can apply the next time you open your SIEM or XDR console and need to explain “what actually happened” with confidence.</p>]]>
      </content:encoded>
      <pubDate>Tue, 20 Jan 2026 03:50:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/70a98634/d80e9c19.mp3" length="31601353" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>789</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of Bare Metal Cyber’s Tuesday “Insights” feature, we unpack how security logs, events, and alerts can move from noisy fragments to a clear, trustworthy security story. You’ll hear a plain-language walkthrough of what each layer really is, where it fits across identity, network, endpoint, and cloud, and how they work together as a narrative pipeline. We follow a small end-to-end example so you can picture how scattered records turn into a coherent incident timeline instead of a pile of disconnected clues on a dashboard.</p><p>The narration, developed by Bare Metal Cyber from our Tuesday “Insights” feature in Bare Metal Cyber Magazine, also explores everyday use cases, from quick-win coverage around logins and admin changes to deeper applications in threat hunting and post-incident reviews. You’ll hear about the real benefits of treating your data as a story, the trade-offs in storage, tuning, and skills, and the failure modes that lead to alert fatigue and missing chapters. By the end, you’ll have a practical mental model you can apply the next time you open your SIEM or XDR console and need to explain “what actually happened” with confidence.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/70a98634/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Speaking Cloud with AWS Certified Cloud Practitioner</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>8</itunes:episode>
      <podcast:episode>8</podcast:episode>
      <itunes:title>Certified: Speaking Cloud with AWS Certified Cloud Practitioner</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4659bf1e-552b-4986-befa-e65adbb99867</guid>
      <link>https://share.transistor.fm/s/8fd989cc</link>
      <description>
        <![CDATA[<p>When you see “AWS Certified Cloud Practitioner” on a resume, what does it really tell you about that person’s cloud skills? In this Monday “Certified” episode, we unpack the CCP as Amazon’s foundational cloud credential and look at what it actually proves for early-career tech and security professionals, as well as career changers trying to break into cloud. You’ll hear how CCP fits into the bigger AWS certification ladder, where its limits are, and why it has become a common gateway into cloud roles.</p><p> </p><p>We also walk through what the exam really tests: high-level cloud concepts, core AWS services, shared responsibility for security, and how pricing and billing work in the real world. Along the way, you’ll get a practical study roadmap that fits around a full-time job, plus tips for using hands-on labs and practice questions without burning out. If cloud is on your roadmap and you want a structured, honest starting point, this conversation will help you decide whether CCP is worth your time and how to get the most value from it.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When you see “AWS Certified Cloud Practitioner” on a resume, what does it really tell you about that person’s cloud skills? In this Monday “Certified” episode, we unpack the CCP as Amazon’s foundational cloud credential and look at what it actually proves for early-career tech and security professionals, as well as career changers trying to break into cloud. You’ll hear how CCP fits into the bigger AWS certification ladder, where its limits are, and why it has become a common gateway into cloud roles.</p><p> </p><p>We also walk through what the exam really tests: high-level cloud concepts, core AWS services, shared responsibility for security, and how pricing and billing work in the real world. Along the way, you’ll get a practical study roadmap that fits around a full-time job, plus tips for using hands-on labs and practice questions without burning out. If cloud is on your roadmap and you want a structured, honest starting point, this conversation will help you decide whether CCP is worth your time and how to get the most value from it.</p>]]>
      </content:encoded>
      <pubDate>Mon, 19 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/8fd989cc/696a0618.mp3" length="24516942" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>612</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When you see “AWS Certified Cloud Practitioner” on a resume, what does it really tell you about that person’s cloud skills? In this Monday “Certified” episode, we unpack the CCP as Amazon’s foundational cloud credential and look at what it actually proves for early-career tech and security professionals, as well as career changers trying to break into cloud. You’ll hear how CCP fits into the bigger AWS certification ladder, where its limits are, and why it has become a common gateway into cloud roles.</p><p> </p><p>We also walk through what the exam really tests: high-level cloud concepts, core AWS services, shared responsibility for security, and how pricing and billing work in the real world. Along the way, you’ll get a practical study roadmap that fits around a full-time job, plus tips for using hands-on labs and practice questions without burning out. If cloud is on your roadmap and you want a structured, honest starting point, this conversation will help you decide whether CCP is worth your time and how to get the most value from it.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/8fd989cc/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Model Supply Chain Mayhem: Securing the AI You Didn’t Build Yourself</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>7</itunes:episode>
      <podcast:episode>7</podcast:episode>
      <itunes:title>Model Supply Chain Mayhem: Securing the AI You Didn’t Build Yourself</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">136dd865-f501-4790-b5cd-70649cef2792</guid>
      <link>https://share.transistor.fm/s/94bf9b61</link>
      <description>
        <![CDATA[<p>In this episode, we dig into what happens when your most important artificial intelligence (AI) capabilities come from models, copilots, and APIs you did not build yourself. Instead of debating algorithms, we follow the path leaders actually live with: opaque upstream providers, shifting model behavior, and sensitive data flowing through black boxes that now sit squarely in the middle of critical business processes. You will hear how model lineage, training data choices, and vendor change control quietly shape the risk your organization ends up owning.</p><p>We walk through the key sections of the Headline article: reframing accountability for external AI, mapping the real model supply chain behind “we just call an API,” examining concrete failure patterns, and turning vendor due diligence into questions about behavior rather than just infrastructure. From there, we explore how to wrap these external systems with your own guardrails, monitoring, and kill switches, and what a realistic operating model for AI supply chain risk looks like. This narration is based on Bare Metal Cyber Magazine’s Wednesday “Headline” feature, “Model Supply Chain Mayhem: Securing the AI You Didn’t Build Yourself.”</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we dig into what happens when your most important artificial intelligence (AI) capabilities come from models, copilots, and APIs you did not build yourself. Instead of debating algorithms, we follow the path leaders actually live with: opaque upstream providers, shifting model behavior, and sensitive data flowing through black boxes that now sit squarely in the middle of critical business processes. You will hear how model lineage, training data choices, and vendor change control quietly shape the risk your organization ends up owning.</p><p>We walk through the key sections of the Headline article: reframing accountability for external AI, mapping the real model supply chain behind “we just call an API,” examining concrete failure patterns, and turning vendor due diligence into questions about behavior rather than just infrastructure. From there, we explore how to wrap these external systems with your own guardrails, monitoring, and kill switches, and what a realistic operating model for AI supply chain risk looks like. This narration is based on Bare Metal Cyber Magazine’s Wednesday “Headline” feature, “Model Supply Chain Mayhem: Securing the AI You Didn’t Build Yourself.”</p>]]>
      </content:encoded>
      <pubDate>Wed, 14 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/94bf9b61/0bf31883.mp3" length="52113817" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1302</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we dig into what happens when your most important artificial intelligence (AI) capabilities come from models, copilots, and APIs you did not build yourself. Instead of debating algorithms, we follow the path leaders actually live with: opaque upstream providers, shifting model behavior, and sensitive data flowing through black boxes that now sit squarely in the middle of critical business processes. You will hear how model lineage, training data choices, and vendor change control quietly shape the risk your organization ends up owning.</p><p>We walk through the key sections of the Headline article: reframing accountability for external AI, mapping the real model supply chain behind “we just call an API,” examining concrete failure patterns, and turning vendor due diligence into questions about behavior rather than just infrastructure. From there, we explore how to wrap these external systems with your own guardrails, monitoring, and kill switches, and what a realistic operating model for AI supply chain risk looks like. This narration is based on Bare Metal Cyber Magazine’s Wednesday “Headline” feature, “Model Supply Chain Mayhem: Securing the AI You Didn’t Build Yourself.”</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/94bf9b61/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Making Sense of Security Control Types</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>6</itunes:episode>
      <podcast:episode>6</podcast:episode>
      <itunes:title>Insight: Making Sense of Security Control Types</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">57e19cb8-e58d-4cf3-920b-1ba22801aafc</guid>
      <link>https://share.transistor.fm/s/d5e1febe</link>
      <description>
        <![CDATA[<p>Security controls are often described as policies, tools, and processes, but in practice they shape how your defenses behave before, during, and after an incident. In this audio walkthrough, we break down the major types of controls in clear, practical terms: preventive controls that try to stop bad things from happening, detective controls that help you see what slipped through, corrective controls that support recovery, and supporting types like directive, deterrent, and compensating controls. You will hear how these categories span people, process, and technology, and why a balanced mix matters more than the sheer number of tools in your environment.</p><p>Across two short segments, the episode walks through what these control types are, where they fit in a typical security stack, how they work together in realistic scenarios, and what benefits and trade-offs each category brings. We also highlight common failure modes such as shallow adoption, lopsided focus on prevention, and “alert museum” monitoring, then contrast them with healthy signals like tested recovery steps and clear ownership. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, so you get the same vendor-neutral, plain-language explanations in a format you can listen to on the move.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Security controls are often described as policies, tools, and processes, but in practice they shape how your defenses behave before, during, and after an incident. In this audio walkthrough, we break down the major types of controls in clear, practical terms: preventive controls that try to stop bad things from happening, detective controls that help you see what slipped through, corrective controls that support recovery, and supporting types like directive, deterrent, and compensating controls. You will hear how these categories span people, process, and technology, and why a balanced mix matters more than the sheer number of tools in your environment.</p><p>Across two short segments, the episode walks through what these control types are, where they fit in a typical security stack, how they work together in realistic scenarios, and what benefits and trade-offs each category brings. We also highlight common failure modes such as shallow adoption, lopsided focus on prevention, and “alert museum” monitoring, then contrast them with healthy signals like tested recovery steps and clear ownership. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, so you get the same vendor-neutral, plain-language explanations in a format you can listen to on the move.</p>]]>
      </content:encoded>
      <pubDate>Tue, 13 Jan 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d5e1febe/a5664b20.mp3" length="37683685" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>941</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Security controls are often described as policies, tools, and processes, but in practice they shape how your defenses behave before, during, and after an incident. In this audio walkthrough, we break down the major types of controls in clear, practical terms: preventive controls that try to stop bad things from happening, detective controls that help you see what slipped through, corrective controls that support recovery, and supporting types like directive, deterrent, and compensating controls. You will hear how these categories span people, process, and technology, and why a balanced mix matters more than the sheer number of tools in your environment.</p><p>Across two short segments, the episode walks through what these control types are, where they fit in a typical security stack, how they work together in realistic scenarios, and what benefits and trade-offs each category brings. We also highlight common failure modes such as shallow adoption, lopsided focus on prevention, and “alert museum” monitoring, then contrast them with healthy signals like tested recovery steps and clear ownership. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, so you get the same vendor-neutral, plain-language explanations in a format you can listen to on the move.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d5e1febe/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: CRISC at the Intersection of Cyber Risk and Business Decisions</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>5</itunes:episode>
      <podcast:episode>5</podcast:episode>
      <itunes:title>Certified: CRISC at the Intersection of Cyber Risk and Business Decisions</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">2b75638a-ff82-4ee4-b0a7-b475273e50e1</guid>
      <link>https://share.transistor.fm/s/db5448a1</link>
      <description>
        <![CDATA[<p>Risk is where business decisions collide with real technology limits, and ISACA’s Certified in Risk and Information Systems Control (CRISC) sits right in that intersection. In this Certified Monday episode from Bare Metal Cyber, we break CRISC down for early-career security, audit, IT, and GRC professionals who want to move beyond tickets and tools and into risk conversations that actually shape what the business does next.</p><p> </p><p>You’ll hear what CRISC holders really do day to day, how the four domains link governance, risk assessment, response, and technology, and why this certification pairs so well with technical and audit-focused credentials. We also walk through exam structure, realistic difficulty, and a practical way to prepare so the question bank feels like a structured review of scenarios you already recognize from work, not a pile of disconnected trivia.</p><p>If you are starting to touch risk registers, control testing, or audit support and you want a clearer roadmap into risk and information systems control, this episode gives you the language, context, and next steps to make CRISC a smart move in your career. Developed by Bare Metal Cyber.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Risk is where business decisions collide with real technology limits, and ISACA’s Certified in Risk and Information Systems Control (CRISC) sits right in that intersection. In this Certified Monday episode from Bare Metal Cyber, we break CRISC down for early-career security, audit, IT, and GRC professionals who want to move beyond tickets and tools and into risk conversations that actually shape what the business does next.</p><p> </p><p>You’ll hear what CRISC holders really do day to day, how the four domains link governance, risk assessment, response, and technology, and why this certification pairs so well with technical and audit-focused credentials. We also walk through exam structure, realistic difficulty, and a practical way to prepare so the question bank feels like a structured review of scenarios you already recognize from work, not a pile of disconnected trivia.</p><p>If you are starting to touch risk registers, control testing, or audit support and you want a clearer roadmap into risk and information systems control, this episode gives you the language, context, and next steps to make CRISC a smart move in your career. Developed by Bare Metal Cyber.</p>]]>
      </content:encoded>
      <pubDate>Mon, 12 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/db5448a1/73abeac1.mp3" length="32056936" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>800</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Risk is where business decisions collide with real technology limits, and ISACA’s Certified in Risk and Information Systems Control (CRISC) sits right in that intersection. In this Certified Monday episode from Bare Metal Cyber, we break CRISC down for early-career security, audit, IT, and GRC professionals who want to move beyond tickets and tools and into risk conversations that actually shape what the business does next.</p><p> </p><p>You’ll hear what CRISC holders really do day to day, how the four domains link governance, risk assessment, response, and technology, and why this certification pairs so well with technical and audit-focused credentials. We also walk through exam structure, realistic difficulty, and a practical way to prepare so the question bank feels like a structured review of scenarios you already recognize from work, not a pile of disconnected trivia.</p><p>If you are starting to touch risk registers, control testing, or audit support and you want a clearer roadmap into risk and information systems control, this episode gives you the language, context, and next steps to make CRISC a smart move in your career. Developed by Bare Metal Cyber.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/db5448a1/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Talks: The Four Ps of Marketing for Cybersecurity: A Cyber Talks Conversation with Tapan Deka</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>4</itunes:episode>
      <podcast:episode>4</podcast:episode>
      <itunes:title>Cyber Talks: The Four Ps of Marketing for Cybersecurity: A Cyber Talks Conversation with Tapan Deka</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">59bb0e1b-9d19-45b4-a536-9adc09d1bc7f</guid>
      <link>https://share.transistor.fm/s/c058a8f6</link>
      <description>
        <![CDATA[<p>In my latest Cyber Talks session, developed by <a href="http://baremetalcyber.com/"><strong>BareMetalCyber.com</strong></a>, I sat down with <strong>Tapan Deka</strong>, assistant professor at <strong>Madhavi Skills University</strong>, to explore something most cybersecurity leaders feel every day but rarely name: marketing. Not marketing in the agency sense, but the way we “package” our security products, services, and programs so people actually adopt them. In the conversation above, Tapan walks through the classic <strong>Four Ps of Marketing</strong>—product, price, place, and promotion—and shows how directly they apply to cybersecurity strategy and day-to-day security leadership. If you’ve ever wondered why a technically brilliant security solution still struggles to gain traction, this discussion is worth hitting play on.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In my latest Cyber Talks session, developed by <a href="http://baremetalcyber.com/"><strong>BareMetalCyber.com</strong></a>, I sat down with <strong>Tapan Deka</strong>, assistant professor at <strong>Madhavi Skills University</strong>, to explore something most cybersecurity leaders feel every day but rarely name: marketing. Not marketing in the agency sense, but the way we “package” our security products, services, and programs so people actually adopt them. In the conversation above, Tapan walks through the classic <strong>Four Ps of Marketing</strong>—product, price, place, and promotion—and shows how directly they apply to cybersecurity strategy and day-to-day security leadership. If you’ve ever wondered why a technically brilliant security solution still struggles to gain traction, this discussion is worth hitting play on.</p>]]>
      </content:encoded>
      <pubDate>Thu, 08 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/c058a8f6/fca2b30f.mp3" length="30809188" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1922</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In my latest Cyber Talks session, developed by <a href="http://baremetalcyber.com/"><strong>BareMetalCyber.com</strong></a>, I sat down with <strong>Tapan Deka</strong>, assistant professor at <strong>Madhavi Skills University</strong>, to explore something most cybersecurity leaders feel every day but rarely name: marketing. Not marketing in the agency sense, but the way we “package” our security products, services, and programs so people actually adopt them. In the conversation above, Tapan walks through the classic <strong>Four Ps of Marketing</strong>—product, price, place, and promotion—and shows how directly they apply to cybersecurity strategy and day-to-day security leadership. If you’ve ever wondered why a technically brilliant security solution still struggles to gain traction, this discussion is worth hitting play on.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/c058a8f6/transcript.vtt" type="text/vtt" rel="captions"/>
    </item>
    <item>
      <title>Ghosts in the Training Data: When Old Breaches Poison New AI</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>3</itunes:episode>
      <podcast:episode>3</podcast:episode>
      <itunes:title>Ghosts in the Training Data: When Old Breaches Poison New AI</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">bcce62be-4dd7-41c6-aec1-e17cb18e7f59</guid>
      <link>https://share.transistor.fm/s/09cea7e1</link>
      <description>
        <![CDATA[<p>In this narrated edition of Ghosts in the Training Data: When Old Breaches Poison New AI, we explore how years of incidents, leaks, and scraped datasets quietly shape the behavior of your most important models. You will hear how stolen code, rushed hotfixes, crooked incident logs, and brokered context move from “someone else’s breach” into the background radiation of modern AI platforms. This Wednesday “Headline” feature from Bare Metal Cyber Magazine focuses on leaders’ concerns: trust, accountability, and how much control you really have over the histories your models learn from.</p><p> </p><p>The episode walks through the full arc of the article: how breaches refuse to stay in the past, how contaminated corpora become ground truth, and how defensive AI built on crooked histories can miss what matters. It then shifts to business AI running on stolen or opaque context, before closing with a practical framing for governing training data like a supply chain. Along the way, you will get language to talk with boards, vendors, and internal teams about data provenance, model risk, and the leadership moves that turn invisible ghosts into visible dependencies you can actually manage.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated edition of Ghosts in the Training Data: When Old Breaches Poison New AI, we explore how years of incidents, leaks, and scraped datasets quietly shape the behavior of your most important models. You will hear how stolen code, rushed hotfixes, crooked incident logs, and brokered context move from “someone else’s breach” into the background radiation of modern AI platforms. This Wednesday “Headline” feature from Bare Metal Cyber Magazine focuses on leaders’ concerns: trust, accountability, and how much control you really have over the histories your models learn from.</p><p> </p><p>The episode walks through the full arc of the article: how breaches refuse to stay in the past, how contaminated corpora become ground truth, and how defensive AI built on crooked histories can miss what matters. It then shifts to business AI running on stolen or opaque context, before closing with a practical framing for governing training data like a supply chain. Along the way, you will get language to talk with boards, vendors, and internal teams about data provenance, model risk, and the leadership moves that turn invisible ghosts into visible dependencies you can actually manage.</p>]]>
      </content:encoded>
      <pubDate>Wed, 07 Jan 2026 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/09cea7e1/7537d7da.mp3" length="46307241" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1157</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated edition of Ghosts in the Training Data: When Old Breaches Poison New AI, we explore how years of incidents, leaks, and scraped datasets quietly shape the behavior of your most important models. You will hear how stolen code, rushed hotfixes, crooked incident logs, and brokered context move from “someone else’s breach” into the background radiation of modern AI platforms. This Wednesday “Headline” feature from Bare Metal Cyber Magazine focuses on leaders’ concerns: trust, accountability, and how much control you really have over the histories your models learn from.</p><p> </p><p>The episode walks through the full arc of the article: how breaches refuse to stay in the past, how contaminated corpora become ground truth, and how defensive AI built on crooked histories can miss what matters. It then shifts to business AI running on stolen or opaque context, before closing with a practical framing for governing training data like a supply chain. Along the way, you will get language to talk with boards, vendors, and internal teams about data provenance, model risk, and the leadership moves that turn invisible ghosts into visible dependencies you can actually manage.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/09cea7e1/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Making Defense in Depth Actually Work</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>2</itunes:episode>
      <podcast:episode>2</podcast:episode>
      <itunes:title>Insight: Making Defense in Depth Actually Work</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">28785be9-a502-4efa-8a4d-0a0a84563c78</guid>
      <link>https://share.transistor.fm/s/5e03173b</link>
      <description>
        <![CDATA[<p>Defense in depth is one of those phrases everyone uses, but few teams can clearly describe in terms of everyday work. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through defense in depth as a practical security design pattern rather than a slogan. You’ll hear how it fits across identity, network, endpoint, and cloud, and why it’s really about combining people, process, and technology so that no single miss turns into a major incident.</p><p> </p><p>The episode also explores how defense in depth works in real environments: from phishing and remote access to cloud and application security. We look at common use cases, where layering gives you quick wins with the tools you already own, and where deeper investment pays off over time. You’ll also hear honest discussion of trade-offs, limits, and failure modes, along with healthy signals that your layers are truly supporting each other instead of just multiplying dashboards.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Defense in depth is one of those phrases everyone uses, but few teams can clearly describe in terms of everyday work. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through defense in depth as a practical security design pattern rather than a slogan. You’ll hear how it fits across identity, network, endpoint, and cloud, and why it’s really about combining people, process, and technology so that no single miss turns into a major incident.</p><p> </p><p>The episode also explores how defense in depth works in real environments: from phishing and remote access to cloud and application security. We look at common use cases, where layering gives you quick wins with the tools you already own, and where deeper investment pays off over time. You’ll also hear honest discussion of trade-offs, limits, and failure modes, along with healthy signals that your layers are truly supporting each other instead of just multiplying dashboards.</p>]]>
      </content:encoded>
      <pubDate>Tue, 06 Jan 2026 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5e03173b/982d28ee.mp3" length="32374558" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>808</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Defense in depth is one of those phrases everyone uses, but few teams can clearly describe in terms of everyday work. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through defense in depth as a practical security design pattern rather than a slogan. You’ll hear how it fits across identity, network, endpoint, and cloud, and why it’s really about combining people, process, and technology so that no single miss turns into a major incident.</p><p> </p><p>The episode also explores how defense in depth works in real environments: from phishing and remote access to cloud and application security. We look at common use cases, where layering gives you quick wins with the tools you already own, and where deeper investment pays off over time. You’ll also hear honest discussion of trade-offs, limits, and failure modes, along with healthy signals that your layers are truly supporting each other instead of just multiplying dashboards.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5e03173b/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Building Your Analyst Mindset with CompTIA CySA+</title>
      <itunes:season>2</itunes:season>
      <podcast:season>2</podcast:season>
      <itunes:episode>1</itunes:episode>
      <podcast:episode>1</podcast:episode>
      <itunes:title>Certified: Building Your Analyst Mindset with CompTIA CySA+</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">297c15c7-cf99-473e-9afd-a06907c43f35</guid>
      <link>https://share.transistor.fm/s/3db41751</link>
      <description>
        <![CDATA[<p>This episode walks through the CompTIA Cybersecurity Analyst (CySA+) certification in clear, practical terms for early-career defenders. You will hear what CySA+ actually is, who it is built for, and how it turns scattered experience with alerts and logs into a more deliberate analyst mindset. We dig into the exam’s real focus on threat detection, vulnerability management, and incident response, drawing on the same structure as my Monday “Certified” feature in Bare Metal Cyber Magazine so the ideas build step by step without jargon getting in the way.</p><p> </p><p>You will also hear how CySA+ fits into a broader career path, whether you are coming from Security+, general IT, or a help desk role that is drifting toward security operations. Along the way, the narration highlights how hiring managers tend to read CySA+ on a resume, common misconceptions about the exam, and simple strategies for building confidence with scenarios and performance-based questions. If you want to go deeper, you can expand this overview with the full audio course for CySA+ inside the Bare Metal Cyber Audio Academy.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode walks through the CompTIA Cybersecurity Analyst (CySA+) certification in clear, practical terms for early-career defenders. You will hear what CySA+ actually is, who it is built for, and how it turns scattered experience with alerts and logs into a more deliberate analyst mindset. We dig into the exam’s real focus on threat detection, vulnerability management, and incident response, drawing on the same structure as my Monday “Certified” feature in Bare Metal Cyber Magazine so the ideas build step by step without jargon getting in the way.</p><p> </p><p>You will also hear how CySA+ fits into a broader career path, whether you are coming from Security+, general IT, or a help desk role that is drifting toward security operations. Along the way, the narration highlights how hiring managers tend to read CySA+ on a resume, common misconceptions about the exam, and simple strategies for building confidence with scenarios and performance-based questions. If you want to go deeper, you can expand this overview with the full audio course for CySA+ inside the Bare Metal Cyber Audio Academy.</p>]]>
      </content:encoded>
      <pubDate>Mon, 05 Jan 2026 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3db41751/1feedc52.mp3" length="22111583" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>552</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This episode walks through the CompTIA Cybersecurity Analyst (CySA+) certification in clear, practical terms for early-career defenders. You will hear what CySA+ actually is, who it is built for, and how it turns scattered experience with alerts and logs into a more deliberate analyst mindset. We dig into the exam’s real focus on threat detection, vulnerability management, and incident response, drawing on the same structure as my Monday “Certified” feature in Bare Metal Cyber Magazine so the ideas build step by step without jargon getting in the way.</p><p> </p><p>You will also hear how CySA+ fits into a broader career path, whether you are coming from Security+, general IT, or a help desk role that is drifting toward security operations. Along the way, the narration highlights how hiring managers tend to read CySA+ on a resume, common misconceptions about the exam, and simple strategies for building confidence with scenarios and performance-based questions. If you want to go deeper, you can expand this overview with the full audio course for CySA+ inside the Bare Metal Cyber Audio Academy.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3db41751/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>SOC Pager Olympics: Gold Medal in 3 A.M. False Alarms</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>68</itunes:episode>
      <podcast:episode>68</podcast:episode>
      <itunes:title>SOC Pager Olympics: Gold Medal in 3 A.M. False Alarms</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">69170654-faed-4d84-8e50-9b6b69297fc7</guid>
      <link>https://share.transistor.fm/s/f742d0ba</link>
      <description>
        <![CDATA[<p>In this episode, we break down the reality of the SOC Pager Olympics—the endless cycle of 3 a.m. wake-ups triggered by false alarms. You’ll hear how misconfigured thresholds, duplication storms, and phantom anomalies turn vigilance into chaos. We’ll explore the human cost of sleep disruption, from cognitive fog to burnout, and reveal why culture and leadership are just as critical as detection rules. Along the way, you’ll learn how to separate signals from noise, define what truly deserves a page, and restore trust in the systems meant to protect.</p><p>By listening, you’ll sharpen your ability to design sustainable on-call practices, strengthen detection engineering skills, and build empathy-driven leadership that respects human limits. You’ll also gain practical tools for measuring alert quality, enriching notifications with context, and fostering psychological safety in SOC teams. This is more than an exploration of alert fatigue—it’s a roadmap to building stronger, healthier defenders.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we break down the reality of the SOC Pager Olympics—the endless cycle of 3 a.m. wake-ups triggered by false alarms. You’ll hear how misconfigured thresholds, duplication storms, and phantom anomalies turn vigilance into chaos. We’ll explore the human cost of sleep disruption, from cognitive fog to burnout, and reveal why culture and leadership are just as critical as detection rules. Along the way, you’ll learn how to separate signals from noise, define what truly deserves a page, and restore trust in the systems meant to protect.</p><p>By listening, you’ll sharpen your ability to design sustainable on-call practices, strengthen detection engineering skills, and build empathy-driven leadership that respects human limits. You’ll also gain practical tools for measuring alert quality, enriching notifications with context, and fostering psychological safety in SOC teams. This is more than an exploration of alert fatigue—it’s a roadmap to building stronger, healthier defenders.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 31 Dec 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f742d0ba/24f16a48.mp3" length="56169493" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1404</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we break down the reality of the SOC Pager Olympics—the endless cycle of 3 a.m. wake-ups triggered by false alarms. You’ll hear how misconfigured thresholds, duplication storms, and phantom anomalies turn vigilance into chaos. We’ll explore the human cost of sleep disruption, from cognitive fog to burnout, and reveal why culture and leadership are just as critical as detection rules. Along the way, you’ll learn how to separate signals from noise, define what truly deserves a page, and restore trust in the systems meant to protect.</p><p>By listening, you’ll sharpen your ability to design sustainable on-call practices, strengthen detection engineering skills, and build empathy-driven leadership that respects human limits. You’ll also gain practical tools for measuring alert quality, enriching notifications with context, and fostering psychological safety in SOC teams. This is more than an exploration of alert fatigue—it’s a roadmap to building stronger, healthier defenders.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f742d0ba/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Network Segmentation Without the Buzzword Fog</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>67</itunes:episode>
      <podcast:episode>67</podcast:episode>
      <itunes:title>Network Segmentation Without the Buzzword Fog</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">1018043b-3266-4e21-99fb-58b097cc1037</guid>
      <link>https://share.transistor.fm/s/38443065</link>
      <description>
        <![CDATA[<p>When your network still feels like one big open floor plan, a single compromised device can turn into a building-wide fire. In this audio companion to my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through network segmentation in clear, practical language. You’ll hear what network segmentation really is, where it fits in modern hybrid environments, and how it changes the way traffic moves between users, servers, and sensitive systems. The goal is not theory for its own sake, but a working mental model you can carry into your next design review, incident call, or architecture conversation.</p><p>We also explore how segmentation patterns show up in everyday environments, from simple user-versus-server separations to tighter zones around high-value applications and data. Along the way, we look at the benefits and trade-offs, including the design effort, operational overhead, and hard limits segmentation cannot solve on its own. You’ll hear common failure modes like “any-to-any” rules and rule sprawl, as well as healthy signals that your segmentation is actually slowing attackers down. If you work in security, IT, or cloud operations, this walkthrough gives you a straight-talking guide to making flat networks more defensible.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>When your network still feels like one big open floor plan, a single compromised device can turn into a building-wide fire. In this audio companion to my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through network segmentation in clear, practical language. You’ll hear what network segmentation really is, where it fits in modern hybrid environments, and how it changes the way traffic moves between users, servers, and sensitive systems. The goal is not theory for its own sake, but a working mental model you can carry into your next design review, incident call, or architecture conversation.</p><p>We also explore how segmentation patterns show up in everyday environments, from simple user-versus-server separations to tighter zones around high-value applications and data. Along the way, we look at the benefits and trade-offs, including the design effort, operational overhead, and hard limits segmentation cannot solve on its own. You’ll hear common failure modes like “any-to-any” rules and rule sprawl, as well as healthy signals that your segmentation is actually slowing attackers down. If you work in security, IT, or cloud operations, this walkthrough gives you a straight-talking guide to making flat networks more defensible.</p>]]>
      </content:encoded>
      <pubDate>Tue, 30 Dec 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/38443065/a59f5cf0.mp3" length="40680451" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1016</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>When your network still feels like one big open floor plan, a single compromised device can turn into a building-wide fire. In this audio companion to my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through network segmentation in clear, practical language. You’ll hear what network segmentation really is, where it fits in modern hybrid environments, and how it changes the way traffic moves between users, servers, and sensitive systems. The goal is not theory for its own sake, but a working mental model you can carry into your next design review, incident call, or architecture conversation.</p><p>We also explore how segmentation patterns show up in everyday environments, from simple user-versus-server separations to tighter zones around high-value applications and data. Along the way, we look at the benefits and trade-offs, including the design effort, operational overhead, and hard limits segmentation cannot solve on its own. You’ll hear common failure modes like “any-to-any” rules and rule sprawl, as well as healthy signals that your segmentation is actually slowing attackers down. If you work in security, IT, or cloud operations, this walkthrough gives you a straight-talking guide to making flat networks more defensible.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/38443065/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Monday: PCI Professional (PCIP) – Learning to Speak the Language of PCI DSS</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>66</itunes:episode>
      <podcast:episode>66</podcast:episode>
      <itunes:title>Certified: Monday: PCI Professional (PCIP) – Learning to Speak the Language of PCI DSS</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c24ec698-e1e1-42f9-8b54-be70fcfc7eb9</guid>
      <link>https://share.transistor.fm/s/0e91adea</link>
      <description>
