<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="/stylesheet.xsl" type="text/xsl"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:podcast="https://podcastindex.org/namespace/1.0">
  <channel>
    <atom:link rel="self" type="application/rss+xml" href="https://feeds.transistor.fm/bare-metal-cyber-insights" title="MP3 Audio"/>
    <atom:link rel="hub" href="https://pubsubhubbub.appspot.com/"/>
    <podcast:podping usesPodping="true"/>
    <title>Bare Metal Cyber Insights</title>
    <generator>Transistor (https://transistor.fm)</generator>
    <itunes:new-feed-url>https://feeds.transistor.fm/bare-metal-cyber-insights</itunes:new-feed-url>
    <description>Bare Metal Cyber Insight is the audio companion to the weekly Insight article series published every Tuesday in the Bare Metal Cyber newsletter.

Each episode takes one important cybersecurity topic and examines it beyond the headline. From emerging threats and major breaches to security strategy, artificial intelligence, risk, governance, technology, policy, and the cybersecurity workforce, Insight explains what is happening, why it matters, and what organizations and professionals should understand next.

Hosted by cybersecurity author and educator Dr. Jason Edwards, the podcast makes complex subjects accessible without oversimplifying them. Episodes combine practical analysis, historical context, technical explanation, and lessons for security leaders, defenders, students, and anyone working to better understand the changing cybersecurity landscape.

New episodes are based on the latest Bare Metal Cyber Insight articles.</description>
    <copyright>© 2026 Dr Jason Edwards</copyright>
    <podcast:guid>d21468ab-7ebc-56d0-8ea3-1c353b52b6ff</podcast:guid>
    <podcast:podroll>
      <podcast:remoteItem feedGuid="ac645ca7-7469-50bf-9010-f13c165e3e14" feedUrl="https://feeds.transistor.fm/baremetalcyber-dot-one"/>
      <podcast:remoteItem feedGuid="9af25f2f-f465-5c56-8635-fc5e831ff06a" feedUrl="https://feeds.transistor.fm/bare-metal-cyber-a725a484-8216-4f80-9a32-2bfd5efcc240"/>
      <podcast:remoteItem feedGuid="6ad73685-a446-5ab3-8b2c-c25af99834f6" feedUrl="https://feeds.transistor.fm/certified-the-security-prepcast"/>
      <podcast:remoteItem feedGuid="143fc9c4-74e3-506c-8f6a-319fe2cb366d" feedUrl="https://feeds.transistor.fm/certified-the-cissp-prepcast"/>
      <podcast:remoteItem feedGuid="ccaa3984-2518-59e3-8d72-67845a251acd" feedUrl="https://feeds.transistor.fm/certified-the-comptia-secai-audio-course"/>
      <podcast:remoteItem feedGuid="1e81ed4d-b3a7-5035-b12a-5171bdd497b8" feedUrl="https://feeds.transistor.fm/certified-the-crisc-prepcast"/>
      <podcast:remoteItem feedGuid="a4bd6f73-58ad-5c6b-8f9f-d58c53205adb" feedUrl="https://feeds.transistor.fm/certified-the-isaca-aaism-audio-course"/>
      <podcast:remoteItem feedGuid="12ba6b47-50a9-5caa-aebe-16bae40dbbc5" feedUrl="https://feeds.transistor.fm/cism"/>
      <podcast:remoteItem feedGuid="b0bba863-f5ac-53e3-ad5d-30089ff50edc" feedUrl="https://feeds.transistor.fm/certified-the-isaca-aair-audio-course"/>
    </podcast:podroll>
    <podcast:locked>yes</podcast:locked>
    <language>en</language>
    <pubDate>Fri, 17 Jul 2026 16:50:17 -0500</pubDate>
    <lastBuildDate>Fri, 17 Jul 2026 16:51:07 -0500</lastBuildDate>
    <image>
      <url>https://img.transistorcdn.com/D3QhKRUGQWqAsGqKX2aXDGCDK7rE-eLXGZIcCQ5x-YY/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81OWU2/Mzk4YTk3MzVhOGJk/OGNiOWEyYTgzN2M4/OTA0OC5qcGc.jpg</url>
      <title>Bare Metal Cyber Insights</title>
    </image>
    <itunes:category text="Technology"/>
    <itunes:category text="News">
      <itunes:category text="Tech News"/>
    </itunes:category>
    <itunes:type>episodic</itunes:type>
    <itunes:author>Dr Jason Edwards</itunes:author>
    <itunes:image href="https://img.transistorcdn.com/D3QhKRUGQWqAsGqKX2aXDGCDK7rE-eLXGZIcCQ5x-YY/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81OWU2/Mzk4YTk3MzVhOGJk/OGNiOWEyYTgzN2M4/OTA0OC5qcGc.jpg"/>
    <itunes:summary>Bare Metal Cyber Insight is the audio companion to the weekly Insight article series published every Tuesday in the Bare Metal Cyber newsletter.

Each episode takes one important cybersecurity topic and examines it beyond the headline. From emerging threats and major breaches to security strategy, artificial intelligence, risk, governance, technology, policy, and the cybersecurity workforce, Insight explains what is happening, why it matters, and what organizations and professionals should understand next.

Hosted by cybersecurity author and educator Dr. Jason Edwards, the podcast makes complex subjects accessible without oversimplifying them. Episodes combine practical analysis, historical context, technical explanation, and lessons for security leaders, defenders, students, and anyone working to better understand the changing cybersecurity landscape.

New episodes are based on the latest Bare Metal Cyber Insight articles.</itunes:summary>
    <itunes:subtitle>Bare Metal Cyber Insight is the audio companion to the weekly Insight article series published every Tuesday in the Bare Metal Cyber newsletter.</itunes:subtitle>
    <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
    <itunes:owner>
      <itunes:name>Dr Jason Edwards</itunes:name>
      <itunes:email>baremetalcyber@outlook.com</itunes:email>
    </itunes:owner>
    <itunes:complete>No</itunes:complete>
    <itunes:explicit>No</itunes:explicit>
    <item>
      <title>Finding Misconfigurations Before Attackers Do</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>52</itunes:episode>
      <podcast:episode>52</podcast:episode>
      <itunes:title>Finding Misconfigurations Before Attackers Do</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b1bad2ec-5ce1-4868-84a0-9604134f09a2</guid>
      <link>https://share.transistor.fm/s/269c51b3</link>
      <description>
        <![CDATA[Misconfigurations are one of the quietest but most common ways attackers get a foothold, especially in cloud, identity, and hybrid environments. In this narrated Insight, we walk through security misconfiguration detection in clear, practical language: what it is, where it sits in your stack, and why it matters so much for real-world defense. You will hear how configuration data, baselines, and workflows come together to turn vague concern into specific, fixable issues instead of endless dashboard noise. The narration is based on my Tuesday “Insights” feature in Bare Metal Cyber Magazine, developed by Bare Metal Cyber.]]>
      </description>
      <content:encoded>
        <![CDATA[Misconfigurations are one of the quietest but most common ways attackers get a foothold, especially in cloud, identity, and hybrid environments. In this narrated Insight, we walk through security misconfiguration detection in clear, practical language: what it is, where it sits in your stack, and why it matters so much for real-world defense. You will hear how configuration data, baselines, and workflows come together to turn vague concern into specific, fixable issues instead of endless dashboard noise. The narration is based on my Tuesday “Insights” feature in Bare Metal Cyber Magazine, developed by Bare Metal Cyber.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:50:15 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/269c51b3/7784cfef.mp3" length="27111421" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>677</itunes:duration>
      <itunes:summary>
        <![CDATA[Misconfigurations are one of the quietest but most common ways attackers get a foothold, especially in cloud, identity, and hybrid environments. In this narrated Insight, we walk through security misconfiguration detection in clear, practical language: what it is, where it sits in your stack, and why it matters so much for real-world defense. You will hear how configuration data, baselines, and workflows come together to turn vague concern into specific, fixable issues instead of endless dashboard noise. The narration is based on my Tuesday “Insights” feature in Bare Metal Cyber Magazine, developed by Bare Metal Cyber.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/269c51b3/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Secure Coding Foundations and the Bugs Attackers Love</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>51</itunes:episode>
      <podcast:episode>51</podcast:episode>
      <itunes:title>Secure Coding Foundations and the Bugs Attackers Love</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b603b8e0-a433-48a1-b7df-ad17f44053e8</guid>
      <link>https://share.transistor.fm/s/48fab986</link>
      <description>
        <![CDATA[Most security incidents do not start with sophisticated zero-day exploits; they begin with very normal bugs in very normal code. In this episode, we walk through Secure Coding Foundations as a practical way to stop the everyday mistakes attackers quietly rely on. You will hear how small choices around input handling, database access, error messages, and logging add up to big differences in risk. The language stays vendor-neutral and beginner-friendly, so whether you write code, review it, or support the systems it runs on, you can follow along and connect these foundations to your own environment.]]>
      </description>
      <content:encoded>
        <![CDATA[Most security incidents do not start with sophisticated zero-day exploits; they begin with very normal bugs in very normal code. In this episode, we walk through Secure Coding Foundations as a practical way to stop the everyday mistakes attackers quietly rely on. You will hear how small choices around input handling, database access, error messages, and logging add up to big differences in risk. The language stays vendor-neutral and beginner-friendly, so whether you write code, review it, or support the systems it runs on, you can follow along and connect these foundations to your own environment.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:50:11 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/48fab986/59e7e656.mp3" length="34018204" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>849</itunes:duration>
      <itunes:summary>
        <![CDATA[Most security incidents do not start with sophisticated zero-day exploits; they begin with very normal bugs in very normal code. In this episode, we walk through Secure Coding Foundations as a practical way to stop the everyday mistakes attackers quietly rely on. You will hear how small choices around input handling, database access, error messages, and logging add up to big differences in risk. The language stays vendor-neutral and beginner-friendly, so whether you write code, review it, or support the systems it runs on, you can follow along and connect these foundations to your own environment.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/48fab986/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of Cloud IAM Accounts and Roles</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>50</itunes:episode>
      <podcast:episode>50</podcast:episode>
      <itunes:title>Making Sense of Cloud IAM Accounts and Roles</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">59d2bc76-fe21-4fcc-96b4-52fa5faa1892</guid>
      <link>https://share.transistor.fm/s/d2134633</link>
      <description>
        <![CDATA[Cloud permissions should not feel like a guessing game. In this narrated Insight, we walk through the essentials of Cloud Identity and Access Management (Cloud IAM) in a way that makes sense for working security and IT professionals. You will hear how accounts, roles, and policies fit together, where Cloud IAM actually lives in your cloud stack, and what it means to apply least privilege when multiple teams, projects, and environments are all moving at once. The goal is to give you a mental model you can reuse, not just another checklist.]]>
      </description>
      <content:encoded>
        <![CDATA[Cloud permissions should not feel like a guessing game. In this narrated Insight, we walk through the essentials of Cloud Identity and Access Management (Cloud IAM) in a way that makes sense for working security and IT professionals. You will hear how accounts, roles, and policies fit together, where Cloud IAM actually lives in your cloud stack, and what it means to apply least privilege when multiple teams, projects, and environments are all moving at once. The goal is to give you a mental model you can reuse, not just another checklist.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:50:05 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d2134633/8fe24a7e.mp3" length="32980612" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>823</itunes:duration>
      <itunes:summary>
        <![CDATA[Cloud permissions should not feel like a guessing game. In this narrated Insight, we walk through the essentials of Cloud Identity and Access Management (Cloud IAM) in a way that makes sense for working security and IT professionals. You will hear how accounts, roles, and policies fit together, where Cloud IAM actually lives in your cloud stack, and what it means to apply least privilege when multiple teams, projects, and environments are all moving at once. The goal is to give you a mental model you can reuse, not just another checklist.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d2134633/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Getting Accounts, Roles, and Least Privilege Right in the Cloud</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>49</itunes:episode>
      <podcast:episode>49</podcast:episode>
      <itunes:title>Getting Accounts, Roles, and Least Privilege Right in the Cloud</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">62ac3446-35d8-4f9f-adfc-c2f3dd473e12</guid>
      <link>https://share.transistor.fm/s/d44fa91f</link>
      <description>
        <![CDATA[Cloud Identity and Access Management (IAM) can feel like a maze of accounts, roles, and policies, especially once your cloud footprint starts to grow. In this audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through Cloud IAM from the ground up, focusing on how it really works in the major platforms rather than vendor marketing language. You will hear how IAM fits alongside things like single sign-on and multi-factor authentication, and why it sits at the heart of “who can do what” in your environment.]]>
      </description>
      <content:encoded>
        <![CDATA[Cloud Identity and Access Management (IAM) can feel like a maze of accounts, roles, and policies, especially once your cloud footprint starts to grow. In this audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through Cloud IAM from the ground up, focusing on how it really works in the major platforms rather than vendor marketing language. You will hear how IAM fits alongside things like single sign-on and multi-factor authentication, and why it sits at the heart of “who can do what” in your environment.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:50:00 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d44fa91f/fa9c6f30.mp3" length="28935831" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>722</itunes:duration>
      <itunes:summary>
        <![CDATA[Cloud Identity and Access Management (IAM) can feel like a maze of accounts, roles, and policies, especially once your cloud footprint starts to grow. In this audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through Cloud IAM from the ground up, focusing on how it really works in the major platforms rather than vendor marketing language. You will hear how IAM fits alongside things like single sign-on and multi-factor authentication, and why it sits at the heart of “who can do what” in your environment.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d44fa91f/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>SaaS Security Essentials for Cloud-First Teams</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>48</itunes:episode>
      <podcast:episode>48</podcast:episode>
      <itunes:title>SaaS Security Essentials for Cloud-First Teams</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">6872d543-b921-4de0-81d8-f536e2d3f58a</guid>
      <link>https://share.transistor.fm/s/cc4f78a6</link>
      <description>
        <![CDATA[Software as a Service (SaaS) has become the default way many teams get work done, but that convenience comes with a messy tangle of accounts, data flows, and vendor relationships. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what SaaS security really is, where it fits in your environment, and why it matters for anyone trying to keep risk under control while the business keeps adopting new tools. You will hear how SaaS security shifts the focus from servers and networks to visibility, access, and vendor posture, and why the line between “their responsibility” and “our responsibility” is still critical to understand.]]>
      </description>
      <content:encoded>
