Brought to you by IT Audit Labs. Trusted cyber security experts and their guests discuss common security threats, threat actor techniques and other industry topics. IT Audit Labs provides organizations with the leverage of a network of partners and specialists suited for your needs.We are experts at assessing security risk and compliance, while providing administrative and technical controls to improve our clients’ data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, while our security control assessments rank the level of maturity relative to the size of the organization.
In this special year-end episode, Joshua Schmidt revisits the most mind-bending moments from The Audit's 2025 season. From Justin Marciano and Paul Vann demonstrating live deepfakes in real-time (yes, they actually did it on camera) to Bill Harris explaining how Google's quantum experiments suggest parallel universes, to Alex Bratton's urgent warning about the AI adoption crisis happening right now in boardrooms everywhere. What You'll Learn: How adversaries are using free tools to create convincing deepfakes for job interviews and social engineering attacks—and why this represents a national security threat Why NASA shut down its quantum computer after getting results that "challenge contemporary thinking" (and the wild theories circulating about what they discovered) The critical mistake companies are making with AI integration: racing ahead without governance, security frameworks, or responsible use policies How the Pi-hole community exemplifies open-source security at its best—enterprise-grade protection at fractions of the cost Why IT teams saying "no" to AI isn't realistic, and what responsible AI adoption actually looks like This isn't just a recap—it's a wake-up call. These conversations reveal the inflection points where standing still means falling behind. Whether you're a CISO, security analyst, IT auditor, or business leader trying to navigate AI adoption, these clips offer the perspective you need heading into 2026. Don't wait until 2026 to realize you missed the critical shift. Subscribe now for cutting-edge cybersecurity insights that keep you ahead of evolving threats. #cybersecurity #deepfake #quantumcomputing #AI #infosec #ethicalhacking #cyberdefense #2025yearinreview
12/29/25 • 22:57
What if you could hire an army of AI security analysts that work 24/7 investigating alerts so your human team can focus on what actually matters? Edward Wu, founder and CEO of DropZone AI, joins The Audit crew to reveal how large language models are transforming security operations—and why the future of cyber defense looks more like a drone war than traditional SOC work. From his eight years at AttackIQ generating millions of security alerts (and the fatigue that came with them), Edward built DropZone to solve the problem he helped create: alert overload. This conversation goes deep on AI agents specializing in different security domains, the asymmetry problem between attackers and defenders, and why deepfakes might require us to use "safe words" before every Zoom call. What You'll Learn: How AI tier-1 analysts automate 90% of alert triage to find real threats faster Why attackers only need to be right once, but AI can level the playing field Real-world deepfake attacks hitting finance teams right now The societal implications of AI-driven social engineering at scale Whether superintelligence will unlock warp engines or just better spreadsheets If alert fatigue is crushing your security team, this episode delivers the blueprint for fighting back with AI. Hit subscribe for more conversations with security leaders who are actually building the future—not just talking about it. #cybersecurity #AIforCybersecurity #SOC #SecurityOperations #AlertFatigue #DropZoneAI #ThreatDetection #IncidentResponse #CyberDefense #SecurityAutomation
12/15/25 • 35:19
When hackers target the systems controlling your water, power, and transportation, the consequences go far beyond data breaches—people can die. Leslie Carhartt, Technical Director of Incident Response at Dragos, pulls back the curtain on one of cybersecurity's most critical blind spots: industrial control systems that keep society running but remain dangerously exposed. What You'll Learn: Why industrial control systems can't be updated like your laptop—and what that means for security How threat actors are using AI to generate custom malware for power plants and water treatment facilities The real state of critical infrastructure security (spoiler: forget about air gaps) Why commodity ransomware has become an existential threat to industrial operations The five critical controls organizations should implement right now to defend OT environments Don't wait until your organization becomes the next headline. Like, share, and subscribe for more in-depth security intelligence that goes beyond the buzzwords. #industrialcybersecurity #criticalinfrastructure #OTsecurity #ICS #SCADA #dragos #incidentresponse #ransomware #AIthreats #cybersecurity #infosec