        <![CDATA[<p>This episode walks you through the PCI Professional (PCIP) certification in clear, everyday language. We start with what PCIP is designed to prove, why it matters for anyone working around payment card data, and how it fits into the wider world of PCI DSS. From there, we talk about who this certification is really for across security, IT, audit, and payments roles, and what it means to be able to “speak PCI” in meetings, projects, and assessments. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, adapted for audio so you can follow along without needing the article in front of you.</p><p> </p><p>You will also get a guided tour of what the PCIP exam actually tests, the kinds of scenarios you can expect, and how the certification fits into a longer-term career path that might include other security, audit, or compliance credentials. We connect domains, scope, controls, and evidence in a way that makes sense if you are early in your journey but already working with real systems and teams. If you want to go further, you can dive into the full PCI Professional (PCIP) audio course inside the Bare Metal Cyber Audio Academy for deeper, structured exam prep.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode walks you through the PCI Professional (PCIP) certification in clear, everyday language. We start with what PCIP is designed to prove, why it matters for anyone working around payment card data, and how it fits into the wider world of PCI DSS. From there, we talk about who this certification is really for across security, IT, audit, and payments roles, and what it means to be able to “speak PCI” in meetings, projects, and assessments. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, adapted for audio so you can follow along without needing the article in front of you.</p><p> </p><p>You will also get a guided tour of what the PCIP exam actually tests, the kinds of scenarios you can expect, and how the certification fits into a longer-term career path that might include other security, audit, or compliance credentials. We connect domains, scope, controls, and evidence in a way that makes sense if you are early in your journey but already working with real systems and teams. If you want to go further, you can dive into the full PCI Professional (PCIP) audio course inside the Bare Metal Cyber Audio Academy for deeper, structured exam prep.</p>]]>
      </content:encoded>
      <pubDate>Mon, 29 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/0e91adea/3c7ab0b6.mp3" length="34744512" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>868</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This episode walks you through the PCI Professional (PCIP) certification in clear, everyday language. We start with what PCIP is designed to prove, why it matters for anyone working around payment card data, and how it fits into the wider world of PCI DSS. From there, we talk about who this certification is really for across security, IT, audit, and payments roles, and what it means to be able to “speak PCI” in meetings, projects, and assessments. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, adapted for audio so you can follow along without needing the article in front of you.</p><p> </p><p>You will also get a guided tour of what the PCIP exam actually tests, the kinds of scenarios you can expect, and how the certification fits into a longer-term career path that might include other security, audit, or compliance credentials. We connect domains, scope, controls, and evidence in a way that makes sense if you are early in your journey but already working with real systems and teams. If you want to go further, you can dive into the full PCI Professional (PCIP) audio course inside the Bare Metal Cyber Audio Academy for deeper, structured exam prep.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/0e91adea/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>SBOM &amp; Chill: You Don’t Need Every Ingredient—Just the Allergens</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>65</itunes:episode>
      <podcast:episode>65</podcast:episode>
      <itunes:title>SBOM &amp; Chill: You Don’t Need Every Ingredient—Just the Allergens</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">fd3eb972-b093-4000-8987-79b7ed813714</guid>
      <link>https://share.transistor.fm/s/f92bfcfe</link>
      <description>
        <![CDATA[<p>In this episode, we strip away the noise surrounding Software Bills of Materials and reframe them through a fresh lens: allergens. Instead of drowning in endless dependency lists, you’ll learn how to identify the handful of components that can actually break your security posture—known exploited vulnerabilities, crypto and authentication stacks, choke-point libraries, abandoned projects, legal traps, and poisoned registries. We explore how VEX, exploit likelihood, and reachability shrink the noise, and we break down the concept of the minimal-viable SBOM, a leaner approach designed to deliver clarity instead of compliance fatigue.</p><p>By listening, you’ll sharpen your ability to prioritize real risks over theoretical ones, master how to integrate context like VEX into security workflows, and recognize legal and build-system obligations before they cause damage. You’ll walk away with practical skills for producing SBOMs people will actually use, crafting reports tailored to different audiences, and focusing on trust-building clarity rather than overwhelming volume. Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we strip away the noise surrounding Software Bills of Materials and reframe them through a fresh lens: allergens. Instead of drowning in endless dependency lists, you’ll learn how to identify the handful of components that can actually break your security posture—known exploited vulnerabilities, crypto and authentication stacks, choke-point libraries, abandoned projects, legal traps, and poisoned registries. We explore how VEX, exploit likelihood, and reachability shrink the noise, and we break down the concept of the minimal-viable SBOM, a leaner approach designed to deliver clarity instead of compliance fatigue.</p><p>By listening, you’ll sharpen your ability to prioritize real risks over theoretical ones, master how to integrate context like VEX into security workflows, and recognize legal and build-system obligations before they cause damage. You’ll walk away with practical skills for producing SBOMs people will actually use, crafting reports tailored to different audiences, and focusing on trust-building clarity rather than overwhelming volume. Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 24 Dec 2025 04:43:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f92bfcfe/2ba1c943.mp3" length="85253730" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>2131</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we strip away the noise surrounding Software Bills of Materials and reframe them through a fresh lens: allergens. Instead of drowning in endless dependency lists, you’ll learn how to identify the handful of components that can actually break your security posture—known exploited vulnerabilities, crypto and authentication stacks, choke-point libraries, abandoned projects, legal traps, and poisoned registries. We explore how VEX, exploit likelihood, and reachability shrink the noise, and we break down the concept of the minimal-viable SBOM, a leaner approach designed to deliver clarity instead of compliance fatigue.</p><p>By listening, you’ll sharpen your ability to prioritize real risks over theoretical ones, master how to integrate context like VEX into security workflows, and recognize legal and build-system obligations before they cause damage. You’ll walk away with practical skills for producing SBOMs people will actually use, crafting reports tailored to different audiences, and focusing on trust-building clarity rather than overwhelming volume. Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f92bfcfe/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Asset Inventory Basics for Real-World Defenders</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>64</itunes:episode>
      <podcast:episode>64</podcast:episode>
      <itunes:title>Insight: Asset Inventory Basics for Real-World Defenders</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5eebde4d-faa4-4e39-94dc-cbdd5df9e0c6</guid>
      <link>https://share.transistor.fm/s/b2f355e5</link>
      <description>
        <![CDATA[<p>In this narrated Insight, we unpack cyber asset inventory as the quiet backbone of a modern security program. You will hear what cyber asset inventory really means in today’s mix of on-prem, cloud, and SaaS, and where it fits among your existing tools and processes. We walk through why “you can’t secure what you can’t see” is not just a slogan, but a practical reality for vulnerability management, access reviews, and incident response. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted into clear, spoken explanations for busy security and IT professionals.</p><p>We also explore how a living asset map actually comes together, from discovery sources and central stores to ownership tags and enrichment rules. You will hear everyday use cases that range from quick wins, like building a simple view of internet-facing assets, to more strategic moves like mapping assets to business services. Along the way, we call out the real benefits, trade-offs, and limits of cyber asset inventory, plus the failure modes that cause inventories to decay and the healthy signals that show the discipline is working in real life.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this narrated Insight, we unpack cyber asset inventory as the quiet backbone of a modern security program. You will hear what cyber asset inventory really means in today’s mix of on-prem, cloud, and SaaS, and where it fits among your existing tools and processes. We walk through why “you can’t secure what you can’t see” is not just a slogan, but a practical reality for vulnerability management, access reviews, and incident response. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted into clear, spoken explanations for busy security and IT professionals.</p><p>We also explore how a living asset map actually comes together, from discovery sources and central stores to ownership tags and enrichment rules. You will hear everyday use cases that range from quick wins, like building a simple view of internet-facing assets, to more strategic moves like mapping assets to business services. Along the way, we call out the real benefits, trade-offs, and limits of cyber asset inventory, plus the failure modes that cause inventories to decay and the healthy signals that show the discipline is working in real life.</p>]]>
      </content:encoded>
      <pubDate>Tue, 23 Dec 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b2f355e5/79e2aabe.mp3" length="36850911" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>920</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this narrated Insight, we unpack cyber asset inventory as the quiet backbone of a modern security program. You will hear what cyber asset inventory really means in today’s mix of on-prem, cloud, and SaaS, and where it fits among your existing tools and processes. We walk through why “you can’t secure what you can’t see” is not just a slogan, but a practical reality for vulnerability management, access reviews, and incident response. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted into clear, spoken explanations for busy security and IT professionals.</p><p>We also explore how a living asset map actually comes together, from discovery sources and central stores to ownership tags and enrichment rules. You will hear everyday use cases that range from quick wins, like building a simple view of internet-facing assets, to more strategic moves like mapping assets to business services. Along the way, we call out the real benefits, trade-offs, and limits of cyber asset inventory, plus the failure modes that cause inventories to decay and the healthy signals that show the discipline is working in real life.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b2f355e5/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: How CCISO Signals You’re Ready for Executive Security Leadership</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>63</itunes:episode>
      <podcast:episode>63</podcast:episode>
      <itunes:title>Certified: How CCISO Signals You’re Ready for Executive Security Leadership</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">664e779d-1868-4e9e-9164-cab5231ffee1</guid>
      <link>https://share.transistor.fm/s/119e7f48</link>
      <description>
        <![CDATA[<p>The Certified Chief Information Security Officer (CCISO) exam is built for security leaders who are ready to move from running tools to running a program, and this narrated episode walks through what that shift really means. You will hear a clear breakdown of what CCISO is, who it is designed for, and how it differs from more technical certifications you may know. The episode is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so the story is structured for early-career professionals and rising managers who want a grounded view of executive-level security leadership.</p><p> </p><p>From there, the episode explores what the CCISO exam actually tests, how its domains reflect real-world responsibilities, and where it fits in a broader security career path. You will get a plain-language explanation of exam domains, study focus areas, and the kind of thinking CCISO rewards, along with guidance on when this certification makes sense in a long-term plan. If you decide to go further, you can deepen your preparation with the full audio course for CCISO inside the Bare Metal Cyber Audio Academy, designed to fit around commutes, workouts, and everything else in your schedule.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>The Certified Chief Information Security Officer (CCISO) exam is built for security leaders who are ready to move from running tools to running a program, and this narrated episode walks through what that shift really means. You will hear a clear breakdown of what CCISO is, who it is designed for, and how it differs from more technical certifications you may know. The episode is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so the story is structured for early-career professionals and rising managers who want a grounded view of executive-level security leadership.</p><p> </p><p>From there, the episode explores what the CCISO exam actually tests, how its domains reflect real-world responsibilities, and where it fits in a broader security career path. You will get a plain-language explanation of exam domains, study focus areas, and the kind of thinking CCISO rewards, along with guidance on when this certification makes sense in a long-term plan. If you decide to go further, you can deepen your preparation with the full audio course for CCISO inside the Bare Metal Cyber Audio Academy, designed to fit around commutes, workouts, and everything else in your schedule.</p>]]>
      </content:encoded>
      <pubDate>Mon, 22 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/119e7f48/5430169f.mp3" length="24052051" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>600</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>The Certified Chief Information Security Officer (CCISO) exam is built for security leaders who are ready to move from running tools to running a program, and this narrated episode walks through what that shift really means. You will hear a clear breakdown of what CCISO is, who it is designed for, and how it differs from more technical certifications you may know. The episode is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so the story is structured for early-career professionals and rising managers who want a grounded view of executive-level security leadership.</p><p> </p><p>From there, the episode explores what the CCISO exam actually tests, how its domains reflect real-world responsibilities, and where it fits in a broader security career path. You will get a plain-language explanation of exam domains, study focus areas, and the kind of thinking CCISO rewards, along with guidance on when this certification makes sense in a long-term plan. If you decide to go further, you can deepen your preparation with the full audio course for CCISO inside the Bare Metal Cyber Audio Academy, designed to fit around commutes, workouts, and everything else in your schedule.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/119e7f48/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Talks: Tracking School Swatters and Shooters: Turning Online Leakage Into Action with Detective Richard Wistocki</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>62</itunes:episode>
      <podcast:episode>62</podcast:episode>
      <itunes:title>Cyber Talks: Tracking School Swatters and Shooters: Turning Online Leakage Into Action with Detective Richard Wistocki</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">ea05fa58-1fcb-4dde-a539-00d2d57c83e4</guid>
      <link>https://share.transistor.fm/s/6357c8f5</link>
      <description>
        <![CDATA[<p> In my conversation with <strong>Detective Richard Wistocki (Ret.)</strong>, we talked candidly about a reality that many school leaders and law enforcement professionals already feel in their bones: online threats are constant, confusing, and often paralyzing. This Cyber Talk, developed by BareMetalCyber.com, focuses on what it really takes to track school swatters and potential shooters through “leakage” in social media and online platforms, and then turn that information into timely, lawful action. If you are looking at the video above, this article is here to frame the big ideas and give you a reason to hit play. </p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p> In my conversation with <strong>Detective Richard Wistocki (Ret.)</strong>, we talked candidly about a reality that many school leaders and law enforcement professionals already feel in their bones: online threats are constant, confusing, and often paralyzing. This Cyber Talk, developed by BareMetalCyber.com, focuses on what it really takes to track school swatters and potential shooters through “leakage” in social media and online platforms, and then turn that information into timely, lawful action. If you are looking at the video above, this article is here to frame the big ideas and give you a reason to hit play. </p>]]>
      </content:encoded>
      <pubDate>Thu, 18 Dec 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6357c8f5/d82953ab.mp3" length="52699511" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>3291</itunes:duration>
      <itunes:summary>
        <![CDATA[<p> In my conversation with <strong>Detective Richard Wistocki (Ret.)</strong>, we talked candidly about a reality that many school leaders and law enforcement professionals already feel in their bones: online threats are constant, confusing, and often paralyzing. This Cyber Talk, developed by BareMetalCyber.com, focuses on what it really takes to track school swatters and potential shooters through “leakage” in social media and online platforms, and then turn that information into timely, lawful action. If you are looking at the video above, this article is here to frame the big ideas and give you a reason to hit play. </p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6357c8f5/transcript.vtt" type="text/vtt" rel="captions"/>
    </item>
    <item>
      <title>Tabletop Telenovela: Turning Your IR Plan into a Drama People Remember</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>61</itunes:episode>
      <podcast:episode>61</podcast:episode>
      <itunes:title>Tabletop Telenovela: Turning Your IR Plan into a Drama People Remember</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5bba2a22-0557-4c6c-acd8-db2fba52e55d</guid>
      <link>https://share.transistor.fm/s/6583f7d0</link>
      <description>
        <![CDATA[<p>In this episode, you’ll learn how to transform a traditional, forgettable tabletop exercise into something unforgettable: a telenovela. We explore how to recast roles as characters with motives, build dramatic arcs with twists and cliffhangers, and use realistic props to make your IR plan come alive. Instead of walking through checklists, you’ll hear how to stage a story your team will actually remember when a real breach occurs.</p><p>You’ll also discover the skills that improve when training shifts from paperwork to drama. From sharper communication under pressure, to quicker decision-making, to cross-functional empathy, the tabletop telenovela strengthens instincts that no binder can teach. It turns compliance drills into lived experiences, building resilience through memory and story.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, you’ll learn how to transform a traditional, forgettable tabletop exercise into something unforgettable: a telenovela. We explore how to recast roles as characters with motives, build dramatic arcs with twists and cliffhangers, and use realistic props to make your IR plan come alive. Instead of walking through checklists, you’ll hear how to stage a story your team will actually remember when a real breach occurs.</p><p>You’ll also discover the skills that improve when training shifts from paperwork to drama. From sharper communication under pressure, to quicker decision-making, to cross-functional empathy, the tabletop telenovela strengthens instincts that no binder can teach. It turns compliance drills into lived experiences, building resilience through memory and story.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 17 Dec 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6583f7d0/e5cd5990.mp3" length="57606630" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1440</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, you’ll learn how to transform a traditional, forgettable tabletop exercise into something unforgettable: a telenovela. We explore how to recast roles as characters with motives, build dramatic arcs with twists and cliffhangers, and use realistic props to make your IR plan come alive. Instead of walking through checklists, you’ll hear how to stage a story your team will actually remember when a real breach occurs.</p><p>You’ll also discover the skills that improve when training shifts from paperwork to drama. From sharper communication under pressure, to quicker decision-making, to cross-functional empathy, the tabletop telenovela strengthens instincts that no binder can teach. It turns compliance drills into lived experiences, building resilience through memory and story.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6583f7d0/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Turning Patch and Update Management into a Strength</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>60</itunes:episode>
      <podcast:episode>60</podcast:episode>
      <itunes:title>Insight: Turning Patch and Update Management into a Strength</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e5f93c43-b31f-4956-9319-c4e8cf924436</guid>
      <link>https://share.transistor.fm/s/915a2737</link>
      <description>
        <![CDATA[<p>Patch and update management rarely makes headlines, but it quietly determines how exposed your environment really is. In this audio Insight, we walk through the foundations of a solid patch and update management practice, from intake of vendor advisories and scan results through testing, change windows, rollout, and verification. You will hear how this discipline sits between security, operations, and the business, and why predictable patch rhythms do more for real-world risk reduction than one-off fire drills or heroic weekend upgrades.</p><p>You will also explore everyday patterns that teams use to keep systems current, from quick-win cycles in smaller environments to more risk-driven, strategic approaches in larger estates. Along the way, we unpack the trade-offs around downtime, tooling, skills, legacy systems, and culture, and highlight the warning signs of shallow adoption versus the healthy signals of a mature practice. This narration is developed by Bare Metal Cyber and based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Patch and update management rarely makes headlines, but it quietly determines how exposed your environment really is. In this audio Insight, we walk through the foundations of a solid patch and update management practice, from intake of vendor advisories and scan results through testing, change windows, rollout, and verification. You will hear how this discipline sits between security, operations, and the business, and why predictable patch rhythms do more for real-world risk reduction than one-off fire drills or heroic weekend upgrades.</p><p>You will also explore everyday patterns that teams use to keep systems current, from quick-win cycles in smaller environments to more risk-driven, strategic approaches in larger estates. Along the way, we unpack the trade-offs around downtime, tooling, skills, legacy systems, and culture, and highlight the warning signs of shallow adoption versus the healthy signals of a mature practice. This narration is developed by Bare Metal Cyber and based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.</p>]]>
      </content:encoded>
      <pubDate>Tue, 16 Dec 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/915a2737/3fcbe19f.mp3" length="35613755" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>889</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Patch and update management rarely makes headlines, but it quietly determines how exposed your environment really is. In this audio Insight, we walk through the foundations of a solid patch and update management practice, from intake of vendor advisories and scan results through testing, change windows, rollout, and verification. You will hear how this discipline sits between security, operations, and the business, and why predictable patch rhythms do more for real-world risk reduction than one-off fire drills or heroic weekend upgrades.</p><p>You will also explore everyday patterns that teams use to keep systems current, from quick-win cycles in smaller environments to more risk-driven, strategic approaches in larger estates. Along the way, we unpack the trade-offs around downtime, tooling, skills, legacy systems, and culture, and highlight the warning signs of shallow adoption versus the healthy signals of a mature practice. This narration is developed by Bare Metal Cyber and based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/915a2737/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified: Stepping Into Security Leadership with CISM</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>59</itunes:episode>
      <podcast:episode>59</podcast:episode>
      <itunes:title>Certified: Stepping Into Security Leadership with CISM</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">3865154e-1659-4115-b3a7-db77df9c52e0</guid>
      <link>https://share.transistor.fm/s/bf65b1e7</link>
      <description>
        <![CDATA[<p>This episode takes you inside the world of the Certified Information Security Manager (CISM), a certification that helps professionals grow from hands-on security work into roles that shape programs, policies, and risk decisions. In clear, beginner-friendly language, the narration explains what CISM is, who it is really for, and how it changes the way you think about governance, risk management, and incident response. The story is developed from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you get a structured walkthrough rather than a loose collection of tips.</p><p> </p><p>You will hear how the CISM exam actually tests your judgment through real-world style scenarios, what kinds of responsibilities it supports in the workplace, and where it fits in a long-term security career path. The episode also helps you understand whether a management-focused certification is the right move for your current stage, or a goal to aim for later. If you want to go deeper and turn this overview into a full study plan, you can pair the episode with the dedicated CISM audio course inside the Bare Metal Cyber Audio Academy.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode takes you inside the world of the Certified Information Security Manager (CISM), a certification that helps professionals grow from hands-on security work into roles that shape programs, policies, and risk decisions. In clear, beginner-friendly language, the narration explains what CISM is, who it is really for, and how it changes the way you think about governance, risk management, and incident response. The story is developed from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you get a structured walkthrough rather than a loose collection of tips.</p><p> </p><p>You will hear how the CISM exam actually tests your judgment through real-world style scenarios, what kinds of responsibilities it supports in the workplace, and where it fits in a long-term security career path. The episode also helps you understand whether a management-focused certification is the right move for your current stage, or a goal to aim for later. If you want to go deeper and turn this overview into a full study plan, you can pair the episode with the dedicated CISM audio course inside the Bare Metal Cyber Audio Academy.</p>]]>
      </content:encoded>
      <pubDate>Mon, 15 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/bf65b1e7/ed6f8140.mp3" length="27097831" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>676</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This episode takes you inside the world of the Certified Information Security Manager (CISM), a certification that helps professionals grow from hands-on security work into roles that shape programs, policies, and risk decisions. In clear, beginner-friendly language, the narration explains what CISM is, who it is really for, and how it changes the way you think about governance, risk management, and incident response. The story is developed from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you get a structured walkthrough rather than a loose collection of tips.</p><p> </p><p>You will hear how the CISM exam actually tests your judgment through real-world style scenarios, what kinds of responsibilities it supports in the workplace, and where it fits in a long-term security career path. The episode also helps you understand whether a management-focused certification is the right move for your current stage, or a goal to aim for later. If you want to go deeper and turn this overview into a full study plan, you can pair the episode with the dedicated CISM audio course inside the Bare Metal Cyber Audio Academy.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/bf65b1e7/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Talks: Phishing in the Age of Agentic AI: Craig Taylor on Culture, Literacy, and the New Human Firewall</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>58</itunes:episode>
      <podcast:episode>58</podcast:episode>
      <itunes:title>Cyber Talks: Phishing in the Age of Agentic AI: Craig Taylor on Culture, Literacy, and the New Human Firewall</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">2a0bdae5-4944-4a56-95f3-e36828255ee6</guid>
      <link>https://share.transistor.fm/s/9f25e0aa</link>
      <description>
        <![CDATA[<p>In my Cyber Talks conversation with <a href="https://www.linkedin.com/article/edit/7403659632889450496/#"><strong>Craig Taylor</strong></a> the co-founder and CEO of <a href="https://www.linkedin.com/article/edit/7403659632889450496/#"><strong>CyberHoot</strong></a>, we dive into a problem that is evolving faster than most organizations can keep up: phishing in the age of <strong>agentic AI</strong>. Cyber Talks, developed by <a href="http://baremetalcyber.com/"><strong>BareMetalCyber.com</strong></a>, is all about learning from practitioners who are pushing the field forward, and Craig has spent three decades on the front lines of security, risk, and cyber literacy. If you lead security, IT, or risk, the video above is worth a careful watch—because the phishing problem you think you have is not the one you’re actually facing today.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In my Cyber Talks conversation with <a href="https://www.linkedin.com/article/edit/7403659632889450496/#"><strong>Craig Taylor</strong></a> the co-founder and CEO of <a href="https://www.linkedin.com/article/edit/7403659632889450496/#"><strong>CyberHoot</strong></a>, we dive into a problem that is evolving faster than most organizations can keep up: phishing in the age of <strong>agentic AI</strong>. Cyber Talks, developed by <a href="http://baremetalcyber.com/"><strong>BareMetalCyber.com</strong></a>, is all about learning from practitioners who are pushing the field forward, and Craig has spent three decades on the front lines of security, risk, and cyber literacy. If you lead security, IT, or risk, the video above is worth a careful watch—because the phishing problem you think you have is not the one you’re actually facing today.</p>]]>
      </content:encoded>
      <pubDate>Thu, 11 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/9f25e0aa/f831a3e1.mp3" length="53406062" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>3335</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In my Cyber Talks conversation with <a href="https://www.linkedin.com/article/edit/7403659632889450496/#"><strong>Craig Taylor</strong></a> the co-founder and CEO of <a href="https://www.linkedin.com/article/edit/7403659632889450496/#"><strong>CyberHoot</strong></a>, we dive into a problem that is evolving faster than most organizations can keep up: phishing in the age of <strong>agentic AI</strong>. Cyber Talks, developed by <a href="http://baremetalcyber.com/"><strong>BareMetalCyber.com</strong></a>, is all about learning from practitioners who are pushing the field forward, and Craig has spent three decades on the front lines of security, risk, and cyber literacy. If you lead security, IT, or risk, the video above is worth a careful watch—because the phishing problem you think you have is not the one you’re actually facing today.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/9f25e0aa/transcript.vtt" type="text/vtt" rel="captions"/>
    </item>
    <item>
      <title>Email Is Your Unpatchable Legacy App</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>57</itunes:episode>
      <podcast:episode>57</podcast:episode>
      <itunes:title>Email Is Your Unpatchable Legacy App</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">f93c1529-ca7b-4356-a144-fd0a19914d34</guid>
      <link>https://share.transistor.fm/s/345770db</link>
      <description>
        <![CDATA[<p>In this episode, we explore why email is both the oldest and most dangerous application in your enterprise. You’ll learn how protocols built in the 1970s still carry modern business logic, why attackers thrive on its openness, and how Business Email Compromise has evolved into one of the most profitable cybercrimes in history. The discussion traces the history of email’s insecure DNA, the patchwork of fixes that never quite solve it, and the cultural and regulatory anchors that make it impossible to abandon.</p><p>Listeners will come away with sharper skills in evaluating email risk, recognizing the tactics adversaries use to exploit trust, and applying pragmatic controls that actually reduce exposure. You’ll understand how to treat email like a critical application, design workflows that resist fraud, and build governance that prevents small compromises from becoming catastrophic losses. This is not just theory—it’s a roadmap for defending the unpatchable app every organization depends on.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we explore why email is both the oldest and most dangerous application in your enterprise. You’ll learn how protocols built in the 1970s still carry modern business logic, why attackers thrive on its openness, and how Business Email Compromise has evolved into one of the most profitable cybercrimes in history. The discussion traces the history of email’s insecure DNA, the patchwork of fixes that never quite solve it, and the cultural and regulatory anchors that make it impossible to abandon.</p><p>Listeners will come away with sharper skills in evaluating email risk, recognizing the tactics adversaries use to exploit trust, and applying pragmatic controls that actually reduce exposure. You’ll understand how to treat email like a critical application, design workflows that resist fraud, and build governance that prevents small compromises from becoming catastrophic losses. This is not just theory—it’s a roadmap for defending the unpatchable app every organization depends on.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 10 Dec 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/345770db/367833f3.mp3" length="68340356" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1708</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we explore why email is both the oldest and most dangerous application in your enterprise. You’ll learn how protocols built in the 1970s still carry modern business logic, why attackers thrive on its openness, and how Business Email Compromise has evolved into one of the most profitable cybercrimes in history. The discussion traces the history of email’s insecure DNA, the patchwork of fixes that never quite solve it, and the cultural and regulatory anchors that make it impossible to abandon.</p><p>Listeners will come away with sharper skills in evaluating email risk, recognizing the tactics adversaries use to exploit trust, and applying pragmatic controls that actually reduce exposure. You’ll understand how to treat email like a critical application, design workflows that resist fraud, and build governance that prevents small compromises from becoming catastrophic losses. This is not just theory—it’s a roadmap for defending the unpatchable app every organization depends on.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/345770db/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: How CVEs and CVSS Turn Vulnerabilities into Decisions</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>56</itunes:episode>
      <podcast:episode>56</podcast:episode>
      <itunes:title>Insight: How CVEs and CVSS Turn Vulnerabilities into Decisions</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4a5010ad-8628-4ff7-aba1-28df0921ab1a</guid>
      <link>https://share.transistor.fm/s/ecbfb7e7</link>
      <description>
        <![CDATA[<p>Understanding vulnerability data can feel like learning a new language, especially when every report is packed with identifiers and scores. In this narrated Insight, we walk through the relationship between software vulnerabilities, Common Vulnerabilities and Exposures (CVE), and the Common Vulnerability Scoring System (CVSS). You will hear how vulnerabilities move from discovery to public CVE records, how CVSS scores are calculated, and why those numbers show up in dashboards, tickets, and board reports. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine and is designed for working security and IT professionals who want clear, vendor-neutral explanations.</p><p> </p><p>We then shift to everyday practice: how teams actually use CVE and CVSS in vulnerability management, where these tools genuinely help, and where they can mislead if treated as the whole story. You will hear practical examples of quick-win prioritization for smaller teams, as well as more advanced ways to combine scores with asset criticality and threat activity. We also explore common failure modes, such as chasing scores instead of real risk, and highlight healthier signals that show your vulnerability data is driving better decisions. By the end, you will have a grounded mental model for reading those lists of IDs and scores with more confidence.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Understanding vulnerability data can feel like learning a new language, especially when every report is packed with identifiers and scores. In this narrated Insight, we walk through the relationship between software vulnerabilities, Common Vulnerabilities and Exposures (CVE), and the Common Vulnerability Scoring System (CVSS). You will hear how vulnerabilities move from discovery to public CVE records, how CVSS scores are calculated, and why those numbers show up in dashboards, tickets, and board reports. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine and is designed for working security and IT professionals who want clear, vendor-neutral explanations.</p><p> </p><p>We then shift to everyday practice: how teams actually use CVE and CVSS in vulnerability management, where these tools genuinely help, and where they can mislead if treated as the whole story. You will hear practical examples of quick-win prioritization for smaller teams, as well as more advanced ways to combine scores with asset criticality and threat activity. We also explore common failure modes, such as chasing scores instead of real risk, and highlight healthier signals that show your vulnerability data is driving better decisions. By the end, you will have a grounded mental model for reading those lists of IDs and scores with more confidence.</p>]]>
      </content:encoded>
      <pubDate>Tue, 09 Dec 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ecbfb7e7/40070b3f.mp3" length="35164451" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>878</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Understanding vulnerability data can feel like learning a new language, especially when every report is packed with identifiers and scores. In this narrated Insight, we walk through the relationship between software vulnerabilities, Common Vulnerabilities and Exposures (CVE), and the Common Vulnerability Scoring System (CVSS). You will hear how vulnerabilities move from discovery to public CVE records, how CVSS scores are calculated, and why those numbers show up in dashboards, tickets, and board reports. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine and is designed for working security and IT professionals who want clear, vendor-neutral explanations.</p><p> </p><p>We then shift to everyday practice: how teams actually use CVE and CVSS in vulnerability management, where these tools genuinely help, and where they can mislead if treated as the whole story. You will hear practical examples of quick-win prioritization for smaller teams, as well as more advanced ways to combine scores with asset criticality and threat activity. We also explore common failure modes, such as chasing scores instead of real risk, and highlight healthier signals that show your vulnerability data is driving better decisions. By the end, you will have a grounded mental model for reading those lists of IDs and scores with more confidence.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ecbfb7e7/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Certified Monday: Seeing Systems Like an Auditor with the CISA Certification</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>55</itunes:episode>
      <podcast:episode>55</podcast:episode>
      <itunes:title>Certified Monday: Seeing Systems Like an Auditor with the CISA Certification</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">ce4ec5ad-b170-42ba-a65b-cc9a00c3906c</guid>
      <link>https://share.transistor.fm/s/6a0b48ff</link>
      <description>
        <![CDATA[<p>This episode walks through the Certified Information Systems Auditor (CISA) certification in clear, beginner-friendly language, focusing on what it really means to think like an IT auditor. You will hear how CISA frames technology in terms of controls, evidence, and risk, and why that perspective matters if you want to move closer to audit, governance, or technology risk roles. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structured breakdown in an audio format that fits into a busy day.</p><p> </p><p>We will cover who CISA is really for, what the exam emphasizes, and how it fits into a broader career and certification path for early-career cyber and IT professionals. You will also hear practical ideas on preparing for the exam, from understanding the domains and question style to building a simple, sustainable study plan that fits around work and life. If you want to go deeper, you can continue your journey with the full audio course for this certification inside the Bare Metal Cyber Audio Academy.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode walks through the Certified Information Systems Auditor (CISA) certification in clear, beginner-friendly language, focusing on what it really means to think like an IT auditor. You will hear how CISA frames technology in terms of controls, evidence, and risk, and why that perspective matters if you want to move closer to audit, governance, or technology risk roles. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structured breakdown in an audio format that fits into a busy day.</p><p> </p><p>We will cover who CISA is really for, what the exam emphasizes, and how it fits into a broader career and certification path for early-career cyber and IT professionals. You will also hear practical ideas on preparing for the exam, from understanding the domains and question style to building a simple, sustainable study plan that fits around work and life. If you want to go deeper, you can continue your journey with the full audio course for this certification inside the Bare Metal Cyber Audio Academy.</p>]]>