        <![CDATA[Software as a Service (SaaS) has become the default way many teams get work done, but that convenience comes with a messy tangle of accounts, data flows, and vendor relationships. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what SaaS security really is, where it fits in your environment, and why it matters for anyone trying to keep risk under control while the business keeps adopting new tools. You will hear how SaaS security shifts the focus from servers and networks to visibility, access, and vendor posture, and why the line between “their responsibility” and “our responsibility” is still critical to understand.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:55 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/cc4f78a6/b3abf8ba.mp3" length="32002589" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>799</itunes:duration>
      <itunes:summary>
        <![CDATA[Software as a Service (SaaS) has become the default way many teams get work done, but that convenience comes with a messy tangle of accounts, data flows, and vendor relationships. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what SaaS security really is, where it fits in your environment, and why it matters for anyone trying to keep risk under control while the business keeps adopting new tools. You will hear how SaaS security shifts the focus from servers and networks to visibility, access, and vendor posture, and why the line between “their responsibility” and “our responsibility” is still critical to understand.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/cc4f78a6/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>From Endpoints to Ecosystem – API Security for Microservices</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>47</itunes:episode>
      <podcast:episode>47</podcast:episode>
      <itunes:title>From Endpoints to Ecosystem – API Security for Microservices</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">9fdecfeb-47f1-4c25-bb3c-2b4653d3c9bc</guid>
      <link>https://share.transistor.fm/s/e9020f23</link>
      <description>
        <![CDATA[When your organization embraces microservices, every new service usually brings another application programming interface (API) to protect. This narrated Tuesday “Insights” episode from Bare Metal Cyber Magazine walks through API security for microservices architectures in plain language, focusing on how all those small pieces change your attack surface. You will hear where API security really lives in the stack, how it connects to gateways, identity, and service-to-service trust, and why internal APIs often matter just as much as public ones. The goal is to give you a clear mental picture you can carry into your own environment.]]>
      </description>
      <content:encoded>
        <![CDATA[When your organization embraces microservices, every new service usually brings another application programming interface (API) to protect. This narrated Tuesday “Insights” episode from Bare Metal Cyber Magazine walks through API security for microservices architectures in plain language, focusing on how all those small pieces change your attack surface. You will hear where API security really lives in the stack, how it connects to gateways, identity, and service-to-service trust, and why internal APIs often matter just as much as public ones. The goal is to give you a clear mental picture you can carry into your own environment.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:49 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/e9020f23/ee93d786.mp3" length="34579384" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>863</itunes:duration>
      <itunes:summary>
        <![CDATA[When your organization embraces microservices, every new service usually brings another application programming interface (API) to protect. This narrated Tuesday “Insights” episode from Bare Metal Cyber Magazine walks through API security for microservices architectures in plain language, focusing on how all those small pieces change your attack surface. You will hear where API security really lives in the stack, how it connects to gateways, identity, and service-to-service trust, and why internal APIs often matter just as much as public ones. The goal is to give you a clear mental picture you can carry into your own environment.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/e9020f23/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>SPF, DKIM, DMARC and the Battle Against Email Spoofing</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>46</itunes:episode>
      <podcast:episode>46</podcast:episode>
      <itunes:title>SPF, DKIM, DMARC and the Battle Against Email Spoofing</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">fe1ab0e6-d3c8-4766-b2c9-c868d1425e93</guid>
      <link>https://share.transistor.fm/s/fb9a8488</link>
      <description>
        <![CDATA[Email spoofing sits at the center of so many phishing campaigns, and SPF, DKIM, and DMARC email authentication give you a way to push back with clear, technical signals instead of wishful filtering. In this audio Insight, we walk through what SPF, DKIM, and DMARC email authentication actually are, why they matter to anyone responsible for mail flow, and where they sit in your stack. You will hear a vendor-neutral tour of the moving parts, from DNS records and keys to alignment and policy, so the acronyms start to map cleanly to what you see in real email headers and logs.]]>
      </description>
      <content:encoded>
        <![CDATA[Email spoofing sits at the center of so many phishing campaigns, and SPF, DKIM, and DMARC email authentication give you a way to push back with clear, technical signals instead of wishful filtering. In this audio Insight, we walk through what SPF, DKIM, and DMARC email authentication actually are, why they matter to anyone responsible for mail flow, and where they sit in your stack. You will hear a vendor-neutral tour of the moving parts, from DNS records and keys to alignment and policy, so the acronyms start to map cleanly to what you see in real email headers and logs.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:42 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/fb9a8488/0096df64.mp3" length="29271234" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>731</itunes:duration>
      <itunes:summary>
        <![CDATA[Email spoofing sits at the center of so many phishing campaigns, and SPF, DKIM, and DMARC email authentication give you a way to push back with clear, technical signals instead of wishful filtering. In this audio Insight, we walk through what SPF, DKIM, and DMARC email authentication actually are, why they matter to anyone responsible for mail flow, and where they sit in your stack. You will hear a vendor-neutral tour of the moving parts, from DNS records and keys to alignment and policy, so the acronyms start to map cleanly to what you see in real email headers and logs.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/fb9a8488/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Security Metrics That Actually Matter to the Business</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>45</itunes:episode>
      <podcast:episode>45</podcast:episode>
      <itunes:title>Security Metrics That Actually Matter to the Business</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">18b28700-cb55-4660-9d27-6199c91d51c7</guid>
      <link>https://share.transistor.fm/s/ee91d132</link>
      <description>
        <![CDATA[Many security teams are flooded with data but still struggle to explain to leaders what is actually getting safer, what remains exposed, and where new investment will change the story. This narrated audio Insight explores security metrics that matter by focusing on a small, well-chosen set of measures that translate technical work into clear business language. You will hear how to move from raw counts and tool-specific dashboards to metrics that align with how your organization already talks about risk, resilience, and value. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted for a calm, spoken walkthrough.]]>
      </description>
      <content:encoded>
        <![CDATA[Many security teams are flooded with data but still struggle to explain to leaders what is actually getting safer, what remains exposed, and where new investment will change the story. This narrated audio Insight explores security metrics that matter by focusing on a small, well-chosen set of measures that translate technical work into clear business language. You will hear how to move from raw counts and tool-specific dashboards to metrics that align with how your organization already talks about risk, resilience, and value. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted for a calm, spoken walkthrough.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:37 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ee91d132/8534e389.mp3" length="27262939" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>681</itunes:duration>
      <itunes:summary>
        <![CDATA[Many security teams are flooded with data but still struggle to explain to leaders what is actually getting safer, what remains exposed, and where new investment will change the story. This narrated audio Insight explores security metrics that matter by focusing on a small, well-chosen set of measures that translate technical work into clear business language. You will hear how to move from raw counts and tool-specific dashboards to metrics that align with how your organization already talks about risk, resilience, and value. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, adapted for a calm, spoken walkthrough.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ee91d132/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Multi-Factor Authentication Actually Work for People</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>44</itunes:episode>
      <podcast:episode>44</podcast:episode>
      <itunes:title>Making Multi-Factor Authentication Actually Work for People</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">3f32ba64-6941-4978-896a-f4904c77607b</guid>
      <link>https://share.transistor.fm/s/285a84a9</link>
      <description>
        <![CDATA[Multi-Factor Authentication (MFA) is one of the highest-impact defenses most teams already own, but it often lands as pure friction instead of real protection. In this narrated Insight, we walk through what MFA actually is, where it sits in your identity and access stack, and how the different factors and flows work in real life. You will hear a grounded, vendor-neutral explanation aimed at working security and IT professionals who want less noise and more real-world signal from their controls. This audio is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Multi-Factor Authentication (MFA) is one of the highest-impact defenses most teams already own, but it often lands as pure friction instead of real protection. In this narrated Insight, we walk through what MFA actually is, where it sits in your identity and access stack, and how the different factors and flows work in real life. You will hear a grounded, vendor-neutral explanation aimed at working security and IT professionals who want less noise and more real-world signal from their controls. This audio is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:32 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/285a84a9/c33bbbd6.mp3" length="25061345" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>626</itunes:duration>
      <itunes:summary>
        <![CDATA[Multi-Factor Authentication (MFA) is one of the highest-impact defenses most teams already own, but it often lands as pure friction instead of real protection. In this narrated Insight, we walk through what MFA actually is, where it sits in your identity and access stack, and how the different factors and flows work in real life. You will hear a grounded, vendor-neutral explanation aimed at working security and IT professionals who want less noise and more real-world signal from their controls. This audio is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/285a84a9/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Getting Session Management and SSO Under Control</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>43</itunes:episode>
      <podcast:episode>43</podcast:episode>
      <itunes:title>Getting Session Management and SSO Under Control</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">7c6d29d3-917f-4147-a196-4c621349fa21</guid>
      <link>https://share.transistor.fm/s/6dc8bda7</link>
      <description>
        <![CDATA[In this narrated Insight, we unpack how session management and Single Sign-On (SSO) quietly shape every login across your environment. You will hear how sessions tie a user’s identity to their clicks, how SSO turns many separate logins into a single, consistent experience, and where these controls actually live in your identity and access stack. We walk through the basics in calm, plain language so you can connect what you see in portals and admin screens with what is really happening under the hood. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[In this narrated Insight, we unpack how session management and Single Sign-On (SSO) quietly shape every login across your environment. You will hear how sessions tie a user’s identity to their clicks, how SSO turns many separate logins into a single, consistent experience, and where these controls actually live in your identity and access stack. We walk through the basics in calm, plain language so you can connect what you see in portals and admin screens with what is really happening under the hood. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:27 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/6dc8bda7/64ed6d04.mp3" length="36165465" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>903</itunes:duration>
      <itunes:summary>
        <![CDATA[In this narrated Insight, we unpack how session management and Single Sign-On (SSO) quietly shape every login across your environment. You will hear how sessions tie a user’s identity to their clicks, how SSO turns many separate logins into a single, consistent experience, and where these controls actually live in your identity and access stack. We walk through the basics in calm, plain language so you can connect what you see in portals and admin screens with what is really happening under the hood. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/6dc8bda7/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of SBOMs and Software Supply Chains</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>42</itunes:episode>
      <podcast:episode>42</podcast:episode>
      <itunes:title>Making Sense of SBOMs and Software Supply Chains</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">dae25794-7343-4bff-ac99-b0b980235186</guid>
      <link>https://share.transistor.fm/s/76df2d41</link>
      <description>
        <![CDATA[This narrated Insight explores Software Bill of Materials (SBOM) as a practical tool for understanding and managing software supply chain risk. Across two focused segments, the episode explains what an SBOM is in simple terms, where it fits between development, operations, and security, and how it differs from familiar tools like vulnerability scanners or asset inventories. Listeners hear how SBOMs move through build pipelines, connect to vulnerability management and change processes, and provide a concrete map of the components and dependencies inside critical applications. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[This narrated Insight explores Software Bill of Materials (SBOM) as a practical tool for understanding and managing software supply chain risk. Across two focused segments, the episode explains what an SBOM is in simple terms, where it fits between development, operations, and security, and how it differs from familiar tools like vulnerability scanners or asset inventories. Listeners hear how SBOMs move through build pipelines, connect to vulnerability management and change processes, and provide a concrete map of the components and dependencies inside critical applications. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:21 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/76df2d41/4b952d9b.mp3" length="30957693" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>773</itunes:duration>
      <itunes:summary>
        <![CDATA[This narrated Insight explores Software Bill of Materials (SBOM) as a practical tool for understanding and managing software supply chain risk. Across two focused segments, the episode explains what an SBOM is in simple terms, where it fits between development, operations, and security, and how it differs from familiar tools like vulnerability scanners or asset inventories. Listeners hear how SBOMs move through build pipelines, connect to vulnerability management and change processes, and provide a concrete map of the components and dependencies inside critical applications. The narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/76df2d41/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Using Data Safely with Masking and Anonymization</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>41</itunes:episode>