12/1/25 • 32:52
What if your security team is playing defense while hackers play offense 24/7? Foster Davis, former Navy cyber warfare officer and founder of BreachBits, breaks down why traditional penetration tests become obsolete in weeks—and how continuous red teaming changes the game. From hunting pirates in the Indian Ocean to defending critical infrastructure, Foster shares hard-earned lessons about adversarial thinking, operational risk management, and why the junior person in the room might spot your biggest vulnerability. What You'll Learn: Why red teaming creates psychological advantages penetration testing can't match How operational risk management translates technical findings into executive action The real cost of point-in-time security assessments (hint: ask St. Paul, Minnesota) Military-grade frameworks for continuous threat simulation in civilian organizations Why attackers operate 365 days a year—but most organizations test once Don't let your organization become another headline. Security teams need to think like attackers, not just defenders. Subscribe for more conversations that challenge conventional cybersecurity thinking. #RedTeam #CybersecurityStrategy #PenetrationTesting #MilitaryCyber #ThreatHunting #InfoSec
11/17/25 • 41:13
What if everything AI tells you about cybersecurity costs is completely wrong? The Audit crew unpacks a shocking data black hole that has infected every major AI model—plus field-tested tech that actually works.In this laid-back Field Notes episode, Joshua Schmidt, Eric Brown, and Nick Mellum return from Gartner's CIO Symposium with insights that'll make you question your AI outputs. From discovering that the "trillions in cybercrime" statistic is pure fiction (the real number is 16.6 billion) to hands-on reviews of Starlink Mobile and Nothing earbuds, this episode delivers practical intelligence you won't find in vendor pitches.Don't wait for the next data breach to question your assumptions. Subscribe for monthly Field Notes episodes that cut through the noise with honest, technical conversations you can trust.#cybersecurity #AI #artificalintelligence #GartnerCIO #infosec #starlink #fieldnotes #cybertrends #datasecurity #AIbias
11/3/25 • 26:28
What happens when Apple Vision Pro meets enterprise AI? In this episode of The Audit, Alex Bratton—applied technologist and AI implementation expert—joins hosts Joshua Schmidt and Nick Mellem to reveal how spatial computing and artificial intelligence are colliding to reshape how we work. From conducting million-dollar sales meetings in virtual reality to building AI governance frameworks that actually work, Alex breaks down the cutting-edge tech that's moving faster than most organizations can keep up. This isn't theoretical innovation—it's practical implementation. Alex shares real-world examples of pharmaceutical reps training with AI-powered virtual doctors, airlines redesigning airport gates in spatial environments, and manufacturing teams using Vision Pro for secure work on confidential documents at 30,000 feet. If you've been skeptical about AR/VR or overwhelmed by AI adoption, this conversation delivers the clarity you need to make informed decisions for your organization. Key Topics: Why Apple Vision Pro is the "iPhone 1 moment" for spatial computing and what that means for enterprise security The three categories of AI tools: reactive assistants, task-based agents, and goal-oriented digital employees How to build AI governance frameworks without crushing innovation or falling behind competitors Real security concerns with AI tools and which vendors are actually protecting your data Why mid-market companies are outpacing Fortune 500s in AI adoption—and what that means for your industry Practical strategies for baking AI into company culture without triggering employee resistance The critical difference between free AI tools that steal your data and paid platforms that protect it Whether you're a CISO evaluating AI tools, an IT director building governance policies, or a security professional trying to stay ahead of threats, this episode delivers actionable intelligence you can implement today. The AI revolution isn't coming—it's already here. The question is whether your organization will lead or get left behind. #cybersecurity #infosec #AI #VR #AppleVisionPro
10/20/25 • 37:10