      </content:encoded>
      <pubDate>Mon, 08 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6a0b48ff/06a10977.mp3" length="27452073" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>685</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This episode walks through the Certified Information Systems Auditor (CISA) certification in clear, beginner-friendly language, focusing on what it really means to think like an IT auditor. You will hear how CISA frames technology in terms of controls, evidence, and risk, and why that perspective matters if you want to move closer to audit, governance, or technology risk roles. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, so you get the same structured breakdown in an audio format that fits into a busy day.</p><p> </p><p>We will cover who CISA is really for, what the exam emphasizes, and how it fits into a broader career and certification path for early-career cyber and IT professionals. You will also hear practical ideas on preparing for the exam, from understanding the domains and question style to building a simple, sustainable study plan that fits around work and life. If you want to go deeper, you can continue your journey with the full audio course for this certification inside the Bare Metal Cyber Audio Academy.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6a0b48ff/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>	 Weekly Cyber News Rollup, December 5th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>54</itunes:episode>
      <podcast:episode>54</podcast:episode>
      <itunes:title>	 Weekly Cyber News Rollup, December 5th, 2025</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">380ecbd3-8f46-4733-9a20-39108b15123a</guid>
      <link>https://share.transistor.fm/s/055f42a2</link>
      <description>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending December 5th, 2025. Holiday shopping dominates the threat landscape, with industrial scale fake Christmas and Cyber Monday stores siphoning card data while a massive breach at Korean retail giant Coupang exposes tens of millions of shoppers. At the same time, attackers are burrowing into the software factory, from exposed secrets in cloud code repositories and malicious developer packages to tainted browser extensions that quietly spy on everyday work in customer relationship, finance, and human resources tools. Law enforcement’s takedown of a major crypto mixer shows real pressure on ransomware cash washing, even as mobile devices and airport Wi Fi remind leaders how fragile everyday access can be.</p><p>Across the episode, you will hear how attackers exploit hurry, convenience, and shared platforms in very different settings, from North Korean software supply chain campaigns and steganography tools built for espionage, to vendor breaches at financial data providers and cross tenant flaws in cloud services. We explore how weak artificial intelligence governance and powerful low code workflows can be twisted into ransomware launchers, how fake ChatGPT style browsers steal passwords at scale, and why critical bugs in React based web stacks demand rapid attention from builders. Executives, security teams, engineers, and students all get practical context on where trust is eroding and which signals to watch in logs, workflows, and vendor relationships. This weekly roll-up is designed to help you decide what to act on first, and it is available at DailyCyber.news.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending December 5th, 2025. Holiday shopping dominates the threat landscape, with industrial scale fake Christmas and Cyber Monday stores siphoning card data while a massive breach at Korean retail giant Coupang exposes tens of millions of shoppers. At the same time, attackers are burrowing into the software factory, from exposed secrets in cloud code repositories and malicious developer packages to tainted browser extensions that quietly spy on everyday work in customer relationship, finance, and human resources tools. Law enforcement’s takedown of a major crypto mixer shows real pressure on ransomware cash washing, even as mobile devices and airport Wi Fi remind leaders how fragile everyday access can be.</p><p>Across the episode, you will hear how attackers exploit hurry, convenience, and shared platforms in very different settings, from North Korean software supply chain campaigns and steganography tools built for espionage, to vendor breaches at financial data providers and cross tenant flaws in cloud services. We explore how weak artificial intelligence governance and powerful low code workflows can be twisted into ransomware launchers, how fake ChatGPT style browsers steal passwords at scale, and why critical bugs in React based web stacks demand rapid attention from builders. Executives, security teams, engineers, and students all get practical context on where trust is eroding and which signals to watch in logs, workflows, and vendor relationships. This weekly roll-up is designed to help you decide what to act on first, and it is available at DailyCyber.news.</p>]]>
      </content:encoded>
      <pubDate>Fri, 05 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/055f42a2/ba85927d.mp3" length="43393007" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1084</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending December 5th, 2025. Holiday shopping dominates the threat landscape, with industrial scale fake Christmas and Cyber Monday stores siphoning card data while a massive breach at Korean retail giant Coupang exposes tens of millions of shoppers. At the same time, attackers are burrowing into the software factory, from exposed secrets in cloud code repositories and malicious developer packages to tainted browser extensions that quietly spy on everyday work in customer relationship, finance, and human resources tools. Law enforcement’s takedown of a major crypto mixer shows real pressure on ransomware cash washing, even as mobile devices and airport Wi Fi remind leaders how fragile everyday access can be.</p><p>Across the episode, you will hear how attackers exploit hurry, convenience, and shared platforms in very different settings, from North Korean software supply chain campaigns and steganography tools built for espionage, to vendor breaches at financial data providers and cross tenant flaws in cloud services. We explore how weak artificial intelligence governance and powerful low code workflows can be twisted into ransomware launchers, how fake ChatGPT style browsers steal passwords at scale, and why critical bugs in React based web stacks demand rapid attention from builders. Executives, security teams, engineers, and students all get practical context on where trust is eroding and which signals to watch in logs, workflows, and vendor relationships. This weekly roll-up is designed to help you decide what to act on first, and it is available at DailyCyber.news.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/055f42a2/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Talks: Excel Is Not Your GRC Solution: Scaling Governance Beyond Spreadsheets</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>53</itunes:episode>
      <podcast:episode>53</podcast:episode>
      <itunes:title>Cyber Talks: Excel Is Not Your GRC Solution: Scaling Governance Beyond Spreadsheets</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">04dc8f53-909e-4927-949e-63f6bd7f614e</guid>
      <link>https://share.transistor.fm/s/d0b1371f</link>
      <description>
        <![CDATA[<p>Excel is great for many things — but it is not a governance, risk, and compliance (GRC) platform. In this Cyber Talk developed by BareMetalCyber.com, Dr. Jason Edwards sits down with <strong>Dean Charlton</strong>, Managing Director of <strong>DC CyberTech</strong>, to unpack why even the most well-intentioned GRC programs stall out when they live in spreadsheets.</p><p>Dean walks through the real-world pain points of “Excel-driven” GRC, from version chaos and manual updates to audit gaps and poor visibility for leadership. He then shows how automated, AI-driven GRC solutions can support organizations of all sizes, giving you cleaner data, clearer accountability, and a living view of risk instead of static files.</p><p>If you’re still managing controls, risks, and audits in Excel — or you’re afraid a full-blown platform is “too big” for your team — this session will give you practical ways to think differently about tooling, scalability, and where AI can actually help.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Excel is great for many things — but it is not a governance, risk, and compliance (GRC) platform. In this Cyber Talk developed by BareMetalCyber.com, Dr. Jason Edwards sits down with <strong>Dean Charlton</strong>, Managing Director of <strong>DC CyberTech</strong>, to unpack why even the most well-intentioned GRC programs stall out when they live in spreadsheets.</p><p>Dean walks through the real-world pain points of “Excel-driven” GRC, from version chaos and manual updates to audit gaps and poor visibility for leadership. He then shows how automated, AI-driven GRC solutions can support organizations of all sizes, giving you cleaner data, clearer accountability, and a living view of risk instead of static files.</p><p>If you’re still managing controls, risks, and audits in Excel — or you’re afraid a full-blown platform is “too big” for your team — this session will give you practical ways to think differently about tooling, scalability, and where AI can actually help.</p>]]>
      </content:encoded>
      <pubDate>Thu, 04 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d0b1371f/2b5c8ef6.mp3" length="46547796" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>2906</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Excel is great for many things — but it is not a governance, risk, and compliance (GRC) platform. In this Cyber Talk developed by BareMetalCyber.com, Dr. Jason Edwards sits down with <strong>Dean Charlton</strong>, Managing Director of <strong>DC CyberTech</strong>, to unpack why even the most well-intentioned GRC programs stall out when they live in spreadsheets.</p><p>Dean walks through the real-world pain points of “Excel-driven” GRC, from version chaos and manual updates to audit gaps and poor visibility for leadership. He then shows how automated, AI-driven GRC solutions can support organizations of all sizes, giving you cleaner data, clearer accountability, and a living view of risk instead of static files.</p><p>If you’re still managing controls, risks, and audits in Excel — or you’re afraid a full-blown platform is “too big” for your team — this session will give you practical ways to think differently about tooling, scalability, and where AI can actually help.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d0b1371f/transcript.vtt" type="text/vtt" rel="captions"/>
    </item>
    <item>
      <title>Shadow SaaS: 1,000 Apps, 0 Approvals, Unlimited Risk</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>52</itunes:episode>
      <podcast:episode>52</podcast:episode>
      <itunes:title>Shadow SaaS: 1,000 Apps, 0 Approvals, Unlimited Risk</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">da9d2406-57d1-4b19-80c2-63c4ec026fa6</guid>
      <link>https://share.transistor.fm/s/9b2c8dcf</link>
      <description>
        <![CDATA[<p>In this episode, we pull back the curtain on Shadow SaaS—the hidden world of unsanctioned apps quietly multiplying across the enterprise. You’ll learn how a single “Sign in with Google” click can spawn a durable, invisible connection, why OAuth tokens never seem to die, and how browser extensions and plug-ins form entire shadow ecosystems. We trace the blast radius from data leaks to compliance failures, and show how discovery pipelines, technical guardrails, and smart workflows can expose the sprawl without slowing innovation.</p><p>By listening, you’ll sharpen your ability to spot the signs of Shadow SaaS in your own environment, build stronger instincts around risk-based discovery, and gain practical strategies for token management, data protection, and cultural alignment. You’ll walk away with skills to govern SaaS without becoming the “department of no,” turning hidden risk into managed resilience. This episode equips you to secure speed and innovation hand in hand.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we pull back the curtain on Shadow SaaS—the hidden world of unsanctioned apps quietly multiplying across the enterprise. You’ll learn how a single “Sign in with Google” click can spawn a durable, invisible connection, why OAuth tokens never seem to die, and how browser extensions and plug-ins form entire shadow ecosystems. We trace the blast radius from data leaks to compliance failures, and show how discovery pipelines, technical guardrails, and smart workflows can expose the sprawl without slowing innovation.</p><p>By listening, you’ll sharpen your ability to spot the signs of Shadow SaaS in your own environment, build stronger instincts around risk-based discovery, and gain practical strategies for token management, data protection, and cultural alignment. You’ll walk away with skills to govern SaaS without becoming the “department of no,” turning hidden risk into managed resilience. This episode equips you to secure speed and innovation hand in hand.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 03 Dec 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/9b2c8dcf/8a6a1332.mp3" length="68492052" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1712</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we pull back the curtain on Shadow SaaS—the hidden world of unsanctioned apps quietly multiplying across the enterprise. You’ll learn how a single “Sign in with Google” click can spawn a durable, invisible connection, why OAuth tokens never seem to die, and how browser extensions and plug-ins form entire shadow ecosystems. We trace the blast radius from data leaks to compliance failures, and show how discovery pipelines, technical guardrails, and smart workflows can expose the sprawl without slowing innovation.</p><p>By listening, you’ll sharpen your ability to spot the signs of Shadow SaaS in your own environment, build stronger instincts around risk-based discovery, and gain practical strategies for token management, data protection, and cultural alignment. You’ll walk away with skills to govern SaaS without becoming the “department of no,” turning hidden risk into managed resilience. This episode equips you to secure speed and innovation hand in hand.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/9b2c8dcf/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Insight: Cyber Kill Chain and Attack Lifecycles</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>51</itunes:episode>
      <podcast:episode>51</podcast:episode>
      <itunes:title>Insight: Cyber Kill Chain and Attack Lifecycles</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">8e65c7a9-00de-468f-baf0-63e3c64e96a9</guid>
      <link>https://share.transistor.fm/s/fee7ce2e</link>
      <description>
        <![CDATA[<p>This narrated Insight walks through the Cyber Kill Chain (CKC) and broader cyber attack lifecycle models as practical tools for real-world defenders. You’ll hear how CKC breaks an intrusion into recognizable stages, from reconnaissance to actions on objectives, and how that gives analysts and engineers a common storyline for messy, real-world incidents. The audio stays vendor-neutral and plain-language, focusing on how to connect alerts, logs, and behaviors to a clear sense of “where in the attacker’s journey are we right now?”</p><p>You’ll also explore everyday use cases, from tuning detections and building playbooks to running more realistic tabletops and making smarter architecture and budget decisions. Along the way, the episode examines benefits, trade-offs, and common failure modes, like treating the Cyber Kill Chain as a slideware checkbox instead of an operational lens. This narration is developed from the Tuesday “Insights” feature in Bare Metal Cyber Magazine, giving you a concise, audio-first way to absorb the full breakdown.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This narrated Insight walks through the Cyber Kill Chain (CKC) and broader cyber attack lifecycle models as practical tools for real-world defenders. You’ll hear how CKC breaks an intrusion into recognizable stages, from reconnaissance to actions on objectives, and how that gives analysts and engineers a common storyline for messy, real-world incidents. The audio stays vendor-neutral and plain-language, focusing on how to connect alerts, logs, and behaviors to a clear sense of “where in the attacker’s journey are we right now?”</p><p>You’ll also explore everyday use cases, from tuning detections and building playbooks to running more realistic tabletops and making smarter architecture and budget decisions. Along the way, the episode examines benefits, trade-offs, and common failure modes, like treating the Cyber Kill Chain as a slideware checkbox instead of an operational lens. This narration is developed from the Tuesday “Insights” feature in Bare Metal Cyber Magazine, giving you a concise, audio-first way to absorb the full breakdown.</p>]]>
      </content:encoded>
      <pubDate>Tue, 02 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/fee7ce2e/83d98b7a.mp3" length="25505399" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>637</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This narrated Insight walks through the Cyber Kill Chain (CKC) and broader cyber attack lifecycle models as practical tools for real-world defenders. You’ll hear how CKC breaks an intrusion into recognizable stages, from reconnaissance to actions on objectives, and how that gives analysts and engineers a common storyline for messy, real-world incidents. The audio stays vendor-neutral and plain-language, focusing on how to connect alerts, logs, and behaviors to a clear sense of “where in the attacker’s journey are we right now?”</p><p>You’ll also explore everyday use cases, from tuning detections and building playbooks to running more realistic tabletops and making smarter architecture and budget decisions. Along the way, the episode examines benefits, trade-offs, and common failure modes, like treating the Cyber Kill Chain as a slideware checkbox instead of an operational lens. This narration is developed from the Tuesday “Insights” feature in Bare Metal Cyber Magazine, giving you a concise, audio-first way to absorb the full breakdown.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/fee7ce2e/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Certified: CompTIA Security+ as Your Cybersecurity Launchpad</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>50</itunes:episode>
      <podcast:episode>50</podcast:episode>
      <itunes:title>Certified: CompTIA Security+ as Your Cybersecurity Launchpad</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">50cee1d4-8205-4f75-9aa3-b3271630da9b</guid>
      <link>https://share.transistor.fm/s/667a2305</link>
      <description>
        <![CDATA[<p>Step into the world of CompTIA Security+ (Security+) with this narrated guide designed for early-career technologists and career-changers. This episode explains what Security+ actually covers, who it is really for, and why so many entry-level security and IT roles call it out by name. You will hear how the exam objectives translate into real skills around threats, defenses, secure design, and day-to-day operations, all in clear, plain English. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, adapted for audio so you can follow along without needing the article in front of you.</p><p> </p><p>We also explore where Security+ fits in a broader certification and career path, from help desk and junior admin roles through security analyst and SOC positions. You will learn how the exam rewards applied understanding over flashcard memorization, what common misconceptions trip up candidates, and how to think about your next steps once you pass. If you are ready to go deeper and follow a structured, step-by-step study plan, you can continue with the full audio course for Security+ inside the Bare Metal Cyber Audio Academy.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Step into the world of CompTIA Security+ (Security+) with this narrated guide designed for early-career technologists and career-changers. This episode explains what Security+ actually covers, who it is really for, and why so many entry-level security and IT roles call it out by name. You will hear how the exam objectives translate into real skills around threats, defenses, secure design, and day-to-day operations, all in clear, plain English. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, adapted for audio so you can follow along without needing the article in front of you.</p><p> </p><p>We also explore where Security+ fits in a broader certification and career path, from help desk and junior admin roles through security analyst and SOC positions. You will learn how the exam rewards applied understanding over flashcard memorization, what common misconceptions trip up candidates, and how to think about your next steps once you pass. If you are ready to go deeper and follow a structured, step-by-step study plan, you can continue with the full audio course for Security+ inside the Bare Metal Cyber Audio Academy.</p>]]>
      </content:encoded>
      <pubDate>Mon, 01 Dec 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/667a2305/ae250237.mp3" length="29278539" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>731</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Step into the world of CompTIA Security+ (Security+) with this narrated guide designed for early-career technologists and career-changers. This episode explains what Security+ actually covers, who it is really for, and why so many entry-level security and IT roles call it out by name. You will hear how the exam objectives translate into real skills around threats, defenses, secure design, and day-to-day operations, all in clear, plain English. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine, adapted for audio so you can follow along without needing the article in front of you.</p><p> </p><p>We also explore where Security+ fits in a broader certification and career path, from help desk and junior admin roles through security analyst and SOC positions. You will learn how the exam rewards applied understanding over flashcard memorization, what common misconceptions trip up candidates, and how to think about your next steps once you pass. If you are ready to go deeper and follow a structured, step-by-step study plan, you can continue with the full audio course for Security+ inside the Bare Metal Cyber Audio Academy.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/667a2305/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, November 28th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>49</itunes:episode>
      <podcast:episode>49</podcast:episode>
      <itunes:title>Weekly Cyber News Rollup, November 28th, 2025</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">7b0086a2-bac2-481b-9134-90414870759c</guid>
      <link>https://share.transistor.fm/s/651b6273</link>
      <description>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 27th, 2025. This week revolves around quiet dependencies turning into loud problems, from abandoned calendar links that can be hijacked to analytics and customer platforms leaking sensitive context. You will hear about a breach at an OpenAI analytics vendor that exposes who is building on artificial intelligence, A I, projects and a ransomware hit on Asahi and Iberia that mixes large data leaks with operational disruption and reputational damage. Developers face a heavy supply chain week as poisoned npm packages, GitHub workflows, and a self spreading JavaScript worm target build systems and secrets. At the same time, flaws in logging agents, emergency alert platforms, and Ray powered A I clusters show how core infrastructure can be hijacked for stealth access, cryptomining, or simply going dark when people need it most.</p><p> </p><p>Across the full set of stories, the focus is on how attackers exploit trusted tools and identity layers that many teams treat as background plumbing. You will hear how spyware vendors are turning secure messaging users into targets, how years of pasting code into online tools has quietly exposed live credentials, and how flaws in Oracle identity, Azure Bastion, and Grafana can hand over powerful access with a few crafted requests. Website and endpoint risks also feature, from W three Total Cache and FortiWeb to seven zip, reminding teams that small utilities and plugins can still open big doors. The episode is designed for executives, security teams, builders, and students who need a fast weekly sweep of the real attack surface, stitched across cloud, identity, and software factories, available at DailyCyber.news. By the end, you will have a clear sense of where your own quiet dependencies might be hiding.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 27th, 2025. This week revolves around quiet dependencies turning into loud problems, from abandoned calendar links that can be hijacked to analytics and customer platforms leaking sensitive context. You will hear about a breach at an OpenAI analytics vendor that exposes who is building on artificial intelligence, A I, projects and a ransomware hit on Asahi and Iberia that mixes large data leaks with operational disruption and reputational damage. Developers face a heavy supply chain week as poisoned npm packages, GitHub workflows, and a self spreading JavaScript worm target build systems and secrets. At the same time, flaws in logging agents, emergency alert platforms, and Ray powered A I clusters show how core infrastructure can be hijacked for stealth access, cryptomining, or simply going dark when people need it most.</p><p> </p><p>Across the full set of stories, the focus is on how attackers exploit trusted tools and identity layers that many teams treat as background plumbing. You will hear how spyware vendors are turning secure messaging users into targets, how years of pasting code into online tools has quietly exposed live credentials, and how flaws in Oracle identity, Azure Bastion, and Grafana can hand over powerful access with a few crafted requests. Website and endpoint risks also feature, from W three Total Cache and FortiWeb to seven zip, reminding teams that small utilities and plugins can still open big doors. The episode is designed for executives, security teams, builders, and students who need a fast weekly sweep of the real attack surface, stitched across cloud, identity, and software factories, available at DailyCyber.news. By the end, you will have a clear sense of where your own quiet dependencies might be hiding.</p>]]>
      </content:encoded>
      <pubDate>Thu, 27 Nov 2025 22:00:02 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/651b6273/f57f5567.mp3" length="46035553" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1150</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 27th, 2025. This week revolves around quiet dependencies turning into loud problems, from abandoned calendar links that can be hijacked to analytics and customer platforms leaking sensitive context. You will hear about a breach at an OpenAI analytics vendor that exposes who is building on artificial intelligence, A I, projects and a ransomware hit on Asahi and Iberia that mixes large data leaks with operational disruption and reputational damage. Developers face a heavy supply chain week as poisoned npm packages, GitHub workflows, and a self spreading JavaScript worm target build systems and secrets. At the same time, flaws in logging agents, emergency alert platforms, and Ray powered A I clusters show how core infrastructure can be hijacked for stealth access, cryptomining, or simply going dark when people need it most.</p><p> </p><p>Across the full set of stories, the focus is on how attackers exploit trusted tools and identity layers that many teams treat as background plumbing. You will hear how spyware vendors are turning secure messaging users into targets, how years of pasting code into online tools has quietly exposed live credentials, and how flaws in Oracle identity, Azure Bastion, and Grafana can hand over powerful access with a few crafted requests. Website and endpoint risks also feature, from W three Total Cache and FortiWeb to seven zip, reminding teams that small utilities and plugins can still open big doors. The episode is designed for executives, security teams, builders, and students who need a fast weekly sweep of the real attack surface, stitched across cloud, identity, and software factories, available at DailyCyber.news. By the end, you will have a clear sense of where your own quiet dependencies might be hiding.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/651b6273/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Zero Trust Theater: We Put a Fancy Gate on a Cardboard Wall</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>48</itunes:episode>
      <podcast:episode>48</podcast:episode>
      <itunes:title>Zero Trust Theater: We Put a Fancy Gate on a Cardboard Wall</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c0b1c574-ac8b-46b5-915e-db0760ce4a69</guid>
      <link>https://share.transistor.fm/s/77ff64cb</link>
      <description>
        <![CDATA[<p>In this episode, we uncover the reality of “Zero Trust theater”—where organizations invest in flashy front gates like MFA prompts, dashboards, and vendor logos while leaving the walls behind them flimsy and unprotected. Listeners will learn how these illusions are built, where attackers push through the cardboard, and the specific tactics adversaries use to bypass props. From consent phishing and token replay to legacy carve-outs and SaaS trust chains, the episode paints a vivid picture of why optics without structure fail.</p><p>You’ll also gain practical insight into the skills that strengthen real Zero Trust. By the end, you’ll understand how to operationalize least privilege, enforce identity at every hop, design microsegmentation that actually holds, and measure resilience through meaningful metrics rather than green lights. This is more than theory—it’s a guide to recognizing illusions, breaking free from stagecraft, and building durable frameworks that withstand pressure.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we uncover the reality of “Zero Trust theater”—where organizations invest in flashy front gates like MFA prompts, dashboards, and vendor logos while leaving the walls behind them flimsy and unprotected. Listeners will learn how these illusions are built, where attackers push through the cardboard, and the specific tactics adversaries use to bypass props. From consent phishing and token replay to legacy carve-outs and SaaS trust chains, the episode paints a vivid picture of why optics without structure fail.</p><p>You’ll also gain practical insight into the skills that strengthen real Zero Trust. By the end, you’ll understand how to operationalize least privilege, enforce identity at every hop, design microsegmentation that actually holds, and measure resilience through meaningful metrics rather than green lights. This is more than theory—it’s a guide to recognizing illusions, breaking free from stagecraft, and building durable frameworks that withstand pressure.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 26 Nov 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/77ff64cb/4064cf53.mp3" length="70521499" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1763</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we uncover the reality of “Zero Trust theater”—where organizations invest in flashy front gates like MFA prompts, dashboards, and vendor logos while leaving the walls behind them flimsy and unprotected. Listeners will learn how these illusions are built, where attackers push through the cardboard, and the specific tactics adversaries use to bypass props. From consent phishing and token replay to legacy carve-outs and SaaS trust chains, the episode paints a vivid picture of why optics without structure fail.</p><p>You’ll also gain practical insight into the skills that strengthen real Zero Trust. By the end, you’ll understand how to operationalize least privilege, enforce identity at every hop, design microsegmentation that actually holds, and measure resilience through meaningful metrics rather than green lights. This is more than theory—it’s a guide to recognizing illusions, breaking free from stagecraft, and building durable frameworks that withstand pressure.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/77ff64cb/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Update: Cyber News for the Week ending 21 November, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>47</itunes:episode>
      <podcast:episode>47</podcast:episode>
      <itunes:title>Weekly Update: Cyber News for the Week ending 21 November, 2025</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5059c0f5-a6ab-4b92-9e95-83d934933e64</guid>
      <link>https://share.transistor.fm/s/0737d14b</link>
      <description>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 21st, 2025. We track a crippling cyberattack on a major automaker that shut factories and erased hundreds of millions in profit. We also follow a suspected China aligned espionage group that turned an artificial intelligence, A I, coding agent into an automated intrusion assistant. Fresh consumer and supporter data breaches, including a social engineering hit on a food delivery platform and exposure of political affiliation records, show how one person or vendor mistake can unlock large data sets. Critical flaws in Fortinet FortiWeb web application firewalls and an actively exploited Windows kernel bug round out the list of urgent patches for the week.</p><p>You will hear clear run downs of each of the week’s biggest stories, from industrial shutdowns and agent driven intrusions to social engineering breaches and vendor failures. We explain how third party services, software supply chain projects, law enforcement case systems, and cloud platforms like Azure are being probed and stressed, and what that means for executives, security teams, builders, and students trying to stay ahead. Along the way we call out who is most exposed, which signals in logs and dashboards deserve a second look, and which updates should move to the front of the queue. The episode is designed as a fast, practical briefing that you can replay or share with your teams, available at DailyCyber.news.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 21st, 2025. We track a crippling cyberattack on a major automaker that shut factories and erased hundreds of millions in profit. We also follow a suspected China aligned espionage group that turned an artificial intelligence, A I, coding agent into an automated intrusion assistant. Fresh consumer and supporter data breaches, including a social engineering hit on a food delivery platform and exposure of political affiliation records, show how one person or vendor mistake can unlock large data sets. Critical flaws in Fortinet FortiWeb web application firewalls and an actively exploited Windows kernel bug round out the list of urgent patches for the week.</p><p>You will hear clear run downs of each of the week’s biggest stories, from industrial shutdowns and agent driven intrusions to social engineering breaches and vendor failures. We explain how third party services, software supply chain projects, law enforcement case systems, and cloud platforms like Azure are being probed and stressed, and what that means for executives, security teams, builders, and students trying to stay ahead. Along the way we call out who is most exposed, which signals in logs and dashboards deserve a second look, and which updates should move to the front of the queue. The episode is designed as a fast, practical briefing that you can replay or share with your teams, available at DailyCyber.news.</p>]]>
      </content:encoded>
      <pubDate>Fri, 21 Nov 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/0737d14b/ed1bb192.mp3" length="72609415" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1814</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 21st, 2025. We track a crippling cyberattack on a major automaker that shut factories and erased hundreds of millions in profit. We also follow a suspected China aligned espionage group that turned an artificial intelligence, A I, coding agent into an automated intrusion assistant. Fresh consumer and supporter data breaches, including a social engineering hit on a food delivery platform and exposure of political affiliation records, show how one person or vendor mistake can unlock large data sets. Critical flaws in Fortinet FortiWeb web application firewalls and an actively exploited Windows kernel bug round out the list of urgent patches for the week.</p><p>You will hear clear run downs of each of the week’s biggest stories, from industrial shutdowns and agent driven intrusions to social engineering breaches and vendor failures. We explain how third party services, software supply chain projects, law enforcement case systems, and cloud platforms like Azure are being probed and stressed, and what that means for executives, security teams, builders, and students trying to stay ahead. Along the way we call out who is most exposed, which signals in logs and dashboards deserve a second look, and which updates should move to the front of the queue. The episode is designed as a fast, practical briefing that you can replay or share with your teams, available at DailyCyber.news.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/0737d14b/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cyber Talks - Break Things Safely: A High-Value Cyber Exercise Program with Daniel Hammond</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>46</itunes:episode>
      <podcast:episode>46</podcast:episode>
      <itunes:title>Cyber Talks - Break Things Safely: A High-Value Cyber Exercise Program with Daniel Hammond</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">2333c4a9-5572-4ba9-8685-46c4f348342f</guid>
      <link>https://share.transistor.fm/s/2f2f667b</link>
      <description>
        <![CDATA[<p>Don’t wait to learn the fire drill while the building’s on fire. In this Cyber Talk developed by BareMetalCyber.com, Army veteran and cyber resilience strategist Daniel Hammond shows how to move past check-the-box drills and turn exercises into a core learning culture. He walks through goal-driven planning (so every exercise serves a sponsor’s real need), the HSEEP spectrum from seminars and workshops to tabletops, drills, and full-scale events, plus when to go operations-based, run no-notice tests, and invite regulators, comms, and third-party partners into the room. </p><p>Daniel shares hard-won lessons from building programs at Fortune 500s: validating response playbooks, avoiding “single-layer defense” with purple teaming, closing gaps regulators spot across your industry, and using board briefings to turn findings into funding. If you lead incident response, risk, or compliance—and you want confident teams that discover blind spots before adversaries do—this talk is for you. Join us, bring questions, and leave with practical patterns you can run this quarter.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Don’t wait to learn the fire drill while the building’s on fire. In this Cyber Talk developed by BareMetalCyber.com, Army veteran and cyber resilience strategist Daniel Hammond shows how to move past check-the-box drills and turn exercises into a core learning culture. He walks through goal-driven planning (so every exercise serves a sponsor’s real need), the HSEEP spectrum from seminars and workshops to tabletops, drills, and full-scale events, plus when to go operations-based, run no-notice tests, and invite regulators, comms, and third-party partners into the room. </p><p>Daniel shares hard-won lessons from building programs at Fortune 500s: validating response playbooks, avoiding “single-layer defense” with purple teaming, closing gaps regulators spot across your industry, and using board briefings to turn findings into funding. If you lead incident response, risk, or compliance—and you want confident teams that discover blind spots before adversaries do—this talk is for you. Join us, bring questions, and leave with practical patterns you can run this quarter.</p>]]>
      </content:encoded>
      <pubDate>Thu, 20 Nov 2025 02:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2f2f667b/18ab4a61.mp3" length="46214159" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/-OHnERNf_qO9n8b5UcoL8mmxiSovwUW4jKXdUT_-d0o/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82YTc1/YzM1OGVjOTc1MTdm/N2NhMDkyMDQ4ZDBj/MGFjNy5wbmc.jpg"/>
      <itunes:duration>2885</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Don’t wait to learn the fire drill while the building’s on fire. In this Cyber Talk developed by BareMetalCyber.com, Army veteran and cyber resilience strategist Daniel Hammond shows how to move past check-the-box drills and turn exercises into a core learning culture. He walks through goal-driven planning (so every exercise serves a sponsor’s real need), the HSEEP spectrum from seminars and workshops to tabletops, drills, and full-scale events, plus when to go operations-based, run no-notice tests, and invite regulators, comms, and third-party partners into the room. </p><p>Daniel shares hard-won lessons from building programs at Fortune 500s: validating response playbooks, avoiding “single-layer defense” with purple teaming, closing gaps regulators spot across your industry, and using board briefings to turn findings into funding. If you lead incident response, risk, or compliance—and you want confident teams that discover blind spots before adversaries do—this talk is for you. Join us, bring questions, and leave with practical patterns you can run this quarter.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2f2f667b/transcript.vtt" type="text/vtt" rel="captions"/>
    </item>
    <item>
      <title>XDR, EDR, NDR, MDR, WTF-DR?</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>45</itunes:episode>
      <podcast:episode>45</podcast:episode>
      <itunes:title>XDR, EDR, NDR, MDR, WTF-DR?</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b22be8d0-20f3-4d77-b8b0-cf306af79d06</guid>
      <link>https://share.transistor.fm/s/f57dae01</link>
      <description>