      <podcast:episode>41</podcast:episode>
      <itunes:title>Using Data Safely with Masking and Anonymization</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">6075b4ef-26b0-4e25-9fe3-401aab45aed5</guid>
      <link>https://share.transistor.fm/s/ef4a650d</link>
      <description>
        <![CDATA[This narrated Insight walks through how data masking and anonymization let teams work with rich, realistic data without casually exposing real people. You will hear clear explanations of what these techniques are, where they sit in the data and analytics stack, and how they differ from things like encryption or simple redaction. The focus stays on real-world pressures security and IT teams face: developers needing production-like data, analysts needing broad access, and leaders needing to reduce risk without stopping work.]]>
      </description>
      <content:encoded>
        <![CDATA[This narrated Insight walks through how data masking and anonymization let teams work with rich, realistic data without casually exposing real people. You will hear clear explanations of what these techniques are, where they sit in the data and analytics stack, and how they differ from things like encryption or simple redaction. The focus stays on real-world pressures security and IT teams face: developers needing production-like data, analysts needing broad access, and leaders needing to reduce risk without stopping work.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:16 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ef4a650d/d8d5df04.mp3" length="29483342" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>736</itunes:duration>
      <itunes:summary>
        <![CDATA[This narrated Insight walks through how data masking and anonymization let teams work with rich, realistic data without casually exposing real people. You will hear clear explanations of what these techniques are, where they sit in the data and analytics stack, and how they differ from things like encryption or simple redaction. The focus stays on real-world pressures security and IT teams face: developers needing production-like data, analysts needing broad access, and leaders needing to reduce risk without stopping work.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ef4a650d/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Choosing Between Role-Based and Attribute-Based Access</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>40</itunes:episode>
      <podcast:episode>40</podcast:episode>
      <itunes:title>Choosing Between Role-Based and Attribute-Based Access</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">dadb9316-5dc6-4d87-a69a-58916d752059</guid>
      <link>https://share.transistor.fm/s/dd9968d5</link>
      <description>
        <![CDATA[Access control choices are rarely just academic; they show up every day in how your team grants, reviews, and revokes access. In this narrated Insight, we walk through Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) as two different ways to answer the same question: who can do what, under which conditions. You will hear how each model fits into modern identity and access stacks, where roles bring clarity, where attributes add context, and why the decision matters for cloud, SaaS, and on-prem environments. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Access control choices are rarely just academic; they show up every day in how your team grants, reviews, and revokes access. In this narrated Insight, we walk through Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) as two different ways to answer the same question: who can do what, under which conditions. You will hear how each model fits into modern identity and access stacks, where roles bring clarity, where attributes add context, and why the decision matters for cloud, SaaS, and on-prem environments. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:11 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/dd9968d5/e58abdbe.mp3" length="28439495" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>710</itunes:duration>
      <itunes:summary>
        <![CDATA[Access control choices are rarely just academic; they show up every day in how your team grants, reviews, and revokes access. In this narrated Insight, we walk through Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) as two different ways to answer the same question: who can do what, under which conditions. You will hear how each model fits into modern identity and access stacks, where roles bring clarity, where attributes add context, and why the decision matters for cloud, SaaS, and on-prem environments. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/dd9968d5/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>From Inbox to Incident – Email Attachments, Links, and Everyday Defenses</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>39</itunes:episode>
      <podcast:episode>39</podcast:episode>
      <itunes:title>From Inbox to Incident – Email Attachments, Links, and Everyday Defenses</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d82e4c8d-2d08-47d9-9212-f05ffbe19acf</guid>
      <link>https://share.transistor.fm/s/adf476ea</link>
      <description>
        <![CDATA[Inbox risk is still where a lot of bad days begin. In this Tuesday “Insights” episode of Bare Metal Cyber, we break down how everyday email attachments, links, and “routine” messages become the starting point for ransomware, credential theft, and payment fraud. Instead of just saying “don’t click,” we walk through how weaponized documents, clever URLs, and well-crafted social engineering actually show up in real environments.]]>
      </description>
      <content:encoded>
        <![CDATA[Inbox risk is still where a lot of bad days begin. In this Tuesday “Insights” episode of Bare Metal Cyber, we break down how everyday email attachments, links, and “routine” messages become the starting point for ransomware, credential theft, and payment fraud. Instead of just saying “don’t click,” we walk through how weaponized documents, clever URLs, and well-crafted social engineering actually show up in real environments.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:07 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/adf476ea/d0218339.mp3" length="38670183" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>966</itunes:duration>
      <itunes:summary>
        <![CDATA[Inbox risk is still where a lot of bad days begin. In this Tuesday “Insights” episode of Bare Metal Cyber, we break down how everyday email attachments, links, and “routine” messages become the starting point for ransomware, credential theft, and payment fraud. Instead of just saying “don’t click,” we walk through how weaponized documents, clever URLs, and well-crafted social engineering actually show up in real environments.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/adf476ea/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Identity Lifecycle 101 – Getting Joiners, Movers, and Leavers Right</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>38</itunes:episode>
      <podcast:episode>38</podcast:episode>
      <itunes:title>Identity Lifecycle 101 – Getting Joiners, Movers, and Leavers Right</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4d8755c9-8208-4134-ba9f-2238db8cab14</guid>
      <link>https://share.transistor.fm/s/38df41ec</link>
      <description>
        <![CDATA[Identity lifecycle management (ILM) is one of those foundational practices that quietly makes or breaks your security posture. In this narrated Insight, we walk through what ILM actually is, how it connects HR data, directories, and applications, and why the simple pattern of joiners, movers, and leavers matters so much. You will hear how a clean lifecycle helps new people get productive faster, keeps access aligned with real roles, and reduces the risk of forgotten accounts and permission creep. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, but told in a relaxed, audio friendly style.]]>
      </description>
      <content:encoded>
        <![CDATA[Identity lifecycle management (ILM) is one of those foundational practices that quietly makes or breaks your security posture. In this narrated Insight, we walk through what ILM actually is, how it connects HR data, directories, and applications, and why the simple pattern of joiners, movers, and leavers matters so much. You will hear how a clean lifecycle helps new people get productive faster, keeps access aligned with real roles, and reduces the risk of forgotten accounts and permission creep. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, but told in a relaxed, audio friendly style.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:49:00 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/38df41ec/b8e1f470.mp3" length="29469847" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>736</itunes:duration>
      <itunes:summary>
        <![CDATA[Identity lifecycle management (ILM) is one of those foundational practices that quietly makes or breaks your security posture. In this narrated Insight, we walk through what ILM actually is, how it connects HR data, directories, and applications, and why the simple pattern of joiners, movers, and leavers matters so much. You will hear how a clean lifecycle helps new people get productive faster, keeps access aligned with real roles, and reduces the risk of forgotten accounts and permission creep. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, but told in a relaxed, audio friendly style.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/38df41ec/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Learning to Hunt Threats Before Alerts Explode</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>37</itunes:episode>
      <podcast:episode>37</podcast:episode>
      <itunes:title>Learning to Hunt Threats Before Alerts Explode</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b7747b85-8c20-4989-bbe4-e3c1ac5e9691</guid>
      <link>https://share.transistor.fm/s/7158cd97</link>
      <description>
        <![CDATA[Threat hunting can sound like something reserved for elite analysts, but this episode shows how it becomes a calm, structured habit any thoughtful defender can build. You will hear a plain-language walkthrough of what threat hunting is, where it sits alongside monitoring and incident response, and why it is about asking focused questions rather than staring at endless logs. We explore how beginners can turn simple “what if” scenarios into practical hunts using the tools and data they already have, without adding more noise or stress to their day. This narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Threat hunting can sound like something reserved for elite analysts, but this episode shows how it becomes a calm, structured habit any thoughtful defender can build. You will hear a plain-language walkthrough of what threat hunting is, where it sits alongside monitoring and incident response, and why it is about asking focused questions rather than staring at endless logs. We explore how beginners can turn simple “what if” scenarios into practical hunts using the tools and data they already have, without adding more noise or stress to their day. This narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:56 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/7158cd97/e75081e7.mp3" length="28049740" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>700</itunes:duration>
      <itunes:summary>
        <![CDATA[Threat hunting can sound like something reserved for elite analysts, but this episode shows how it becomes a calm, structured habit any thoughtful defender can build. You will hear a plain-language walkthrough of what threat hunting is, where it sits alongside monitoring and incident response, and why it is about asking focused questions rather than staring at endless logs. We explore how beginners can turn simple “what if” scenarios into practical hunts using the tools and data they already have, without adding more noise or stress to their day. This narration is based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/7158cd97/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Mapping the Quiet Highways Between Your SaaS Tools</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>36</itunes:episode>
      <podcast:episode>36</podcast:episode>
      <itunes:title>Mapping the Quiet Highways Between Your SaaS Tools</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">60962403-f777-4749-acaf-34b4f0d809d0</guid>
      <link>https://share.transistor.fm/s/3e79ab28</link>
      <description>
        <![CDATA[When your organization lives inside dozens of Software as a Service (SaaS) tools, the real action often happens in the connections between them. In this narrated Tuesday “Insights” feature from Bare Metal Cyber Magazine, we unpack the world of SaaS-to-SaaS connections: how “connect” buttons, consent screens, and tokens quietly create long-lived trust between vendors. You will hear a clear, vendor-neutral walkthrough of what these integrations are, where they sit in your environment, and why they can be both productivity boosters and hidden exposure paths at the same time.]]>
      </description>
      <content:encoded>
        <![CDATA[When your organization lives inside dozens of Software as a Service (SaaS) tools, the real action often happens in the connections between them. In this narrated Tuesday “Insights” feature from Bare Metal Cyber Magazine, we unpack the world of SaaS-to-SaaS connections: how “connect” buttons, consent screens, and tokens quietly create long-lived trust between vendors. You will hear a clear, vendor-neutral walkthrough of what these integrations are, where they sit in your environment, and why they can be both productivity boosters and hidden exposure paths at the same time.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:51 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3e79ab28/e7c79635.mp3" length="37052585" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>925</itunes:duration>
      <itunes:summary>
        <![CDATA[When your organization lives inside dozens of Software as a Service (SaaS) tools, the real action often happens in the connections between them. In this narrated Tuesday “Insights” feature from Bare Metal Cyber Magazine, we unpack the world of SaaS-to-SaaS connections: how “connect” buttons, consent screens, and tokens quietly create long-lived trust between vendors. You will hear a clear, vendor-neutral walkthrough of what these integrations are, where they sit in your environment, and why they can be both productivity boosters and hidden exposure paths at the same time.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3e79ab28/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of Identity Threat Detection and Response (ITDR)</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>35</itunes:episode>
      <podcast:episode>35</podcast:episode>
      <itunes:title>Making Sense of Identity Threat Detection and Response (ITDR)</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">8b162fcc-2d72-4ce9-b75c-789aa63bafbb</guid>
      <link>https://share.transistor.fm/s/98da54fc</link>
      <description>
        <![CDATA[Identity Threat Detection and Response (ITDR) is all about seeing security through the lens of accounts, not just machines and networks. In this audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what ITDR actually is, where it sits alongside tools like endpoint detection and SIEM, and why identity-focused detection matters so much in cloud-heavy environments. You will hear how ITDR pulls together identity logs, behavior patterns, and response playbooks to spot misused accounts before they become full-blown incidents.]]>
      </description>
      <content:encoded>
        <![CDATA[Identity Threat Detection and Response (ITDR) is all about seeing security through the lens of accounts, not just machines and networks. In this audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what ITDR actually is, where it sits alongside tools like endpoint detection and SIEM, and why identity-focused detection matters so much in cloud-heavy environments. You will hear how ITDR pulls together identity logs, behavior patterns, and response playbooks to spot misused accounts before they become full-blown incidents.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:46 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/98da54fc/092ca476.mp3" length="35266866" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>881</itunes:duration>
      <itunes:summary>