Ever wonder what the hosts of The Audit talk about when the mics are rolling but the formal interview isn't happening? This Field Notes episode gives you exactly that—unfiltered conversations covering everything from coffee preferences and glider flying to trademark scams targeting cybersecurity professionals. Nick and Eric dive into Eric's latest aviation adventures (spoiler: gliders are apparently safer than planes with engines), share war stories about scam calls trying to exploit trademark filings, and swap tales about expensive vet visits. Plus, hear some nostalgic cybersecurity stories from the Wild West days when networks ran without firewalls and people could taste peanut butter straight from the jar at grocery stores. Key Topics: Eric's glider pilot training and why it's "safer" than powered flight Trademark registration scams targeting IT professionals Coffee roasting tips from flight instructors Cybersecurity nostalgia: Temple University's router-only network Why Eric kept a scammer on the phone for 5 minutes during pickleball Whether you're here for the cybersecurity insights or just want to know why Nick prefers Diet Coke to Coke Zero, this episode delivers the authentic conversations that happen between industry pros. Don't miss Eric's glider safety argument—it might just change your perspective on risk management. #cybersecurity #infosec #fieldnotes #aviation #scamcalls #itauditlabs
10/6/25 • 24:55
Cybercriminals are exploiting X's Grok AI to bypass ad protections and spread malware to millions—while researchers discover your home Wi-Fi can now monitor your heart rate. This week's news breakdown covers the attack vectors you need to know about. Join co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem as they dive into the latest cybersecurity developments that could impact your organization tomorrow. From social media malvertising to biometric data harvesting through everyday devices, these aren't distant threats—they're happening now. Key Topics Covered: How cybercriminals are weaponizing Grok AI for malvertising campaigns Why 10-15% of employees access risky content at work (and what to do about it) Wi-Fi devices that can detect heart rates from 10 feet away—privacy implications Amazon's Project Kuiper vs. Starlink: What 1GB satellite internet means for security Practical defenses: YubiKeys, browser isolation, and network redundancy strategies Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions! #cybersecurity #infosec #grok #malware #starlink #wifi #privacy #ITsecurity
9/22/25 • 14:39
The threat landscape is moving faster than ever—and traditional response playbooks aren't keeping up. In this live Field Notes episode, Eric Brown and Nick Mellum dive into the surge of recent cyberattacks hitting state governments, transit systems, and critical infrastructure across the U.S.From Nevada's complete state office shutdown to Maryland's Metro Transit paralysis, the hosts explore why organizations still "clam up" during breaches instead of sharing crucial threat intelligence. Drawing from their firsthand experience with the St. Paul incident and military-grade preparedness principles, they reveal the uncomfortable truth: you're not building higher walls anymore—you're planning for someone who's already inside.Key Topics Covered:Recent state-level cyberattacks in Nevada and MarylandWhy threat intelligence sharing fails when we need it mostThe human cost of breach response chaos and endless meetingsHow AI is being weaponized in sophisticated supply chain attacksMilitary mindset for cybersecurity: "Semper Gumby, always flexible"Don't wait for the next headline. Subscribe for more unfiltered cybersecurity discussions that bridge the gap between technical reality and human preparation.#cybersecurity #infosec #breach #threatintelligence #fieldnotes #livecast #CISO #cybersecuritynews
9/15/25 • 26:04
When ransomware hits a hospital, it's not just data that's at stake—patients are dying. Ed Gaudet, CEO of Censinet, reveals the shocking research proving what healthcare security professionals feared: cyberattacks on hospitals directly increase mortality rates and disrupt life-saving care. But Ed's biggest concern? The eerie quiet before what he believes could be the next wave of coordinated attacks across multiple critical infrastructures. Plus, why Microsoft's approach to AI integration is making cybersecurity professionals lose sleep. Key Topics Covered: Why ransomware attacks on hospitals increase patient mortality rates The research behind healthcare cybersecurity's deadly consequences How the healthcare industry's digital transformation created new vulnerabilities Microsoft's problematic approach to forced AI integration The evolution from individual hackers to organized cybercrime syndicates Why Ed's "Spidey senses" are warning of coordinated infrastructure attacks Don't wait until your organization becomes the next healthcare headline. Subscribe for more critical cybersecurity insights that could save more than just your data. #healthcarecybersecurity #ransomware #patientsafety #cybersecurity #infosec #healthcare
9/8/25 • 32:08