        <![CDATA[<p>In this episode, we cut through the alphabet soup of cybersecurity—EDR, NDR, XDR, MDR, and even the tongue-in-cheek WTF-DR. You’ll learn what each of these acronyms really means, how they differ, and where they overlap. More importantly, you’ll gain clarity on how they fit together in practice, why no single tool is enough, and how to build a layered defense without wasting budget on hype. Through clear explanations and vivid scenarios, the episode brings order to the chaos of detection and response technologies.</p><p>Listening will sharpen your ability to evaluate tools, vendors, and services with confidence. You’ll improve your skills in mapping security investments to real outcomes, spotting hidden gaps in coverage, and asking the right questions about integration, costs, and response workflows. Whether you’re a security leader, analyst, or simply navigating the jargon jungle, this episode equips you to separate buzzwords from business value.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we cut through the alphabet soup of cybersecurity—EDR, NDR, XDR, MDR, and even the tongue-in-cheek WTF-DR. You’ll learn what each of these acronyms really means, how they differ, and where they overlap. More importantly, you’ll gain clarity on how they fit together in practice, why no single tool is enough, and how to build a layered defense without wasting budget on hype. Through clear explanations and vivid scenarios, the episode brings order to the chaos of detection and response technologies.</p><p>Listening will sharpen your ability to evaluate tools, vendors, and services with confidence. You’ll improve your skills in mapping security investments to real outcomes, spotting hidden gaps in coverage, and asking the right questions about integration, costs, and response workflows. Whether you’re a security leader, analyst, or simply navigating the jargon jungle, this episode equips you to separate buzzwords from business value.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 19 Nov 2025 04:38:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f57dae01/1989845b.mp3" length="69647867" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1741</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we cut through the alphabet soup of cybersecurity—EDR, NDR, XDR, MDR, and even the tongue-in-cheek WTF-DR. You’ll learn what each of these acronyms really means, how they differ, and where they overlap. More importantly, you’ll gain clarity on how they fit together in practice, why no single tool is enough, and how to build a layered defense without wasting budget on hype. Through clear explanations and vivid scenarios, the episode brings order to the chaos of detection and response technologies.</p><p>Listening will sharpen your ability to evaluate tools, vendors, and services with confidence. You’ll improve your skills in mapping security investments to real outcomes, spotting hidden gaps in coverage, and asking the right questions about integration, costs, and response workflows. Whether you’re a security leader, analyst, or simply navigating the jargon jungle, this episode equips you to separate buzzwords from business value.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f57dae01/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, November 14th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>44</itunes:episode>
      <podcast:episode>44</podcast:episode>
      <itunes:title>Weekly Cyber News Rollup, November 14th, 2025</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">6a71a7f7-40ba-47a2-b57e-2fc4e5e33aae</guid>
      <link>https://share.transistor.fm/s/1142301a</link>
      <description>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 14th, 2025. This week centers on phones, clouds, and core identity systems under pressure from well funded attackers who prefer to move quietly. You will hear how new spyware campaigns abuse Samsung devices and WhatsApp features, while hotel and travel scams blend real booking details with fresh malware delivery. The episode also walks through developer and infrastructure risks, from poisoned code editor extensions to critical flaws in firewalls and container platforms that can turn one foothold into broad access. It all adds up to a week where leaders and defenders need to rethink how personal devices, travel workflows, and cloud control planes intersect in daily operations.</p><p>Across these stories you will move from data exposure at an artificial intelligence company ecosystem to massive breach data feeds landing in tracking services, and from long running espionage inside a policy nonprofit to new tools that help small businesses fight review extortion. Executives will gain a faster sense of which threats can disrupt revenue and trust, while security teams hear where to focus monitoring, patching, and multi factor authentication, M F A, improvements right now. Builders and cloud operators get practical insight into container escape flaws, risky extensions, and identity platform weaknesses that change how they should think about shared environments. Students and early career defenders can use the narrative to map how scams, espionage, and infrastructure bugs all connect in real attacks. Listen in to get the full story arc in one pass, available at DailyCyber.news.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 14th, 2025. This week centers on phones, clouds, and core identity systems under pressure from well funded attackers who prefer to move quietly. You will hear how new spyware campaigns abuse Samsung devices and WhatsApp features, while hotel and travel scams blend real booking details with fresh malware delivery. The episode also walks through developer and infrastructure risks, from poisoned code editor extensions to critical flaws in firewalls and container platforms that can turn one foothold into broad access. It all adds up to a week where leaders and defenders need to rethink how personal devices, travel workflows, and cloud control planes intersect in daily operations.</p><p>Across these stories you will move from data exposure at an artificial intelligence company ecosystem to massive breach data feeds landing in tracking services, and from long running espionage inside a policy nonprofit to new tools that help small businesses fight review extortion. Executives will gain a faster sense of which threats can disrupt revenue and trust, while security teams hear where to focus monitoring, patching, and multi factor authentication, M F A, improvements right now. Builders and cloud operators get practical insight into container escape flaws, risky extensions, and identity platform weaknesses that change how they should think about shared environments. Students and early career defenders can use the narrative to map how scams, espionage, and infrastructure bugs all connect in real attacks. Listen in to get the full story arc in one pass, available at DailyCyber.news.</p>]]>
      </content:encoded>
      <pubDate>Fri, 14 Nov 2025 17:54:38 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1142301a/f1c1b918.mp3" length="29442573" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>735</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is your weekly cyber news roll-up for the week ending November 14th, 2025. This week centers on phones, clouds, and core identity systems under pressure from well funded attackers who prefer to move quietly. You will hear how new spyware campaigns abuse Samsung devices and WhatsApp features, while hotel and travel scams blend real booking details with fresh malware delivery. The episode also walks through developer and infrastructure risks, from poisoned code editor extensions to critical flaws in firewalls and container platforms that can turn one foothold into broad access. It all adds up to a week where leaders and defenders need to rethink how personal devices, travel workflows, and cloud control planes intersect in daily operations.</p><p>Across these stories you will move from data exposure at an artificial intelligence company ecosystem to massive breach data feeds landing in tracking services, and from long running espionage inside a policy nonprofit to new tools that help small businesses fight review extortion. Executives will gain a faster sense of which threats can disrupt revenue and trust, while security teams hear where to focus monitoring, patching, and multi factor authentication, M F A, improvements right now. Builders and cloud operators get practical insight into container escape flaws, risky extensions, and identity platform weaknesses that change how they should think about shared environments. Students and early career defenders can use the narrative to map how scams, espionage, and infrastructure bugs all connect in real attacks. Listen in to get the full story arc in one pass, available at DailyCyber.news.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1142301a/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Phishing ‘Hunger Games’: May the Odds Be Ever in Your Favor (They Aren’t)</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>43</itunes:episode>
      <podcast:episode>43</podcast:episode>
      <itunes:title>Phishing ‘Hunger Games’: May the Odds Be Ever in Your Favor (They Aren’t)</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e7e80ab4-839f-4ead-a80e-289acca9cded</guid>
      <link>https://share.transistor.fm/s/95b8bc4a</link>
      <description>
        <![CDATA[<p>In this episode, we explore phishing as a rigged arena where attackers decide the rules and employees become the unwilling contestants. You’ll learn how phishing has evolved from clumsy spam into precision-engineered deception powered by AI, reverse proxies, and multi-channel choreography. We unpack the psychology that adversaries exploit—urgency, authority, and scarcity—and show how identity protections, layered defenses, and cultural shifts can flip the script. From role-specific vulnerabilities to the industrialization of phishing kits, this episode equips you with a clear view of the battlefield and the tools needed to navigate it.</p><p>Listening also sharpens practical skills that directly improve resilience. You’ll gain insight into recognizing subtle red flags across devices and platforms, understanding the tactics that bypass traditional MFA, and adopting verification habits that make the safe path the easiest one. Beyond individual awareness, the episode builds leadership and organizational skills: how to embed verification into workflows, design effective simulations, and foster a culture where reporting is rewarded. By the end, you’ll see how to shift the odds, not by chance, but by readiness. Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we explore phishing as a rigged arena where attackers decide the rules and employees become the unwilling contestants. You’ll learn how phishing has evolved from clumsy spam into precision-engineered deception powered by AI, reverse proxies, and multi-channel choreography. We unpack the psychology that adversaries exploit—urgency, authority, and scarcity—and show how identity protections, layered defenses, and cultural shifts can flip the script. From role-specific vulnerabilities to the industrialization of phishing kits, this episode equips you with a clear view of the battlefield and the tools needed to navigate it.</p><p>Listening also sharpens practical skills that directly improve resilience. You’ll gain insight into recognizing subtle red flags across devices and platforms, understanding the tactics that bypass traditional MFA, and adopting verification habits that make the safe path the easiest one. Beyond individual awareness, the episode builds leadership and organizational skills: how to embed verification into workflows, design effective simulations, and foster a culture where reporting is rewarded. By the end, you’ll see how to shift the odds, not by chance, but by readiness. Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 12 Nov 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/95b8bc4a/78d91042.mp3" length="74636148" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1866</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we explore phishing as a rigged arena where attackers decide the rules and employees become the unwilling contestants. You’ll learn how phishing has evolved from clumsy spam into precision-engineered deception powered by AI, reverse proxies, and multi-channel choreography. We unpack the psychology that adversaries exploit—urgency, authority, and scarcity—and show how identity protections, layered defenses, and cultural shifts can flip the script. From role-specific vulnerabilities to the industrialization of phishing kits, this episode equips you with a clear view of the battlefield and the tools needed to navigate it.</p><p>Listening also sharpens practical skills that directly improve resilience. You’ll gain insight into recognizing subtle red flags across devices and platforms, understanding the tactics that bypass traditional MFA, and adopting verification habits that make the safe path the easiest one. Beyond individual awareness, the episode builds leadership and organizational skills: how to embed verification into workflows, design effective simulations, and foster a culture where reporting is rewarded. By the end, you’ll see how to shift the odds, not by chance, but by readiness. Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/95b8bc4a/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, November 7th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>Weekly Cyber News Rollup, November 7th, 2025</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">29455529-c5ec-45c8-959a-9a04d7f8573a</guid>
      <link>https://share.transistor.fm/s/dfb41674</link>
      <description>
        <![CDATA[<p>This is this week’s cyber news for November third through November seventh, twenty twenty-five. The week unfolded with relentless attacks on edge infrastructure, high-stakes data breaches, and fresh discoveries in global espionage campaigns. Cisco faced active exploitation of its Secure Firewalls and routers, SonicWall confirmed a state-backed backup theft, and Conduent revealed exposure of over ten million personal records. From telecom networks to government mail servers, the week showed how attackers are targeting both the perimeter and the core of modern systems.</p><p>Listeners will hear twenty-five stories that define the shifting threat landscape — from router implants and cloud misconfigurations to insider indictments and major ransomware playbooks. Each segment stays focused on what happened, who was affected, and why it matters to defenders and decision-makers. The narrated version of this full report is available anytime at DailyCyber.news.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is this week’s cyber news for November third through November seventh, twenty twenty-five. The week unfolded with relentless attacks on edge infrastructure, high-stakes data breaches, and fresh discoveries in global espionage campaigns. Cisco faced active exploitation of its Secure Firewalls and routers, SonicWall confirmed a state-backed backup theft, and Conduent revealed exposure of over ten million personal records. From telecom networks to government mail servers, the week showed how attackers are targeting both the perimeter and the core of modern systems.</p><p>Listeners will hear twenty-five stories that define the shifting threat landscape — from router implants and cloud misconfigurations to insider indictments and major ransomware playbooks. Each segment stays focused on what happened, who was affected, and why it matters to defenders and decision-makers. The narrated version of this full report is available anytime at DailyCyber.news.</p>]]>
      </content:encoded>
      <pubDate>Sat, 08 Nov 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/dfb41674/13b9c13e.mp3" length="38515272" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>963</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is this week’s cyber news for November third through November seventh, twenty twenty-five. The week unfolded with relentless attacks on edge infrastructure, high-stakes data breaches, and fresh discoveries in global espionage campaigns. Cisco faced active exploitation of its Secure Firewalls and routers, SonicWall confirmed a state-backed backup theft, and Conduent revealed exposure of over ten million personal records. From telecom networks to government mail servers, the week showed how attackers are targeting both the perimeter and the core of modern systems.</p><p>Listeners will hear twenty-five stories that define the shifting threat landscape — from router implants and cloud misconfigurations to insider indictments and major ransomware playbooks. Each segment stays focused on what happened, who was affected, and why it matters to defenders and decision-makers. The narrated version of this full report is available anytime at DailyCyber.news.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/dfb41674/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>The Cult of the Dashboard: Vanity Metrics Anonymous</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>42</itunes:episode>
      <podcast:episode>42</podcast:episode>
      <itunes:title>The Cult of the Dashboard: Vanity Metrics Anonymous</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">74380529-3db5-41a5-b86a-11d897cdf00d</guid>
      <link>https://share.transistor.fm/s/5ccd94b9</link>
      <description>
        <![CDATA[<p>In this episode, <em>The Cult of the Dashboard: Vanity Metrics Anonymous</em>, we expose the seductive world of flashy dashboards and meaningless numbers. Listeners will learn why organizations cling to vanity metrics, how executive reports can hide more than they reveal, and what truly matters when measuring security. From the psychological pull of green stoplights to the perverse incentives that reward compliance theater, the discussion unpacks how activity counts distract from the real goal: reducing risk in the face of determined adversaries.</p><p>Beyond awareness, this episode sharpens practical skills for security leaders and practitioners. You’ll gain insight into building outcome-driven measurement programs, creating metrics that highlight exposure and effectiveness, and framing results in ways that drive decisions. The episode also helps refine executive communication, teaching how to transform numbers into narratives that motivate action instead of applause. By the end, you’ll be better equipped to design metrics that measure what attackers care about—not what looks good on a slide. Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, <em>The Cult of the Dashboard: Vanity Metrics Anonymous</em>, we expose the seductive world of flashy dashboards and meaningless numbers. Listeners will learn why organizations cling to vanity metrics, how executive reports can hide more than they reveal, and what truly matters when measuring security. From the psychological pull of green stoplights to the perverse incentives that reward compliance theater, the discussion unpacks how activity counts distract from the real goal: reducing risk in the face of determined adversaries.</p><p>Beyond awareness, this episode sharpens practical skills for security leaders and practitioners. You’ll gain insight into building outcome-driven measurement programs, creating metrics that highlight exposure and effectiveness, and framing results in ways that drive decisions. The episode also helps refine executive communication, teaching how to transform numbers into narratives that motivate action instead of applause. By the end, you’ll be better equipped to design metrics that measure what attackers care about—not what looks good on a slide. Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 05 Nov 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5ccd94b9/dafcc6db.mp3" length="70696211" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1767</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, <em>The Cult of the Dashboard: Vanity Metrics Anonymous</em>, we expose the seductive world of flashy dashboards and meaningless numbers. Listeners will learn why organizations cling to vanity metrics, how executive reports can hide more than they reveal, and what truly matters when measuring security. From the psychological pull of green stoplights to the perverse incentives that reward compliance theater, the discussion unpacks how activity counts distract from the real goal: reducing risk in the face of determined adversaries.</p><p>Beyond awareness, this episode sharpens practical skills for security leaders and practitioners. You’ll gain insight into building outcome-driven measurement programs, creating metrics that highlight exposure and effectiveness, and framing results in ways that drive decisions. The episode also helps refine executive communication, teaching how to transform numbers into narratives that motivate action instead of applause. By the end, you’ll be better equipped to design metrics that measure what attackers care about—not what looks good on a slide. Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, October 31st, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>2</itunes:episode>
      <podcast:episode>2</podcast:episode>
      <itunes:title>Weekly Cyber News Rollup, October 31st, 2025</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">be0dc1af-727f-49b7-9818-272653e7f92e</guid>
      <link>https://share.transistor.fm/s/ef4ea92d</link>
      <description>
        <![CDATA[<p>This is this week’s cyber news for October 27th through October 31st, 2025. The week opens with trusted update lanes under attack and an emergency fix to protect enterprise patching. A zero day in Oracle E-Business Suite put finance and supply-chain records at risk, while a fresh B I N D issue threatened cache poisoning across hundreds of thousands of resolvers. A live Chrome exploit tied to a surveillance vendor kept risk high for targeted users, and a rebuilt ransomware toolkit reappeared with broader reach. Together, these stories show how core plumbing, business systems, and user browsers can all become first-impact points.</p><p> </p><p>You will hear how agencies were ordered to patch exploited virtualization paths, how developer tokens were stolen via look-alike packages, and how a polished board-invite lure harvested executive credentials. We cover a Windows Subsystem for Linux encryptor tactic, active attacks on shop-floor software added to the K E V list, and hands-on tampering of exposed industrial controls. Also in the mix: a global identity outage, mass exploitation of abandoned plugins, near-field payment relay kits, an enclave side-channel, a crash-looping link, rumor control, and account-security policy changes. Leaders, defenders, and builders get practical takeaways, with the narrated episode available at DailyCyber.news.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is this week’s cyber news for October 27th through October 31st, 2025. The week opens with trusted update lanes under attack and an emergency fix to protect enterprise patching. A zero day in Oracle E-Business Suite put finance and supply-chain records at risk, while a fresh B I N D issue threatened cache poisoning across hundreds of thousands of resolvers. A live Chrome exploit tied to a surveillance vendor kept risk high for targeted users, and a rebuilt ransomware toolkit reappeared with broader reach. Together, these stories show how core plumbing, business systems, and user browsers can all become first-impact points.</p><p> </p><p>You will hear how agencies were ordered to patch exploited virtualization paths, how developer tokens were stolen via look-alike packages, and how a polished board-invite lure harvested executive credentials. We cover a Windows Subsystem for Linux encryptor tactic, active attacks on shop-floor software added to the K E V list, and hands-on tampering of exposed industrial controls. Also in the mix: a global identity outage, mass exploitation of abandoned plugins, near-field payment relay kits, an enclave side-channel, a crash-looping link, rumor control, and account-security policy changes. Leaders, defenders, and builders get practical takeaways, with the narrated episode available at DailyCyber.news.</p>]]>
      </content:encoded>
      <pubDate>Fri, 31 Oct 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ef4ea92d/4bdd9505.mp3" length="28769562" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>718</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is this week’s cyber news for October 27th through October 31st, 2025. The week opens with trusted update lanes under attack and an emergency fix to protect enterprise patching. A zero day in Oracle E-Business Suite put finance and supply-chain records at risk, while a fresh B I N D issue threatened cache poisoning across hundreds of thousands of resolvers. A live Chrome exploit tied to a surveillance vendor kept risk high for targeted users, and a rebuilt ransomware toolkit reappeared with broader reach. Together, these stories show how core plumbing, business systems, and user browsers can all become first-impact points.</p><p> </p><p>You will hear how agencies were ordered to patch exploited virtualization paths, how developer tokens were stolen via look-alike packages, and how a polished board-invite lure harvested executive credentials. We cover a Windows Subsystem for Linux encryptor tactic, active attacks on shop-floor software added to the K E V list, and hands-on tampering of exposed industrial controls. Also in the mix: a global identity outage, mass exploitation of abandoned plugins, near-field payment relay kits, an enclave side-channel, a crash-looping link, rumor control, and account-security policy changes. Leaders, defenders, and builders get practical takeaways, with the narrated episode available at DailyCyber.news.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ef4ea92d/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Patch Tuesday, Breach Wednesday</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>41</itunes:episode>
      <podcast:episode>41</podcast:episode>
      <itunes:title>Patch Tuesday, Breach Wednesday</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">988bbcd5-3ba7-4588-8f77-0bfc24773ae5</guid>
      <link>https://share.transistor.fm/s/06b04c85</link>
      <description>
        <![CDATA[<p>In this episode of Bare Metal Cyber, we break down the monthly ritual every security team knows too well: Patch Tuesday. You’ll learn why the very act of publishing a patch creates a roadmap for attackers, how exploits move from proof-of-concept to widespread weaponization in a matter of hours, and why so many organizations struggle with the dreaded “patch gap.” We’ll also explore the speed advantage of adversaries, the realities of legacy systems, and what a 72-hour response playbook looks like when executed correctly.</p><p>Beyond awareness, this episode sharpens your practical skills. You’ll gain insight into prioritizing vulnerabilities based on real-world risk, using canary deployments and automation to patch faster with less disruption, and applying compensating controls when immediate fixes aren’t possible. Most importantly, you’ll build the mindset to treat patching as frontline defense rather than routine maintenance—transforming Breach Wednesday from a certainty into just another day.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of Bare Metal Cyber, we break down the monthly ritual every security team knows too well: Patch Tuesday. You’ll learn why the very act of publishing a patch creates a roadmap for attackers, how exploits move from proof-of-concept to widespread weaponization in a matter of hours, and why so many organizations struggle with the dreaded “patch gap.” We’ll also explore the speed advantage of adversaries, the realities of legacy systems, and what a 72-hour response playbook looks like when executed correctly.</p><p>Beyond awareness, this episode sharpens your practical skills. You’ll gain insight into prioritizing vulnerabilities based on real-world risk, using canary deployments and automation to patch faster with less disruption, and applying compensating controls when immediate fixes aren’t possible. Most importantly, you’ll build the mindset to treat patching as frontline defense rather than routine maintenance—transforming Breach Wednesday from a certainty into just another day.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 29 Oct 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/06b04c85/0b83fc21.mp3" length="72697791" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1817</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of Bare Metal Cyber, we break down the monthly ritual every security team knows too well: Patch Tuesday. You’ll learn why the very act of publishing a patch creates a roadmap for attackers, how exploits move from proof-of-concept to widespread weaponization in a matter of hours, and why so many organizations struggle with the dreaded “patch gap.” We’ll also explore the speed advantage of adversaries, the realities of legacy systems, and what a 72-hour response playbook looks like when executed correctly.</p><p>Beyond awareness, this episode sharpens your practical skills. You’ll gain insight into prioritizing vulnerabilities based on real-world risk, using canary deployments and automation to patch faster with less disruption, and applying compensating controls when immediate fixes aren’t possible. Most importantly, you’ll build the mindset to treat patching as frontline defense rather than routine maintenance—transforming Breach Wednesday from a certainty into just another day.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/06b04c85/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, October 24th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>Weekly Cyber News Rollup, October 24th, 2025</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">4c958fb8-70ff-4ccc-b93c-49036d0acacc</guid>
      <link>https://share.transistor.fm/s/754aed77</link>
      <description>
        <![CDATA[<p>This is the Friday Rollup for October twentieth through October twenty-fourth, twenty twenty-five. A turbulent week put resilience and identity under the microscope: a broad Amazon Web Services disruption rippled through logins and checkouts, while a Windows change broke authentication on cloned machines with duplicate S I Ds. We saw active exploitation against Oracle E-Business Suite, critical flaws in T P-Link Omada and WatchGuard Fireware, and convincing Microsoft 365 phishing hosted on Azure itself. Add in developer risks—from lagging Chromium inside A I code editors to a high-severity Kestrel bug—and the message is clear: fundamentals matter when everything is connected.</p><p>You’ll hear crisp, plain-English briefs on each item: how Magento “Session Reaper” drives checkout fraud, what Pwn two Own means for your next patch sprint, why Vidar’s speed boost and Mermaid-based prompt injection change identity defense, and how Polar Edge, ToolShell, and a Rust tar parsing flaw widen the perimeter. We also cover agent abuse, certificate subversion, and an M C P registry leak that exposed thousands of servers and keys. Leaders, defenders, and builders get concrete actions to reduce blast radius, tighten identity, and harden edge and dev tooling—available at daily cyber news dot com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is the Friday Rollup for October twentieth through October twenty-fourth, twenty twenty-five. A turbulent week put resilience and identity under the microscope: a broad Amazon Web Services disruption rippled through logins and checkouts, while a Windows change broke authentication on cloned machines with duplicate S I Ds. We saw active exploitation against Oracle E-Business Suite, critical flaws in T P-Link Omada and WatchGuard Fireware, and convincing Microsoft 365 phishing hosted on Azure itself. Add in developer risks—from lagging Chromium inside A I code editors to a high-severity Kestrel bug—and the message is clear: fundamentals matter when everything is connected.</p><p>You’ll hear crisp, plain-English briefs on each item: how Magento “Session Reaper” drives checkout fraud, what Pwn two Own means for your next patch sprint, why Vidar’s speed boost and Mermaid-based prompt injection change identity defense, and how Polar Edge, ToolShell, and a Rust tar parsing flaw widen the perimeter. We also cover agent abuse, certificate subversion, and an M C P registry leak that exposed thousands of servers and keys. Leaders, defenders, and builders get concrete actions to reduce blast radius, tighten identity, and harden edge and dev tooling—available at daily cyber news dot com.</p>]]>
      </content:encoded>
      <pubDate>Fri, 24 Oct 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/754aed77/e11ffd9b.mp3" length="40894152" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1023</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is the Friday Rollup for October twentieth through October twenty-fourth, twenty twenty-five. A turbulent week put resilience and identity under the microscope: a broad Amazon Web Services disruption rippled through logins and checkouts, while a Windows change broke authentication on cloned machines with duplicate S I Ds. We saw active exploitation against Oracle E-Business Suite, critical flaws in T P-Link Omada and WatchGuard Fireware, and convincing Microsoft 365 phishing hosted on Azure itself. Add in developer risks—from lagging Chromium inside A I code editors to a high-severity Kestrel bug—and the message is clear: fundamentals matter when everything is connected.</p><p>You’ll hear crisp, plain-English briefs on each item: how Magento “Session Reaper” drives checkout fraud, what Pwn two Own means for your next patch sprint, why Vidar’s speed boost and Mermaid-based prompt injection change identity defense, and how Polar Edge, ToolShell, and a Rust tar parsing flaw widen the perimeter. We also cover agent abuse, certificate subversion, and an M C P registry leak that exposed thousands of servers and keys. Leaders, defenders, and builders get concrete actions to reduce blast radius, tighten identity, and harden edge and dev tooling—available at daily cyber news dot com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/754aed77/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>GenAI Policy Mad Libs: ‘Don’t Paste {Sensitive Thing} into {Cool Bot}’</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>40</itunes:episode>
      <podcast:episode>40</podcast:episode>
      <itunes:title>GenAI Policy Mad Libs: ‘Don’t Paste {Sensitive Thing} into {Cool Bot}’</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">34281265-c970-4905-b819-ffe2da92ec50</guid>
      <link>https://share.transistor.fm/s/94c8cf32</link>
      <description>
        <![CDATA[<p>In this episode, we unpack why the popular slogan “don’t paste {Sensitive Thing} into {Cool Bot}” has become the lazy default for GenAI policy—and why it fails. Listeners will learn how vague rules fuel shadow AI, create inconsistent behavior, and ultimately increase risk rather than reduce it. We explore how to replace empty slogans with real frameworks: data tier maps, risk-based tool catalogs, guardrails that operate in real time, and a one-page policy template that employees can actually use. By the end, you’ll see why clarity, context, and culture matter more than catchy warnings.</p><p>Along the way, this episode sharpens your ability to design and evaluate AI governance in practice. You’ll build skills in risk classification, vendor evaluation, and creating guardrails that balance safety with productivity. You’ll also gain insight into cultural adoption—how to move from compliance theater to real trust. The goal isn’t just knowing what not to do, but mastering how to make the safe way the easy way. Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we unpack why the popular slogan “don’t paste {Sensitive Thing} into {Cool Bot}” has become the lazy default for GenAI policy—and why it fails. Listeners will learn how vague rules fuel shadow AI, create inconsistent behavior, and ultimately increase risk rather than reduce it. We explore how to replace empty slogans with real frameworks: data tier maps, risk-based tool catalogs, guardrails that operate in real time, and a one-page policy template that employees can actually use. By the end, you’ll see why clarity, context, and culture matter more than catchy warnings.</p><p>Along the way, this episode sharpens your ability to design and evaluate AI governance in practice. You’ll build skills in risk classification, vendor evaluation, and creating guardrails that balance safety with productivity. You’ll also gain insight into cultural adoption—how to move from compliance theater to real trust. The goal isn’t just knowing what not to do, but mastering how to make the safe way the easy way. Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 22 Oct 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/94c8cf32/d58095fd.mp3" length="72140142" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1803</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we unpack why the popular slogan “don’t paste {Sensitive Thing} into {Cool Bot}” has become the lazy default for GenAI policy—and why it fails. Listeners will learn how vague rules fuel shadow AI, create inconsistent behavior, and ultimately increase risk rather than reduce it. We explore how to replace empty slogans with real frameworks: data tier maps, risk-based tool catalogs, guardrails that operate in real time, and a one-page policy template that employees can actually use. By the end, you’ll see why clarity, context, and culture matter more than catchy warnings.</p><p>Along the way, this episode sharpens your ability to design and evaluate AI governance in practice. You’ll build skills in risk classification, vendor evaluation, and creating guardrails that balance safety with productivity. You’ll also gain insight into cultural adoption—how to move from compliance theater to real trust. The goal isn’t just knowing what not to do, but mastering how to make the safe way the easy way. Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/94c8cf32/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, October 17th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>Weekly Cyber News Rollup, October 17th, 2025</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">3d0efd28-c389-4ed5-8df7-9685f70afaa8</guid>
      <link>https://share.transistor.fm/s/b8683650</link>
      <description>
        <![CDATA[<p>The <em>Bare Metal Cyber — Friday Edition</em> is your end-of-week cybersecurity intelligence wrap, turning five days of breaking threats into one fast, actionable update. For the week ending <strong>October 17th, 2025</strong>, we unpack everything from nation-state intrusions and zero-day exploits to record-setting DDoS attacks, policy moves, and vendor fallout — all explained in plain English for business leaders, defenders, and technology teams alike.</p><p>This week’s episode dives into <strong>F5’s confirmed breach</strong> where attackers stole BIG-IP source code and vulnerability data, the <strong>UK’s £14-million fine against Capita</strong> for poor breach response, and the discovery of a <strong>six-billion-record data leak</strong> from an unsecured Elasticsearch cluster. You’ll also hear how phishing campaigns spoofed <strong>LastPass and Bitwarden</strong> to install remote-control tools, why the massive <strong>“ClickFix” campaign</strong> tricked users into running malicious commands, and how <strong>Microsoft’s October patch cycle</strong> delivered 172 fixes — including six exploited zero-days — just as Windows 10 reached its support deadline.</p><p>We’ll explain how <strong>Chinese threat groups turned ArcGIS servers into backdoors</strong>, why <strong>VPNs and backup configurations became attacker blueprints</strong>, and how <strong>North Korea seeded npm with malicious packages</strong> to target developers. Plus, researchers exposed <strong>satellite traffic leaking unencrypted calls and telemetry</strong>, Apple doubled its <strong>bug bounty to $2 million</strong>, and the <strong>Aisuru botnet</strong> reached nearly thirty terabits per second in record-breaking denial-of-service floods.</p><p>Each story includes three things: what happened, why it matters, and one clear action you can take now. Whether you manage risk, run IT, or lead a security program, you’ll walk away knowing exactly where to focus your attention next week.</p><p>For more cybersecurity insights, visit <strong>BareMetalCyber.com</strong> for the full written wrap, or subscribe to the daily newsletter and podcast at <strong>DailyCyber.news</strong> — news you can use, and a daily podcast you can commute with.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>The <em>Bare Metal Cyber — Friday Edition</em> is your end-of-week cybersecurity intelligence wrap, turning five days of breaking threats into one fast, actionable update. For the week ending <strong>October 17th, 2025</strong>, we unpack everything from nation-state intrusions and zero-day exploits to record-setting DDoS attacks, policy moves, and vendor fallout — all explained in plain English for business leaders, defenders, and technology teams alike.</p><p>This week’s episode dives into <strong>F5’s confirmed breach</strong> where attackers stole BIG-IP source code and vulnerability data, the <strong>UK’s £14-million fine against Capita</strong> for poor breach response, and the discovery of a <strong>six-billion-record data leak</strong> from an unsecured Elasticsearch cluster. You’ll also hear how phishing campaigns spoofed <strong>LastPass and Bitwarden</strong> to install remote-control tools, why the massive <strong>“ClickFix” campaign</strong> tricked users into running malicious commands, and how <strong>Microsoft’s October patch cycle</strong> delivered 172 fixes — including six exploited zero-days — just as Windows 10 reached its support deadline.</p><p>We’ll explain how <strong>Chinese threat groups turned ArcGIS servers into backdoors</strong>, why <strong>VPNs and backup configurations became attacker blueprints</strong>, and how <strong>North Korea seeded npm with malicious packages</strong> to target developers. Plus, researchers exposed <strong>satellite traffic leaking unencrypted calls and telemetry</strong>, Apple doubled its <strong>bug bounty to $2 million</strong>, and the <strong>Aisuru botnet</strong> reached nearly thirty terabits per second in record-breaking denial-of-service floods.</p><p>Each story includes three things: what happened, why it matters, and one clear action you can take now. Whether you manage risk, run IT, or lead a security program, you’ll walk away knowing exactly where to focus your attention next week.</p><p>For more cybersecurity insights, visit <strong>BareMetalCyber.com</strong> for the full written wrap, or subscribe to the daily newsletter and podcast at <strong>DailyCyber.news</strong> — news you can use, and a daily podcast you can commute with.</p>]]>
      </content:encoded>
      <pubDate>Fri, 17 Oct 2025 04:15:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b8683650/687a2812.mp3" length="27265804" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>681</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>The <em>Bare Metal Cyber — Friday Edition</em> is your end-of-week cybersecurity intelligence wrap, turning five days of breaking threats into one fast, actionable update. For the week ending <strong>October 17th, 2025</strong>, we unpack everything from nation-state intrusions and zero-day exploits to record-setting DDoS attacks, policy moves, and vendor fallout — all explained in plain English for business leaders, defenders, and technology teams alike.</p><p>This week’s episode dives into <strong>F5’s confirmed breach</strong> where attackers stole BIG-IP source code and vulnerability data, the <strong>UK’s £14-million fine against Capita</strong> for poor breach response, and the discovery of a <strong>six-billion-record data leak</strong> from an unsecured Elasticsearch cluster. You’ll also hear how phishing campaigns spoofed <strong>LastPass and Bitwarden</strong> to install remote-control tools, why the massive <strong>“ClickFix” campaign</strong> tricked users into running malicious commands, and how <strong>Microsoft’s October patch cycle</strong> delivered 172 fixes — including six exploited zero-days — just as Windows 10 reached its support deadline.</p><p>We’ll explain how <strong>Chinese threat groups turned ArcGIS servers into backdoors</strong>, why <strong>VPNs and backup configurations became attacker blueprints</strong>, and how <strong>North Korea seeded npm with malicious packages</strong> to target developers. Plus, researchers exposed <strong>satellite traffic leaking unencrypted calls and telemetry</strong>, Apple doubled its <strong>bug bounty to $2 million</strong>, and the <strong>Aisuru botnet</strong> reached nearly thirty terabits per second in record-breaking denial-of-service floods.</p><p>Each story includes three things: what happened, why it matters, and one clear action you can take now. Whether you manage risk, run IT, or lead a security program, you’ll walk away knowing exactly where to focus your attention next week.</p><p>For more cybersecurity insights, visit <strong>BareMetalCyber.com</strong> for the full written wrap, or subscribe to the daily newsletter and podcast at <strong>DailyCyber.news</strong> — news you can use, and a daily podcast you can commute with.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b8683650/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Shrodingers Firewall</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>39</itunes:episode>