        <![CDATA[Identity Threat Detection and Response (ITDR) is all about seeing security through the lens of accounts, not just machines and networks. In this audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what ITDR actually is, where it sits alongside tools like endpoint detection and SIEM, and why identity-focused detection matters so much in cloud-heavy environments. You will hear how ITDR pulls together identity logs, behavior patterns, and response playbooks to spot misused accounts before they become full-blown incidents.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/98da54fc/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Password Managers in the Real World of Enterprise Chaos</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>34</itunes:episode>
      <podcast:episode>34</podcast:episode>
      <itunes:title>Password Managers in the Real World of Enterprise Chaos</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">dd185a03-d5b1-4184-b946-1366d73756da</guid>
      <link>https://share.transistor.fm/s/00e545f2</link>
      <description>
        <![CDATA[Enterprise password habits are rarely as clean as our policies suggest, and that gap is where risk quietly grows. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we explore how enterprise password managers can bridge the space between strict rules and everyday human behavior. You will hear a clear, vendor-neutral walkthrough of what these tools actually are, how they sit alongside single sign-on, privileged access management, and other identity controls, and what it takes for them to become part of real work rather than just another icon on the desktop.]]>
      </description>
      <content:encoded>
        <![CDATA[Enterprise password habits are rarely as clean as our policies suggest, and that gap is where risk quietly grows. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we explore how enterprise password managers can bridge the space between strict rules and everyday human behavior. You will hear a clear, vendor-neutral walkthrough of what these tools actually are, how they sit alongside single sign-on, privileged access management, and other identity controls, and what it takes for them to become part of real work rather than just another icon on the desktop.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:42 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/00e545f2/0b629890.mp3" length="30948296" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>773</itunes:duration>
      <itunes:summary>
        <![CDATA[Enterprise password habits are rarely as clean as our policies suggest, and that gap is where risk quietly grows. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we explore how enterprise password managers can bridge the space between strict rules and everyday human behavior. You will hear a clear, vendor-neutral walkthrough of what these tools actually are, how they sit alongside single sign-on, privileged access management, and other identity controls, and what it takes for them to become part of real work rather than just another icon on the desktop.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/00e545f2/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Remote Work Security That Actually Works at Home</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>33</itunes:episode>
      <podcast:episode>33</podcast:episode>
      <itunes:title>Remote Work Security That Actually Works at Home</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">4b6bcc57-cb70-449d-a8fb-20eca79c306b</guid>
      <link>https://share.transistor.fm/s/1dd4dda9</link>
      <description>
        <![CDATA[Remote work is no longer a special case, and many security issues now begin on a home network or a personal device. In this audio edition, we walk through Remote Work Security for Home Networks and Bring Your Own Device (BYOD) in practical, plain language. You will hear how identity, endpoints, and access paths come together when people work from home, and why relying only on a virtual private network is not enough. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, and it is designed to help working security and IT professionals see the real shape of their remote work risk.]]>
      </description>
      <content:encoded>
        <![CDATA[Remote work is no longer a special case, and many security issues now begin on a home network or a personal device. In this audio edition, we walk through Remote Work Security for Home Networks and Bring Your Own Device (BYOD) in practical, plain language. You will hear how identity, endpoints, and access paths come together when people work from home, and why relying only on a virtual private network is not enough. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, and it is designed to help working security and IT professionals see the real shape of their remote work risk.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:37 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1dd4dda9/cbf672ab.mp3" length="25865906" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>646</itunes:duration>
      <itunes:summary>
        <![CDATA[Remote work is no longer a special case, and many security issues now begin on a home network or a personal device. In this audio edition, we walk through Remote Work Security for Home Networks and Bring Your Own Device (BYOD) in practical, plain language. You will hear how identity, endpoints, and access paths come together when people work from home, and why relying only on a virtual private network is not enough. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine, and it is designed to help working security and IT professionals see the real shape of their remote work risk.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1dd4dda9/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Microsegmentation in Practice Beyond One Big Flat Network</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>32</itunes:episode>
      <podcast:episode>32</podcast:episode>
      <itunes:title>Microsegmentation in Practice Beyond One Big Flat Network</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">57da9f9c-4899-4305-a3c0-fe4874bed9b4</guid>
      <link>https://share.transistor.fm/s/c5e1b839</link>
      <description>
        <![CDATA[Network microsegmentation can sound like a buzzword until you see how it actually changes the way attackers move inside your environment. In this audio version of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through network microsegmentation in clear, practical terms. You will hear what it is, where it fits in modern networks and cloud environments, and how it differs from simply carving your network into more VLANs. We start from the day-to-day reality of “one big flat network” and build toward a more deliberate model of small, purpose-based neighborhoods.]]>
      </description>
      <content:encoded>
        <![CDATA[Network microsegmentation can sound like a buzzword until you see how it actually changes the way attackers move inside your environment. In this audio version of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through network microsegmentation in clear, practical terms. You will hear what it is, where it fits in modern networks and cloud environments, and how it differs from simply carving your network into more VLANs. We start from the day-to-day reality of “one big flat network” and build toward a more deliberate model of small, purpose-based neighborhoods.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:32 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/c5e1b839/7d89f6ac.mp3" length="31054878" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>775</itunes:duration>
      <itunes:summary>
        <![CDATA[Network microsegmentation can sound like a buzzword until you see how it actually changes the way attackers move inside your environment. In this audio version of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through network microsegmentation in clear, practical terms. You will hear what it is, where it fits in modern networks and cloud environments, and how it differs from simply carving your network into more VLANs. We start from the day-to-day reality of “one big flat network” and build toward a more deliberate model of small, purpose-based neighborhoods.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/c5e1b839/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Credential Stuffing and Password Spraying in Plain English</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>31</itunes:episode>
      <podcast:episode>31</podcast:episode>
      <itunes:title>Credential Stuffing and Password Spraying in Plain English</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">77e204d3-128a-4424-8174-55712e505a24</guid>
      <link>https://share.transistor.fm/s/ecaaf1f0</link>
      <description>
        <![CDATA[Credential stuffing and password spraying rarely look dramatic at first, but they sit at the center of many account takeover and fraud stories. In this audio edition, you will hear a clear breakdown of what these attacks actually are, where they fit in modern identity and access flows, and why they keep working despite strong-looking password policies on paper. The episode walks through how attackers assemble credential lists, probe your login surfaces, and hide inside “normal” failed logins, connecting the dots between security operations metrics, help desk noise, and real incidents.]]>
      </description>
      <content:encoded>
        <![CDATA[Credential stuffing and password spraying rarely look dramatic at first, but they sit at the center of many account takeover and fraud stories. In this audio edition, you will hear a clear breakdown of what these attacks actually are, where they fit in modern identity and access flows, and why they keep working despite strong-looking password policies on paper. The episode walks through how attackers assemble credential lists, probe your login surfaces, and hide inside “normal” failed logins, connecting the dots between security operations metrics, help desk noise, and real incidents.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:28 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/ecaaf1f0/e0f1845c.mp3" length="24039434" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>600</itunes:duration>
      <itunes:summary>
        <![CDATA[Credential stuffing and password spraying rarely look dramatic at first, but they sit at the center of many account takeover and fraud stories. In this audio edition, you will hear a clear breakdown of what these attacks actually are, where they fit in modern identity and access flows, and why they keep working despite strong-looking password policies on paper. The episode walks through how attackers assemble credential lists, probe your login surfaces, and hide inside “normal” failed logins, connecting the dots between security operations metrics, help desk noise, and real incidents.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/ecaaf1f0/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Security Risk Registers Actually Useful</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>30</itunes:episode>
      <podcast:episode>30</podcast:episode>
      <itunes:title>Making Security Risk Registers Actually Useful</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">467a4209-9b20-4bc1-93ba-39e5d1e98a7f</guid>
      <link>https://share.transistor.fm/s/b8330ff9</link>
      <description>
        <![CDATA[Security risk registers often feel like an audit checkbox, but they can be one of the most practical tools in your security program when they are done well. In this narrated Insight, we walk through what a security risk register is in plain language, where it sits between noisy operational findings and executive decisions, and how it differs from issue logs, vulnerability backlogs, and compliance checklists. You will hear how a register helps turn scattered data into a small set of clear risk stories with owners, ratings, and treatment plans that leaders can actually act on.]]>
      </description>
      <content:encoded>
        <![CDATA[Security risk registers often feel like an audit checkbox, but they can be one of the most practical tools in your security program when they are done well. In this narrated Insight, we walk through what a security risk register is in plain language, where it sits between noisy operational findings and executive decisions, and how it differs from issue logs, vulnerability backlogs, and compliance checklists. You will hear how a register helps turn scattered data into a small set of clear risk stories with owners, ratings, and treatment plans that leaders can actually act on.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:23 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/b8330ff9/b99e3925.mp3" length="30823944" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>770</itunes:duration>
      <itunes:summary>
        <![CDATA[Security risk registers often feel like an audit checkbox, but they can be one of the most practical tools in your security program when they are done well. In this narrated Insight, we walk through what a security risk register is in plain language, where it sits between noisy operational findings and executive decisions, and how it differs from issue logs, vulnerability backlogs, and compliance checklists. You will hear how a register helps turn scattered data into a small set of clear risk stories with owners, ratings, and treatment plans that leaders can actually act on.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/b8330ff9/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>When “Working as Designed” Breaks Your Security</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>29</itunes:episode>
      <podcast:episode>29</podcast:episode>
      <itunes:title>When “Working as Designed” Breaks Your Security</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">38ba934f-3eea-4eb9-a3bc-cc01ff8b6344</guid>
      <link>https://share.transistor.fm/s/0df5754e</link>
      <description>
        <![CDATA[Business logic flaws can be some of the most damaging weaknesses in an application, yet they rarely show up in scan results or standard test reports. In this episode, we walk through what business logic flaws are, where they sit in your stack, and why “working as designed” is not always the same as “secure.” You will hear how everyday workflows like carts, refunds, subscriptions, and approvals can be nudged out of their intended paths in ways that generate financial loss, policy violations, or quiet abuse that is hard to see on dashboards.]]>
      </description>
      <content:encoded>
        <![CDATA[Business logic flaws can be some of the most damaging weaknesses in an application, yet they rarely show up in scan results or standard test reports. In this episode, we walk through what business logic flaws are, where they sit in your stack, and why “working as designed” is not always the same as “secure.” You will hear how everyday workflows like carts, refunds, subscriptions, and approvals can be nudged out of their intended paths in ways that generate financial loss, policy violations, or quiet abuse that is hard to see on dashboards.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:18 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/0df5754e/d4e1f886.mp3" length="26972501" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>673</itunes:duration>
      <itunes:summary>
        <![CDATA[Business logic flaws can be some of the most damaging weaknesses in an application, yet they rarely show up in scan results or standard test reports. In this episode, we walk through what business logic flaws are, where they sit in your stack, and why “working as designed” is not always the same as “secure.” You will hear how everyday workflows like carts, refunds, subscriptions, and approvals can be nudged out of their intended paths in ways that generate financial loss, policy violations, or quiet abuse that is hard to see on dashboards.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/0df5754e/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Email Security Essentials for Attachments, Links, and Suspicious Messages</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>28</itunes:episode>
      <podcast:episode>28</podcast:episode>
      <itunes:title>Email Security Essentials for Attachments, Links, and Suspicious Messages</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">828cc3a8-1809-4823-8b23-7414658c1f68</guid>
      <link>https://share.transistor.fm/s/5dea8aba</link>
      <description>
        <![CDATA[This narrated edition of the Tuesday “Insights” feature from Bare Metal Cyber Magazine explores Email Security Essentials in plain language, with a special focus on attachments, links, and malicious messages. You will hear how email fits alongside identity, endpoint, and network defenses, and why attackers still rely on inboxes to get a foothold. The episode walks through the main building blocks of modern email protection, from gateways and built-in cloud filters to client warnings and endpoint checks, always tying them back to real-world workflows rather than product buzzwords.]]>
      </description>