What happens when your next hire isn't who they claim to be? In this eye-opening episode of The Audit, we dive deep into the alarming world of AI-powered hiring fraud with Justin Marciano and Paul Vann from Validia. From North Korean operatives using deepfakes to infiltrate Fortune 500 companies to proxy interviews becoming the new normal, this conversation exposes the security crisis hiding in plain sight. Key Topics Covered: North Korean operatives stealing US salaries to fund nuclear programs How Figma had to re-verify their entire workforce after infiltration Live demonstrations of deepfake technology (Pickle AI, DeepLiveCam) Why 80-90% of engineers believe interview cheating is rampant Validia's "Truly" tool vs. Cluely's AI interview assistance The future of identity verification in remote work Why behavioral biometrics might be our last defense This isn't just about hiring fraud—it's about the fundamental breakdown of digital trust in an AI-first world. Whether you're a CISO, talent leader, or anyone involved in remote hiring, this episode reveals threats you didn't know existed and solutions you need to implement today. Don't let your next hire be your biggest security breach. Subscribe for more cutting-edge cybersecurity insights that you won't find anywhere else. #deepfakes #cybersecurity #hiring #AI #infosec #northkorea #fraud #identity #remote #validia
8/25/25 • 41:24
Can you spot the difference between real cybersecurity talent and someone using ChatGPT to fake their way through interviews? In this episode of The Audit, Thomas Rogers from Meta CTF reveals how Capture the Flag competitions are becoming the ultimate litmus test for authentic cyber skills—and why traditional hiring methods are failing in the AI era. Whether you're a CISO looking to revolutionize your hiring process, a security professional wanting to level up your skills, or just curious about what happens when cybersecurity meets escape room logic, this episode delivers actionable insights you can implement immediately. Key Topics Covered: How Meta CTF's Jeopardy-style competitions work and why they're addictive Real examples of CTF challenges that test critical thinking over pure technical knowledge The shocking rise of AI-assisted interview cheating (and how to spot it) Why "CTF culture" is becoming the new hiring differentiator for top security teams Practical tips for using competitions to build team camaraderie and retention How smaller companies can compete with Big Tech for cybersecurity talent Don't let your next hire fool you with AI-generated answers. Learn how CTF competitions reveal the real problem-solvers from the pretenders. Like, share, and subscribe for more cybersecurity hiring secrets that actually work! #MetaCTF #CybersecurityHiring #CTF #InfoSec #CyberSecurity #AIInterviews #TechRecruiting
8/11/25 • 30:10
Dallas Turner's $240,000 fraud loss isn't just celebrity news—it's a wake-up call for anyone with a bank account. When even NFL linebackers fall victim to social engineering, what does that mean for the rest of us? In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem break down the sophisticated tactics behind this massive financial fraud and reveal why help desk vulnerabilities are becoming cybercriminals' favorite attack vector. From Scattered Spider's multi-industry campaigns to the unexpected cybersecurity challenges facing Formula 1 racing, this episode covers the evolving threats that no security professional can afford to ignore. 🎯 Key Topics Covered: How banking impersonation scams work and red flags to watch for Why Scattered Spider targets help desks and how to defend against it The surprising cybersecurity risks in high-speed Formula 1 racing Practical steps to protect yourself from social engineering attacks Why MFA fatigue is becoming a serious security vulnerability Don't let social engineering catch you off guard. The tactics that fooled a professional athlete could easily target your organization next. #cybersecurity #socialengineering #scatteredspider #financialfraud #infosec
7/28/25 • 22:13
What does it take to build real cybersecurity skills in underserved communities? In this episode of The Audit, Rasheed Alowonle shares his journey from Chicago to becoming a cybersecurity educator and community advocate. This isn't your typical career advice—it's about fortifying communities through practical security hygiene and hands-on learning.Co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellum dive deep with Rasheed on his mission to teach cybersecurity fundamentals where they're needed most. From TryHackMe demonstrations to real-world privacy protection, this conversation reveals how grassroots education can transform both individuals and entire communities. Key Topics Covered: Building cybersecurity skills in underserved communities • Practical privacy protection for families and neighborhoodsCareer development through hands-on learning platforms The critical importance of in-person networking in tech Why protecting your digital identity protects your communityDon't wait to start building your cybersecurity career—your community needs you. Like, share, and subscribe for more real-world security insights that matter!#cybersecurity #infosec #careerdevelopment #networking #community #privacy #tryhackme