      <podcast:episode>39</podcast:episode>
      <itunes:title>Shrodingers Firewall</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">98ed46aa-29dc-4ba6-908f-91eafc805faf</guid>
      <link>https://share.transistor.fm/s/df1e0442</link>
      <description>
        <![CDATA[<p>In this episode, we dive into the unsettling paradox of Schrödinger’s Firewall—where your data is both safe and already compromised in the looming quantum era. Listeners will learn why today’s trusted encryption methods like RSA and ECC may soon resemble digital Swiss cheese, how Q-Day could arrive faster than expected, and what industries—from finance to healthcare to defense—stand to lose the most. We also unpack the race to post-quantum cryptography, exploring emerging algorithms, hybrid models, and the global urgency to prepare before attackers unlock decades of encrypted information.</p><p>Beyond awareness, this episode sharpens critical cybersecurity skills. You’ll gain practical insight into crypto agility, strategies for testing and adopting quantum-safe algorithms, and approaches to educating leadership teams about long-term risks. You’ll also learn how to identify vulnerable systems, evaluate vendors, and build resilience into your security architecture. By the end, you’ll be equipped not only to understand the quantum threat but to act on it with clarity and foresight. Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we dive into the unsettling paradox of Schrödinger’s Firewall—where your data is both safe and already compromised in the looming quantum era. Listeners will learn why today’s trusted encryption methods like RSA and ECC may soon resemble digital Swiss cheese, how Q-Day could arrive faster than expected, and what industries—from finance to healthcare to defense—stand to lose the most. We also unpack the race to post-quantum cryptography, exploring emerging algorithms, hybrid models, and the global urgency to prepare before attackers unlock decades of encrypted information.</p><p>Beyond awareness, this episode sharpens critical cybersecurity skills. You’ll gain practical insight into crypto agility, strategies for testing and adopting quantum-safe algorithms, and approaches to educating leadership teams about long-term risks. You’ll also learn how to identify vulnerable systems, evaluate vendors, and build resilience into your security architecture. By the end, you’ll be equipped not only to understand the quantum threat but to act on it with clarity and foresight. Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 15 Oct 2025 04:34:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/df1e0442/3cd92c76.mp3" length="99586420" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>2490</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we dive into the unsettling paradox of Schrödinger’s Firewall—where your data is both safe and already compromised in the looming quantum era. Listeners will learn why today’s trusted encryption methods like RSA and ECC may soon resemble digital Swiss cheese, how Q-Day could arrive faster than expected, and what industries—from finance to healthcare to defense—stand to lose the most. We also unpack the race to post-quantum cryptography, exploring emerging algorithms, hybrid models, and the global urgency to prepare before attackers unlock decades of encrypted information.</p><p>Beyond awareness, this episode sharpens critical cybersecurity skills. You’ll gain practical insight into crypto agility, strategies for testing and adopting quantum-safe algorithms, and approaches to educating leadership teams about long-term risks. You’ll also learn how to identify vulnerable systems, evaluate vendors, and build resilience into your security architecture. By the end, you’ll be equipped not only to understand the quantum threat but to act on it with clarity and foresight. Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
    </item>
    <item>
      <title>Trailer</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>Trailer</itunes:title>
      <itunes:episodeType>trailer</itunes:episodeType>
      <guid isPermaLink="false">95025407-e97d-4f20-b9ab-ab01af509317</guid>
      <link>https://share.transistor.fm/s/42debba9</link>
      <description>
        <![CDATA[]]>
      </description>
      <content:encoded>
        <![CDATA[]]>
      </content:encoded>
      <pubDate>Mon, 13 Oct 2025 23:20:32 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/42debba9/950598b6.mp3" length="803753" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>101</itunes:duration>
      <itunes:summary>
        <![CDATA[]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, October 10th, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>51</itunes:episode>
      <podcast:episode>51</podcast:episode>
      <itunes:title>Weekly Cyber News Rollup, October 10th, 2025</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">aadff766-0c1f-48e6-89a6-febae0c39583</guid>
      <link>https://share.transistor.fm/s/4ffdea1c</link>
      <description>
        <![CDATA[<p>This week’s wrap cuts through the noise. We break down North Korea’s multi-billion-dollar crypto theft problem, the Salesforce-adjacent extortion wave targeting customer exports, and active exploitation against Oracle E-Business Suite. We also cover a critical Redis flaw with app-wide blast radius, Cisco edge firewall abuse with public exploit code, Zimbra’s KEV-listed email bug, GoAnywhere MFT ransomware activity, mass scanning of Palo Alto VPN portals, and a UnityVSA bug that threatens backups.</p><p>In plain English, you’ll hear why these stories matter for the business, who’s most exposed, the single action to take next, and what to watch next week. Perfect for leaders who need decisions, and defenders who need a checklist.</p><p>Subscribe for the daily brief and share this episode with your incident lead before Monday’s stand-up.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This week’s wrap cuts through the noise. We break down North Korea’s multi-billion-dollar crypto theft problem, the Salesforce-adjacent extortion wave targeting customer exports, and active exploitation against Oracle E-Business Suite. We also cover a critical Redis flaw with app-wide blast radius, Cisco edge firewall abuse with public exploit code, Zimbra’s KEV-listed email bug, GoAnywhere MFT ransomware activity, mass scanning of Palo Alto VPN portals, and a UnityVSA bug that threatens backups.</p><p>In plain English, you’ll hear why these stories matter for the business, who’s most exposed, the single action to take next, and what to watch next week. Perfect for leaders who need decisions, and defenders who need a checklist.</p><p>Subscribe for the daily brief and share this episode with your incident lead before Monday’s stand-up.</p>]]>
      </content:encoded>
      <pubDate>Thu, 09 Oct 2025 23:30:55 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/4ffdea1c/6378cdee.mp3" length="41577484" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1039</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This week’s wrap cuts through the noise. We break down North Korea’s multi-billion-dollar crypto theft problem, the Salesforce-adjacent extortion wave targeting customer exports, and active exploitation against Oracle E-Business Suite. We also cover a critical Redis flaw with app-wide blast radius, Cisco edge firewall abuse with public exploit code, Zimbra’s KEV-listed email bug, GoAnywhere MFT ransomware activity, mass scanning of Palo Alto VPN portals, and a UnityVSA bug that threatens backups.</p><p>In plain English, you’ll hear why these stories matter for the business, who’s most exposed, the single action to take next, and what to watch next week. Perfect for leaders who need decisions, and defenders who need a checklist.</p><p>Subscribe for the daily brief and share this episode with your incident lead before Monday’s stand-up.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/4ffdea1c/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>When Zero Trust Meets Zero Patience</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>38</itunes:episode>
      <podcast:episode>38</podcast:episode>
      <itunes:title>When Zero Trust Meets Zero Patience</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">334e2662-c327-48ea-97fd-f9f938484678</guid>
      <link>https://share.transistor.fm/s/58d2dc39</link>
      <description>
        <![CDATA[<p>In this episode, we take on the fatigue that often comes with Zero Trust—those endless logins, rigid rules, and culture-draining compliance routines. Listeners will discover how to simplify security without weakening defenses, turn routine practices into engaging challenges, and humanize policies with humor and empathy. Through vivid examples and practical strategies, the episode shows how Zero Trust can shift from being seen as a burden to becoming a shared, sustainable approach that builds trust and enthusiasm across teams.</p><p>You’ll come away with skills that improve both leadership and everyday practice: designing policies that people actually follow, creating security habits that last, and using gamification and communication to increase engagement. We also cover strategies to prevent burnout, foster psychological safety, and build a positive culture where vigilance thrives. These are actionable takeaways for anyone leading security programs or participating on the front lines.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we take on the fatigue that often comes with Zero Trust—those endless logins, rigid rules, and culture-draining compliance routines. Listeners will discover how to simplify security without weakening defenses, turn routine practices into engaging challenges, and humanize policies with humor and empathy. Through vivid examples and practical strategies, the episode shows how Zero Trust can shift from being seen as a burden to becoming a shared, sustainable approach that builds trust and enthusiasm across teams.</p><p>You’ll come away with skills that improve both leadership and everyday practice: designing policies that people actually follow, creating security habits that last, and using gamification and communication to increase engagement. We also cover strategies to prevent burnout, foster psychological safety, and build a positive culture where vigilance thrives. These are actionable takeaways for anyone leading security programs or participating on the front lines.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 08 Oct 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/58d2dc39/cb85cfdb.mp3" length="88794115" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>2220</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we take on the fatigue that often comes with Zero Trust—those endless logins, rigid rules, and culture-draining compliance routines. Listeners will discover how to simplify security without weakening defenses, turn routine practices into engaging challenges, and humanize policies with humor and empathy. Through vivid examples and practical strategies, the episode shows how Zero Trust can shift from being seen as a burden to becoming a shared, sustainable approach that builds trust and enthusiasm across teams.</p><p>You’ll come away with skills that improve both leadership and everyday practice: designing policies that people actually follow, creating security habits that last, and using gamification and communication to increase engagement. We also cover strategies to prevent burnout, foster psychological safety, and build a positive culture where vigilance thrives. These are actionable takeaways for anyone leading security programs or participating on the front lines.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/58d2dc39/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Weekly Cyber News Rollup, October 3rd, 2025</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>Weekly Cyber News Rollup, October 3rd, 2025</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">d1d18a8b-6556-4038-807f-d385886bf7c6</guid>
      <link>https://share.transistor.fm/s/17ea926e</link>
      <description>
        <![CDATA[<p>This is the Friday Rollup for September 29th through October 3rd, 2025. It was a week of edge-device pressure, identity weak spots, and evolving email tradecraft. We cover Red Hat’s internal GitLab intrusion, Outlook’s move to block inline SVG lures, and a critical DrayTek router RCE. We track Allianz Life’s SSN breach and CERT-UA’s CABINETRAT via Excel XLLs, plus a broader pivot from Office macros to ZIP-packed LNK files. You’ll hear why a federal shutdown slowed CISA’s KEV cadence, how OpenShift AI, OpenSSL, and OneLogin issues landed, and where Windows 10’s October 14th end-of-life raises stakes. From DNS hijacks and Exchange espionage to Cisco exposure and a long-running VMware zero-day, the signals were clear.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This is the Friday Rollup for September 29th through October 3rd, 2025. It was a week of edge-device pressure, identity weak spots, and evolving email tradecraft. We cover Red Hat’s internal GitLab intrusion, Outlook’s move to block inline SVG lures, and a critical DrayTek router RCE. We track Allianz Life’s SSN breach and CERT-UA’s CABINETRAT via Excel XLLs, plus a broader pivot from Office macros to ZIP-packed LNK files. You’ll hear why a federal shutdown slowed CISA’s KEV cadence, how OpenShift AI, OpenSSL, and OneLogin issues landed, and where Windows 10’s October 14th end-of-life raises stakes. From DNS hijacks and Exchange espionage to Cisco exposure and a long-running VMware zero-day, the signals were clear.</p>]]>
      </content:encoded>
      <pubDate>Fri, 03 Oct 2025 15:57:55 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/17ea926e/54dd99dc.mp3" length="76070283" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>1902</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>This is the Friday Rollup for September 29th through October 3rd, 2025. It was a week of edge-device pressure, identity weak spots, and evolving email tradecraft. We cover Red Hat’s internal GitLab intrusion, Outlook’s move to block inline SVG lures, and a critical DrayTek router RCE. We track Allianz Life’s SSN breach and CERT-UA’s CABINETRAT via Excel XLLs, plus a broader pivot from Office macros to ZIP-packed LNK files. You’ll hear why a federal shutdown slowed CISA’s KEV cadence, how OpenShift AI, OpenSSL, and OneLogin issues landed, and where Windows 10’s October 14th end-of-life raises stakes. From DNS hijacks and Exchange espionage to Cisco exposure and a long-running VMware zero-day, the signals were clear.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/17ea926e/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Crypto or Consequences</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>37</itunes:episode>
      <podcast:episode>37</podcast:episode>
      <itunes:title>Crypto or Consequences</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a4f1c371-3fab-4f2a-9a13-e9a7edd8b18b</guid>
      <link>https://share.transistor.fm/s/f001abfa</link>
      <description>
        <![CDATA[<p>Ransomware is no longer just about malicious code—it’s about business models, negotiation tactics, and the psychology of fear. In this episode, we break down how ransomware gangs operate like startups, with affiliates, commissions, customer service desks, and even loyalty programs. You’ll learn how they choose victims, manipulate negotiations with countdown clocks and empathy language, and sustain their criminal economy through double extortion and crypto laundering.</p><p>By listening, you’ll sharpen your ability to recognize the psychological games attackers play, improve your response strategies under pressure, and strengthen your team’s readiness to disrupt the ransomware cycle. You’ll gain insight into building resilience through backups, playbooks, and cultural readiness while learning how to turn ransomware defense from panic-driven reaction into disciplined preparation.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Ransomware is no longer just about malicious code—it’s about business models, negotiation tactics, and the psychology of fear. In this episode, we break down how ransomware gangs operate like startups, with affiliates, commissions, customer service desks, and even loyalty programs. You’ll learn how they choose victims, manipulate negotiations with countdown clocks and empathy language, and sustain their criminal economy through double extortion and crypto laundering.</p><p>By listening, you’ll sharpen your ability to recognize the psychological games attackers play, improve your response strategies under pressure, and strengthen your team’s readiness to disrupt the ransomware cycle. You’ll gain insight into building resilience through backups, playbooks, and cultural readiness while learning how to turn ransomware defense from panic-driven reaction into disciplined preparation.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 01 Oct 2025 04:32:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f001abfa/2375081b.mp3" length="105688182" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>2642</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Ransomware is no longer just about malicious code—it’s about business models, negotiation tactics, and the psychology of fear. In this episode, we break down how ransomware gangs operate like startups, with affiliates, commissions, customer service desks, and even loyalty programs. You’ll learn how they choose victims, manipulate negotiations with countdown clocks and empathy language, and sustain their criminal economy through double extortion and crypto laundering.</p><p>By listening, you’ll sharpen your ability to recognize the psychological games attackers play, improve your response strategies under pressure, and strengthen your team’s readiness to disrupt the ransomware cycle. You’ll gain insight into building resilience through backups, playbooks, and cultural readiness while learning how to turn ransomware defense from panic-driven reaction into disciplined preparation.</p><p>Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f001abfa/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Your MFA Is Not Two-Factor—It’s SMS and a Prayer</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>36</itunes:episode>
      <podcast:episode>36</podcast:episode>
      <itunes:title>Your MFA Is Not Two-Factor—It’s SMS and a Prayer</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">28683b7a-fa4c-4262-994b-4172f874d0b8</guid>
      <link>https://share.transistor.fm/s/5701bf8e</link>
      <description>
        <![CDATA[<p>In this episode, we expose the illusion of security created by SMS-based multi-factor authentication. Listeners will learn why text-message codes fail to deliver true two-factor protection, how attackers exploit SIM swaps, phishing kits, and MFA fatigue, and why compliance checkboxes don’t equal resilience. The episode unpacks the vulnerabilities in telecom infrastructure, the psychology attackers weaponize, and the step-by-step path toward phishing-resistant authentication that organizations can trust.</p><p>Beyond awareness, this episode sharpens critical security skills. Listeners will come away better equipped to evaluate MFA options, spot weak fallback mechanisms, and design identity systems that prioritize phishing resistance over convenience. Leaders and practitioners alike will gain practical insights on segmenting users, strengthening recovery processes, and guiding organizations up the maturity ladder from SMS toward cryptographic passkeys. It’s not just a story about what’s broken—it’s a roadmap to building authentication that actually holds. Produced by BareMetalCyber.com.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we expose the illusion of security created by SMS-based multi-factor authentication. Listeners will learn why text-message codes fail to deliver true two-factor protection, how attackers exploit SIM swaps, phishing kits, and MFA fatigue, and why compliance checkboxes don’t equal resilience. The episode unpacks the vulnerabilities in telecom infrastructure, the psychology attackers weaponize, and the step-by-step path toward phishing-resistant authentication that organizations can trust.</p><p>Beyond awareness, this episode sharpens critical security skills. Listeners will come away better equipped to evaluate MFA options, spot weak fallback mechanisms, and design identity systems that prioritize phishing resistance over convenience. Leaders and practitioners alike will gain practical insights on segmenting users, strengthening recovery processes, and guiding organizations up the maturity ladder from SMS toward cryptographic passkeys. It’s not just a story about what’s broken—it’s a roadmap to building authentication that actually holds. Produced by BareMetalCyber.com.</p>]]>
      </content:encoded>
      <pubDate>Wed, 24 Sep 2025 04:31:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5701bf8e/f180b912.mp3" length="80489218" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:duration>2012</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we expose the illusion of security created by SMS-based multi-factor authentication. Listeners will learn why text-message codes fail to deliver true two-factor protection, how attackers exploit SIM swaps, phishing kits, and MFA fatigue, and why compliance checkboxes don’t equal resilience. The episode unpacks the vulnerabilities in telecom infrastructure, the psychology attackers weaponize, and the step-by-step path toward phishing-resistant authentication that organizations can trust.</p><p>Beyond awareness, this episode sharpens critical security skills. Listeners will come away better equipped to evaluate MFA options, spot weak fallback mechanisms, and design identity systems that prioritize phishing resistance over convenience. Leaders and practitioners alike will gain practical insights on segmenting users, strengthening recovery processes, and guiding organizations up the maturity ladder from SMS toward cryptographic passkeys. It’s not just a story about what’s broken—it’s a roadmap to building authentication that actually holds. Produced by BareMetalCyber.com.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5701bf8e/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Glitched on Arrival: When AI Learns the Wrong Lessons</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>35</itunes:episode>
      <podcast:episode>35</podcast:episode>
      <itunes:title>Glitched on Arrival: When AI Learns the Wrong Lessons</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0fbb1b60-4c3c-416b-a7d0-ac492df2751d</guid>
      <link>https://share.transistor.fm/s/25d5f657</link>
      <description>
        <![CDATA[<p>In this episode, we explore the strange yet critical world of adversarial machine learning—where tiny, unseen manipulations can fool AI systems into making dangerous and bizarre mistakes. From autonomous cars misinterpreting road signs to AI-driven medical devices misdiagnosing patients, we uncover real-world scenarios illustrating how subtle digital tweaks can create major real-life consequences.</p><p>We’ll also discuss how cybersecurity experts and AI professionals fight back, detailing the essential strategies, red-team testing practices, and educational initiatives necessary to build resilient and trustworthy AI systems. Tune in to discover how adversarial threats could reshape our future, and why securing AI is more important than ever.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we explore the strange yet critical world of adversarial machine learning—where tiny, unseen manipulations can fool AI systems into making dangerous and bizarre mistakes. From autonomous cars misinterpreting road signs to AI-driven medical devices misdiagnosing patients, we uncover real-world scenarios illustrating how subtle digital tweaks can create major real-life consequences.</p><p>We’ll also discuss how cybersecurity experts and AI professionals fight back, detailing the essential strategies, red-team testing practices, and educational initiatives necessary to build resilient and trustworthy AI systems. Tune in to discover how adversarial threats could reshape our future, and why securing AI is more important than ever.</p>]]>
      </content:encoded>
      <pubDate>Tue, 26 Aug 2025 23:46:12 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/25d5f657/f3259743.mp3" length="69286791" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/btIv8csSLxvC1xEE6gRIRmFMTa40qERtG6LsEP5fx1w/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9hNjg0/NDNlZDgzNjZmZmZh/YmE4ZDYyNTI3NTk3/YjQ2Ny5wbmc.jpg"/>
      <itunes:duration>1730</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we explore the strange yet critical world of adversarial machine learning—where tiny, unseen manipulations can fool AI systems into making dangerous and bizarre mistakes. From autonomous cars misinterpreting road signs to AI-driven medical devices misdiagnosing patients, we uncover real-world scenarios illustrating how subtle digital tweaks can create major real-life consequences.</p><p>We’ll also discuss how cybersecurity experts and AI professionals fight back, detailing the essential strategies, red-team testing practices, and educational initiatives necessary to build resilient and trustworthy AI systems. Tune in to discover how adversarial threats could reshape our future, and why securing AI is more important than ever.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/25d5f657/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Will AI trigger the First White Collar Recession?</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>34</itunes:episode>
      <podcast:episode>34</podcast:episode>
      <itunes:title>Will AI trigger the First White Collar Recession?</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0573c55e-409b-4630-a5ae-e470a5539fd2</guid>
      <link>https://share.transistor.fm/s/fe2a8578</link>
      <description>
        <![CDATA[<p>Will AI trigger the first white-collar recession—or just change what those jobs look like? This episode follows the quiet early tells—executive hiring freezes, six-figure postings sliding, silent software seat cuts, and a surge of offboarding tickets—to explain how task-level automation can thin openings, flatten wages, and hollow out the rungs juniors used to climb. We separate headline panic from real indicators and show how experience, not just efficiency, keeps organizations resilient when the economy cools.</p><p>Then we get practical for security teams. Even if your job survives, your attack surface won’t: agents, connectors, machine identities, and poisoned inputs expand risk while separation of duties quietly erodes. We lay out the guardrails—least privilege for agents, dual control on irreversible changes, auditable prompts and outputs, drift monitoring—and the career moats that make you hard to replace: incident command under uncertainty, adversary thinking, clear risk communication, and a toolsmith mindset that makes AI safer for everyone else.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Will AI trigger the first white-collar recession—or just change what those jobs look like? This episode follows the quiet early tells—executive hiring freezes, six-figure postings sliding, silent software seat cuts, and a surge of offboarding tickets—to explain how task-level automation can thin openings, flatten wages, and hollow out the rungs juniors used to climb. We separate headline panic from real indicators and show how experience, not just efficiency, keeps organizations resilient when the economy cools.</p><p>Then we get practical for security teams. Even if your job survives, your attack surface won’t: agents, connectors, machine identities, and poisoned inputs expand risk while separation of duties quietly erodes. We lay out the guardrails—least privilege for agents, dual control on irreversible changes, auditable prompts and outputs, drift monitoring—and the career moats that make you hard to replace: incident command under uncertainty, adversary thinking, clear risk communication, and a toolsmith mindset that makes AI safer for everyone else.</p>]]>
      </content:encoded>
      <pubDate>Wed, 20 Aug 2025 00:20:25 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/fe2a8578/7a2f0b24.mp3" length="80899458" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/6Ii5CorU1atZkTuDY2b0Bka4epVTTaULgaAii7PKkwE/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS85OTQ3/MTZlOWUwZDNiNmM3/MzJkOTM0OGZjMzhl/YTkxMS5wbmc.jpg"/>
      <itunes:duration>2022</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Will AI trigger the first white-collar recession—or just change what those jobs look like? This episode follows the quiet early tells—executive hiring freezes, six-figure postings sliding, silent software seat cuts, and a surge of offboarding tickets—to explain how task-level automation can thin openings, flatten wages, and hollow out the rungs juniors used to climb. We separate headline panic from real indicators and show how experience, not just efficiency, keeps organizations resilient when the economy cools.</p><p>Then we get practical for security teams. Even if your job survives, your attack surface won’t: agents, connectors, machine identities, and poisoned inputs expand risk while separation of duties quietly erodes. We lay out the guardrails—least privilege for agents, dual control on irreversible changes, auditable prompts and outputs, drift monitoring—and the career moats that make you hard to replace: incident command under uncertainty, adversary thinking, clear risk communication, and a toolsmith mindset that makes AI safer for everyone else.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/fe2a8578/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Keyboard Assassins: Inside the Covert World of State-Sponsored Cyber Sabotage</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>33</itunes:episode>
      <podcast:episode>33</podcast:episode>
      <itunes:title>Keyboard Assassins: Inside the Covert World of State-Sponsored Cyber Sabotage</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">24cbe449-65ba-496f-9f5b-6247b0a8388f</guid>
      <link>https://share.transistor.fm/s/d5c374ad</link>
      <description>
        <![CDATA[<p>In this episode of BareMetalCyber, we delve into the shadowy world of state-sponsored cyber sabotage, examining how nations increasingly leverage digital attacks for espionage, economic disruption, and geopolitical advantage. We explore sophisticated hacking tactics—from zero-day exploits and psychological warfare to supply chain infiltration—and reveal why attribution remains so notoriously difficult in today's digital conflicts.</p><p>Along the way, we discuss practical defensive strategies that organizations can adopt to protect themselves against nation-state cyber threats, emphasizing proactive defense, incident response preparedness, and strategic alignment with national cybersecurity efforts. Join us to uncover how nation-states conduct covert digital operations and what your organization can do to defend itself in this rapidly evolving threat landscape.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of BareMetalCyber, we delve into the shadowy world of state-sponsored cyber sabotage, examining how nations increasingly leverage digital attacks for espionage, economic disruption, and geopolitical advantage. We explore sophisticated hacking tactics—from zero-day exploits and psychological warfare to supply chain infiltration—and reveal why attribution remains so notoriously difficult in today's digital conflicts.</p><p>Along the way, we discuss practical defensive strategies that organizations can adopt to protect themselves against nation-state cyber threats, emphasizing proactive defense, incident response preparedness, and strategic alignment with national cybersecurity efforts. Join us to uncover how nation-states conduct covert digital operations and what your organization can do to defend itself in this rapidly evolving threat landscape.</p>]]>
      </content:encoded>
      <pubDate>Wed, 13 Aug 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d5c374ad/c6cc6c8d.mp3" length="17422627" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/bC8dxSbK4rnZrVU8TcAJtUcmiTLX_tGEN6tq3XZzxV8/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81YmEw/NWU4YWRlZDYzNGUy/YjgxMWI4NmEyYmIx/ZWM5Yi5wbmc.jpg"/>
      <itunes:duration>2168</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of BareMetalCyber, we delve into the shadowy world of state-sponsored cyber sabotage, examining how nations increasingly leverage digital attacks for espionage, economic disruption, and geopolitical advantage. We explore sophisticated hacking tactics—from zero-day exploits and psychological warfare to supply chain infiltration—and reveal why attribution remains so notoriously difficult in today's digital conflicts.</p><p>Along the way, we discuss practical defensive strategies that organizations can adopt to protect themselves against nation-state cyber threats, emphasizing proactive defense, incident response preparedness, and strategic alignment with national cybersecurity efforts. Join us to uncover how nation-states conduct covert digital operations and what your organization can do to defend itself in this rapidly evolving threat landscape.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d5c374ad/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Ctrl+Alt+Comply: The Wild World of Cyber Regulations</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>32</itunes:episode>
      <podcast:episode>32</podcast:episode>
      <itunes:title>Ctrl+Alt+Comply: The Wild World of Cyber Regulations</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">9dc19e4e-4192-414a-9804-95079bc18bd4</guid>
      <link>https://share.transistor.fm/s/afa3183b</link>
      <description>
        <![CDATA[<p>In this episode of BareMetalCyber, we narrate the article <em>Ctrl+Alt+Comply: The Wild World of Cyber Regulations</em>, taking you through the tangled web of international cybersecurity compliance. From the rigid power moves of the EU’s GDPR to the complex demands of China’s PIPL and the legislative chaos of U.S. state laws, we explore how the world governs digital risk—and how organizations are expected to keep up.</p><p> </p><p>We break down the frameworks, enforcement quirks, political motivations, and the sheer absurdity of cross-border data rules—all while offering actionable insight on surviving and thriving in a fractured compliance landscape. Whether you're leading a security team or just trying to understand why your inbox is full of cookie policy updates, this is the episode you don’t want to miss.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of BareMetalCyber, we narrate the article <em>Ctrl+Alt+Comply: The Wild World of Cyber Regulations</em>, taking you through the tangled web of international cybersecurity compliance. From the rigid power moves of the EU’s GDPR to the complex demands of China’s PIPL and the legislative chaos of U.S. state laws, we explore how the world governs digital risk—and how organizations are expected to keep up.</p><p> </p><p>We break down the frameworks, enforcement quirks, political motivations, and the sheer absurdity of cross-border data rules—all while offering actionable insight on surviving and thriving in a fractured compliance landscape. Whether you're leading a security team or just trying to understand why your inbox is full of cookie policy updates, this is the episode you don’t want to miss.</p>]]>
      </content:encoded>
      <pubDate>Wed, 06 Aug 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/afa3183b/c4e37802.mp3" length="26536663" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/INGV0vdifYiL8lT9a1VEFpXOGy1L8fRwLi7b7pKIFZ0/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS84ZWQ4/NmZmYzcwNzcyZWNm/MmY1NmY4MWRiNDc0/MjdmNS5wbmc.jpg"/>
      <itunes:duration>1656</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of BareMetalCyber, we narrate the article <em>Ctrl+Alt+Comply: The Wild World of Cyber Regulations</em>, taking you through the tangled web of international cybersecurity compliance. From the rigid power moves of the EU’s GDPR to the complex demands of China’s PIPL and the legislative chaos of U.S. state laws, we explore how the world governs digital risk—and how organizations are expected to keep up.</p><p> </p><p>We break down the frameworks, enforcement quirks, political motivations, and the sheer absurdity of cross-border data rules—all while offering actionable insight on surviving and thriving in a fractured compliance landscape. Whether you're leading a security team or just trying to understand why your inbox is full of cookie policy updates, this is the episode you don’t want to miss.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/afa3183b/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>When Smart Gets Sinister: Taming the IoT Rebellion</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>31</itunes:episode>
      <podcast:episode>31</podcast:episode>
      <itunes:title>When Smart Gets Sinister: Taming the IoT Rebellion</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">bdb55ab2-f97b-41f2-aa69-cb2d71c1b8c4</guid>
      <link>https://share.transistor.fm/s/d75084d5</link>
      <description>
        <![CDATA[<p>In today's episode, we dive into the dark side of our increasingly connected world, exploring how ordinary IoT devices—like coffee makers, fish tanks, and even printers—have turned sinister, unleashing unexpected chaos on unsuspecting networks. We'll examine unforgettable stories of IoT gone rogue, like the Mirai botnet's internet-crashing exploits, the casino hacked through an innocent-looking fish tank, and how everyday gadgets become covert spy tools in the hands of cyber attackers.</p><p> </p><p>Then, we'll equip you with practical strategies and actionable advice on securing your IoT devices. From effective firmware management and Zero Trust frameworks to user training and predictive security technologies, we’ll cover what it takes to build an IoT fortress capable of standing up to the most sophisticated cyber threats.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today's episode, we dive into the dark side of our increasingly connected world, exploring how ordinary IoT devices—like coffee makers, fish tanks, and even printers—have turned sinister, unleashing unexpected chaos on unsuspecting networks. We'll examine unforgettable stories of IoT gone rogue, like the Mirai botnet's internet-crashing exploits, the casino hacked through an innocent-looking fish tank, and how everyday gadgets become covert spy tools in the hands of cyber attackers.</p><p> </p><p>Then, we'll equip you with practical strategies and actionable advice on securing your IoT devices. From effective firmware management and Zero Trust frameworks to user training and predictive security technologies, we’ll cover what it takes to build an IoT fortress capable of standing up to the most sophisticated cyber threats.</p>]]>
      </content:encoded>
      <pubDate>Wed, 30 Jul 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d75084d5/ee2e3dbc.mp3" length="28044307" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/edoKqmZvbd8MYZcYLyLgZKEQ3uKZj2rvenaqxqulX0E/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8zM2Nh/MGYzYWEzYmEwZTM1/OTVhNDQxM2E2MTVl/ZjAwNS5wbmc.jpg"/>
      <itunes:duration>1749</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today's episode, we dive into the dark side of our increasingly connected world, exploring how ordinary IoT devices—like coffee makers, fish tanks, and even printers—have turned sinister, unleashing unexpected chaos on unsuspecting networks. We'll examine unforgettable stories of IoT gone rogue, like the Mirai botnet's internet-crashing exploits, the casino hacked through an innocent-looking fish tank, and how everyday gadgets become covert spy tools in the hands of cyber attackers.</p><p> </p><p>Then, we'll equip you with practical strategies and actionable advice on securing your IoT devices. From effective firmware management and Zero Trust frameworks to user training and predictive security technologies, we’ll cover what it takes to build an IoT fortress capable of standing up to the most sophisticated cyber threats.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d75084d5/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>From LOLs to Lateral Movement: Securing ChatOps</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>30</itunes:episode>
      <podcast:episode>30</podcast:episode>
      <itunes:title>From LOLs to Lateral Movement: Securing ChatOps</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b8ede896-0d1c-4be0-b32b-b6c9db66efe7</guid>
      <link>https://share.transistor.fm/s/2b7446b5</link>
      <description>
        <![CDATA[<p>In today's episode, we explore how ChatOps—the integration of collaboration and operations through platforms like Slack and Teams—has reshaped modern workplaces, delivering unprecedented speed and agility. But these powerful productivity tools come with hidden dangers, attracting cyber intruders eager to exploit casual conversations, misplaced trust, and overlooked configurations to breach security unnoticed.</p><p> </p><p>We’ll uncover real-world examples of how attackers slip malicious payloads into innocent-looking links and impersonate trusted colleagues to hijack sensitive data. More importantly, we'll guide you through practical strategies and cutting-edge techniques—including Zero Trust principles and AI-driven detection—to help secure your chat platforms, keeping your organization's conversations both productive and protected.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today's episode, we explore how ChatOps—the integration of collaboration and operations through platforms like Slack and Teams—has reshaped modern workplaces, delivering unprecedented speed and agility. But these powerful productivity tools come with hidden dangers, attracting cyber intruders eager to exploit casual conversations, misplaced trust, and overlooked configurations to breach security unnoticed.</p><p> </p><p>We’ll uncover real-world examples of how attackers slip malicious payloads into innocent-looking links and impersonate trusted colleagues to hijack sensitive data. More importantly, we'll guide you through practical strategies and cutting-edge techniques—including Zero Trust principles and AI-driven detection—to help secure your chat platforms, keeping your organization's conversations both productive and protected.</p>]]>
      </content:encoded>
      <pubDate>Wed, 23 Jul 2025 03:57:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2b7446b5/5cdd5563.mp3" length="25382843" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/xl0XaERlvSwLPsco4v-AyMt1Q3Yha5Pm6yOS1d1SFQA/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81NGY2/NzE3YjQyNDYyODE1/NzU1NmI4NTY3Mjdm/YzA0NC5wbmc.jpg"/>
