Secure AF - A Cybersecurity Podcast - Archive

Got a question or comment? Message us here! Chrome just became the attack surface of the week. We’re breaking down the latest zero-day exploits, what attackers are doing with them, and how SOC teams can respond before it turns into something bigger. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Healthcare security isn’t just about networks anymore. In this episode, we dive into the complex world of connected medical devices, the challenges of securing them, and why organizations need a more holistic approach to cybersecurity. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Your firewall could be the entry point. A critical Cisco FMC zero-day is being used in real-world ransomware attacks, turning security tools into launchpads. In this episode, we cover what’s happening, how attackers are exploiting edge devices, and how SOC teams can stay ahead. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Suspected Chinese state-linked hackers breached an FBI surveillance network ... not by breaking through the front door, but through a third-party provider. In this episode of the #SOCBrief, we break down how the attack happened, why supply chain vulnerabilities are one of the biggest risks facing SOC teams today, and what this means for organizations of all sizes. From compromised vendor access to real-world detection strategies, we’re covering how ...

Got a question or comment? Message us here! Qilin is quickly becoming one of the most dominant ransomware groups in the world, and it’s not because of groundbreaking tactics. It’s because of their business model. In this episode, we break down how Qilin operates as a ransomware-as-a-service group, why affiliates are flocking to them (hint: 80–85% payouts), and how that’s fueling explosive growth across industries worldwide. From real-world attack patterns to how they gain access and evade det...

Got a question or comment? Message us here! In this episode of the #SOCBrief, we break down BugSleep, a new backdoor malware tied to the Iranian threat group MuddyWater, and how it’s being used in targeted spear-phishing campaigns against organizations. Learn how the malware works, what indicators SOC teams should watch for, and practical steps to detect and defend against these evolving attacks. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Ap...

Got a question or comment? Message us here! A massive breach has shaken the telecom world. In this episode of the #SOCBrief, we break down the alleged TELUS hack claimed by the ShinyHunters threat group, what data may have been stolen, and why the potential exfiltration of massive datasets could have far-reaching consequences for organizations worldwide. From OAuth tokens and API keys to customer PII and enterprise systems, we explore how attacks like this unfold and what organizations ...

Got a question or comment? Message us here! A.I. conversations are everywhere ... but how can businesses realistically use it today? In this episode of Secure AF, we introduce Vector Pulse A.I. and discuss how A.I. can help organizations automate workflows, improve operational efficiency, and support smarter decision-making. We also dive into the growing excitement (and concerns) around A.I., common mistakes companies make when adopting it, and practical advice for leaders looking to ex...

Got a question or comment? Message us here! Geopolitical tensions are rising ... and cyber threats aren’t far behind. In this episode of the #SOCBrief, we break down the escalating U.S.-Iran conflict, the potential cyber retaliation from Iranian threat actors, and the steps SOC teams can take now to stay ahead of attacks and protect critical systems. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Open-source intelligence (OSINT) isn’t just for threat actors ... it’s a powerful advantage for SOC teams too. In this episode, we break down how publicly available data can help you uncover exposed assets, detect vulnerabilities early, and shrink your attack surface before attackers do. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! This episode of the #SOCBrief goes beyond day-to-day cybersecurity news and dives into what SOC success actually looks like from the leadership side. Andrew and CISO Jonathan Kimmitt discuss how SOC teams can communicate risk, create meaningful deliverables, use metrics effectively, and gain leadership buy-in for security decisions. From risk profiles to reporting and real-world decision making, this episode focuses on turning SOC activity into meas...

Got a question or comment? Message us here! AI can categorize images, analyze logs, and surface patterns faster than any human ever could, but it doesn’t understand context, legality, or nuance. In this episode, we discuss how AI is transforming criminal forensics and SOC investigations while examining the ethical, legal, and operational guardrails that must stay in place. As organizations adopt more AI-driven tools, the real challenge isn’t capability ... it’s maintaining responsible human c...

Got a question or comment? Message us here! No phishing. No user interaction. Just exposed services and a missing authentication check. In this episode of the #SOCBrief, we dive into the SmarterMail RCE flaw already being exploited in the wild and why mail servers continue to be prime ransomware targets. We cover indicators to hunt for, detection tips, and practical steps SOC teams can take to reduce risk fast. 🛡️ Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen...

Got a question or comment? Message us here! Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it’s surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Romance scams spike around Valentine’s Day ... and they’re more dangerous than you think. In this episode, we break down how scammers build emotional trust, isolate victims, and turn relationships into financial and emotional traps. Learn the warning signs, the psychology behind the scams, and how to protect yourself and the people you love 💞. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify ...