7/14/25 • 33:01
What happens when your carefully crafted incident response playbook becomes worthless? Cody Sullivan from OpsBook reveals the brutal truth about tabletop exercises: most organizations are practicing with medieval armor for a drone war. From 70-participant, 6-hour exercises spanning three continents to the harsh reality of insider threats, this conversation exposes the gaps that could leave your organization bleeding when the real attack comes. Key Topics Covered: Why "tribal knowledge" is your organization's biggest security risk The insider threat scenario that makes every tabletop exercise go sideways How AI is revolutionizing incident response preparation through OpsBook's ontology Why your playbooks are useless if hackers have them too The "Derek Jeter approach" to cybersecurity preparedness From real estate to tech: spotting warning signs before the industry shift The crew shares fresh insights from a recent school district tabletop that exposed critical single points of failure, while Cody demonstrates how modern organizations are turning decision-making into muscle memory, not just memos. This isn't theory—it's the frontlines of organizational resilience where one overlooked vulnerability could trigger catastrophic failure. Like, share, and subscribe for more in-depth security discussions that prepare you for tomorrow's threats, not just today's compliance checkboxes! #tabletopexercise #incidentresponse #cybersecurity #infosec #AI #opsbook
6/30/25 • 38:36
Think you can manage industrial systems like your IT infrastructure? Think again. In this episode of The Audit, Dino Busalachi unpacks the high-stakes complexity of OT-IT convergence—and why your trusty IT playbook flatlines on the plant floor. Join the IT Audit Labs crew as we dive into the chaos of managing 10,000+ industrial assets across a sprawling landscape of vendors, protocols, and operational rules that laugh in the face of standardization. From Siemens to Rockwell to Honeywell, Dino draws sharp parallels to hospital systems juggling specialized third-party contractors—because in the world of OT, consistency is a luxury and adaptability is survival.🔧 Key Topics Covered: • Why OT environments resist IT standardization efforts • Managing thousands of industrial assets from multiple vendors • The hospital analogy: treating OT specialists like medical contractors • Building effective partnerships between OT and IT teams • Real-world challenges of securing industrial control systems #OTSecurity #ITConvergence #IndustrialCybersecurity #SCADA #PLC #CriticalInfrastructure
6/16/25 • 39:50
What happens when you cross a Tamagotchi with a Wi-Fi hacking tool? You get the Pwnagotchi—a pocket-sized device that "feeds" on Wi-Fi handshakes and learns from its environment. In this episode, Jayden Traufler and Cameron Birkland join the crew to demonstrate how this deceptively cute device can passively capture encrypted Wi-Fi credentials from any network in range, autonomously gather handshakes, share intelligence with other Pwnagotchis, and operate completely under the radar from conference floors to airplane cabins in ways that might surprise you. Key Topics Covered: How the Pwnagotchi captures Wi-Fi handshakes through deauthentication attacks Why WPA3 networks are immune (and why most networks still aren't using it) Building your own Pwnagotchi vs buying a Flipper Zero with Wi-Fi dev board Real defense strategies beyond "just turn off your Wi-Fi" The legal gray areas of passive Wi-Fi monitoring Conference horror stories and the 600-handshake airplane incident Whether you're a security professional looking to understand emerging threats or someone curious about DIY hacking tools, this episode delivers practical insights you can use to protect your networks today. The Pwnagotchi proves that the most dangerous attacks often come in the most innocent packages. Don't let your organization become the next victim of passive Wi-Fi attacks. Like, share, and subscribe for more hands-on cybersecurity content that keeps you ahead of emerging threats! #Pwnagotchi #cybersecurity #wifihacking #ethicalhacking #infosec #flipper zero Relevant Links: Jayden TrauflerLinkedIn
6/2/25 • 35:24