      <content:encoded>
        <![CDATA[This narrated edition of the Tuesday “Insights” feature from Bare Metal Cyber Magazine explores Email Security Essentials in plain language, with a special focus on attachments, links, and malicious messages. You will hear how email fits alongside identity, endpoint, and network defenses, and why attackers still rely on inboxes to get a foothold. The episode walks through the main building blocks of modern email protection, from gateways and built-in cloud filters to client warnings and endpoint checks, always tying them back to real-world workflows rather than product buzzwords.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:12 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/5dea8aba/ef4c98c8.mp3" length="31131171" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>777</itunes:duration>
      <itunes:summary>
        <![CDATA[This narrated edition of the Tuesday “Insights” feature from Bare Metal Cyber Magazine explores Email Security Essentials in plain language, with a special focus on attachments, links, and malicious messages. You will hear how email fits alongside identity, endpoint, and network defenses, and why attackers still rely on inboxes to get a foothold. The episode walks through the main building blocks of modern email protection, from gateways and built-in cloud filters to client warnings and endpoint checks, always tying them back to real-world workflows rather than product buzzwords.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/5dea8aba/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of the Cloud Shared Responsibility Model</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>27</itunes:episode>
      <podcast:episode>27</podcast:episode>
      <itunes:title>Making Sense of the Cloud Shared Responsibility Model</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">77c3a690-c0a2-4fe4-8867-7a85416cb297</guid>
      <link>https://share.transistor.fm/s/d0274ad7</link>
      <description>
        <![CDATA[When a cloud service goes down or behaves strangely, the first minutes are often spent arguing about ownership instead of solving the problem. This narrated Insight walks through the Cloud Shared Responsibility Model in clear, practical terms so that security and IT teams can decide, in advance, who owns what when something breaks. You will hear how responsibility shifts across Infrastructure as a Service, Platform as a Service, and Software as a Service, and what that means for controls around identity, data, configuration, and monitoring in your real environment. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[When a cloud service goes down or behaves strangely, the first minutes are often spent arguing about ownership instead of solving the problem. This narrated Insight walks through the Cloud Shared Responsibility Model in clear, practical terms so that security and IT teams can decide, in advance, who owns what when something breaks. You will hear how responsibility shifts across Infrastructure as a Service, Platform as a Service, and Software as a Service, and what that means for controls around identity, data, configuration, and monitoring in your real environment. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:07 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/d0274ad7/b83fd1db.mp3" length="35453894" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>885</itunes:duration>
      <itunes:summary>
        <![CDATA[When a cloud service goes down or behaves strangely, the first minutes are often spent arguing about ownership instead of solving the problem. This narrated Insight walks through the Cloud Shared Responsibility Model in clear, practical terms so that security and IT teams can decide, in advance, who owns what when something breaks. You will hear how responsibility shifts across Infrastructure as a Service, Platform as a Service, and Software as a Service, and what that means for controls around identity, data, configuration, and monitoring in your real environment. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/d0274ad7/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>How User and Entity Behavior Analytics Spots Trouble Early</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>26</itunes:episode>
      <podcast:episode>26</podcast:episode>
      <itunes:title>How User and Entity Behavior Analytics Spots Trouble Early</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">f716217f-4a54-43bb-a453-d1abd5b1044a</guid>
      <link>https://share.transistor.fm/s/75824eb2</link>
      <description>
        <![CDATA[This narrated Insight walks through User and Entity Behavior Analytics (UEBA) as a practical tool for spotting the weird stuff early. You will hear how UEBA builds a picture of “normal” behavior for users, service accounts, and systems, then uses that context to highlight the logins, data access, and admin activity that really deserve your attention. We explore where it sits alongside your SIEM, XDR, and identity tools, and why it works best as a behavioral lens on top of the data you already collect. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[This narrated Insight walks through User and Entity Behavior Analytics (UEBA) as a practical tool for spotting the weird stuff early. You will hear how UEBA builds a picture of “normal” behavior for users, service accounts, and systems, then uses that context to highlight the logins, data access, and admin activity that really deserve your attention. We explore where it sits alongside your SIEM, XDR, and identity tools, and why it works best as a behavioral lens on top of the data you already collect. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:48:03 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/75824eb2/e75cad8f.mp3" length="31927369" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>797</itunes:duration>
      <itunes:summary>
        <![CDATA[This narrated Insight walks through User and Entity Behavior Analytics (UEBA) as a practical tool for spotting the weird stuff early. You will hear how UEBA builds a picture of “normal” behavior for users, service accounts, and systems, then uses that context to highlight the logins, data access, and admin activity that really deserve your attention. We explore where it sits alongside your SIEM, XDR, and identity tools, and why it works best as a behavioral lens on top of the data you already collect. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/75824eb2/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Understanding the Ransomware Attack Lifecycle</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>25</itunes:episode>
      <podcast:episode>25</podcast:episode>
      <itunes:title>Understanding the Ransomware Attack Lifecycle</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e0575e85-cb16-4eab-a320-c326d9f66827</guid>
      <link>https://share.transistor.fm/s/3997dfd2</link>
      <description>
        <![CDATA[Ransomware attacks do not begin with the ransom note – they unfold through a quiet sequence of steps that often look like routine activity. In this Tuesday “Insights” episode, developed by Bare Metal Cyber, we walk through the modern ransomware attack lifecycle from initial access and foothold to lateral movement, privilege abuse, data theft, backup tampering, and finally encryption. You will hear how real attacks typically progress over days or weeks, which signals show up in identity, endpoints, networks, and backups, and why so many organizations only notice the threat at the worst possible moment. We then translate that lifecycle into practical interruption points, so security and IT teams can see where to focus, how to use the tools they already have, and how to make recovery less dependent on paying an attacker.]]>
      </description>
      <content:encoded>
        <![CDATA[Ransomware attacks do not begin with the ransom note – they unfold through a quiet sequence of steps that often look like routine activity. In this Tuesday “Insights” episode, developed by Bare Metal Cyber, we walk through the modern ransomware attack lifecycle from initial access and foothold to lateral movement, privilege abuse, data theft, backup tampering, and finally encryption. You will hear how real attacks typically progress over days or weeks, which signals show up in identity, endpoints, networks, and backups, and why so many organizations only notice the threat at the worst possible moment. We then translate that lifecycle into practical interruption points, so security and IT teams can see where to focus, how to use the tools they already have, and how to make recovery less dependent on paying an attacker.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:58 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3997dfd2/0d25392e.mp3" length="28696531" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>716</itunes:duration>
      <itunes:summary>
        <![CDATA[Ransomware attacks do not begin with the ransom note – they unfold through a quiet sequence of steps that often look like routine activity. In this Tuesday “Insights” episode, developed by Bare Metal Cyber, we walk through the modern ransomware attack lifecycle from initial access and foothold to lateral movement, privilege abuse, data theft, backup tampering, and finally encryption. You will hear how real attacks typically progress over days or weeks, which signals show up in identity, endpoints, networks, and backups, and why so many organizations only notice the threat at the worst possible moment. We then translate that lifecycle into practical interruption points, so security and IT teams can see where to focus, how to use the tools they already have, and how to make recovery less dependent on paying an attacker.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3997dfd2/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Securing Operational Technology and Industrial Control Systems</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>24</itunes:episode>
      <podcast:episode>24</podcast:episode>
      <itunes:title>Securing Operational Technology and Industrial Control Systems</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">1b6d4271-e5f2-4914-9177-008b16e60228</guid>
      <link>https://share.transistor.fm/s/4322f0b0</link>
      <description>
        <![CDATA[This audio edition takes you into the world of Operational Technology (OT) and Industrial Control Systems (ICS) security, where digital access and configuration changes can directly affect pumps, valves, and production lines. In clear, practical language, we walk through what OT and ICS actually are, how they differ from traditional IT, and where they sit in real environments like plants, utilities, and large facilities. The narration is based on a Tuesday “Insights” feature from Bare Metal Cyber Magazine, designed to help you connect the dots between familiar cyber concepts and the physical processes that keep organizations running.]]>
      </description>
      <content:encoded>
        <![CDATA[This audio edition takes you into the world of Operational Technology (OT) and Industrial Control Systems (ICS) security, where digital access and configuration changes can directly affect pumps, valves, and production lines. In clear, practical language, we walk through what OT and ICS actually are, how they differ from traditional IT, and where they sit in real environments like plants, utilities, and large facilities. The narration is based on a Tuesday “Insights” feature from Bare Metal Cyber Magazine, designed to help you connect the dots between familiar cyber concepts and the physical processes that keep organizations running.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:54 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/4322f0b0/a3c35f17.mp3" length="36073528" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>901</itunes:duration>
      <itunes:summary>
        <![CDATA[This audio edition takes you into the world of Operational Technology (OT) and Industrial Control Systems (ICS) security, where digital access and configuration changes can directly affect pumps, valves, and production lines. In clear, practical language, we walk through what OT and ICS actually are, how they differ from traditional IT, and where they sit in real environments like plants, utilities, and large facilities. The narration is based on a Tuesday “Insights” feature from Bare Metal Cyber Magazine, designed to help you connect the dots between familiar cyber concepts and the physical processes that keep organizations running.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/4322f0b0/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Browser Security Basics for Real-World Teams</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>23</itunes:episode>
      <podcast:episode>23</podcast:episode>
      <itunes:title>Browser Security Basics for Real-World Teams</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">502171b7-8200-45b9-800d-6e80a6532696</guid>
      <link>https://share.transistor.fm/s/a4cc81ee</link>
      <description>
        <![CDATA[Browser security can feel like a small detail compared to network diagrams and cloud architectures, but for most people in your organization, the browser is where the real work happens. In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through the essentials of browser security with a practical focus on extensions, cookies, and everyday web risks. You will hear how browser protections fit alongside endpoint, identity, and application security, and why a few small choices in the browser can change the outcome of a bad click.]]>
      </description>
      <content:encoded>
        <![CDATA[Browser security can feel like a small detail compared to network diagrams and cloud architectures, but for most people in your organization, the browser is where the real work happens. In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through the essentials of browser security with a practical focus on extensions, cookies, and everyday web risks. You will hear how browser protections fit alongside endpoint, identity, and application security, and why a few small choices in the browser can change the outcome of a bad click.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:48 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/a4cc81ee/f565a19d.mp3" length="30345379" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>758</itunes:duration>
      <itunes:summary>
        <![CDATA[Browser security can feel like a small detail compared to network diagrams and cloud architectures, but for most people in your organization, the browser is where the real work happens. In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through the essentials of browser security with a practical focus on extensions, cookies, and everyday web risks. You will hear how browser protections fit alongside endpoint, identity, and application security, and why a few small choices in the browser can change the outcome of a bad click.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/a4cc81ee/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of Static vs Dynamic App Security Testing</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>22</itunes:episode>
      <podcast:episode>22</podcast:episode>
      <itunes:title>Making Sense of Static vs Dynamic App Security Testing</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e1eac7d0-ea0a-4281-acd1-508c380e5763</guid>
      <link>https://share.transistor.fm/s/feb01df6</link>
      <description>
        <![CDATA[Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) both promise better application security, but they look at your systems in very different ways. In this audio Insight, we walk through what SAST and DAST actually are, where they sit in your development and delivery stack, and how they turn real code and real traffic into security findings. You will hear a clear, vendor-neutral explanation of how each approach works, from early pipeline scans on source code to live probing of running applications in test or staging environments.]]>
      </description>
      <content:encoded>
        <![CDATA[Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) both promise better application security, but they look at your systems in very different ways. In this audio Insight, we walk through what SAST and DAST actually are, where they sit in your development and delivery stack, and how they turn real code and real traffic into security findings. You will hear a clear, vendor-neutral explanation of how each approach works, from early pipeline scans on source code to live probing of running applications in test or staging environments.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:43 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/feb01df6/7f0e59a4.mp3" length="33570989" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>838</itunes:duration>
      <itunes:summary>