      <itunes:duration>1585</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today's episode, we explore how ChatOps—the integration of collaboration and operations through platforms like Slack and Teams—has reshaped modern workplaces, delivering unprecedented speed and agility. But these powerful productivity tools come with hidden dangers, attracting cyber intruders eager to exploit casual conversations, misplaced trust, and overlooked configurations to breach security unnoticed.</p><p> </p><p>We’ll uncover real-world examples of how attackers slip malicious payloads into innocent-looking links and impersonate trusted colleagues to hijack sensitive data. More importantly, we'll guide you through practical strategies and cutting-edge techniques—including Zero Trust principles and AI-driven detection—to help secure your chat platforms, keeping your organization's conversations both productive and protected.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2b7446b5/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Click Less, Protect More: Building Your Office’s Human Firewall</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>29</itunes:episode>
      <podcast:episode>29</podcast:episode>
      <itunes:title>Click Less, Protect More: Building Your Office’s Human Firewall</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a78c3252-3dc6-4b7d-84c7-4154dbd6007a</guid>
      <link>https://share.transistor.fm/s/5e890571</link>
      <description>
        <![CDATA[<p>In today's episode, we're tackling one of cybersecurity's biggest challenges: the human factor. Employees, often considered the weakest link in an organization's cyber defenses, don't have to remain vulnerabilities. Instead, they can become powerful cybersecurity allies—transforming from click-happy risks into vigilant cyber warriors. We'll explore how engaging, humor-driven training methods, realistic simulations, and proactive leadership involvement can build a robust human firewall, significantly enhancing an organization's resilience against cyber threats.</p><p> </p><p>We'll also dive into the sneaky tactics hackers use to exploit human psychology, from phishing and spear phishing to impersonation attacks. By sharing real-life cyber stories, highlighting creative educational approaches, and emphasizing continuous, interactive training, we'll show you practical ways to foster a cybersecurity culture where everyone cares, everyone participates, and everyone defends. Join us as we reveal how your employees can become your strongest line of defense.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today's episode, we're tackling one of cybersecurity's biggest challenges: the human factor. Employees, often considered the weakest link in an organization's cyber defenses, don't have to remain vulnerabilities. Instead, they can become powerful cybersecurity allies—transforming from click-happy risks into vigilant cyber warriors. We'll explore how engaging, humor-driven training methods, realistic simulations, and proactive leadership involvement can build a robust human firewall, significantly enhancing an organization's resilience against cyber threats.</p><p> </p><p>We'll also dive into the sneaky tactics hackers use to exploit human psychology, from phishing and spear phishing to impersonation attacks. By sharing real-life cyber stories, highlighting creative educational approaches, and emphasizing continuous, interactive training, we'll show you practical ways to foster a cybersecurity culture where everyone cares, everyone participates, and everyone defends. Join us as we reveal how your employees can become your strongest line of defense.</p>]]>
      </content:encoded>
      <pubDate>Wed, 16 Jul 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5e890571/3f2df142.mp3" length="28665175" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/LYwpamWX5AefthiForDYaVlIKGYRtiBsrRvW7OKtvd0/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9jNzkz/MGVjY2NjN2FmMWI3/NGJjZmRjODM3OGIy/OGMxZi5wbmc.jpg"/>
      <itunes:duration>1787</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today's episode, we're tackling one of cybersecurity's biggest challenges: the human factor. Employees, often considered the weakest link in an organization's cyber defenses, don't have to remain vulnerabilities. Instead, they can become powerful cybersecurity allies—transforming from click-happy risks into vigilant cyber warriors. We'll explore how engaging, humor-driven training methods, realistic simulations, and proactive leadership involvement can build a robust human firewall, significantly enhancing an organization's resilience against cyber threats.</p><p> </p><p>We'll also dive into the sneaky tactics hackers use to exploit human psychology, from phishing and spear phishing to impersonation attacks. By sharing real-life cyber stories, highlighting creative educational approaches, and emphasizing continuous, interactive training, we'll show you practical ways to foster a cybersecurity culture where everyone cares, everyone participates, and everyone defends. Join us as we reveal how your employees can become your strongest line of defense.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5e890571/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Firewalls and Frontlines: Cybersecurity in the Age of Digital Warfare</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>28</itunes:episode>
      <podcast:episode>28</podcast:episode>
      <itunes:title>Firewalls and Frontlines: Cybersecurity in the Age of Digital Warfare</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c61682b2-13d5-48c6-b5cc-45ab1809902f</guid>
      <link>https://share.transistor.fm/s/a0ab9647</link>
      <description>
        <![CDATA[<p>In this episode of BareMetalCyber, we dive deep into the emerging frontlines of digital warfare, where traditional weapons have given way to malicious code and covert cyber operations. As nations increasingly turn to cyber espionage, sabotage, and sophisticated AI-driven attacks, the lines between crime, warfare, and espionage blur—placing everyday citizens and critical infrastructure directly in the crossfire.</p><p>Join us as we explore how governments and businesses are scrambling to build cyber resilience, why quantum computing could make today's encryption obsolete, and how cybersecurity is rapidly becoming an essential civic duty. From strategic ambiguity to the growing cyber arms race, we uncover what lies ahead on the digital battlefield—and why preparation, awareness, and adaptation are our best defenses.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of BareMetalCyber, we dive deep into the emerging frontlines of digital warfare, where traditional weapons have given way to malicious code and covert cyber operations. As nations increasingly turn to cyber espionage, sabotage, and sophisticated AI-driven attacks, the lines between crime, warfare, and espionage blur—placing everyday citizens and critical infrastructure directly in the crossfire.</p><p>Join us as we explore how governments and businesses are scrambling to build cyber resilience, why quantum computing could make today's encryption obsolete, and how cybersecurity is rapidly becoming an essential civic duty. From strategic ambiguity to the growing cyber arms race, we uncover what lies ahead on the digital battlefield—and why preparation, awareness, and adaptation are our best defenses.</p>]]>
      </content:encoded>
      <pubDate>Wed, 09 Jul 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/a0ab9647/53ca2cd5.mp3" length="26659415" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/yvt4xMV3EMPa7t0Z8cUxu3HGGgNh6DcYe7YtpQ3sqYw/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS84OGYx/ZjMwNjM5Yzc0NWMx/NmFmNWU5YjM3ODc5/Yzc0OS5wbmc.jpg"/>
      <itunes:duration>1663</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of BareMetalCyber, we dive deep into the emerging frontlines of digital warfare, where traditional weapons have given way to malicious code and covert cyber operations. As nations increasingly turn to cyber espionage, sabotage, and sophisticated AI-driven attacks, the lines between crime, warfare, and espionage blur—placing everyday citizens and critical infrastructure directly in the crossfire.</p><p>Join us as we explore how governments and businesses are scrambling to build cyber resilience, why quantum computing could make today's encryption obsolete, and how cybersecurity is rapidly becoming an essential civic duty. From strategic ambiguity to the growing cyber arms race, we uncover what lies ahead on the digital battlefield—and why preparation, awareness, and adaptation are our best defenses.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/a0ab9647/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Inside Job: Profiling the Mind of an Insider Threat</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>27</itunes:episode>
      <podcast:episode>27</podcast:episode>
      <itunes:title>Inside Job: Profiling the Mind of an Insider Threat</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">568173f8-7494-43c4-b318-7c1a1b762037</guid>
      <link>https://share.transistor.fm/s/9444cb07</link>
      <description>
        <![CDATA[<p>In today's episode, we explore one of the most challenging cybersecurity issues organizations face—the insider threat. Unlike external cyberattacks, these threats emerge from trusted employees, each driven by distinct motivations ranging from personal grievances and financial incentives to outright sabotage. We'll delve deeply into the psychology behind insider threats, recognize digital footprints of betrayal, and share strategies for effective prevention.</p><p> </p><p>Throughout this episode, we provide insights drawn from high-profile cases, actionable tips for recognizing early warning signs, and proven methods to strengthen your organization's defenses. Join us as we unmask the hidden dangers within your firewall and help you stay ahead of the insider threat.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today's episode, we explore one of the most challenging cybersecurity issues organizations face—the insider threat. Unlike external cyberattacks, these threats emerge from trusted employees, each driven by distinct motivations ranging from personal grievances and financial incentives to outright sabotage. We'll delve deeply into the psychology behind insider threats, recognize digital footprints of betrayal, and share strategies for effective prevention.</p><p> </p><p>Throughout this episode, we provide insights drawn from high-profile cases, actionable tips for recognizing early warning signs, and proven methods to strengthen your organization's defenses. Join us as we unmask the hidden dangers within your firewall and help you stay ahead of the insider threat.</p>]]>
      </content:encoded>
      <pubDate>Wed, 02 Jul 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/9444cb07/36bd3f12.mp3" length="30308802" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/V2J0TaZjNCY-WGgO3OhozmZddm3Lm7zXirkgylaX1u4/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9jYjcw/MGNhMTlmNzM1MTYx/ZDNkY2ZhOTI0Y2Y1/MjE3MC5wbmc.jpg"/>
      <itunes:duration>1892</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today's episode, we explore one of the most challenging cybersecurity issues organizations face—the insider threat. Unlike external cyberattacks, these threats emerge from trusted employees, each driven by distinct motivations ranging from personal grievances and financial incentives to outright sabotage. We'll delve deeply into the psychology behind insider threats, recognize digital footprints of betrayal, and share strategies for effective prevention.</p><p> </p><p>Throughout this episode, we provide insights drawn from high-profile cases, actionable tips for recognizing early warning signs, and proven methods to strengthen your organization's defenses. Join us as we unmask the hidden dangers within your firewall and help you stay ahead of the insider threat.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/9444cb07/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Seeing is Deceiving: Preparing for the Deepfake Cyber Threat</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>26</itunes:episode>
      <podcast:episode>26</podcast:episode>
      <itunes:title>Seeing is Deceiving: Preparing for the Deepfake Cyber Threat</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">af2f847d-172e-47f4-a1ac-7dec3b8ed2dd</guid>
      <link>https://share.transistor.fm/s/765b4b00</link>
      <description>
        <![CDATA[<p>In today's episode, we dive deep into the sinister and rapidly evolving world of deepfake cybercrime. Once relegated to harmless internet pranks, deepfake technology now poses significant threats—from sophisticated financial frauds to espionage operations targeting major corporations. We'll explore how deepfakes deceive both humans and technology, and discuss key strategies your organization must employ to defend itself effectively.</p><p> </p><p>We’ll also examine critical legal and ethical challenges posed by deepfake manipulation, and highlight future-proofing strategies to protect your business in this ever-changing digital threat landscape. Stay informed, stay prepared, and learn how to identify and combat these increasingly convincing digital deceptions.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today's episode, we dive deep into the sinister and rapidly evolving world of deepfake cybercrime. Once relegated to harmless internet pranks, deepfake technology now poses significant threats—from sophisticated financial frauds to espionage operations targeting major corporations. We'll explore how deepfakes deceive both humans and technology, and discuss key strategies your organization must employ to defend itself effectively.</p><p> </p><p>We’ll also examine critical legal and ethical challenges posed by deepfake manipulation, and highlight future-proofing strategies to protect your business in this ever-changing digital threat landscape. Stay informed, stay prepared, and learn how to identify and combat these increasingly convincing digital deceptions.</p>]]>
      </content:encoded>
      <pubDate>Wed, 25 Jun 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/765b4b00/e2500b2e.mp3" length="27573747" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/c9sMcMbQsgK8dSXrQlCFFG8KucQDOYk-DQeuJ6GQmmU/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9iNzY2/ZDQ0M2YwZDBkNjlj/OGViY2ViOWQyN2M5/NzgyNC5wbmc.jpg"/>
      <itunes:duration>1720</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today's episode, we dive deep into the sinister and rapidly evolving world of deepfake cybercrime. Once relegated to harmless internet pranks, deepfake technology now poses significant threats—from sophisticated financial frauds to espionage operations targeting major corporations. We'll explore how deepfakes deceive both humans and technology, and discuss key strategies your organization must employ to defend itself effectively.</p><p> </p><p>We’ll also examine critical legal and ethical challenges posed by deepfake manipulation, and highlight future-proofing strategies to protect your business in this ever-changing digital threat landscape. Stay informed, stay prepared, and learn how to identify and combat these increasingly convincing digital deceptions.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/765b4b00/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Burnout in the SOC: Is Automation the Cure or the Culprit?</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>25</itunes:episode>
      <podcast:episode>25</podcast:episode>
      <itunes:title>Burnout in the SOC: Is Automation the Cure or the Culprit?</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d5e95dea-7d9b-4c41-b7d9-8612928e8d41</guid>
      <link>https://share.transistor.fm/s/5b3268d2</link>
      <description>
        <![CDATA[<p>In today's episode of the Bare Metal Cyber podcast, we dive deep into an often-overlooked crisis in cybersecurity: analyst burnout in the Security Operations Center. We'll examine why SOC analysts are increasingly overwhelmed by endless alerts, high-stakes decision-making, and relentless workloads—and why relying solely on automation as a cure can sometimes lead to unintended consequences.</p><p> </p><p>Then, we'll explore practical strategies for finding the right balance between automated tools and human analysts, emphasizing the critical role of workplace culture, professional development, and mental wellness. Join us as we discuss how organizations can build truly resilient SOCs that combine technology and human insight effectively.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today's episode of the Bare Metal Cyber podcast, we dive deep into an often-overlooked crisis in cybersecurity: analyst burnout in the Security Operations Center. We'll examine why SOC analysts are increasingly overwhelmed by endless alerts, high-stakes decision-making, and relentless workloads—and why relying solely on automation as a cure can sometimes lead to unintended consequences.</p><p> </p><p>Then, we'll explore practical strategies for finding the right balance between automated tools and human analysts, emphasizing the critical role of workplace culture, professional development, and mental wellness. Join us as we discuss how organizations can build truly resilient SOCs that combine technology and human insight effectively.</p>]]>
      </content:encoded>
      <pubDate>Wed, 18 Jun 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5b3268d2/b6b9c7ac.mp3" length="30109693" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/UmveO_kbRCsCUjs_IT3Rbjyp8F34fprhXZjHv5rptvo/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS83YTky/NmEzMjMyMDg0NTFl/YzQ0MWFkZTJiNDEw/OTc1NS5wbmc.jpg"/>
      <itunes:duration>1875</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today's episode of the Bare Metal Cyber podcast, we dive deep into an often-overlooked crisis in cybersecurity: analyst burnout in the Security Operations Center. We'll examine why SOC analysts are increasingly overwhelmed by endless alerts, high-stakes decision-making, and relentless workloads—and why relying solely on automation as a cure can sometimes lead to unintended consequences.</p><p> </p><p>Then, we'll explore practical strategies for finding the right balance between automated tools and human analysts, emphasizing the critical role of workplace culture, professional development, and mental wellness. Join us as we discuss how organizations can build truly resilient SOCs that combine technology and human insight effectively.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5b3268d2/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Click First, Ask Never: Shadow IT’s Quiet Rebellion</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>24</itunes:episode>
      <podcast:episode>24</podcast:episode>
      <itunes:title>Click First, Ask Never: Shadow IT’s Quiet Rebellion</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5b661874-431c-4163-96f8-15d542a53a77</guid>
      <link>https://share.transistor.fm/s/75cc46f9</link>
      <description>
        <![CDATA[<p>In today’s episode, we dive deep into the hidden realm of Shadow IT—those unsanctioned technologies quietly spreading through nearly every modern organization. While they often begin with harmless intentions, these hidden apps and devices can quickly escalate into serious cybersecurity risks, complicate compliance, and introduce vulnerabilities that organizations struggle to see coming.</p><p> </p><p>We’ll discuss why employees turn to Shadow IT, reveal practical techniques for uncovering and managing hidden technology, and explore emerging trends that are reshaping the way organizations deal with these invisible threats. From AI-driven shadow applications to personal IoT devices quietly connecting to company networks, we shed light on the crucial strategies every organization needs to stay secure.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In today’s episode, we dive deep into the hidden realm of Shadow IT—those unsanctioned technologies quietly spreading through nearly every modern organization. While they often begin with harmless intentions, these hidden apps and devices can quickly escalate into serious cybersecurity risks, complicate compliance, and introduce vulnerabilities that organizations struggle to see coming.</p><p> </p><p>We’ll discuss why employees turn to Shadow IT, reveal practical techniques for uncovering and managing hidden technology, and explore emerging trends that are reshaping the way organizations deal with these invisible threats. From AI-driven shadow applications to personal IoT devices quietly connecting to company networks, we shed light on the crucial strategies every organization needs to stay secure.</p>]]>
      </content:encoded>
      <pubDate>Wed, 11 Jun 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/75cc46f9/af1f071c.mp3" length="31402062" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/BlL4JItnlJAaDYLVs33u-_yHHdyAd6Ld2E9iFYdfx9E/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9hNjE5/MDBlZjBlMDk5MTg3/OWFlMDM1MzU4MTg3/ZDQ1ZS5wbmc.jpg"/>
      <itunes:duration>1957</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In today’s episode, we dive deep into the hidden realm of Shadow IT—those unsanctioned technologies quietly spreading through nearly every modern organization. While they often begin with harmless intentions, these hidden apps and devices can quickly escalate into serious cybersecurity risks, complicate compliance, and introduce vulnerabilities that organizations struggle to see coming.</p><p> </p><p>We’ll discuss why employees turn to Shadow IT, reveal practical techniques for uncovering and managing hidden technology, and explore emerging trends that are reshaping the way organizations deal with these invisible threats. From AI-driven shadow applications to personal IoT devices quietly connecting to company networks, we shed light on the crucial strategies every organization needs to stay secure.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/75cc46f9/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Broken Links: Surviving the Supply Chain Cybertrap</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>23</itunes:episode>
      <podcast:episode>23</podcast:episode>
      <itunes:title>Broken Links: Surviving the Supply Chain Cybertrap</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c9b2f0af-007b-4c2e-b90f-d415984320f8</guid>
      <link>https://share.transistor.fm/s/bf9ae696</link>
      <description>
        <![CDATA[<p>Third-party cybersecurity breaches are rapidly becoming one of the most serious threats facing organizations today. Attackers exploit vendor vulnerabilities, bypassing traditional defenses and compromising critical systems, often undetected. In this episode, we explore practical approaches for uncovering hidden vendor risks, utilizing AI-driven insights and advanced threat detection to proactively manage and mitigate supply chain cyber threats.</p><p> </p><p>We also challenge common myths in vendor risk management, highlighting why traditional methods are falling short. You'll discover innovative and provocative strategies for strengthening third-party cybersecurity—from groundbreaking legal frameworks to cutting-edge automation tools. Join us as we provide realistic, actionable insights designed to keep your vendor ecosystems secure, resilient, and ahead of emerging cyber threats.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Third-party cybersecurity breaches are rapidly becoming one of the most serious threats facing organizations today. Attackers exploit vendor vulnerabilities, bypassing traditional defenses and compromising critical systems, often undetected. In this episode, we explore practical approaches for uncovering hidden vendor risks, utilizing AI-driven insights and advanced threat detection to proactively manage and mitigate supply chain cyber threats.</p><p> </p><p>We also challenge common myths in vendor risk management, highlighting why traditional methods are falling short. You'll discover innovative and provocative strategies for strengthening third-party cybersecurity—from groundbreaking legal frameworks to cutting-edge automation tools. Join us as we provide realistic, actionable insights designed to keep your vendor ecosystems secure, resilient, and ahead of emerging cyber threats.</p>]]>
      </content:encoded>
      <pubDate>Wed, 04 Jun 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/bf9ae696/749c931d.mp3" length="24814721" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/2m5Q4XfJ-0yp2xvS-FuB9w7a1SlVP7zYGIFMZ2xmwLM/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9lZjcz/YjBiNTZmNjlmMzNm/NTUzMjM1YWIwMzhh/MTZiMC5wbmc.jpg"/>
      <itunes:duration>1548</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Third-party cybersecurity breaches are rapidly becoming one of the most serious threats facing organizations today. Attackers exploit vendor vulnerabilities, bypassing traditional defenses and compromising critical systems, often undetected. In this episode, we explore practical approaches for uncovering hidden vendor risks, utilizing AI-driven insights and advanced threat detection to proactively manage and mitigate supply chain cyber threats.</p><p> </p><p>We also challenge common myths in vendor risk management, highlighting why traditional methods are falling short. You'll discover innovative and provocative strategies for strengthening third-party cybersecurity—from groundbreaking legal frameworks to cutting-edge automation tools. Join us as we provide realistic, actionable insights designed to keep your vendor ecosystems secure, resilient, and ahead of emerging cyber threats.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/bf9ae696/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Virtual Reality Check: Cybersecurity in XR’s Wild West</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>22</itunes:episode>
      <podcast:episode>22</podcast:episode>
      <itunes:title>Virtual Reality Check: Cybersecurity in XR’s Wild West</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">430bcb7d-2e30-42b3-98e6-b88c4f191cf9</guid>
      <link>https://share.transistor.fm/s/26aca546</link>
      <description>
        <![CDATA[<p>In this episode of the Bare Metal Cyber podcast, we explore the cybersecurity challenges facing Extended Reality—everything from hijacked avatars to biometric surveillance, and deepfake impersonations to XR-based social engineering. As these immersive technologies become part of everyday life, we unpack the very real threats hiding behind virtual smiles and spatial data.</p><p> </p><p>We’ll walk you through the evolving XR ecosystem, show you how attackers are already exploiting it, and highlight the urgent need for stronger defenses, smarter design, and ethical boundaries. This isn't just the future of tech—it's the new frontline in cybersecurity.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of the Bare Metal Cyber podcast, we explore the cybersecurity challenges facing Extended Reality—everything from hijacked avatars to biometric surveillance, and deepfake impersonations to XR-based social engineering. As these immersive technologies become part of everyday life, we unpack the very real threats hiding behind virtual smiles and spatial data.</p><p> </p><p>We’ll walk you through the evolving XR ecosystem, show you how attackers are already exploiting it, and highlight the urgent need for stronger defenses, smarter design, and ethical boundaries. This isn't just the future of tech—it's the new frontline in cybersecurity.</p>]]>
      </content:encoded>
      <pubDate>Wed, 28 May 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/26aca546/8053219c.mp3" length="29956465" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/u8-x7drecfk2o5zy0trv0X2D0pu96ZQ_geb2uMGGhcg/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS80MDUw/ZDRkZWM5ZmZjZDA3/ZWE1ZjA1NjEzNDMw/MDQyOC5wbmc.jpg"/>
      <itunes:duration>1869</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of the Bare Metal Cyber podcast, we explore the cybersecurity challenges facing Extended Reality—everything from hijacked avatars to biometric surveillance, and deepfake impersonations to XR-based social engineering. As these immersive technologies become part of everyday life, we unpack the very real threats hiding behind virtual smiles and spatial data.</p><p> </p><p>We’ll walk you through the evolving XR ecosystem, show you how attackers are already exploiting it, and highlight the urgent need for stronger defenses, smarter design, and ethical boundaries. This isn't just the future of tech—it's the new frontline in cybersecurity.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/26aca546/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Prompts of Mass Destruction: How Solo Hackers Are Turning Public AI into Weapons</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>21</itunes:episode>
      <podcast:episode>21</podcast:episode>
      <itunes:title>Prompts of Mass Destruction: How Solo Hackers Are Turning Public AI into Weapons</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">399f9cae-29d5-49cc-88f2-c248308ee178</guid>
      <link>https://share.transistor.fm/s/6950bc9b</link>
      <description>
        <![CDATA[<p>In this episode of BareMetalCyber, we explore the dark side of artificial intelligence and reveal how solo hackers are turning publicly available AI tools into dangerous digital weapons. From bypassing safety layers with clever prompts to launching devastatingly effective phishing and deepfake campaigns, we dive into how these attackers manipulate technology once considered purely beneficial.</p><p> </p><p>We also discuss the challenges facing traditional cybersecurity measures and examine innovative solutions that blend AI defenses with human vigilance. Join us as we unravel the complexities of AI-enabled cyber threats and discover strategies for building resilience against this rapidly evolving digital menace.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of BareMetalCyber, we explore the dark side of artificial intelligence and reveal how solo hackers are turning publicly available AI tools into dangerous digital weapons. From bypassing safety layers with clever prompts to launching devastatingly effective phishing and deepfake campaigns, we dive into how these attackers manipulate technology once considered purely beneficial.</p><p> </p><p>We also discuss the challenges facing traditional cybersecurity measures and examine innovative solutions that blend AI defenses with human vigilance. Join us as we unravel the complexities of AI-enabled cyber threats and discover strategies for building resilience against this rapidly evolving digital menace.</p>]]>
      </content:encoded>
      <pubDate>Wed, 21 May 2025 05:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6950bc9b/4359faea.mp3" length="26934788" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/Q8ZQe_xHm2CDL4VZo0y070JPvy9TXD43KYnvtl19d38/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9kNjk5/MmQ3MTQzYzUxNzg5/NzkwZWZiN2ViYzg4/NTcwMy5wbmc.jpg"/>
      <itunes:duration>1680</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of BareMetalCyber, we explore the dark side of artificial intelligence and reveal how solo hackers are turning publicly available AI tools into dangerous digital weapons. From bypassing safety layers with clever prompts to launching devastatingly effective phishing and deepfake campaigns, we dive into how these attackers manipulate technology once considered purely beneficial.</p><p> </p><p>We also discuss the challenges facing traditional cybersecurity measures and examine innovative solutions that blend AI defenses with human vigilance. Join us as we unravel the complexities of AI-enabled cyber threats and discover strategies for building resilience against this rapidly evolving digital menace.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6950bc9b/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Beyond Passwords: The Future of Secure Identity Management</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>20</itunes:episode>
      <podcast:episode>20</podcast:episode>
      <itunes:title>Beyond Passwords: The Future of Secure Identity Management</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">205c76b2-17d9-4229-93a4-14e354870800</guid>
      <link>https://share.transistor.fm/s/08e0e798</link>
      <description>
        <![CDATA[<p>In this episode, we take a deep dive into the future of identity management and why passwordless authentication is gaining traction. Passwords have long been a security liability, fueling phishing attacks, credential breaches, and user frustration. By replacing them with biometrics, security keys, and adaptive authentication, organizations can enhance security while improving user experience. But going passwordless isn’t just about convenience—it’s about eliminating one of the biggest attack vectors in cybersecurity. We break down how this shift strengthens multi-factor authentication, reduces credential theft, and even helps organizations meet regulatory compliance.</p><p>Of course, passwordless authentication comes with its own challenges. We explore the complexities of implementation, privacy concerns around biometrics, and the risks tied to device dependency. I also look beyond passwordless to the next frontier of identity management, from decentralized identity to post-quantum authentication. Whether you're a cybersecurity professional, business leader, or just someone interested in how we secure digital identities, this episode unpacks the key issues, benefits, and potential roadblocks in the journey beyond passwords.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we take a deep dive into the future of identity management and why passwordless authentication is gaining traction. Passwords have long been a security liability, fueling phishing attacks, credential breaches, and user frustration. By replacing them with biometrics, security keys, and adaptive authentication, organizations can enhance security while improving user experience. But going passwordless isn’t just about convenience—it’s about eliminating one of the biggest attack vectors in cybersecurity. We break down how this shift strengthens multi-factor authentication, reduces credential theft, and even helps organizations meet regulatory compliance.</p><p>Of course, passwordless authentication comes with its own challenges. We explore the complexities of implementation, privacy concerns around biometrics, and the risks tied to device dependency. I also look beyond passwordless to the next frontier of identity management, from decentralized identity to post-quantum authentication. Whether you're a cybersecurity professional, business leader, or just someone interested in how we secure digital identities, this episode unpacks the key issues, benefits, and potential roadblocks in the journey beyond passwords.</p>]]>
      </content:encoded>
      <pubDate>Wed, 14 May 2025 01:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/08e0e798/c6d4819e.mp3" length="20770964" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/vS52QOzxdDMpsr-htMdjKXKBh6MTm5DWaFo8FqABdcA/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9mNmFh/MGJjYWQ2OTk3NTQ0/OWU0YzViYWJhY2Yy/YzJmYi5wbmc.jpg"/>
      <itunes:duration>1291</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we take a deep dive into the future of identity management and why passwordless authentication is gaining traction. Passwords have long been a security liability, fueling phishing attacks, credential breaches, and user frustration. By replacing them with biometrics, security keys, and adaptive authentication, organizations can enhance security while improving user experience. But going passwordless isn’t just about convenience—it’s about eliminating one of the biggest attack vectors in cybersecurity. We break down how this shift strengthens multi-factor authentication, reduces credential theft, and even helps organizations meet regulatory compliance.</p><p>Of course, passwordless authentication comes with its own challenges. We explore the complexities of implementation, privacy concerns around biometrics, and the risks tied to device dependency. I also look beyond passwordless to the next frontier of identity management, from decentralized identity to post-quantum authentication. Whether you're a cybersecurity professional, business leader, or just someone interested in how we secure digital identities, this episode unpacks the key issues, benefits, and potential roadblocks in the journey beyond passwords.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/08e0e798/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Industrial Control Systems Under Siege: Battling Advanced Cyber Threats</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>19</itunes:episode>
      <podcast:episode>19</podcast:episode>
      <itunes:title>Industrial Control Systems Under Siege: Battling Advanced Cyber Threats</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0337b694-1243-4642-ac52-b5cf6457588f</guid>
      <link>https://share.transistor.fm/s/c7ebf7e0</link>
      <description>
        <![CDATA[<p>In this episode, we dive deep into the growing cyber threats targeting Industrial Control Systems (ICS) and SCADA environments—critical infrastructure that keeps power grids running, water flowing, and manufacturing plants operational. These systems, originally designed for reliability rather than security, are now prime targets for ransomware groups, nation-state actors, and supply chain attacks. From legacy vulnerabilities and weak network segmentation to insecure communication protocols, we break down why ICS environments are so exposed and how attackers exploit these weaknesses to cause real-world disruption.</p><p>But it’s not all doom and gloom—we also explore actionable strategies to defend against these threats without compromising operational stability. You’ll hear about network segmentation, encrypted communication protocols, endpoint protection, and the role of AI-driven threat detection in securing ICS systems. Whether you’re in cybersecurity, industrial operations, or risk management, this episode will give you the insights you need to understand the challenges and solutions for protecting critical infrastructure in an era of escalating cyber risks. Tune in now and stay ahead of the threats shaping the future of industrial security.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, we dive deep into the growing cyber threats targeting Industrial Control Systems (ICS) and SCADA environments—critical infrastructure that keeps power grids running, water flowing, and manufacturing plants operational. These systems, originally designed for reliability rather than security, are now prime targets for ransomware groups, nation-state actors, and supply chain attacks. From legacy vulnerabilities and weak network segmentation to insecure communication protocols, we break down why ICS environments are so exposed and how attackers exploit these weaknesses to cause real-world disruption.</p><p>But it’s not all doom and gloom—we also explore actionable strategies to defend against these threats without compromising operational stability. You’ll hear about network segmentation, encrypted communication protocols, endpoint protection, and the role of AI-driven threat detection in securing ICS systems. Whether you’re in cybersecurity, industrial operations, or risk management, this episode will give you the insights you need to understand the challenges and solutions for protecting critical infrastructure in an era of escalating cyber risks. Tune in now and stay ahead of the threats shaping the future of industrial security.</p>]]>
      </content:encoded>
      <pubDate>Wed, 07 May 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/c7ebf7e0/84ab9cd5.mp3" length="23214377" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/aymTcx-V-GA_SwTjUVkLVDUs_gERhVGvukVzmWSiGYk/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8xOWZi/MTE2ZmNlMGU1YzE0/YWZkMDNhODNhMDVl/Njc2NS5wbmc.jpg"/>
      <itunes:duration>1445</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, we dive deep into the growing cyber threats targeting Industrial Control Systems (ICS) and SCADA environments—critical infrastructure that keeps power grids running, water flowing, and manufacturing plants operational. These systems, originally designed for reliability rather than security, are now prime targets for ransomware groups, nation-state actors, and supply chain attacks. From legacy vulnerabilities and weak network segmentation to insecure communication protocols, we break down why ICS environments are so exposed and how attackers exploit these weaknesses to cause real-world disruption.</p><p>But it’s not all doom and gloom—we also explore actionable strategies to defend against these threats without compromising operational stability. You’ll hear about network segmentation, encrypted communication protocols, endpoint protection, and the role of AI-driven threat detection in securing ICS systems. Whether you’re in cybersecurity, industrial operations, or risk management, this episode will give you the insights you need to understand the challenges and solutions for protecting critical infrastructure in an era of escalating cyber risks. Tune in now and stay ahead of the threats shaping the future of industrial security.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/c7ebf7e0/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Cybersecurity on Autopilot: Unlocking the Potential of SOAR</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>18</itunes:episode>
      <podcast:episode>18</podcast:episode>
      <itunes:title>Cybersecurity on Autopilot: Unlocking the Potential of SOAR</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d45e95e7-4bcd-4c32-9266-330fc40b6d63</guid>
      <link>https://share.transistor.fm/s/25c1243a</link>
      <description>
        <![CDATA[<p>In this episode, I take you through the world of Security Orchestration, Automation, and Response—Security Orchestration, Automation, and Response—breaking down how it transforms security operations from reactive chaos to streamlined efficiency. We’ll explore how Security Orchestration, Automation, and Response integrates disparate security tools, automates repetitive tasks, and orchestrates fast, effective incident responses. From managing overwhelming alert volumes to using AI for smarter threat detection, Security Orchestration, Automation, and Response is reshaping how cybersecurity teams operate. Whether it’s automating phishing responses, strengthening threat intelligence, or accelerating vulnerability management, this episode dives deep into the practical applications that make Security Orchestration, Automation, and Response an essential part of modern cybersecurity.</p><p>Beyond the fundamentals, we’ll discuss the best practices for Security Orchestration, Automation, and Response implementation, the importance of customization, and how organizations can strike the right balance between automation and human oversight. We’ll also take a look at what’s ahead—how AI is making Security Orchestration, Automation, and Response even more adaptive, how it’s expanding into cloud and IoT security, and how collaborative, open-source approaches are shaping the future of cybersecurity automation. If you’re looking for ways to optimize your security operations and reduce the noise, this episode is for you. Tune in and let’s talk about how cybersecurity can move at machine speed.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, I take you through the world of Security Orchestration, Automation, and Response—Security Orchestration, Automation, and Response—breaking down how it transforms security operations from reactive chaos to streamlined efficiency. We’ll explore how Security Orchestration, Automation, and Response integrates disparate security tools, automates repetitive tasks, and orchestrates fast, effective incident responses. From managing overwhelming alert volumes to using AI for smarter threat detection, Security Orchestration, Automation, and Response is reshaping how cybersecurity teams operate. Whether it’s automating phishing responses, strengthening threat intelligence, or accelerating vulnerability management, this episode dives deep into the practical applications that make Security Orchestration, Automation, and Response an essential part of modern cybersecurity.</p><p>Beyond the fundamentals, we’ll discuss the best practices for Security Orchestration, Automation, and Response implementation, the importance of customization, and how organizations can strike the right balance between automation and human oversight. We’ll also take a look at what’s ahead—how AI is making Security Orchestration, Automation, and Response even more adaptive, how it’s expanding into cloud and IoT security, and how collaborative, open-source approaches are shaping the future of cybersecurity automation. If you’re looking for ways to optimize your security operations and reduce the noise, this episode is for you. Tune in and let’s talk about how cybersecurity can move at machine speed.</p>]]>