Your network is talking behind your back—but Pi-hole is listening. Join The Audit as Pi-hole co-founders Dan Schaper and Adam Warner reveal how their open-source DNS sinkhole technology has become the secret weapon for over 200,000 privacy-conscious users worldwide. In this episode, we discuss: How Pi-hole evolved from a simple ad blocker to a critical network security tool Why DNS-level filtering stops threats before they reach any of your devices The performance benefits that make browsing noticeably faster Setting up Pi-hole on everything from Raspberry Pi to enterprise hardware How the global development team maintains this powerful security shield Protecting vulnerable IoT devices from malicious traffic The future roadmap for Pi-hole and opportunities to contribute Don't miss this deep dive into the technology that's reclaiming control of digital footprints one DNS request at a time. Connect with the Pi-hole community at discourse.pi-hole.net and discover why cybersecurity professionals consider this an essential defensive tool. Like, share, and subscribe for more cutting-edge cybersecurity insights and expert analysis! #pihole #DNSfiltering #networksecurity #adblocking #privacytools #cybersecurity #opensource #infosec
5/12/25 • 39:50
Join The Audit for a news-packed episode as cybersecurity expert Matt Starland recounts a chilling near-miss with an E-Z Pass phishing scam—received just minutes after renting a car in Florida. His close call highlights how scammers exploit timing and context to deceive even seasoned professionals. In this episode, we discuss: How a security pro nearly fell for a perfectly timed phishing text The FBI’s 2023 Internet Crime Report and its $16.6B warning Why nearly $5B in losses hit Americans over 60—and why many stay silent The psychological barriers victims face when reporting cybercrime The rise of the “Dead Internet Theory” and AI-generated online content How Meta and others are blurring the line between real and artificial Practical ways to spot AI-generated interactions Why maintaining human connection is key in the age of AI Don’t miss this timely conversation packed with real-world insights and strategies to help you stay secure in an increasingly digital (and artificial) world. Like, share, and subscribe for more cutting-edge cybersecurity stories and expert analysis. #infosec #cybersecurity #E-ZPass #phishing #FBI #deadinternet #meta
5/5/25 • 42:21
Join The Audit as we dive into the high-stakes intersection of critical infrastructure and cybersecurity with Tim Herman, President of InfraGard Minnesota. InfraGard is a unique public-private partnership with the FBI designed to protect the 85% of America's essential systems owned by the private sector. From power grids to transportation, the vulnerabilities are real—and increasingly complex. In this episode, we discuss: How joystick-operated tugboats on the Mississippi reveal hidden cyber risks Why tabletop exercises are vital for incident readiness Common mistakes in organizational response plans (and how to fix them) The importance of physical backups and redundant communication systems Actionable steps to bridge the gap between planning and execution Cybersecurity isn’t just an IT issue—it’s national security. Don’t miss this compelling conversation on how InfraGard is helping organizations build resilience before the next breach hits. Like, share, and subscribe for more expert insights from the frontlines of cybersecurity.
4/21/25 • 33:50
Join The Audit as we explore the cutting-edge world of quantum computing with information security architect, Bill Harris. Quantum technology is advancing at breakneck speed, pushing the boundaries of computation, while Quantum Key Distribution (QKD) is making encrypted communications nearly unbreakable. As multiple sectors race to integrate quantum and AI, cybersecurity experts are racing to implement quantum-resistant encryption before traditional cryptographic methods become obsolete. Beyond the technical breakthroughs, quantum computing is also raising profound questions about reality itself. In this episode, we discuss: The rise of 1,000-qubit machines and persistent error challenges How QKD is reshaping secure communication worldwide Microsoft’s Majorana particle claims—fact or hype? NASA’s mysterious quantum shutdown in February 2024 Google’s research into quantum and unexpected findings The cybersecurity arms race to counter quantum decryption Quantum computing isn’t just the future—it’s here, and it’s reshaping everything from cybersecurity to our understanding of the universe. Don’t miss this deep dive into the most mind-bending technology of our time! Like, share, and subscribe for more in-depth cybersecurity insights. #QuantumComputing #Cybersecurity #Encryption #AI #ParallelUniverses
4/7/25 • 36:42