        <![CDATA[Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) both promise better application security, but they look at your systems in very different ways. In this audio Insight, we walk through what SAST and DAST actually are, where they sit in your development and delivery stack, and how they turn real code and real traffic into security findings. You will hear a clear, vendor-neutral explanation of how each approach works, from early pipeline scans on source code to live probing of running applications in test or staging environments.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/feb01df6/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Watching What Leaves Your Environment Before It Becomes a Breach</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>21</itunes:episode>
      <podcast:episode>21</podcast:episode>
      <itunes:title>Watching What Leaves Your Environment Before It Becomes a Breach</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b1880ced-010e-4007-8f2f-835a72772b78</guid>
      <link>https://share.transistor.fm/s/96789b6b</link>
      <description>
        <![CDATA[Network egress controls can be the difference between a noisy but contained incident and a quiet data leak that nobody spots until it is too late. In this audio Insight, we walk through what network egress controls are in practical, plain language and where they sit in your security architecture across on-premises and cloud environments. You will hear how they complement identity, endpoint, and application controls instead of trying to replace them, and why treating outbound access as a design decision, not a default setting, is so important for working security and IT teams.]]>
      </description>
      <content:encoded>
        <![CDATA[Network egress controls can be the difference between a noisy but contained incident and a quiet data leak that nobody spots until it is too late. In this audio Insight, we walk through what network egress controls are in practical, plain language and where they sit in your security architecture across on-premises and cloud environments. You will hear how they complement identity, endpoint, and application controls instead of trying to replace them, and why treating outbound access as a design decision, not a default setting, is so important for working security and IT teams.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:38 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/96789b6b/cfe75c0d.mp3" length="32722542" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>817</itunes:duration>
      <itunes:summary>
        <![CDATA[Network egress controls can be the difference between a noisy but contained incident and a quiet data leak that nobody spots until it is too late. In this audio Insight, we walk through what network egress controls are in practical, plain language and where they sit in your security architecture across on-premises and cloud environments. You will hear how they complement identity, endpoint, and application controls instead of trying to replace them, and why treating outbound access as a design decision, not a default setting, is so important for working security and IT teams.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/96789b6b/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of EDR vs XDR for Real-World Teams</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>20</itunes:episode>
      <podcast:episode>20</podcast:episode>
      <itunes:title>Making Sense of EDR vs XDR for Real-World Teams</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d6c0662c-a0ce-41bf-87da-5f78f82fbabb</guid>
      <link>https://share.transistor.fm/s/99f054cd</link>
      <description>
        <![CDATA[In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we unpack Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) in plain English. You will hear how these platforms collect and connect signals from endpoints, and in the case of XDR, from other domains like identity, email, and cloud. We walk through where they sit in a modern security stack, how they compare to traditional antivirus and log-centric tools, and why they matter for real defenders working real incidents.]]>
      </description>
      <content:encoded>
        <![CDATA[In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we unpack Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) in plain English. You will hear how these platforms collect and connect signals from endpoints, and in the case of XDR, from other domains like identity, email, and cloud. We walk through where they sit in a modern security stack, how they compare to traditional antivirus and log-centric tools, and why they matter for real defenders working real incidents.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:33 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/99f054cd/fb0a40aa.mp3" length="28401872" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>709</itunes:duration>
      <itunes:summary>
        <![CDATA[In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we unpack Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) in plain English. You will hear how these platforms collect and connect signals from endpoints, and in the case of XDR, from other domains like identity, email, and cloud. We walk through where they sit in a modern security stack, how they compare to traditional antivirus and log-centric tools, and why they matter for real defenders working real incidents.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/99f054cd/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Web Security Headers, Big Protection from Small Settings</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>19</itunes:episode>
      <podcast:episode>19</podcast:episode>
      <itunes:title>Web Security Headers, Big Protection from Small Settings</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">95ebe9e1-a13c-438e-b1da-350cf80e6f4d</guid>
      <link>https://share.transistor.fm/s/546728f3</link>
      <description>
        <![CDATA[Web security headers sound technical, but in practice they are small configuration choices that can dramatically change how safely browsers handle your site. In this audio Insight, we walk through what web security headers are, where they sit in your stack, and how they quietly guide the browser to behave in safer ways. You will hear how they relate to transport security, content handling, framing, and referrer behavior, and why they have become basic hygiene for modern, internet-facing applications. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Web security headers sound technical, but in practice they are small configuration choices that can dramatically change how safely browsers handle your site. In this audio Insight, we walk through what web security headers are, where they sit in your stack, and how they quietly guide the browser to behave in safer ways. You will hear how they relate to transport security, content handling, framing, and referrer behavior, and why they have become basic hygiene for modern, internet-facing applications. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:28 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/546728f3/f57af9b5.mp3" length="26894093" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>671</itunes:duration>
      <itunes:summary>
        <![CDATA[Web security headers sound technical, but in practice they are small configuration choices that can dramatically change how safely browsers handle your site. In this audio Insight, we walk through what web security headers are, where they sit in your stack, and how they quietly guide the browser to behave in safer ways. You will hear how they relate to transport security, content handling, framing, and referrer behavior, and why they have become basic hygiene for modern, internet-facing applications. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/546728f3/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Backup and Restore Strategies That Actually Survive an Incident</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>18</itunes:episode>
      <podcast:episode>18</podcast:episode>
      <itunes:title>Backup and Restore Strategies That Actually Survive an Incident</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e8fba8e1-8fc7-4afd-9043-094066578e53</guid>
      <link>https://share.transistor.fm/s/2b748317</link>
      <description>
        <![CDATA[Backup and restore can sound like background plumbing until something goes very wrong. In this audio Insight, we walk through backup and restore strategies from the perspective of real security incidents, not just tidy diagrams. You will hear how these strategies sit alongside prevention, detection, and response, and why “we have backups” often collapses when ransomware, insider mistakes, or cloud misconfigurations show up. The narration focuses on clear definitions, plain language, and relatable scenarios so you can see where backup and restore truly fit in your environment.]]>
      </description>
      <content:encoded>
        <![CDATA[Backup and restore can sound like background plumbing until something goes very wrong. In this audio Insight, we walk through backup and restore strategies from the perspective of real security incidents, not just tidy diagrams. You will hear how these strategies sit alongside prevention, detection, and response, and why “we have backups” often collapses when ransomware, insider mistakes, or cloud misconfigurations show up. The narration focuses on clear definitions, plain language, and relatable scenarios so you can see where backup and restore truly fit in your environment.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:23 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2b748317/c648a5a0.mp3" length="27242051" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>680</itunes:duration>
      <itunes:summary>
        <![CDATA[Backup and restore can sound like background plumbing until something goes very wrong. In this audio Insight, we walk through backup and restore strategies from the perspective of real security incidents, not just tidy diagrams. You will hear how these strategies sit alongside prevention, detection, and response, and why “we have backups” often collapses when ransomware, insider mistakes, or cloud misconfigurations show up. The narration focuses on clear definitions, plain language, and relatable scenarios so you can see where backup and restore truly fit in your environment.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2b748317/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Data Retention and Disposal Without the Guesswork</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>17</itunes:episode>
      <podcast:episode>17</podcast:episode>
      <itunes:title>Data Retention and Disposal Without the Guesswork</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">be5a9a8c-e965-47b4-b8db-05440fadfe34</guid>
      <link>https://share.transistor.fm/s/1dd597b7</link>
      <description>
        <![CDATA[Data retention and disposal can feel like a dry policy topic, but it quietly shapes almost everything you do with information. In this narrated Insight, we walk through what data retention and disposal really are, where they fit in your environment, and how they differ from backups and archives. You will hear how simple rules about what to keep, for how long, and how to securely get rid of it can shrink your attack surface, simplify investigations, and reduce compliance anxiety for working teams. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Data retention and disposal can feel like a dry policy topic, but it quietly shapes almost everything you do with information. In this narrated Insight, we walk through what data retention and disposal really are, where they fit in your environment, and how they differ from backups and archives. You will hear how simple rules about what to keep, for how long, and how to securely get rid of it can shrink your attack surface, simplify investigations, and reduce compliance anxiety for working teams. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:18 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1dd597b7/a1569538.mp3" length="31901237" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>797</itunes:duration>
      <itunes:summary>
        <![CDATA[Data retention and disposal can feel like a dry policy topic, but it quietly shapes almost everything you do with information. In this narrated Insight, we walk through what data retention and disposal really are, where they fit in your environment, and how they differ from backups and archives. You will hear how simple rules about what to keep, for how long, and how to securely get rid of it can shrink your attack surface, simplify investigations, and reduce compliance anxiety for working teams. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1dd597b7/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Security Debt and the Cost of Old Decisions</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>16</itunes:episode>
      <podcast:episode>16</podcast:episode>
      <itunes:title>Security Debt and the Cost of Old Decisions</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">652f2000-22a3-49bc-a3bb-5a978139775f</guid>
      <link>https://share.transistor.fm/s/0f88d787</link>
      <description>
        <![CDATA[Security debt is what happens when yesterday’s “just this once” decisions turn into today’s hidden attack surface. In this narrated Insight, we explore how old exceptions, fragile legacy systems, and never-revisited shortcuts quietly shape your risk, your incident outcomes, and the pain level of every change. You will hear clear, vendor-neutral language that explains what security debt is, where it lives across systems, access, and processes, and how it shows up in everyday work. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Security debt is what happens when yesterday’s “just this once” decisions turn into today’s hidden attack surface. In this narrated Insight, we explore how old exceptions, fragile legacy systems, and never-revisited shortcuts quietly shape your risk, your incident outcomes, and the pain level of every change. You will hear clear, vendor-neutral language that explains what security debt is, where it lives across systems, access, and processes, and how it shows up in everyday work. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:13 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/0f88d787/4ef5b251.mp3" length="27538782" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>687</itunes:duration>
      <itunes:summary>
        <![CDATA[Security debt is what happens when yesterday’s “just this once” decisions turn into today’s hidden attack surface. In this narrated Insight, we explore how old exceptions, fragile legacy systems, and never-revisited shortcuts quietly shape your risk, your incident outcomes, and the pain level of every change. You will hear clear, vendor-neutral language that explains what security debt is, where it lives across systems, access, and processes, and how it shows up in everyday work. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/0f88d787/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Tabletop Exercises a Core Incident Response Habit</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>15</itunes:episode>
      <podcast:episode>15</podcast:episode>
      <itunes:title>Making Tabletop Exercises a Core Incident Response Habit</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">b8df1c13-c966-4ce1-9e40-419ac67a0f07</guid>
      <link>https://share.transistor.fm/s/3e1934cd</link>
      <description>
        <![CDATA[In this audio edition, we explore how tabletop exercises for incident response give your organization a safe space to rehearse tough situations before they happen. You will hear how a simple, scenario-based conversation can reveal gaps in roles, communication paths, and decision-making long before a real incident puts pressure on your team. We walk through where tabletop exercises fit alongside your tools, playbooks, and formal response plans, and why they matter just as much for business leaders, legal, and communications as they do for security and IT specialists. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[In this audio edition, we explore how tabletop exercises for incident response give your organization a safe space to rehearse tough situations before they happen. You will hear how a simple, scenario-based conversation can reveal gaps in roles, communication paths, and decision-making long before a real incident puts pressure on your team. We walk through where tabletop exercises fit alongside your tools, playbooks, and formal response plans, and why they matter just as much for business leaders, legal, and communications as they do for security and IT specialists. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:08 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3e1934cd/32284bcf.mp3" length="27043514" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>675</itunes:duration>