      </content:encoded>
      <pubDate>Wed, 30 Apr 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/25c1243a/a248da70.mp3" length="23334133" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/b_QX-Y7W_x2MYdDNjddGndKiYJAQ3mOTrwjtA-wOio8/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8zZjkw/ZDI1NzUwNTYwZTVl/M2JhODAzZTgyMjZi/MWI3Ni5wbmc.jpg"/>
      <itunes:duration>1455</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, I take you through the world of Security Orchestration, Automation, and Response—Security Orchestration, Automation, and Response—breaking down how it transforms security operations from reactive chaos to streamlined efficiency. We’ll explore how Security Orchestration, Automation, and Response integrates disparate security tools, automates repetitive tasks, and orchestrates fast, effective incident responses. From managing overwhelming alert volumes to using AI for smarter threat detection, Security Orchestration, Automation, and Response is reshaping how cybersecurity teams operate. Whether it’s automating phishing responses, strengthening threat intelligence, or accelerating vulnerability management, this episode dives deep into the practical applications that make Security Orchestration, Automation, and Response an essential part of modern cybersecurity.</p><p>Beyond the fundamentals, we’ll discuss the best practices for Security Orchestration, Automation, and Response implementation, the importance of customization, and how organizations can strike the right balance between automation and human oversight. We’ll also take a look at what’s ahead—how AI is making Security Orchestration, Automation, and Response even more adaptive, how it’s expanding into cloud and IoT security, and how collaborative, open-source approaches are shaping the future of cybersecurity automation. If you’re looking for ways to optimize your security operations and reduce the noise, this episode is for you. Tune in and let’s talk about how cybersecurity can move at machine speed.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/25c1243a/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Beyond Passwords: The Future of Secure Identity Management</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>17</itunes:episode>
      <podcast:episode>17</podcast:episode>
      <itunes:title>Beyond Passwords: The Future of Secure Identity Management</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">58865116-1596-42c6-9025-ce53eb31cab5</guid>
      <link>https://share.transistor.fm/s/5a121a9c</link>
      <description>
        <![CDATA[<p>In this episode, I take a deep dive into the future of identity management and why passwordless authentication is gaining traction. Passwords have long been a security liability, fueling phishing attacks, credential breaches, and user frustration. By replacing them with biometrics, security keys, and adaptive authentication, organizations can enhance security while improving user experience. But going passwordless isn’t just about convenience—it’s about eliminating one of the biggest attack vectors in cybersecurity. I break down how this shift strengthens multi-factor authentication, reduces credential theft, and even helps organizations meet regulatory compliance.</p><p>Of course, passwordless authentication comes with its own challenges. I explore the complexities of implementation, privacy concerns around biometrics, and the risks tied to device dependency. I also look beyond passwordless to the next frontier of identity management, from decentralized identity to post-quantum authentication. Whether you're a cybersecurity professional, business leader, or just someone interested in how we secure digital identities, this episode unpacks the key issues, benefits, and potential roadblocks in the journey beyond passwords.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, I take a deep dive into the future of identity management and why passwordless authentication is gaining traction. Passwords have long been a security liability, fueling phishing attacks, credential breaches, and user frustration. By replacing them with biometrics, security keys, and adaptive authentication, organizations can enhance security while improving user experience. But going passwordless isn’t just about convenience—it’s about eliminating one of the biggest attack vectors in cybersecurity. I break down how this shift strengthens multi-factor authentication, reduces credential theft, and even helps organizations meet regulatory compliance.</p><p>Of course, passwordless authentication comes with its own challenges. I explore the complexities of implementation, privacy concerns around biometrics, and the risks tied to device dependency. I also look beyond passwordless to the next frontier of identity management, from decentralized identity to post-quantum authentication. Whether you're a cybersecurity professional, business leader, or just someone interested in how we secure digital identities, this episode unpacks the key issues, benefits, and potential roadblocks in the journey beyond passwords.</p>]]>
      </content:encoded>
      <pubDate>Wed, 23 Apr 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5a121a9c/c7a8cc4d.mp3" length="20045805" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/okPs1KbDwjxkD0eRzCBgH2YL56gJo-oLCPNCOg4URZo/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS84ZTVl/YTU2ZTY1YTVmNzA5/MjA3ZTNlMjEyZDk5/ODY5My5wbmc.jpg"/>
      <itunes:duration>1246</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, I take a deep dive into the future of identity management and why passwordless authentication is gaining traction. Passwords have long been a security liability, fueling phishing attacks, credential breaches, and user frustration. By replacing them with biometrics, security keys, and adaptive authentication, organizations can enhance security while improving user experience. But going passwordless isn’t just about convenience—it’s about eliminating one of the biggest attack vectors in cybersecurity. I break down how this shift strengthens multi-factor authentication, reduces credential theft, and even helps organizations meet regulatory compliance.</p><p>Of course, passwordless authentication comes with its own challenges. I explore the complexities of implementation, privacy concerns around biometrics, and the risks tied to device dependency. I also look beyond passwordless to the next frontier of identity management, from decentralized identity to post-quantum authentication. Whether you're a cybersecurity professional, business leader, or just someone interested in how we secure digital identities, this episode unpacks the key issues, benefits, and potential roadblocks in the journey beyond passwords.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5a121a9c/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Off the Record, On the Radar: Why Personal Comms Keep Haunting Government Cybersecurity</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>16</itunes:episode>
      <podcast:episode>16</podcast:episode>
      <itunes:title>Off the Record, On the Radar: Why Personal Comms Keep Haunting Government Cybersecurity</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">8d8717cd-f93c-47c5-bb6b-928a0ed16eb7</guid>
      <link>https://share.transistor.fm/s/5f22b64c</link>
      <description>
        <![CDATA[<p>In this podcast episode, I explore the persistent cybersecurity issue involving U.S. government officials using personal communication methods—like private emails and encrypted messaging apps—for official business. Drawing from notable examples across multiple administrations, from Bush-era email scandals and Obama's private server controversy to recent messaging app incidents under Trump, I highlight the systemic nature of these vulnerabilities. My analysis emphasizes that this issue is not partisan but reflects enduring gaps in cybersecurity practices and awareness.</p><p>I also discuss the underlying causes of this ongoing challenge and provide actionable recommendations from a cybersecurity professional’s perspective. These recommendations include targeted cybersecurity training, improved communication infrastructure, strict enforcement of security protocols, and a necessary shift in organizational culture to prioritize secure communication. Join me as we move beyond politics and address how government agencies can better protect sensitive national security information in an increasingly digital and interconnected world.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this podcast episode, I explore the persistent cybersecurity issue involving U.S. government officials using personal communication methods—like private emails and encrypted messaging apps—for official business. Drawing from notable examples across multiple administrations, from Bush-era email scandals and Obama's private server controversy to recent messaging app incidents under Trump, I highlight the systemic nature of these vulnerabilities. My analysis emphasizes that this issue is not partisan but reflects enduring gaps in cybersecurity practices and awareness.</p><p>I also discuss the underlying causes of this ongoing challenge and provide actionable recommendations from a cybersecurity professional’s perspective. These recommendations include targeted cybersecurity training, improved communication infrastructure, strict enforcement of security protocols, and a necessary shift in organizational culture to prioritize secure communication. Join me as we move beyond politics and address how government agencies can better protect sensitive national security information in an increasingly digital and interconnected world.</p>]]>
      </content:encoded>
      <pubDate>Tue, 22 Apr 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5f22b64c/ed7d3549.mp3" length="27256145" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/YBM7eTdi-Rgw18GZ3tTz5kKqteSQ-0g9GmcJbqy_aVQ/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9mMGVh/MWEzODdjMmFlMDQ4/MWQxODM1YTg3NGUw/MTNjYi5wbmc.jpg"/>
      <itunes:duration>1702</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this podcast episode, I explore the persistent cybersecurity issue involving U.S. government officials using personal communication methods—like private emails and encrypted messaging apps—for official business. Drawing from notable examples across multiple administrations, from Bush-era email scandals and Obama's private server controversy to recent messaging app incidents under Trump, I highlight the systemic nature of these vulnerabilities. My analysis emphasizes that this issue is not partisan but reflects enduring gaps in cybersecurity practices and awareness.</p><p>I also discuss the underlying causes of this ongoing challenge and provide actionable recommendations from a cybersecurity professional’s perspective. These recommendations include targeted cybersecurity training, improved communication infrastructure, strict enforcement of security protocols, and a necessary shift in organizational culture to prioritize secure communication. Join me as we move beyond politics and address how government agencies can better protect sensitive national security information in an increasingly digital and interconnected world.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5f22b64c/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Cyber Illusions: How Security Teams Trick and Track Attackers</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>15</itunes:episode>
      <podcast:episode>15</podcast:episode>
      <itunes:title>Cyber Illusions: How Security Teams Trick and Track Attackers</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">98b72206-15e2-4ee0-a494-b4816515d62e</guid>
      <link>https://share.transistor.fm/s/ac28cbbf</link>
      <description>
        <![CDATA[<p>In this episode, I dive into the fascinating world of cyber deception—where security teams use honeypots, honeytokens, and other digital traps to lure and track attackers. Instead of simply reacting to threats, deception shifts the balance, forcing cybercriminals to navigate a battlefield filled with fake credentials, decoy files, and misleading network services. I break down how these techniques work, why they’re so effective, and how they integrate with modern security strategies like zero-trust and threat intelligence. Whether it’s a research honeypot designed to study adversaries or an AI-powered deception system that adapts in real time, deception technologies are changing the way we defend against cyber threats.</p><p> </p><p>Throughout the episode, I also discuss the real challenges of deploying deception, from maintaining realism to ensuring attackers don’t exploit decoys for their own gain. I cover practical ways to integrate deception with existing security tools, measure its effectiveness, and avoid legal or ethical pitfalls. As cyber threats grow more sophisticated, deception gives defenders the ability to mislead, monitor, and disrupt adversaries before they reach critical systems. Tune in to learn how deception technology isn’t just about fooling hackers—it’s about taking control of the battlefield.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, I dive into the fascinating world of cyber deception—where security teams use honeypots, honeytokens, and other digital traps to lure and track attackers. Instead of simply reacting to threats, deception shifts the balance, forcing cybercriminals to navigate a battlefield filled with fake credentials, decoy files, and misleading network services. I break down how these techniques work, why they’re so effective, and how they integrate with modern security strategies like zero-trust and threat intelligence. Whether it’s a research honeypot designed to study adversaries or an AI-powered deception system that adapts in real time, deception technologies are changing the way we defend against cyber threats.</p><p> </p><p>Throughout the episode, I also discuss the real challenges of deploying deception, from maintaining realism to ensuring attackers don’t exploit decoys for their own gain. I cover practical ways to integrate deception with existing security tools, measure its effectiveness, and avoid legal or ethical pitfalls. As cyber threats grow more sophisticated, deception gives defenders the ability to mislead, monitor, and disrupt adversaries before they reach critical systems. Tune in to learn how deception technology isn’t just about fooling hackers—it’s about taking control of the battlefield.</p>]]>
      </content:encoded>
      <pubDate>Wed, 16 Apr 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ac28cbbf/dfa03401.mp3" length="16448811" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/aRsFbLGIBzEjNfcs1wj-JSopruKmWunIKsPq-itVOoI/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9kNjJk/ZmE3OGQ3ZGE5ODE5/MmM5NmZiMWJhYWNj/MjczYi5wbmc.jpg"/>
      <itunes:duration>1023</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, I dive into the fascinating world of cyber deception—where security teams use honeypots, honeytokens, and other digital traps to lure and track attackers. Instead of simply reacting to threats, deception shifts the balance, forcing cybercriminals to navigate a battlefield filled with fake credentials, decoy files, and misleading network services. I break down how these techniques work, why they’re so effective, and how they integrate with modern security strategies like zero-trust and threat intelligence. Whether it’s a research honeypot designed to study adversaries or an AI-powered deception system that adapts in real time, deception technologies are changing the way we defend against cyber threats.</p><p> </p><p>Throughout the episode, I also discuss the real challenges of deploying deception, from maintaining realism to ensuring attackers don’t exploit decoys for their own gain. I cover practical ways to integrate deception with existing security tools, measure its effectiveness, and avoid legal or ethical pitfalls. As cyber threats grow more sophisticated, deception gives defenders the ability to mislead, monitor, and disrupt adversaries before they reach critical systems. Tune in to learn how deception technology isn’t just about fooling hackers—it’s about taking control of the battlefield.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ac28cbbf/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>The Cybersecurity Storm: 5G, IoT, and the Next Wave of Attacks</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>14</itunes:episode>
      <podcast:episode>14</podcast:episode>
      <itunes:title>The Cybersecurity Storm: 5G, IoT, and the Next Wave of Attacks</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">f5647e84-48b9-49d1-9b83-11230e02248b</guid>
      <link>https://share.transistor.fm/s/a4de781d</link>
      <description>
        <![CDATA[<p>In this podcast episode, I take a deep dive into the evolving cybersecurity threats brought on by the rapid expansion of five gee and Eye oh tee. With billions of connected devices and ultra-fast network speeds, cyber risks are escalating at an unprecedented pace. I break down critical vulnerabilities, including network slicing exploits, Eye oh tee botnets, and man-in-the-middle attacks, highlighting how attackers are leveraging these technologies to gain new footholds. From unsecured Eye oh tee devices to quantum-era encryption threats, this episode unpacks the risks that organizations and individuals need to prepare for now.</p><p>Beyond the threats, I also explore key strategies for securing five gee and Eye oh tee infrastructures, from AI-driven threat detection to global cybersecurity collaboration. You’ll hear about how organizations can strengthen authentication, harden network defenses, and adapt security measures to keep up with evolving attack techniques. Whether you’re a cybersecurity professional, a business leader, or just interested in the future of digital security, this episode provides critical insights into protecting the hyperconnected world we live in.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this podcast episode, I take a deep dive into the evolving cybersecurity threats brought on by the rapid expansion of five gee and Eye oh tee. With billions of connected devices and ultra-fast network speeds, cyber risks are escalating at an unprecedented pace. I break down critical vulnerabilities, including network slicing exploits, Eye oh tee botnets, and man-in-the-middle attacks, highlighting how attackers are leveraging these technologies to gain new footholds. From unsecured Eye oh tee devices to quantum-era encryption threats, this episode unpacks the risks that organizations and individuals need to prepare for now.</p><p>Beyond the threats, I also explore key strategies for securing five gee and Eye oh tee infrastructures, from AI-driven threat detection to global cybersecurity collaboration. You’ll hear about how organizations can strengthen authentication, harden network defenses, and adapt security measures to keep up with evolving attack techniques. Whether you’re a cybersecurity professional, a business leader, or just interested in the future of digital security, this episode provides critical insights into protecting the hyperconnected world we live in.</p>]]>
      </content:encoded>
      <pubDate>Wed, 09 Apr 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/a4de781d/3cb93fb9.mp3" length="21991264" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/Ifpgb6CqR_zzlY79eInp-Rie1yA3P84K8jfYdeHgVfM/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS80ZTgz/YWVlY2VkZTQwZDAz/NTZiMDg2YmQyZGRm/MjFmOS5wbmc.jpg"/>
      <itunes:duration>1371</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this podcast episode, I take a deep dive into the evolving cybersecurity threats brought on by the rapid expansion of five gee and Eye oh tee. With billions of connected devices and ultra-fast network speeds, cyber risks are escalating at an unprecedented pace. I break down critical vulnerabilities, including network slicing exploits, Eye oh tee botnets, and man-in-the-middle attacks, highlighting how attackers are leveraging these technologies to gain new footholds. From unsecured Eye oh tee devices to quantum-era encryption threats, this episode unpacks the risks that organizations and individuals need to prepare for now.</p><p>Beyond the threats, I also explore key strategies for securing five gee and Eye oh tee infrastructures, from AI-driven threat detection to global cybersecurity collaboration. You’ll hear about how organizations can strengthen authentication, harden network defenses, and adapt security measures to keep up with evolving attack techniques. Whether you’re a cybersecurity professional, a business leader, or just interested in the future of digital security, this episode provides critical insights into protecting the hyperconnected world we live in.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/a4de781d/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Ransomware Warfare: Advanced Tactics for Ransomware Response</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>13</itunes:episode>
      <podcast:episode>13</podcast:episode>
      <itunes:title>Ransomware Warfare: Advanced Tactics for Ransomware Response</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">de757545-6888-4cdf-a8b8-33f33a578aaa</guid>
      <link>https://share.transistor.fm/s/8577eb6d</link>
      <description>
        <![CDATA[<p>In this episode of <em>BareMetalCyber</em>, we dive into the evolving world of ransomware—breaking down how these attacks have transformed from simple lock-and-pay schemes into sophisticated, organized operations. I’ll walk you through the latest tactics used by ransomware groups, including double extortion, ransomware-as-a-service (RaaS), and highly targeted attacks that cripple businesses. You’ll also learn about the most common attack vectors—phishing, unpatched vulnerabilities, and remote access exploits—so you can better understand where your defenses need to be strongest.</p><p>But understanding the threat is just the beginning. This episode also covers the critical steps for responding to a ransomware incident, from containment and forensic analysis to negotiation strategies and legal considerations. I’ll explore whether paying the ransom is ever the right choice, how to engage law enforcement, and what it takes to rebuild securely after an attack. Whether you’re looking to strengthen your ransomware defenses or improve your response strategy, this episode delivers practical, real-world insights to help you stay ahead of the threats. Tune in now!</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of <em>BareMetalCyber</em>, we dive into the evolving world of ransomware—breaking down how these attacks have transformed from simple lock-and-pay schemes into sophisticated, organized operations. I’ll walk you through the latest tactics used by ransomware groups, including double extortion, ransomware-as-a-service (RaaS), and highly targeted attacks that cripple businesses. You’ll also learn about the most common attack vectors—phishing, unpatched vulnerabilities, and remote access exploits—so you can better understand where your defenses need to be strongest.</p><p>But understanding the threat is just the beginning. This episode also covers the critical steps for responding to a ransomware incident, from containment and forensic analysis to negotiation strategies and legal considerations. I’ll explore whether paying the ransom is ever the right choice, how to engage law enforcement, and what it takes to rebuild securely after an attack. Whether you’re looking to strengthen your ransomware defenses or improve your response strategy, this episode delivers practical, real-world insights to help you stay ahead of the threats. Tune in now!</p>]]>
      </content:encoded>
      <pubDate>Wed, 02 Apr 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/8577eb6d/339b2640.mp3" length="20866121" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/FUnjee1u-2VltzPyK6BKwDwqDSKyUXOHYAWjax799lA/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8xMTlh/M2MxZGQ5N2E1MWNm/YWRkMDk5ODg3NzAx/ZjEyMi5wbmc.jpg"/>
      <itunes:duration>1301</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode of <em>BareMetalCyber</em>, we dive into the evolving world of ransomware—breaking down how these attacks have transformed from simple lock-and-pay schemes into sophisticated, organized operations. I’ll walk you through the latest tactics used by ransomware groups, including double extortion, ransomware-as-a-service (RaaS), and highly targeted attacks that cripple businesses. You’ll also learn about the most common attack vectors—phishing, unpatched vulnerabilities, and remote access exploits—so you can better understand where your defenses need to be strongest.</p><p>But understanding the threat is just the beginning. This episode also covers the critical steps for responding to a ransomware incident, from containment and forensic analysis to negotiation strategies and legal considerations. I’ll explore whether paying the ransom is ever the right choice, how to engage law enforcement, and what it takes to rebuild securely after an attack. Whether you’re looking to strengthen your ransomware defenses or improve your response strategy, this episode delivers practical, real-world insights to help you stay ahead of the threats. Tune in now!</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/8577eb6d/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Beyond Perimeters: Mastering Zero Trust</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>12</itunes:episode>
      <podcast:episode>12</podcast:episode>
      <itunes:title>Beyond Perimeters: Mastering Zero Trust</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5937df84-16c3-4e07-b29a-0c78bf15a7b7</guid>
      <link>https://share.transistor.fm/s/1bd160d5</link>
      <description>
        <![CDATA[<p>In this podcast episode, I take a deep dive into Zero Trust Architecture, breaking down why the traditional security perimeter is no longer enough and how organizations can adopt a more resilient, identity-driven defense. From the core principles of "never trust, always verify" to real-world implementation strategies, I cover the essential components of securing identities, networks, and endpoints. You'll hear how continuous authentication, least privilege enforcement, and micro-segmentation work together to limit an attacker's ability to move laterally and exploit vulnerabilities.</p><p>Whether you're new to Zero Trust or refining your approach, this episode provides a clear, no-nonsense guide to getting it right. I discuss the challenges organizations face, the best practices for implementation, and the tools that can make the process smoother. If you want to understand how Zero Trust works in practice and why it’s a must-have for modern cybersecurity, this episode is for you.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this podcast episode, I take a deep dive into Zero Trust Architecture, breaking down why the traditional security perimeter is no longer enough and how organizations can adopt a more resilient, identity-driven defense. From the core principles of "never trust, always verify" to real-world implementation strategies, I cover the essential components of securing identities, networks, and endpoints. You'll hear how continuous authentication, least privilege enforcement, and micro-segmentation work together to limit an attacker's ability to move laterally and exploit vulnerabilities.</p><p>Whether you're new to Zero Trust or refining your approach, this episode provides a clear, no-nonsense guide to getting it right. I discuss the challenges organizations face, the best practices for implementation, and the tools that can make the process smoother. If you want to understand how Zero Trust works in practice and why it’s a must-have for modern cybersecurity, this episode is for you.</p>]]>
      </content:encoded>
      <pubDate>Wed, 26 Mar 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1bd160d5/419f9475.mp3" length="19305666" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/2hqRt-TKWEADk3KbBnB7bIm25ZNPYKu9cx30tt67SJk/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS84OTMz/OTQ5YmJhODVhMDc4/Y2VkMTRjZTgxMTk1/OWJhOS5wbmc.jpg"/>
      <itunes:duration>1201</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this podcast episode, I take a deep dive into Zero Trust Architecture, breaking down why the traditional security perimeter is no longer enough and how organizations can adopt a more resilient, identity-driven defense. From the core principles of "never trust, always verify" to real-world implementation strategies, I cover the essential components of securing identities, networks, and endpoints. You'll hear how continuous authentication, least privilege enforcement, and micro-segmentation work together to limit an attacker's ability to move laterally and exploit vulnerabilities.</p><p>Whether you're new to Zero Trust or refining your approach, this episode provides a clear, no-nonsense guide to getting it right. I discuss the challenges organizations face, the best practices for implementation, and the tools that can make the process smoother. If you want to understand how Zero Trust works in practice and why it’s a must-have for modern cybersecurity, this episode is for you.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1bd160d5/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Hacked by a Human: The Future of Social Engineering and Phishing</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>11</itunes:episode>
      <podcast:episode>11</podcast:episode>
      <itunes:title>Hacked by a Human: The Future of Social Engineering and Phishing</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">16b0ba05-18d1-48dc-9d42-48ab552d14fa</guid>
      <link>https://share.transistor.fm/s/6b67fce1</link>
      <description>
        <![CDATA[<p>In this episode, <em>Hacked by a Human: The Future of Social Engineering and Phishing</em>, breaking down how cybercriminals are evolving their tactics to manipulate people with unprecedented precision. Social engineering is no longer just about phishing emails—it’s AI-driven, deeply personalized, and spans multiple platforms. Attackers are using deepfakes, real-time adaptive AI, and multi-channel deception to target individuals and businesses alike. From CEO fraud using voice-cloned phone calls to social media-driven reconnaissance, I explore how these next-generation scams work and why they’re so effective.</p><p>You’ll hear about the key techniques used in these attacks, including AI-powered hyper-personalization, deepfake video conferencing scams, and hybrid approaches that blend digital and real-world deception. I also cover practical defense strategies, from awareness training and zero-trust security models to AI-driven threat detection tools. Whether you’re in cybersecurity or just looking to protect yourself from manipulation tactics, this episode will help you stay ahead of the threats designed to hack human trust. Tune in and arm yourself with knowledge.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, <em>Hacked by a Human: The Future of Social Engineering and Phishing</em>, breaking down how cybercriminals are evolving their tactics to manipulate people with unprecedented precision. Social engineering is no longer just about phishing emails—it’s AI-driven, deeply personalized, and spans multiple platforms. Attackers are using deepfakes, real-time adaptive AI, and multi-channel deception to target individuals and businesses alike. From CEO fraud using voice-cloned phone calls to social media-driven reconnaissance, I explore how these next-generation scams work and why they’re so effective.</p><p>You’ll hear about the key techniques used in these attacks, including AI-powered hyper-personalization, deepfake video conferencing scams, and hybrid approaches that blend digital and real-world deception. I also cover practical defense strategies, from awareness training and zero-trust security models to AI-driven threat detection tools. Whether you’re in cybersecurity or just looking to protect yourself from manipulation tactics, this episode will help you stay ahead of the threats designed to hack human trust. Tune in and arm yourself with knowledge.</p>]]>
      </content:encoded>
      <pubDate>Wed, 19 Mar 2025 11:20:18 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6b67fce1/1fca12c6.mp3" length="21700301" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/Vc7IduYZm3A3aJrZruBWgFtKsZV9lgpvaH4oWiQgs28/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS83Y2Zh/ODY4NDg5YWU1YmNl/NjUwNGRmMjI1Mjg5/Y2QxZS5wbmc.jpg"/>
      <itunes:duration>1350</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, <em>Hacked by a Human: The Future of Social Engineering and Phishing</em>, breaking down how cybercriminals are evolving their tactics to manipulate people with unprecedented precision. Social engineering is no longer just about phishing emails—it’s AI-driven, deeply personalized, and spans multiple platforms. Attackers are using deepfakes, real-time adaptive AI, and multi-channel deception to target individuals and businesses alike. From CEO fraud using voice-cloned phone calls to social media-driven reconnaissance, I explore how these next-generation scams work and why they’re so effective.</p><p>You’ll hear about the key techniques used in these attacks, including AI-powered hyper-personalization, deepfake video conferencing scams, and hybrid approaches that blend digital and real-world deception. I also cover practical defense strategies, from awareness training and zero-trust security models to AI-driven threat detection tools. Whether you’re in cybersecurity or just looking to protect yourself from manipulation tactics, this episode will help you stay ahead of the threats designed to hack human trust. Tune in and arm yourself with knowledge.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6b67fce1/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Deconstructing Malware: A Deep Dive into Advanced Threat Analysis</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>10</itunes:episode>
      <podcast:episode>10</podcast:episode>
      <itunes:title>Deconstructing Malware: A Deep Dive into Advanced Threat Analysis</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">9338cb87-6718-4b94-8998-4cc5cb9fb577</guid>
      <link>https://share.transistor.fm/s/2d966ce5</link>
      <description>
        <![CDATA[<p>Malware is the backbone of modern cyber threats, evolving rapidly to outsmart security defenses and infiltrate systems undetected. In this episode of <em>Bare Metal Cyber</em>, we take a deep dive into advanced malware analysis, exploring the techniques used to dissect malicious code, uncover obfuscation tactics, and understand how attackers evade detection. From reverse engineering malware with tools like IDA Pro and Ghidra to analyzing sandbox evasion techniques, this episode breaks down the critical skills every cybersecurity professional needs to stay ahead of adversaries.</p><p>Beyond technical analysis, we also discuss the importance of securing your research environment, automating threat detection with YARA rules, and leveraging machine learning in malware analysis. Whether you're a seasoned security expert or just starting your journey in cyber defense, this episode offers valuable insights into how to detect, analyze, and defend against sophisticated digital threats. Tune in now at <a href="https://podcast.baremetalcyber.com">podcast.baremetalcyber.com</a> or visit <a href="https://Jason-Edwards.me">Jason-Edwards.me</a> for even more cybersecurity content!</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Malware is the backbone of modern cyber threats, evolving rapidly to outsmart security defenses and infiltrate systems undetected. In this episode of <em>Bare Metal Cyber</em>, we take a deep dive into advanced malware analysis, exploring the techniques used to dissect malicious code, uncover obfuscation tactics, and understand how attackers evade detection. From reverse engineering malware with tools like IDA Pro and Ghidra to analyzing sandbox evasion techniques, this episode breaks down the critical skills every cybersecurity professional needs to stay ahead of adversaries.</p><p>Beyond technical analysis, we also discuss the importance of securing your research environment, automating threat detection with YARA rules, and leveraging machine learning in malware analysis. Whether you're a seasoned security expert or just starting your journey in cyber defense, this episode offers valuable insights into how to detect, analyze, and defend against sophisticated digital threats. Tune in now at <a href="https://podcast.baremetalcyber.com">podcast.baremetalcyber.com</a> or visit <a href="https://Jason-Edwards.me">Jason-Edwards.me</a> for even more cybersecurity content!</p>]]>
      </content:encoded>
      <pubDate>Wed, 12 Mar 2025 04:00:00 -0500</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2d966ce5/939ce013.mp3" length="21708720" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/OBLuSXDE5uZNTgoNHmsQusvKNGbeyOB_qg0gD3-c1PY/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9hYjRj/MjhiYjc5NjNlZmIw/ZmE4Y2Y5NjQ0Yzhj/NmVkOC5wbmc.jpg"/>
      <itunes:duration>1354</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Malware is the backbone of modern cyber threats, evolving rapidly to outsmart security defenses and infiltrate systems undetected. In this episode of <em>Bare Metal Cyber</em>, we take a deep dive into advanced malware analysis, exploring the techniques used to dissect malicious code, uncover obfuscation tactics, and understand how attackers evade detection. From reverse engineering malware with tools like IDA Pro and Ghidra to analyzing sandbox evasion techniques, this episode breaks down the critical skills every cybersecurity professional needs to stay ahead of adversaries.</p><p>Beyond technical analysis, we also discuss the importance of securing your research environment, automating threat detection with YARA rules, and leveraging machine learning in malware analysis. Whether you're a seasoned security expert or just starting your journey in cyber defense, this episode offers valuable insights into how to detect, analyze, and defend against sophisticated digital threats. Tune in now at <a href="https://podcast.baremetalcyber.com">podcast.baremetalcyber.com</a> or visit <a href="https://Jason-Edwards.me">Jason-Edwards.me</a> for even more cybersecurity content!</p>]]>
      </itunes:summary>
      <itunes:keywords>MalwareAnalysis, Cybersecurity, ReverseEngineering, ThreatIntelligence, CyberThreats, DigitalForensics, CyberDefense, MalwareResearch, SecurityOperations, EthicalHacking, CyberAttack, ThreatHunting, InfoSec, AdvancedThreats, Obfuscation, Ransomware, OSINT, NetworkSecurity, CyberCrime, SecurityOps</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2d966ce5/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Dark Web Intelligence</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>9</itunes:episode>
      <podcast:episode>9</podcast:episode>
      <itunes:title>Dark Web Intelligence</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">17ad4308-63cf-4901-99cb-b1063e1db31c</guid>
      <link>https://share.transistor.fm/s/77cef10f</link>
      <description>
        <![CDATA[<p>The dark web isn’t just a hidden corner of the internet—it’s a thriving underground economy where cybercriminals buy and sell stolen data, hacking tools, and access to compromised systems. In this episode, we take a deep dive into the shadowy world of dark web intelligence, exploring how security professionals monitor these spaces to track emerging threats. From illicit marketplaces fueling ransomware operations to hacker forums where cybercriminals exchange tactics, understanding this hidden network is essential for staying ahead of digital threats.</p><p>We’ll break down how dark web monitoring works, the challenges of gathering reliable threat intelligence, and why proactive security teams leverage this data to prevent breaches before they happen. Whether you're an IT professional, cybersecurity enthusiast, or just curious about how cybercrime operates in the digital underground, this episode is packed with insights you won’t want to miss. Tune in now at <a href="https://podcast.baremetalcyber.com">podcast.baremetalcyber.com</a> or visit <a href="https://Jason-Edwards.me">Jason-Edwards.me</a> for more cybersecurity content!</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>The dark web isn’t just a hidden corner of the internet—it’s a thriving underground economy where cybercriminals buy and sell stolen data, hacking tools, and access to compromised systems. In this episode, we take a deep dive into the shadowy world of dark web intelligence, exploring how security professionals monitor these spaces to track emerging threats. From illicit marketplaces fueling ransomware operations to hacker forums where cybercriminals exchange tactics, understanding this hidden network is essential for staying ahead of digital threats.</p><p>We’ll break down how dark web monitoring works, the challenges of gathering reliable threat intelligence, and why proactive security teams leverage this data to prevent breaches before they happen. Whether you're an IT professional, cybersecurity enthusiast, or just curious about how cybercrime operates in the digital underground, this episode is packed with insights you won’t want to miss. Tune in now at <a href="https://podcast.baremetalcyber.com">podcast.baremetalcyber.com</a> or visit <a href="https://Jason-Edwards.me">Jason-Edwards.me</a> for more cybersecurity content!</p>]]>
      </content:encoded>
      <pubDate>Wed, 05 Mar 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/77cef10f/ed7c67c9.mp3" length="17671107" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/7CpD7nLpRU6WZfEB7fVWt0zD7GEhm01PnXF43ceboHs/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9iZGY4/MzgwYWQ5MzI0YjE3/ZGFhZDQ2NmU4MzVk/ODA3MS5wbmc.jpg"/>
      <itunes:duration>1101</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>The dark web isn’t just a hidden corner of the internet—it’s a thriving underground economy where cybercriminals buy and sell stolen data, hacking tools, and access to compromised systems. In this episode, we take a deep dive into the shadowy world of dark web intelligence, exploring how security professionals monitor these spaces to track emerging threats. From illicit marketplaces fueling ransomware operations to hacker forums where cybercriminals exchange tactics, understanding this hidden network is essential for staying ahead of digital threats.</p><p>We’ll break down how dark web monitoring works, the challenges of gathering reliable threat intelligence, and why proactive security teams leverage this data to prevent breaches before they happen. Whether you're an IT professional, cybersecurity enthusiast, or just curious about how cybercrime operates in the digital underground, this episode is packed with insights you won’t want to miss. Tune in now at <a href="https://podcast.baremetalcyber.com">podcast.baremetalcyber.com</a> or visit <a href="https://Jason-Edwards.me">Jason-Edwards.me</a> for more cybersecurity content!</p>]]>
      </itunes:summary>
      <itunes:keywords>CyberSecurity, DarkWeb, ThreatIntelligence, CyberThreats, HackerForums, DataBreach, DigitalForensics, InfoSec, Ransomware, EthicalHacking, OSINT, CyberDefense, CyberCrime, SecurityOps, CyberAwareness</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/77cef10f/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Bulletproof the Cloud: Building Systems That Survive Outages and Attacks</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>8</itunes:episode>
      <podcast:episode>8</podcast:episode>