What Really Happens to Your Trash? Inside Modern Waste ManagementIs your trash really being recycled, or is it ending up in a landfill? In this episode of The Audit, we sit down with Trista Martinson, Executive Director at Ramsey Washington Recycling & Energy, to uncover the surprising technology and cybersecurity challenges behind modern waste management.Trista joins the IT Audit Labs team to reveal how AI, robotics, and environmental science are transforming recycling, while also sharing how The Audit's own Eric Brown helped strengthen her organization’s cybersecurity to protect critical infrastructure.In this episode, we discuss:How AI and robotics are revolutionizing waste processingThe reality behind China’s global recycling marketWhy recycling facilities are prime targets for cyberattacksThe role of cybersecurity in protecting critical infrastructureHow a military mindset influences risk assessmentThe biggest mistakes people make when disposing of trashFrom optimizing recycling with data to securing waste facilities against ransomware, this episode dives deep into the hidden world of trash, tech, and security.🔔 Subscribe for more cybersecurity and technology insights!#Cybersecurity #WasteManagement #Recycling #AI #TheAuditPodcast
3/24/25 • 22:54
Are SOC audits just another compliance requirement, or do they provide real security value? In this episode of The Audit, we sit down with Adam Russell from Schellman to debunk common misconceptions about SOC audits and explore why they’re more than just a checkbox exercise—especially for startups. Adam joins the IT Audit Labs team for a deep dive into the often-misunderstood world of attestations, sharing expert insights on how organizations can effectively prepare for a SOC audit and determine which security assessments best fit their needs. In this episode we discuss: - The biggest mistakes startups make with SOC audits - Why SOC 2 is more flexible than you might think - The myth that big companies are always secure - How SOC assessments can strengthen security culture - Gamified training & newsletters for better compliance engagement - How external auditors can empower internal teams Whether you're preparing for your first SOC audit or navigating complex compliance requirements, this episode is packed with actionable insights to help you enhance security and compliance strategies. 🔔 Subscribe for more cybersecurity insights! #Cybersecurity #SOCAudit #Compliance #StartupSecurity #TheAuditPodcast
3/10/25 • 35:34
Think audits are just paperwork? Think again. They’re the frontline defense against security gaps, data breaches, and unchecked access. In this episode of The Audit, we break down how Elon Musk’s unexpected access to FEMA’s sensitive data underscores the critical role of audits in organizational security. We reveal how regular audits and third-party reviews expose vulnerabilities, enforce accountability, and strengthen cyber defenses before attackers can exploit them. Key Topics We Cover: • How audits uncover hidden cybersecurity risks • Finland’s cutting-edge approach to cyber resilience • Why tabletop exercises and real-world drills are game changers • A shocking social engineering attack at a library—and what it teaches us Cyber threats evolve fast—don’t wait until you’re the next headline. Whether you're a cybersecurity pro or just getting started, this episode is packed with actionable insights you can’t afford to miss. Like, share, and subscribe for the latest cybersecurity news and expert analysis! #Cybersecurity #Auditing #Infosec #SocialEngineering #SecurityNews
2/24/25 • 39:05
You’re Being Hacked Right Now—And You Don’t Even Know It Ever wonder how cybercriminals manipulate human behavior to breach even the most secure organizations? In this episode of The Audit, Eric Brown and Nick Mellum sit down with renowned social engineer and penetration tester Alethe Denis to break down real-world hacking techniques, red team strategies, and the shocking ways attackers exploit trust. From winning DEF CON’s Black Badge Social Engineering competition to executing high-stakes red team engagements, Alith shares jaw-dropping stories and expert insights on modern security threats. Key topics we cover: The art of social engineering and why it still works Wildly effective pretexts hackers use to gain access How AI and deepfakes are shaping the future of cybercrime Physical penetration testing stories that will make you rethink office security Simple but powerful strategies to protect yourself and your organization Don't wait until your organization is the next headline. Whether you're a cybersecurity pro or just getting started, this episode is packed with eye-opening insights you can’t afford to miss. Like, share, and subscribe for more in-depth security discussions! #Cybersecurity #SocialEngineering #PenTesting #EthicalHacking #RedTeam
2/10/25 • 38:24