      <itunes:summary>
        <![CDATA[In this audio edition, we explore how tabletop exercises for incident response give your organization a safe space to rehearse tough situations before they happen. You will hear how a simple, scenario-based conversation can reveal gaps in roles, communication paths, and decision-making long before a real incident puts pressure on your team. We walk through where tabletop exercises fit alongside your tools, playbooks, and formal response plans, and why they matter just as much for business leaders, legal, and communications as they do for security and IT specialists. This narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3e1934cd/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Shadow IT and the Tools You Don’t See Coming</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>14</itunes:episode>
      <podcast:episode>14</podcast:episode>
      <itunes:title>Shadow IT and the Tools You Don’t See Coming</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">c3abb827-f38e-49dc-afd8-100f20b9aa28</guid>
      <link>https://share.transistor.fm/s/bfb82490</link>
      <description>
        <![CDATA[Shadow IT often starts as a shortcut: a free SaaS tool, a personal cloud folder, a browser extension that “just makes things easier.” In this audio Insight, we unpack what Shadow IT really is, where it lives across your SaaS, data, and device landscape, and why even mature organizations still get surprised by it. You will hear a practical, vendor-neutral walkthrough of how unapproved tools and services quietly take root in everyday work and what that means for risk, visibility, and trust between security, IT, and the business.]]>
      </description>
      <content:encoded>
        <![CDATA[Shadow IT often starts as a shortcut: a free SaaS tool, a personal cloud folder, a browser extension that “just makes things easier.” In this audio Insight, we unpack what Shadow IT really is, where it lives across your SaaS, data, and device landscape, and why even mature organizations still get surprised by it. You will hear a practical, vendor-neutral walkthrough of how unapproved tools and services quietly take root in everyday work and what that means for risk, visibility, and trust between security, IT, and the business.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:47:03 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/bfb82490/34199ee0.mp3" length="36302388" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>907</itunes:duration>
      <itunes:summary>
        <![CDATA[Shadow IT often starts as a shortcut: a free SaaS tool, a personal cloud folder, a browser extension that “just makes things easier.” In this audio Insight, we unpack what Shadow IT really is, where it lives across your SaaS, data, and device landscape, and why even mature organizations still get surprised by it. You will hear a practical, vendor-neutral walkthrough of how unapproved tools and services quietly take root in everyday work and what that means for risk, visibility, and trust between security, IT, and the business.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/bfb82490/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Turning Configuration Baselines into Everyday Defenses</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>13</itunes:episode>
      <podcast:episode>13</podcast:episode>
      <itunes:title>Turning Configuration Baselines into Everyday Defenses</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">7282db2e-0664-40d8-a45f-5095ed25b4dc</guid>
      <link>https://share.transistor.fm/s/1673d51c</link>
      <description>
        <![CDATA[Configuration drift tends to creep in quietly, one “temporary” change at a time. In this narrated Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through how configuration baselines give you a clear, shared definition of known-good settings for your systems. You will hear how baselines sit between high-level security policies and real-world builds, how they differ from vendor defaults and generic hardening guides, and why they matter whether you are managing on-prem servers, cloud workloads, or standard employee laptops.]]>
      </description>
      <content:encoded>
        <![CDATA[Configuration drift tends to creep in quietly, one “temporary” change at a time. In this narrated Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through how configuration baselines give you a clear, shared definition of known-good settings for your systems. You will hear how baselines sit between high-level security policies and real-world builds, how they differ from vendor defaults and generic hardening guides, and why they matter whether you are managing on-prem servers, cloud workloads, or standard employee laptops.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:59 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1673d51c/c503cf78.mp3" length="24045699" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>600</itunes:duration>
      <itunes:summary>
        <![CDATA[Configuration drift tends to creep in quietly, one “temporary” change at a time. In this narrated Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through how configuration baselines give you a clear, shared definition of known-good settings for your systems. You will hear how baselines sit between high-level security policies and real-world builds, how they differ from vendor defaults and generic hardening guides, and why they matter whether you are managing on-prem servers, cloud workloads, or standard employee laptops.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1673d51c/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of API Authentication with OAuth and JWT</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>12</itunes:episode>
      <podcast:episode>12</podcast:episode>
      <itunes:title>Making Sense of API Authentication with OAuth and JWT</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">e1371634-4163-4f56-a273-5dc2a9c72aa7</guid>
      <link>https://share.transistor.fm/s/31374f90</link>
      <description>
        <![CDATA[API authentication is one of those areas where a simple “just use tokens” answer quickly runs into messy reality. In this audio edition of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through how OAuth 2.0 and JSON Web Tokens (JWT) actually fit together to protect modern APIs. You’ll hear a clear, vendor-neutral explanation of the roles involved, where the authorization server sits, what the token really represents, and how gateways and back-end services use it to make access decisions. The goal is a mental model you can carry into design sessions, code reviews, and incident calls.]]>
      </description>
      <content:encoded>
        <![CDATA[API authentication is one of those areas where a simple “just use tokens” answer quickly runs into messy reality. In this audio edition of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through how OAuth 2.0 and JSON Web Tokens (JWT) actually fit together to protect modern APIs. You’ll hear a clear, vendor-neutral explanation of the roles involved, where the authorization server sits, what the token really represents, and how gateways and back-end services use it to make access decisions. The goal is a mental model you can carry into design sessions, code reviews, and incident calls.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:53 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/31374f90/f72bd885.mp3" length="26541960" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>663</itunes:duration>
      <itunes:summary>
        <![CDATA[API authentication is one of those areas where a simple “just use tokens” answer quickly runs into messy reality. In this audio edition of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through how OAuth 2.0 and JSON Web Tokens (JWT) actually fit together to protect modern APIs. You’ll hear a clear, vendor-neutral explanation of the roles involved, where the authorization server sits, what the token really represents, and how gateways and back-end services use it to make access decisions. The goal is a mental model you can carry into design sessions, code reviews, and incident calls.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/31374f90/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>How Security Champions Change the Security Conversation</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>11</itunes:episode>
      <podcast:episode>11</podcast:episode>
      <itunes:title>How Security Champions Change the Security Conversation</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">7a0aebc6-072e-4909-bf5e-f583f3155ebf</guid>
      <link>https://share.transistor.fm/s/61c9e089</link>
      <description>
        <![CDATA[Security teams are almost always outnumbered by the volume of product ideas, feature changes, and platform migrations moving through an organization. In this episode, we walk through the idea of security champions in engineering teams as a practical way to make “one security team” feel much bigger without pretending you can hire an army overnight. You will hear what a security champion role actually is, where it sits in the flow of work, and how it connects central security, product squads, and platform teams in a way that feels natural instead of bureaucratic. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </description>
      <content:encoded>
        <![CDATA[Security teams are almost always outnumbered by the volume of product ideas, feature changes, and platform migrations moving through an organization. In this episode, we walk through the idea of security champions in engineering teams as a practical way to make “one security team” feel much bigger without pretending you can hire an army overnight. You will hear what a security champion role actually is, where it sits in the flow of work, and how it connects central security, product squads, and platform teams in a way that feels natural instead of bureaucratic. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:48 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/61c9e089/f5befe8e.mp3" length="30308819" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>757</itunes:duration>
      <itunes:summary>
        <![CDATA[Security teams are almost always outnumbered by the volume of product ideas, feature changes, and platform migrations moving through an organization. In this episode, we walk through the idea of security champions in engineering teams as a practical way to make “one security team” feel much bigger without pretending you can hire an army overnight. You will hear what a security champion role actually is, where it sits in the flow of work, and how it connects central security, product squads, and platform teams in a way that feels natural instead of bureaucratic. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/61c9e089/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Keeping API Keys, Tokens, and Passwords Out of the Wrong Hands</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>10</itunes:episode>
      <podcast:episode>10</podcast:episode>
      <itunes:title>Keeping API Keys, Tokens, and Passwords Out of the Wrong Hands</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">55c42fcd-2274-413d-921c-b66fc1018e63</guid>
      <link>https://share.transistor.fm/s/3e2384d0</link>
      <description>
        <![CDATA[Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.]]>
      </description>
      <content:encoded>
        <![CDATA[Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:43 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/3e2384d0/201e730b.mp3" length="31426867" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>785</itunes:duration>
      <itunes:summary>
        <![CDATA[Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/3e2384d0/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Turning SIEM Events Into Actionable Signals</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>9</itunes:episode>
      <podcast:episode>9</podcast:episode>
      <itunes:title>Turning SIEM Events Into Actionable Signals</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d2d1f743-1f81-4526-b921-b6b28188efb7</guid>
      <link>https://share.transistor.fm/s/631287b3</link>
      <description>
        <![CDATA[If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”]]>
      </description>
      <content:encoded>
        <![CDATA[If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:37 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/631287b3/c6066925.mp3" length="31038144" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>775</itunes:duration>
      <itunes:summary>
        <![CDATA[If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/631287b3/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Third-Party Risk Questions That Actually Matter</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>8</itunes:episode>
      <podcast:episode>8</podcast:episode>
      <itunes:title>Third-Party Risk Questions That Actually Matter</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">84e22799-ba0e-47b2-93f4-06f794597ece</guid>
      <link>https://share.transistor.fm/s/2c139d80</link>
      <description>
        <![CDATA[This audio episode explores Third-Party Risk Management (TPRM) as a practical, everyday part of how your organization works with vendors, cloud platforms, and service providers. In clear language, it walks through what TPRM is, where it fits in your governance and technical stack, and why “we’re secure” is never enough when a third party wants access to your data or systems. You will hear how TPRM turns vague assurances into specific questions about data flows, access paths, and incident responsibilities before any new connection goes live.]]>
      </description>
      <content:encoded>
        <![CDATA[This audio episode explores Third-Party Risk Management (TPRM) as a practical, everyday part of how your organization works with vendors, cloud platforms, and service providers. In clear language, it walks through what TPRM is, where it fits in your governance and technical stack, and why “we’re secure” is never enough when a third party wants access to your data or systems. You will hear how TPRM turns vague assurances into specific questions about data flows, access paths, and incident responsibilities before any new connection goes live.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:32 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/2c139d80/816a94af.mp3" length="32005724" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>799</itunes:duration>
      <itunes:summary>
        <![CDATA[This audio episode explores Third-Party Risk Management (TPRM) as a practical, everyday part of how your organization works with vendors, cloud platforms, and service providers. In clear language, it walks through what TPRM is, where it fits in your governance and technical stack, and why “we’re secure” is never enough when a third party wants access to your data or systems. You will hear how TPRM turns vague assurances into specific questions about data flows, access paths, and incident responsibilities before any new connection goes live.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/2c139d80/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>When Source Code Spills Keys, Tokens, and Credentials</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>7</itunes:episode>
      <podcast:episode>7</podcast:episode>
      <itunes:title>When Source Code Spills Keys, Tokens, and Credentials</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">6dac0c24-84e9-4f83-8e1c-23a958de09a9</guid>
      <link>https://share.transistor.fm/s/878791a7</link>
      <description>
        <![CDATA[When secrets leak into source code, they rarely announce themselves with flashing lights. In this audio companion to Bare Metal Cyber’s Tuesday “Insights” feature, we walk through what “secrets in source code” really means for working teams: the keys, tokens, passwords, and other sensitive values that quietly end up in repositories and stick around for years. You will hear where these secrets tend to hide in real environments, how they move through developer laptops, branches, and pipelines, and where secret scanning and better handling practices actually fit into your existing stack.]]>
      </description>
      <content:encoded>
        <![CDATA[When secrets leak into source code, they rarely announce themselves with flashing lights. In this audio companion to Bare Metal Cyber’s Tuesday “Insights” feature, we walk through what “secrets in source code” really means for working teams: the keys, tokens, passwords, and other sensitive values that quietly end up in repositories and stick around for years. You will hear where these secrets tend to hide in real environments, how they move through developer laptops, branches, and pipelines, and where secret scanning and better handling practices actually fit into your existing stack.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:25 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/878791a7/8f172a6e.mp3" length="35616897" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>889</itunes:duration>