      <itunes:title>Bulletproof the Cloud: Building Systems That Survive Outages and Attacks</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c00aadb5-86aa-4c8a-a1c7-17c49a7046d1</guid>
      <link>https://share.transistor.fm/s/60536dc5</link>
      <description>
        <![CDATA[<p>In this gripping episode of <em>Bulletproof the Cloud</em>, Dr. Jason Edwards, a cybersecurity veteran and cloud resilience expert, takes listeners on a journey into the heart of modern digital infrastructure. As businesses lean harder than ever on cloud computing, the stakes for keeping systems online—through outages, cyberattacks, or unpredictable disruptions—have never been higher. Drawing from his extensive chapter, "Bulletproof the Cloud: Building Systems That Survive Outages and Attacks," Edwards unpacks why resilience is the unsung hero of cloud architecture. He dives into the nuts and bolts of designing systems that don’t just limp through failure but bounce back fast, protecting data, maintaining trust, and keeping operations humming. From fault tolerance and redundancy to the magic of rapid recovery, this episode is a masterclass in turning chaos into opportunity. Tune in to discover how high availability, scalability, and proactive strategies can shield your cloud from the inevitable storms of the digital age—available now at <em>podcast.baremetalcyber.com</em> or <em>Jason-Edwards.me</em>.</p><p><br></p><p>The conversation doesn’t stop at theory—Edwards gets practical, exploring multi-cloud and hybrid cloud strategies that dodge vendor lock-in and supercharge disaster recovery. Curious how AI is rewriting the resilience playbook? He’s got you covered, breaking down how machine learning predicts failures before they strike and how edge computing keeps critical operations alive when the central cloud falters. Listeners will also get a front-row seat to the future of cloud security, from quantum-proofing against tomorrow’s threats to zero-trust architectures that lock down every access point. Whether you’re an IT pro, a business leader, or just cloud-curious, this episode delivers actionable insights to build systems that don’t just survive but thrive under pressure. Head to <em>Jason-Edwards.me</em> for more multimedia content, and don’t miss this deep dive into making your cloud bulletproof—because in a world where outages don’t send warnings, preparation is everything.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this gripping episode of <em>Bulletproof the Cloud</em>, Dr. Jason Edwards, a cybersecurity veteran and cloud resilience expert, takes listeners on a journey into the heart of modern digital infrastructure. As businesses lean harder than ever on cloud computing, the stakes for keeping systems online—through outages, cyberattacks, or unpredictable disruptions—have never been higher. Drawing from his extensive chapter, "Bulletproof the Cloud: Building Systems That Survive Outages and Attacks," Edwards unpacks why resilience is the unsung hero of cloud architecture. He dives into the nuts and bolts of designing systems that don’t just limp through failure but bounce back fast, protecting data, maintaining trust, and keeping operations humming. From fault tolerance and redundancy to the magic of rapid recovery, this episode is a masterclass in turning chaos into opportunity. Tune in to discover how high availability, scalability, and proactive strategies can shield your cloud from the inevitable storms of the digital age—available now at <em>podcast.baremetalcyber.com</em> or <em>Jason-Edwards.me</em>.</p><p><br></p><p>The conversation doesn’t stop at theory—Edwards gets practical, exploring multi-cloud and hybrid cloud strategies that dodge vendor lock-in and supercharge disaster recovery. Curious how AI is rewriting the resilience playbook? He’s got you covered, breaking down how machine learning predicts failures before they strike and how edge computing keeps critical operations alive when the central cloud falters. Listeners will also get a front-row seat to the future of cloud security, from quantum-proofing against tomorrow’s threats to zero-trust architectures that lock down every access point. Whether you’re an IT pro, a business leader, or just cloud-curious, this episode delivers actionable insights to build systems that don’t just survive but thrive under pressure. Head to <em>Jason-Edwards.me</em> for more multimedia content, and don’t miss this deep dive into making your cloud bulletproof—because in a world where outages don’t send warnings, preparation is everything.</p>]]>
      </content:encoded>
      <pubDate>Wed, 26 Feb 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/60536dc5/539e8842.mp3" length="20857422" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/HJSUSqV-qDNn9mftrAwdU9F3xGjE22-HOg0cHerTf2E/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81NmNk/NzAyMzM5YzgyN2Rj/MmJhYTBiY2I5NWQ1/ZjczYy5wbmc.jpg"/>
      <itunes:duration>1301</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this gripping episode of <em>Bulletproof the Cloud</em>, Dr. Jason Edwards, a cybersecurity veteran and cloud resilience expert, takes listeners on a journey into the heart of modern digital infrastructure. As businesses lean harder than ever on cloud computing, the stakes for keeping systems online—through outages, cyberattacks, or unpredictable disruptions—have never been higher. Drawing from his extensive chapter, "Bulletproof the Cloud: Building Systems That Survive Outages and Attacks," Edwards unpacks why resilience is the unsung hero of cloud architecture. He dives into the nuts and bolts of designing systems that don’t just limp through failure but bounce back fast, protecting data, maintaining trust, and keeping operations humming. From fault tolerance and redundancy to the magic of rapid recovery, this episode is a masterclass in turning chaos into opportunity. Tune in to discover how high availability, scalability, and proactive strategies can shield your cloud from the inevitable storms of the digital age—available now at <em>podcast.baremetalcyber.com</em> or <em>Jason-Edwards.me</em>.</p><p><br></p><p>The conversation doesn’t stop at theory—Edwards gets practical, exploring multi-cloud and hybrid cloud strategies that dodge vendor lock-in and supercharge disaster recovery. Curious how AI is rewriting the resilience playbook? He’s got you covered, breaking down how machine learning predicts failures before they strike and how edge computing keeps critical operations alive when the central cloud falters. Listeners will also get a front-row seat to the future of cloud security, from quantum-proofing against tomorrow’s threats to zero-trust architectures that lock down every access point. Whether you’re an IT pro, a business leader, or just cloud-curious, this episode delivers actionable insights to build systems that don’t just survive but thrive under pressure. Head to <em>Jason-Edwards.me</em> for more multimedia content, and don’t miss this deep dive into making your cloud bulletproof—because in a world where outages don’t send warnings, preparation is everything.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/60536dc5/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>AI in Cybersecurity (Part 2): Offense</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>7</itunes:episode>
      <podcast:episode>7</podcast:episode>
      <itunes:title>AI in Cybersecurity (Part 2): Offense</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a646d630-7e75-4e59-b738-9e51f9ff92c5</guid>
      <link>https://share.transistor.fm/s/bd8cc74b</link>
      <description>
        <![CDATA[<p>AI is no longer just a tool for cyber defense—it has become a powerful weapon for attackers, automating and scaling threats in ways we’ve never seen before. In this episode, I break down how offensive AI is reshaping cyber warfare, from deepfake-powered social engineering to AI-driven phishing campaigns that adapt in real time. We explore the rise of autonomous malware, where AI enables threats to evolve, evade detection, and spread with minimal human intervention. Attackers are also using AI to manipulate search engines, generate disinformation, and conduct large-scale cyber deception campaigns that erode trust in digital content.</p><p>As AI continues to drive cyber threats, defensive strategies must evolve just as quickly. This episode unpacks how adversarial AI attacks target machine learning models, how attackers exploit supply chains using AI automation, and why traditional cybersecurity measures struggle to keep pace. We also discuss AI-powered evasion techniques that bypass anomaly detection and what organizations can do to defend against these threats. Whether you're a cybersecurity professional, an AI enthusiast, or just someone concerned about the future of digital security, this episode will give you a clear picture of the offensive AI landscape and what’s coming next.</p><p>Find out more at baremetalcyber.com</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>AI is no longer just a tool for cyber defense—it has become a powerful weapon for attackers, automating and scaling threats in ways we’ve never seen before. In this episode, I break down how offensive AI is reshaping cyber warfare, from deepfake-powered social engineering to AI-driven phishing campaigns that adapt in real time. We explore the rise of autonomous malware, where AI enables threats to evolve, evade detection, and spread with minimal human intervention. Attackers are also using AI to manipulate search engines, generate disinformation, and conduct large-scale cyber deception campaigns that erode trust in digital content.</p><p>As AI continues to drive cyber threats, defensive strategies must evolve just as quickly. This episode unpacks how adversarial AI attacks target machine learning models, how attackers exploit supply chains using AI automation, and why traditional cybersecurity measures struggle to keep pace. We also discuss AI-powered evasion techniques that bypass anomaly detection and what organizations can do to defend against these threats. Whether you're a cybersecurity professional, an AI enthusiast, or just someone concerned about the future of digital security, this episode will give you a clear picture of the offensive AI landscape and what’s coming next.</p><p>Find out more at baremetalcyber.com</p>]]>
      </content:encoded>
      <pubDate>Wed, 19 Feb 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/bd8cc74b/4b5baf04.mp3" length="23758431" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/8-1_Mm0Xbe4pe4mBbnhgK1dgB5_0IHIhILnbRZHuZeo/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yYjQ1/NDZlMTk0NmU4Yzhm/ZjAzY2ZmMTg0NGUx/M2Y5Yy5wbmc.jpg"/>
      <itunes:duration>1480</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>AI is no longer just a tool for cyber defense—it has become a powerful weapon for attackers, automating and scaling threats in ways we’ve never seen before. In this episode, I break down how offensive AI is reshaping cyber warfare, from deepfake-powered social engineering to AI-driven phishing campaigns that adapt in real time. We explore the rise of autonomous malware, where AI enables threats to evolve, evade detection, and spread with minimal human intervention. Attackers are also using AI to manipulate search engines, generate disinformation, and conduct large-scale cyber deception campaigns that erode trust in digital content.</p><p>As AI continues to drive cyber threats, defensive strategies must evolve just as quickly. This episode unpacks how adversarial AI attacks target machine learning models, how attackers exploit supply chains using AI automation, and why traditional cybersecurity measures struggle to keep pace. We also discuss AI-powered evasion techniques that bypass anomaly detection and what organizations can do to defend against these threats. Whether you're a cybersecurity professional, an AI enthusiast, or just someone concerned about the future of digital security, this episode will give you a clear picture of the offensive AI landscape and what’s coming next.</p><p>Find out more at baremetalcyber.com</p>]]>
      </itunes:summary>
      <itunes:keywords>AI, artificial intelligence, cybersecurity, cyber threats, cyber attacks, deepfake, social engineering, exploit development, disinformation, adversarial AI, machine learning, phishing, malware, ransomware, botnets, anomaly detection, threat intelligence, deception technology, ethical AI, cyber warfare</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/bd8cc74b/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>AI in Cybersecurity (Part 1): Defense</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>6</itunes:episode>
      <podcast:episode>6</podcast:episode>
      <itunes:title>AI in Cybersecurity (Part 1): Defense</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">56b07fea-eff7-4427-911b-21a7ec5c1e24</guid>
      <link>https://baremetalcyber.com/</link>
      <description>
        <![CDATA[<p>In this episode, I take a deep dive into how AI is transforming cybersecurity, from machine learning-driven anomaly detection to real-time automated threat hunting. I break down the ways AI enhances threat detection, reduces response times, and scales defenses for large environments, while also exploring the challenges security teams face—such as adversarial AI attacks and managing false positives. You’ll hear about the key machine learning models used in cyber defense, including supervised, unsupervised, and deep learning applications, and how they work together to identify known and unknown threats.</p><p>Beyond detection, I discuss how AI is reshaping incident response, security automation, and predictive analytics to stay ahead of attackers. Whether it's SOAR platforms orchestrating security workflows or AI-driven behavioral analytics pinpointing insider threats, this episode covers the cutting-edge tools making a difference. I also highlight the growing need for balancing automation with human oversight and the future trends that will define AI in cyber defense. If you’re looking for a clear and engaging breakdown of how AI is both a weapon and a shield in modern cybersecurity, this episode is for you.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode, I take a deep dive into how AI is transforming cybersecurity, from machine learning-driven anomaly detection to real-time automated threat hunting. I break down the ways AI enhances threat detection, reduces response times, and scales defenses for large environments, while also exploring the challenges security teams face—such as adversarial AI attacks and managing false positives. You’ll hear about the key machine learning models used in cyber defense, including supervised, unsupervised, and deep learning applications, and how they work together to identify known and unknown threats.</p><p>Beyond detection, I discuss how AI is reshaping incident response, security automation, and predictive analytics to stay ahead of attackers. Whether it's SOAR platforms orchestrating security workflows or AI-driven behavioral analytics pinpointing insider threats, this episode covers the cutting-edge tools making a difference. I also highlight the growing need for balancing automation with human oversight and the future trends that will define AI in cyber defense. If you’re looking for a clear and engaging breakdown of how AI is both a weapon and a shield in modern cybersecurity, this episode is for you.</p>]]>
      </content:encoded>
      <pubDate>Wed, 12 Feb 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/15e3a416/10fdae27.mp3" length="21085823" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/Pp0WQRw2A_HGX6QAovXziww2NQtoDTEF-JCZC-8WXRk/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82Njcw/MTY5MzI2ODIyMzhi/N2QxODU1NmJlZTg3/OTY4OC5wbmc.jpg"/>
      <itunes:duration>1313</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In this episode, I take a deep dive into how AI is transforming cybersecurity, from machine learning-driven anomaly detection to real-time automated threat hunting. I break down the ways AI enhances threat detection, reduces response times, and scales defenses for large environments, while also exploring the challenges security teams face—such as adversarial AI attacks and managing false positives. You’ll hear about the key machine learning models used in cyber defense, including supervised, unsupervised, and deep learning applications, and how they work together to identify known and unknown threats.</p><p>Beyond detection, I discuss how AI is reshaping incident response, security automation, and predictive analytics to stay ahead of attackers. Whether it's SOAR platforms orchestrating security workflows or AI-driven behavioral analytics pinpointing insider threats, this episode covers the cutting-edge tools making a difference. I also highlight the growing need for balancing automation with human oversight and the future trends that will define AI in cyber defense. If you’re looking for a clear and engaging breakdown of how AI is both a weapon and a shield in modern cybersecurity, this episode is for you.</p>]]>
      </itunes:summary>
      <itunes:keywords>#CyberSecurity, #ArtificialIntelligence, #ThreatDetection, #MachineLearning, #AIinCyber, #CyberThreats, #ThreatHunting, #CyberDefense, #AIandSecurity, #DataSecurity, #SOAR, #CyberResilience, #CloudSecurity, #SecurityAutomation, #AdversarialAI</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/15e3a416/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Advanced Persistent Threats (APT): There be Dragons</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>5</itunes:episode>
      <podcast:episode>5</podcast:episode>
      <itunes:title>Advanced Persistent Threats (APT): There be Dragons</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">3fc3f2fb-0e31-4723-bde3-89b82c1832b1</guid>
      <link>https://share.transistor.fm/s/725e262e</link>
      <description>
        <![CDATA[<p>Advanced Persistent Threats (APTs) aren’t your typical cyber threats—they are sophisticated, highly organized, and built for long-term infiltration. In this episode, I take you through the tactics, motivations, and real-world case studies of some of the most infamous APT operations, from Stuxnet’s cyber-physical sabotage to APT28’s election interference campaigns. These threats aren’t just about stealing data; they’re about espionage, disruption, and even the manipulation of global events. Whether backed by nation-states or financially motivated groups, APTs represent one of the greatest challenges in modern cybersecurity.</p><p>This episode breaks down how these threats operate, the techniques they use to remain undetected, and the lessons learned from past attacks. I’ll also dive into key strategies for defending against APTs, from proactive threat hunting to zero-trust architectures and global intelligence sharing. If you’re in cybersecurity, policy, or just want to understand how these digital threats shape the world, this episode is for you. Tune in and stay ahead of the game.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Advanced Persistent Threats (APTs) aren’t your typical cyber threats—they are sophisticated, highly organized, and built for long-term infiltration. In this episode, I take you through the tactics, motivations, and real-world case studies of some of the most infamous APT operations, from Stuxnet’s cyber-physical sabotage to APT28’s election interference campaigns. These threats aren’t just about stealing data; they’re about espionage, disruption, and even the manipulation of global events. Whether backed by nation-states or financially motivated groups, APTs represent one of the greatest challenges in modern cybersecurity.</p><p>This episode breaks down how these threats operate, the techniques they use to remain undetected, and the lessons learned from past attacks. I’ll also dive into key strategies for defending against APTs, from proactive threat hunting to zero-trust architectures and global intelligence sharing. If you’re in cybersecurity, policy, or just want to understand how these digital threats shape the world, this episode is for you. Tune in and stay ahead of the game.</p>]]>
      </content:encoded>
      <pubDate>Thu, 06 Feb 2025 03:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/725e262e/7eb09db0.mp3" length="28100680" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/R-aKiCXXFQ2YWYDfRJXYFnBEKBpbT9yQ6E6pAQVWRb8/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8zMjZk/M2JiOTIwODFkMGNl/NDdkNmNmNzQ2ODQ4/NTIyZi5wbmc.jpg"/>
      <itunes:duration>1751</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Advanced Persistent Threats (APTs) aren’t your typical cyber threats—they are sophisticated, highly organized, and built for long-term infiltration. In this episode, I take you through the tactics, motivations, and real-world case studies of some of the most infamous APT operations, from Stuxnet’s cyber-physical sabotage to APT28’s election interference campaigns. These threats aren’t just about stealing data; they’re about espionage, disruption, and even the manipulation of global events. Whether backed by nation-states or financially motivated groups, APTs represent one of the greatest challenges in modern cybersecurity.</p><p>This episode breaks down how these threats operate, the techniques they use to remain undetected, and the lessons learned from past attacks. I’ll also dive into key strategies for defending against APTs, from proactive threat hunting to zero-trust architectures and global intelligence sharing. If you’re in cybersecurity, policy, or just want to understand how these digital threats shape the world, this episode is for you. Tune in and stay ahead of the game.</p>]]>
      </itunes:summary>
      <itunes:keywords>apt, nation state, cybersecurity</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/725e262e/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Fortifying the Core: Building an Effective Insider Threat Program for Modern Organizations</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>4</itunes:episode>
      <podcast:episode>4</podcast:episode>
      <itunes:title>Fortifying the Core: Building an Effective Insider Threat Program for Modern Organizations</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">a03caacb-8bfc-4a2d-914d-1762c4f58a07</guid>
      <link>https://share.transistor.fm/s/9f761ac8</link>
      <description>
        <![CDATA[<p>Insider threats are one of the most underestimated challenges in cybersecurity. These threats arise from individuals within an organization—employees, contractors, or even trusted partners—who misuse their access, either intentionally or accidentally, to compromise systems, data, or operations. In this episode, we explore the complexities of insider threats, breaking down the different types, their motivations, and the challenges in detecting them. From malicious insiders seeking financial gain to negligent employees making costly mistakes, we’ll uncover why understanding the human element is just as important as implementing technical defenses.</p><p>Join us as we discuss the tools, techniques, and strategies organizations can use to avoid insider threats. We’ll dive into behavioral analytics, advanced monitoring solutions, and machine learning applications shaping the future of insider risk detection. Whether you’re a cybersecurity professional or just curious about how businesses protect themselves from within, this episode offers insights into building a resilient and proactive defense against one of today’s most dynamic security risks.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>Insider threats are one of the most underestimated challenges in cybersecurity. These threats arise from individuals within an organization—employees, contractors, or even trusted partners—who misuse their access, either intentionally or accidentally, to compromise systems, data, or operations. In this episode, we explore the complexities of insider threats, breaking down the different types, their motivations, and the challenges in detecting them. From malicious insiders seeking financial gain to negligent employees making costly mistakes, we’ll uncover why understanding the human element is just as important as implementing technical defenses.</p><p>Join us as we discuss the tools, techniques, and strategies organizations can use to avoid insider threats. We’ll dive into behavioral analytics, advanced monitoring solutions, and machine learning applications shaping the future of insider risk detection. Whether you’re a cybersecurity professional or just curious about how businesses protect themselves from within, this episode offers insights into building a resilient and proactive defense against one of today’s most dynamic security risks.</p>]]>
      </content:encoded>
      <pubDate>Thu, 30 Jan 2025 04:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/9f761ac8/6a1f1353.mp3" length="20104669" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/9mKeQRDgz3z4-KtC_nJIHHDbroqAO0zbc1piORIxvFE/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS80NTE4/ZGRlMTYzNjljOGQ2/YmQyMjU1ODFmZDdj/NzJhOS5wbmc.jpg"/>
      <itunes:duration>1252</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>Insider threats are one of the most underestimated challenges in cybersecurity. These threats arise from individuals within an organization—employees, contractors, or even trusted partners—who misuse their access, either intentionally or accidentally, to compromise systems, data, or operations. In this episode, we explore the complexities of insider threats, breaking down the different types, their motivations, and the challenges in detecting them. From malicious insiders seeking financial gain to negligent employees making costly mistakes, we’ll uncover why understanding the human element is just as important as implementing technical defenses.</p><p>Join us as we discuss the tools, techniques, and strategies organizations can use to avoid insider threats. We’ll dive into behavioral analytics, advanced monitoring solutions, and machine learning applications shaping the future of insider risk detection. Whether you’re a cybersecurity professional or just curious about how businesses protect themselves from within, this episode offers insights into building a resilient and proactive defense against one of today’s most dynamic security risks.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/9f761ac8/transcript.srt" type="application/x-subrip" rel="captions"/>
    </item>
    <item>
      <title>Cryptocurrency Security: Advanced exploits of blockchain, smart contracts, and crypto wallets</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>3</itunes:episode>
      <podcast:episode>3</podcast:episode>
      <itunes:title>Cryptocurrency Security: Advanced exploits of blockchain, smart contracts, and crypto wallets</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">baremetalcyber.podbean.com/3ab0e60a-d093-3c2c-91ff-93bfde5a35a9</guid>
      <link>https://share.transistor.fm/s/29d15059</link>
      <description>
        <![CDATA[<p>This episode explores the intricate world of smart contract exploits, detailing how vulnerabilities like reentrancy attacks, arithmetic bugs, front-running, and flawed protocol designs can lead to severe consequences. Listeners will learn the techniques attackers use to drain contract balances, manipulate token supplies, reorder transactions for personal gain, and exploit weak ownership transfer controls. The discussion highlights the underlying code-level pitfalls and underscores the importance of robust security measures to safeguard decentralized applications. This episode provides valuable insights for developers, cybersecurity professionals, and anyone interested in understanding the constantly evolving risks within blockchain ecosystems.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>This episode explores the intricate world of smart contract exploits, detailing how vulnerabilities like reentrancy attacks, arithmetic bugs, front-running, and flawed protocol designs can lead to severe consequences. Listeners will learn the techniques attackers use to drain contract balances, manipulate token supplies, reorder transactions for personal gain, and exploit weak ownership transfer controls. The discussion highlights the underlying code-level pitfalls and underscores the importance of robust security measures to safeguard decentralized applications. This episode provides valuable insights for developers, cybersecurity professionals, and anyone interested in understanding the constantly evolving risks within blockchain ecosystems.</p>]]>
      </content:encoded>
      <pubDate>Thu, 23 Jan 2025 05:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/29d15059/b14bd077.mp3" length="20418446" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/kfAOebVd5oDJEhg0sTIhZfefrUzM1ZYWfWxvGR7kBwY/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS80MmEx/MzJjMGM3MTY1YmQ0/YmRhZmM2NDA0NTdh/NTkwZC5wbmc.jpg"/>
      <itunes:duration>1271</itunes:duration>
      <itunes:summary>This episode explores the intricate world of smart contract exploits, detailing how vulnerabilities like reentrancy attacks, arithmetic bugs, front-running, and flawed protocol designs can lead to severe consequences. Listeners will learn the techniques attackers use to drain contract balances, manipulate token supplies, reorder transactions for personal gain, and exploit weak ownership transfer controls. The discussion highlights the underlying code-level pitfalls and underscores the importance of robust security measures to safeguard decentralized applications. This episode provides valuable insights for developers, cybersecurity professionals, and anyone interested in understanding the constantly evolving risks within blockchain ecosystems.</itunes:summary>
      <itunes:subtitle>This episode explores the intricate world of smart contract exploits, detailing how vulnerabilities like reentrancy attacks, arithmetic bugs, front-running, and flawed protocol designs can lead to severe consequences. Listeners will learn the techniques a</itunes:subtitle>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/29d15059/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>The Fundamentals of Cybersecurity</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>The Fundamentals of Cybersecurity</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">9d8a4946-ac62-4b1b-9406-495d08819f28</guid>
      <link>https://share.transistor.fm/s/b38f6fdd</link>
      <description>
        <![CDATA[<p>In this bonus episode of the <em>BareMetalCyber</em> podcast, I dive into cybersecurity fundamentals, exploring what it means to protect digital systems, networks, and data in today’s interconnected world. We’ll discuss the importance of cybersecurity for individuals, businesses, and governments, breaking down common threats like phishing, malware, and nation-state attacks, as well as the motivations behind them. You’ll also learn about the critical steps of cyber defense, including creating strong passwords, recognizing social engineering tactics, and keeping systems updated. Finally, we’ll explore the growing career opportunities in cybersecurity, pathways to enter the field, and the importance of continuous learning to stay ahead of emerging threats. Whether you're new to cybersecurity or looking to expand your knowledge, this episode offers practical insights to help you navigate the digital landscape securely.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this bonus episode of the <em>BareMetalCyber</em> podcast, I dive into cybersecurity fundamentals, exploring what it means to protect digital systems, networks, and data in today’s interconnected world. We’ll discuss the importance of cybersecurity for individuals, businesses, and governments, breaking down common threats like phishing, malware, and nation-state attacks, as well as the motivations behind them. You’ll also learn about the critical steps of cyber defense, including creating strong passwords, recognizing social engineering tactics, and keeping systems updated. Finally, we’ll explore the growing career opportunities in cybersecurity, pathways to enter the field, and the importance of continuous learning to stay ahead of emerging threats. Whether you're new to cybersecurity or looking to expand your knowledge, this episode offers practical insights to help you navigate the digital landscape securely.</p>]]>
      </content:encoded>
      <pubDate>Mon, 20 Jan 2025 21:17:29 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b38f6fdd/d74416a3.mp3" length="25536464" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/yetCGQAXeAE2m9_fc959Yenp9BLTpRHir0HsuRWmLGU/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81ZmQ4/ZDYxOTljNmY4NjU1/MjFlNGZjNmJjMDc1/ZDAyNS5wbmc.jpg"/>
      <itunes:duration>639</itunes:duration>
      <itunes:summary>In this bonus episode of the BareMetalCyber podcast, I dive into cybersecurity fundamentals, exploring what it means to protect digital systems, networks, and data in today’s interconnected world. We’ll discuss the importance of cybersecurity for individuals, businesses, and governments, breaking down common threats like phishing, malware, and nation-state attacks, as well as the motivations behind them. You’ll also learn about the critical steps of cyber defense, including creating strong passwords, recognizing social engineering tactics, and keeping systems updated. Finally, we’ll explore the growing career opportunities in cybersecurity, pathways to enter the field, and the importance of continuous learning to stay ahead of emerging threats. Whether you're new to cybersecurity or looking to expand your knowledge, this episode offers practical insights to help you navigate the digital landscape securely.</itunes:summary>
      <itunes:subtitle>In this bonus episode of the BareMetalCyber podcast, I dive into cybersecurity fundamentals, exploring what it means to protect digital systems, networks, and data in today’s interconnected world. We’ll discuss the importance of cybersecurity for individu</itunes:subtitle>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b38f6fdd/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Securing the Future: Cryptography in the Age of Quantum Computing</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>2</itunes:episode>
      <podcast:episode>2</podcast:episode>
      <itunes:title>Securing the Future: Cryptography in the Age of Quantum Computing</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5a9f4f10-579e-4170-b761-f5e08a0595b4</guid>
      <link>https://share.transistor.fm/s/de7f22ae</link>
      <description>
        <![CDATA[<p>In this episode of <em>Baremetalcyber</em>, we explore the groundbreaking advancements in quantum computing and their profound impact on modern cryptography. Discover why traditional encryption methods like RSA and elliptic curve cryptography are at risk, and learn about the development of post-quantum cryptography (PQC) to safeguard our digital future. We dive into the challenges of transitioning to quantum-resistant algorithms, the global efforts to establish new standards, and the critical role of industries, governments, and researchers in preparing for the quantum era.</p><p> </p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this episode of <em>Baremetalcyber</em>, we explore the groundbreaking advancements in quantum computing and their profound impact on modern cryptography. Discover why traditional encryption methods like RSA and elliptic curve cryptography are at risk, and learn about the development of post-quantum cryptography (PQC) to safeguard our digital future. We dive into the challenges of transitioning to quantum-resistant algorithms, the global efforts to establish new standards, and the critical role of industries, governments, and researchers in preparing for the quantum era.</p><p> </p>]]>
      </content:encoded>
      <pubDate>Fri, 17 Jan 2025 01:00:00 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/de7f22ae/31e45dd6.mp3" length="26144162" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/7ffflSixYVAQxeKyLg1UF_BP9O61xWvacDPNctHeKvE/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9jNjEw/OGU1N2U1NTYwYzg1/OWE5ZWZiYzVhZDhl/ZjhlOC5wbmc.jpg"/>
      <itunes:duration>1629</itunes:duration>
      <itunes:summary>In this episode of Baremetalcyber, we explore the groundbreaking advancements in quantum computing and their profound impact on modern cryptography. Discover why traditional encryption methods like RSA and elliptic curve cryptography are at risk, and learn about the development of post-quantum cryptography (PQC) to safeguard our digital future. We dive into the challenges of transitioning to quantum-resistant algorithms, the global efforts to establish new standards, and the critical role of industries, governments, and researchers in preparing for the quantum era.
 </itunes:summary>
      <itunes:subtitle>In this episode of Baremetalcyber, we explore the groundbreaking advancements in quantum computing and their profound impact on modern cryptography. Discover why traditional encryption methods like RSA and elliptic curve cryptography are at risk, and lear</itunes:subtitle>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/de7f22ae/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Artificial Intelligence (AI) in Modern Warfare</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:title>Artificial Intelligence (AI) in Modern Warfare</itunes:title>
      <itunes:episodeType>bonus</itunes:episodeType>
      <guid isPermaLink="false">ee8bdf22-34a5-47e9-8440-9ad2d1d32613</guid>
      <link>https://share.transistor.fm/s/eecf40e5</link>
      <description>
        <![CDATA[<p>In this special crossover episode of <em>Baremetalcyber</em> and <em>Trackpads</em>, we dive into the transformative role of Artificial Intelligence (AI) in modern warfare. Discover how AI technologies, originally developed for civilian applications like social media and healthcare, are now shaping military strategies through autonomous drones, advanced surveillance, and predictive modeling. Explore the historical evolution of AI in defense, current applications on the battlefield, and the ethical challenges posed by autonomous systems. We’ll also examine the global race for AI supremacy and its implications for security and policy. Whether you're a tech enthusiast, military historian, or curious listener, this episode offers a comprehensive look at AI’s impact on the future of warfare.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In this special crossover episode of <em>Baremetalcyber</em> and <em>Trackpads</em>, we dive into the transformative role of Artificial Intelligence (AI) in modern warfare. Discover how AI technologies, originally developed for civilian applications like social media and healthcare, are now shaping military strategies through autonomous drones, advanced surveillance, and predictive modeling. Explore the historical evolution of AI in defense, current applications on the battlefield, and the ethical challenges posed by autonomous systems. We’ll also examine the global race for AI supremacy and its implications for security and policy. Whether you're a tech enthusiast, military historian, or curious listener, this episode offers a comprehensive look at AI’s impact on the future of warfare.</p>]]>
      </content:encoded>
      <pubDate>Wed, 15 Jan 2025 23:50:53 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/eecf40e5/84499137.mp3" length="33452634" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/7QN5H00u-cdn1JxQQU9RvvXdUp6yShnCW0Kvcymf-x4/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9kNzcz/YTExOWEyM2Y5NGY2/N2YwYTc0NjNhNDY3/MTRiYS5wbmc.jpg"/>
      <itunes:duration>837</itunes:duration>
      <itunes:summary>In this special crossover episode of Baremetalcyber and Trackpads, we dive into the transformative role of Artificial Intelligence (AI) in modern warfare. Discover how AI technologies, originally developed for civilian applications like social media and healthcare, are now shaping military strategies through autonomous drones, advanced surveillance, and predictive modeling. Explore the historical evolution of AI in defense, current applications on the battlefield, and the ethical challenges posed by autonomous systems. We’ll also examine the global race for AI supremacy and its implications for security and policy. Whether you're a tech enthusiast, military historian, or curious listener, this episode offers a comprehensive look at AI’s impact on the future of warfare.</itunes:summary>
      <itunes:subtitle>In this special crossover episode of Baremetalcyber and Trackpads, we dive into the transformative role of Artificial Intelligence (AI) in modern warfare. Discover how AI technologies, originally developed for civilian applications like social media and h</itunes:subtitle>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/eecf40e5/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Understanding Zero-Day Vulnerabilities</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>1</itunes:episode>
      <podcast:episode>1</podcast:episode>
      <itunes:title>Understanding Zero-Day Vulnerabilities</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">7783088f-771b-48c5-921b-e6ce3aa32909</guid>
      <link>https://share.transistor.fm/s/f0c29b91</link>
      <description>
        <![CDATA[<p>In the inaugural episode of the <em>Bare Metal Cyber Podcast </em>for 2025, I take you into one of the most pressing challenges in cybersecurity: zero-day vulnerabilities. Discover how these hidden flaws are discovered, developed, and weaponized, and learn about their impact on industries, governments, and individuals. This episode offers real-world examples and forward-looking insights, from high-profile incidents like WannaCry and Stuxnet to detection, mitigation, and defense strategies. Tune in to understand why zero days are at the forefront of the cybersecurity battle and how staying ahead of these evolving threats is essential in 2025 and beyond.</p>]]>
      </description>
      <content:encoded>
        <![CDATA[<p>In the inaugural episode of the <em>Bare Metal Cyber Podcast </em>for 2025, I take you into one of the most pressing challenges in cybersecurity: zero-day vulnerabilities. Discover how these hidden flaws are discovered, developed, and weaponized, and learn about their impact on industries, governments, and individuals. This episode offers real-world examples and forward-looking insights, from high-profile incidents like WannaCry and Stuxnet to detection, mitigation, and defense strategies. Tune in to understand why zero days are at the forefront of the cybersecurity battle and how staying ahead of these evolving threats is essential in 2025 and beyond.</p>]]>
      </content:encoded>
      <pubDate>Fri, 10 Jan 2025 21:52:59 -0600</pubDate>
      <author>Dr. Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/f0c29b91/1024a8cc.mp3" length="18631242" type="audio/mpeg"/>
      <itunes:author>Dr. Jason Edwards</itunes:author>
      <itunes:image href="https://img.transistorcdn.com/MCJkt2l5ABsqRIhvsEEgt_o3IPVmlyHHuOX7tbMaDiA/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8wMTNm/ZDFjZjBkY2UyNTVi/NzNkYWFlMTAzMGI3/MWY5MS5wbmc.jpg"/>
      <itunes:duration>1161</itunes:duration>
      <itunes:summary>
        <![CDATA[<p>In the inaugural episode of the <em>Bare Metal Cyber Podcast </em>for 2025, I take you into one of the most pressing challenges in cybersecurity: zero-day vulnerabilities. Discover how these hidden flaws are discovered, developed, and weaponized, and learn about their impact on industries, governments, and individuals. This episode offers real-world examples and forward-looking insights, from high-profile incidents like WannaCry and Stuxnet to detection, mitigation, and defense strategies. Tune in to understand why zero days are at the forefront of the cybersecurity battle and how staying ahead of these evolving threats is essential in 2025 and beyond.</p>]]>
      </itunes:summary>
      <itunes:keywords>cyber, cybersecurity, information security, information, security, tech, hacking, pentest, black hat</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/f0c29b91/transcript.txt" type="text/plain"/>
    </item>
  </channel>
</rss>