Discover the hidden risks of browser extensions, cybersecurity incidents, and more with hosts Eric Brown and Nick Mellum. In this episode, we dive into the dangers of tools like Honey, the fallout from Proton’s global outage, and the ingenious tactics used by cybercriminals to target unsuspecting users. Eric and Nick also share their insights on using big data to enhance security, the role of AI in addressing threats, and practical tips for staying ahead of the ever-changing tech landscape in 2025. We'll cover: The surprising risks behind popular browser extensions like Honey Lessons from Proton’s global outage and the importance of preparation How cybercriminals use voice phishing to exploit tech giants Practical steps to improve organizational security and educate users Balancing security and accessibility in modern systems From practical advice to thought-provoking insights, this episode delivers actionable takeaways for anyone navigating today’s tech landscape. #Cybersecurity #TechNews #DataPrivacy #RiskManagement #DigitalSafety
1/27/25 • 36:55
Dive into the transformative power of data in cybersecurity in this must-watch episode with Wade Baker, where cutting-edge insights meet real-world applications. Hear from The Audit Team as we discover how massive data sets are reshaping risk management, AI’s evolving role in combating cyber threats, and the surprising insights data can unveil about security incidents. We also dive into ransomware trends, phishing techniques, the ethics of AI, and the critical role of storytelling in decision-making, with some fun nods to fantasy swords along the way. In this episode, we discuss: Using big data to tackle cybersecurity challenges Ransomware and phishing trends The ethical debate around AI in security Unique discoveries from security data analysis Practical strategies for influencing decision-makers Catch this insightful conversation and stay ahead of the cybersecurity curve. Like, share, and subscribe for more expert discussions on the latest security trends! #Cybersecurity #DataAnalytics #RiskManagement
1/13/25 • 51:57
Join us for an eye-opening discussion on cybersecurity in travel with ethical hacker Matthew Wold from Ramsey County. Matthew shares how his passion for cybersecurity took root at Ramsey County, leading to collaborations with co-hosts Eric Brown and Nick Mellem. We kick things off with a lighthearted chat about survival items on a deserted island, setting the stage for a lively and insightful conversation.From RFID shields to OMG cables, we unpack practical tips for protecting your digital and personal safety while traveling. Learn how to navigate risks like compromised USB ports, hidden cameras in hotel rooms, and data privacy challenges across borders. With advice on VPNs, securing SIM cards, managing passwords, and safeguarding luggage, this episode is packed with essential strategies to ensure your travel experiences remain secure and worry-free.
12/16/24 • 38:57
From Gmail 2FA bypass warnings to SEO poisoning campaigns, we’re diving into the latest cybersecurity headlines reshaping the industry. We explore how attackers are using hyper-specific search terms—like the legality of Bengal cats—to deliver malware and manipulate search results. Plus, we discuss advancements in AI-powered behavioral analytics, from cutting down false alerts to streamlining incident response. With real-world insights and actionable tips, this episode is packed with must-know updates for IT professionals navigating today’s ever-evolving threat landscape. In this episode, we'll discuss: Gmail session cookie theft and bypassing two-factor authentication. SEO poisoning campaigns delivering malware via niche search terms. AI-driven behavioral analytics improving incident response. Real-world social engineering and user behavior risks. Balancing usability and security with tools like passkeys. Thanks for tuning into The Audit. Subscribe on Spotify, Apple Podcasts, or YouTube to stay informed on the latest in cybersecurity. Don’t forget to follow us on social media and share with your network! #CybersecurityNews #2FA #BehavioralAnalytics #IncidentResponse #SEOPoisoning #ITSecurity #DataProtection
12/2/24 • 38:10
In this episode of The Audit, we dive into key takeaways from a top cybersecurity event. From IoT hacking and RFID bypasses to AI governance and vishing bots, we explore the tools and strategies shaping security. Plus, real-world lessons, social engineering insights, and a few unexpected laughs—because security isn’t always all business. In This Episode We’ll Cover: RFID hacking and social engineering insights from WWHF. Cameron’s IoT hacking training highlights. AI advancements and governance takeaways. Challenges with regulations and compliance in cybersecurity. Project management lessons inspired by Elon Musk. Thanks for joining us for this glimpse into one of the year’s most unique cybersecurity events. Don’t forget to subscribe and share this episode with your team—we’ll see you at the next conference. #WWHackinFest #InfoSecConferences #Cybersecurity #AIThreats #IoTSecurity #SocialEngineering
11/19/24 • 54:03