      <itunes:summary>
        <![CDATA[When secrets leak into source code, they rarely announce themselves with flashing lights. In this audio companion to Bare Metal Cyber’s Tuesday “Insights” feature, we walk through what “secrets in source code” really means for working teams: the keys, tokens, passwords, and other sensitive values that quietly end up in repositories and stick around for years. You will hear where these secrets tend to hide in real environments, how they move through developer laptops, branches, and pipelines, and where secret scanning and better handling practices actually fit into your existing stack.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/878791a7/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Building Security Into CI/CD Without the Buzzwords</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>6</itunes:episode>
      <podcast:episode>6</podcast:episode>
      <itunes:title>Building Security Into CI/CD Without the Buzzwords</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">330f033d-2639-4083-b56b-c7e212b5e897</guid>
      <link>https://share.transistor.fm/s/40003937</link>
      <description>
        <![CDATA[This narrated episode explores DevSecOps in CI/CD pipelines as a practical way to build security into the same paths your code already takes from commit to production. You’ll hear what DevSecOps in CI/CD pipelines really means, where it fits in modern delivery stacks, and how security checks can live alongside familiar build, test, and deploy stages. The episode walks through the flow of a typical change, showing how tools, pipelines, and people work together to catch issues earlier without turning every release into a negotiation.]]>
      </description>
      <content:encoded>
        <![CDATA[This narrated episode explores DevSecOps in CI/CD pipelines as a practical way to build security into the same paths your code already takes from commit to production. You’ll hear what DevSecOps in CI/CD pipelines really means, where it fits in modern delivery stacks, and how security checks can live alongside familiar build, test, and deploy stages. The episode walks through the flow of a typical change, showing how tools, pipelines, and people work together to catch issues earlier without turning every release into a negotiation.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:21 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/40003937/d238d9e2.mp3" length="33081972" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>826</itunes:duration>
      <itunes:summary>
        <![CDATA[This narrated episode explores DevSecOps in CI/CD pipelines as a practical way to build security into the same paths your code already takes from commit to production. You’ll hear what DevSecOps in CI/CD pipelines really means, where it fits in modern delivery stacks, and how security checks can live alongside familiar build, test, and deploy stages. The episode walks through the flow of a typical change, showing how tools, pipelines, and people work together to catch issues earlier without turning every release into a negotiation.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/40003937/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Turning MITRE ATT&amp;CK into a Defense Roadmap</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>5</itunes:episode>
      <podcast:episode>5</podcast:episode>
      <itunes:title>Turning MITRE ATT&amp;CK into a Defense Roadmap</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">85fb0e45-a4da-4eb4-996f-4634b28b7ea1</guid>
      <link>https://share.transistor.fm/s/327e94e2</link>
      <description>
        <![CDATA[Threat-informed defense can feel abstract until you connect it directly to how real attackers move through your environment. In this narrated breakdown, we walk through how to use the MITRE ATT&amp;CK framework (ATT&amp;CK) as a practical map for planning security improvements. You will hear plain-language explanations of what threat-informed defense is, where ATT&amp;CK fits in a modern stack, and how to use tactics and techniques as the backbone for a more focused roadmap. The goal is to help you see past marketing labels and start thinking in terms of concrete attacker behaviors you can actually see, block, and respond to.]]>
      </description>
      <content:encoded>
        <![CDATA[Threat-informed defense can feel abstract until you connect it directly to how real attackers move through your environment. In this narrated breakdown, we walk through how to use the MITRE ATT&amp;CK framework (ATT&amp;CK) as a practical map for planning security improvements. You will hear plain-language explanations of what threat-informed defense is, where ATT&amp;CK fits in a modern stack, and how to use tactics and techniques as the backbone for a more focused roadmap. The goal is to help you see past marketing labels and start thinking in terms of concrete attacker behaviors you can actually see, block, and respond to.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:16 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/327e94e2/03667130.mp3" length="32364120" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>808</itunes:duration>
      <itunes:summary>
        <![CDATA[Threat-informed defense can feel abstract until you connect it directly to how real attackers move through your environment. In this narrated breakdown, we walk through how to use the MITRE ATT&amp;CK framework (ATT&amp;CK) as a practical map for planning security improvements. You will hear plain-language explanations of what threat-informed defense is, where ATT&amp;CK fits in a modern stack, and how to use tactics and techniques as the backbone for a more focused roadmap. The goal is to help you see past marketing labels and start thinking in terms of concrete attacker behaviors you can actually see, block, and respond to.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/327e94e2/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Triage 101 – What Really Happens After an Alert Fires</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>4</itunes:episode>
      <podcast:episode>4</podcast:episode>
      <itunes:title>Triage 101 – What Really Happens After an Alert Fires</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">0928d8da-0566-44f8-8d97-4f136365a110</guid>
      <link>https://share.transistor.fm/s/1a81ed6e</link>
      <description>
        <![CDATA[When a security alert fires, what really happens in those first few minutes? This narrated edition of our Tuesday “Insights” feature in Bare Metal Cyber Magazine walks through the real work of alert triage, from the moment a signal lands in the queue to the decision to close, monitor, investigate, or escalate. You will hear how triage fits into the wider security operations flow and why it acts as the front door to incident response rather than just another tool screen to stare at.]]>
      </description>
      <content:encoded>
        <![CDATA[When a security alert fires, what really happens in those first few minutes? This narrated edition of our Tuesday “Insights” feature in Bare Metal Cyber Magazine walks through the real work of alert triage, from the moment a signal lands in the queue to the decision to close, monitor, investigate, or escalate. You will hear how triage fits into the wider security operations flow and why it acts as the front door to incident response rather than just another tool screen to stare at.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:10 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/1a81ed6e/9431fa48.mp3" length="30566961" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>763</itunes:duration>
      <itunes:summary>
        <![CDATA[When a security alert fires, what really happens in those first few minutes? This narrated edition of our Tuesday “Insights” feature in Bare Metal Cyber Magazine walks through the real work of alert triage, from the moment a signal lands in the queue to the decision to close, monitor, investigate, or escalate. You will hear how triage fits into the wider security operations flow and why it acts as the front door to incident response rather than just another tool screen to stare at.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/1a81ed6e/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Reading Your Environment Through Logs, Events, and Alerts</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>3</itunes:episode>
      <podcast:episode>3</podcast:episode>
      <itunes:title>Reading Your Environment Through Logs, Events, and Alerts</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">d92cd73b-45b5-4587-8677-9406a1ba91a0</guid>
      <link>https://share.transistor.fm/s/881e2a48</link>
      <description>
        <![CDATA[In this episode of Bare Metal Cyber’s Tuesday “Insights” feature, we unpack how security logs, events, and alerts can move from noisy fragments to a clear, trustworthy security story. You’ll hear a plain-language walkthrough of what each layer really is, where it fits across identity, network, endpoint, and cloud, and how they work together as a narrative pipeline. We follow a small end-to-end example so you can picture how scattered records turn into a coherent incident timeline instead of a pile of disconnected clues on a dashboard.]]>
      </description>
      <content:encoded>
        <![CDATA[In this episode of Bare Metal Cyber’s Tuesday “Insights” feature, we unpack how security logs, events, and alerts can move from noisy fragments to a clear, trustworthy security story. You’ll hear a plain-language walkthrough of what each layer really is, where it fits across identity, network, endpoint, and cloud, and how they work together as a narrative pipeline. We follow a small end-to-end example so you can picture how scattered records turn into a coherent incident timeline instead of a pile of disconnected clues on a dashboard.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:05 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/881e2a48/e844d398.mp3" length="31764363" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>793</itunes:duration>
      <itunes:summary>
        <![CDATA[In this episode of Bare Metal Cyber’s Tuesday “Insights” feature, we unpack how security logs, events, and alerts can move from noisy fragments to a clear, trustworthy security story. You’ll hear a plain-language walkthrough of what each layer really is, where it fits across identity, network, endpoint, and cloud, and how they work together as a narrative pipeline. We follow a small end-to-end example so you can picture how scattered records turn into a coherent incident timeline instead of a pile of disconnected clues on a dashboard.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/881e2a48/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Sense of Security Control Types</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>2</itunes:episode>
      <podcast:episode>2</podcast:episode>
      <itunes:title>Making Sense of Security Control Types</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">470c1609-166a-4e7f-ab3c-cc1b829a26b6</guid>
      <link>https://share.transistor.fm/s/12bf38a8</link>
      <description>
        <![CDATA[Security controls are often described as policies, tools, and processes, but in practice they shape how your defenses behave before, during, and after an incident. In this audio walkthrough, we break down the major types of controls in clear, practical terms: preventive controls that try to stop bad things from happening, detective controls that help you see what slipped through, corrective controls that support recovery, and supporting types like directive, deterrent, and compensating controls. You will hear how these categories span people, process, and technology, and why a balanced mix matters more than the sheer number of tools in your environment.]]>
      </description>
      <content:encoded>
        <![CDATA[Security controls are often described as policies, tools, and processes, but in practice they shape how your defenses behave before, during, and after an incident. In this audio walkthrough, we break down the major types of controls in clear, practical terms: preventive controls that try to stop bad things from happening, detective controls that help you see what slipped through, corrective controls that support recovery, and supporting types like directive, deterrent, and compensating controls. You will hear how these categories span people, process, and technology, and why a balanced mix matters more than the sheer number of tools in your environment.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:46:01 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/12bf38a8/522c1424.mp3" length="35195788" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>879</itunes:duration>
      <itunes:summary>
        <![CDATA[Security controls are often described as policies, tools, and processes, but in practice they shape how your defenses behave before, during, and after an incident. In this audio walkthrough, we break down the major types of controls in clear, practical terms: preventive controls that try to stop bad things from happening, detective controls that help you see what slipped through, corrective controls that support recovery, and supporting types like directive, deterrent, and compensating controls. You will hear how these categories span people, process, and technology, and why a balanced mix matters more than the sheer number of tools in your environment.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/12bf38a8/transcript.txt" type="text/plain"/>
    </item>
    <item>
      <title>Making Defense in Depth Actually Work</title>
      <itunes:season>1</itunes:season>
      <podcast:season>1</podcast:season>
      <itunes:episode>1</itunes:episode>
      <podcast:episode>1</podcast:episode>
      <itunes:title>Making Defense in Depth Actually Work</itunes:title>
      <itunes:episodeType>full</itunes:episodeType>
      <guid isPermaLink="false">5a5749eb-54e7-4836-ab98-a95992a4247c</guid>
      <link>https://share.transistor.fm/s/60ff47f5</link>
      <description>
        <![CDATA[Defense in depth is one of those phrases everyone uses, but few teams can clearly describe in terms of everyday work. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through defense in depth as a practical security design pattern rather than a slogan. You’ll hear how it fits across identity, network, endpoint, and cloud, and why it’s really about combining people, process, and technology so that no single miss turns into a major incident.]]>
      </description>
      <content:encoded>
        <![CDATA[Defense in depth is one of those phrases everyone uses, but few teams can clearly describe in terms of everyday work. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through defense in depth as a practical security design pattern rather than a slogan. You’ll hear how it fits across identity, network, endpoint, and cloud, and why it’s really about combining people, process, and technology so that no single miss turns into a major incident.]]>
      </content:encoded>
      <pubDate>Fri, 17 Jul 2026 16:45:25 -0500</pubDate>
      <author>Dr Jason Edwards</author>
      <enclosure url="https://media.transistor.fm/60ff47f5/3b7a95d3.mp3" length="30798857" type="audio/mpeg"/>
      <itunes:author>Dr Jason Edwards</itunes:author>
      <itunes:duration>769</itunes:duration>
      <itunes:summary>
        <![CDATA[Defense in depth is one of those phrases everyone uses, but few teams can clearly describe in terms of everyday work. In this narrated edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through defense in depth as a practical security design pattern rather than a slogan. You’ll hear how it fits across identity, network, endpoint, and cloud, and why it’s really about combining people, process, and technology so that no single miss turns into a major incident.]]>
      </itunes:summary>
      <itunes:keywords>cybersecurity, cyber security, cybersecurity podcast, information security, cyber threats, cybersecurity analysis, security news, ransomware, data breaches, artificial intelligence, AI security, cloud security, zero trust, threat intelligence, vulnerability management, security operations, incident response, cyber risk, governance risk and compliance, GRC, privacy, cybersecurity policy, critical infrastructure, nation-state threats, cyber warfare, CISOs, SOC analysts, security analysts, cybersecurity students, BareMetalCyber, Bare Metal Cyber, Dr. Jason Edwards</itunes:keywords>
      <itunes:explicit>No</itunes:explicit>
      <podcast:transcript url="https://share.transistor.fm/s/60ff47f5/transcript.txt" type="text/plain"/>
    </item>
  </channel>
</rss>