Got a question or comment? Message us here! This week’s #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted tools, and the patching and hunting steps SOC teams should take immediately. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podca...

Got a question or comment? Message us here! Ransomware is kicking off 2026 at full speed. We break down the top active groups right now, how they’re getting in, what infrastructure they’re targeting, and the key indicators your SOC should be watching to stay ahead. 🔐⚠️ Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Insider threats don’t start with malware ... they start with access. From disgruntled employees to overlooked contractors, this episode breaks down real-world cases, common patterns, and how organizations can better protect what matters most. 🎧🛡️ Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! CISA has officially retired 10 emergency directives ... marking real progress for federal cybersecurity 🚀 But for the private sector, these “old” vulnerabilities are still very much in play ⚠️ In this #SOCBrief, we break down what was retired, why it matters, and what your SOC should do next. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Kick off 2026 by hitting reset on your SOC 📊. In this episode of the #SOCBrief, we break down key January priorities, from annual security posture reviews and rule tuning to training refreshers and forward planning, so your team starts the year resilient, aligned, and ready for what’s next. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! When the threat isn’t external, it’s personal. This episode breaks down insider threats and corporate espionage: how trusted access turns into real risk, what warning signs to watch for, and how organizations can protect themselves. 🔐⚠️ Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! 🎙️ In this episode, CISO Jonathan Kimmitt steps in to break down the latest cybersecurity threats impacting organizations during the holiday season and beyond. From ransomware spikes during understaffed weekends to holiday-themed phishing, critical Patch Tuesday vulnerabilities, and emerging AI-powered social engineering, Kimmitt covers what security leaders need to know as we head into 2026. Support the show Watch full episodes at youtube.com/@alia...

Got a question or comment? Message us here! In this special end-of-year SOC Brief, Andrew breaks down the biggest threat-actor and ransomware trends that shaped 2025, and what cybersecurity teams should be preparing for in 2026. From AI-powered ransomware and supply-chain attacks to the growing blur between nation-state operations and cybercrime, this episode connects the data, the patterns, and the predictions that matter most heading into the new year. ✨ Tune in at secureafpodcast.co...

Got a question or comment? Message us here! This week’s SOC Brief dives into why the holidays are prime time for cyberattacks 🎄 from surging phishing attempts to sloppy vendor configs, alert fatigue, staffing gaps, and the seasonal spike in ransomware activity. Andrew and Dylan break down what SOCs should be watching for, how to prep, and how to stay covered even when headcount is low. Stay ahead of the threats this holiday season. Support the show Watch full episodes at youtube.com/@aliascyb...

Got a question or comment? Message us here! 🎉🎙️ EPISODE 100 IS LIVE! We’re celebrating 100 episodes of the Secure AF Podcast! This special edition features CEO Donovan Farrow and CISO Jonathan Kimmitt as they look back on the history of Alias Cybersecurity, the growth of this show, and the journey that brought us here. And we wouldn’t be here without you, the listeners who made this possible. 💜 Additional links: Seccon information and tickets: https://seccon.com/ Hacker Gift Guide: https://...

Got a question or comment? Message us here! This episode dives into one of the darkest issues cybersecurity intersects with: stalking. Kimmitt and Peters discuss real cases, modern cyberstalking tactics, privacy failures, the challenges of protective orders, and what victims can do to stay safe. If you've ever wondered how digital footprints turn into real-world danger, or how to protect yourself, this episode is essential. 🛡️ Support the show Watch full episodes at youtube.com/@aliascybersec...

Got a question or comment? Message us here! Get an inside look at how weekly threat-intel briefings really work in a mature security program. 🔍⚡ In this special episode, vCISO Jonathan Kimmitt breaks down how raw intel turns into real risk decisions, what trends are hitting organizations right now, and how SOC teams can brief leadership in a way that actually drives action. Stay sharp, stay informed, and stay secure. 🔐 Support the show Watch full episodes at youtube.com/@aliascybersecurity. L...

Got a question or comment? Message us here! A new zero-day is already under active exploitation. This week’s SOC Brief breaks down the React2Shell vulnerability (CVE-2025-55182), how attackers moved within hours of disclosure, and what SOC teams need to do now to reduce exposure and stay ahead of fast-moving threats. 🔐🚨 Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! In this #SecureAF episode, Tanner and Dylan share real-world IR stories, common attack vectors, SOC fatigue during holiday PTO, and the #1 thing every organization should do before stepping away for the season. If you’ve ever wondered why cyber incidents always seem to hit when everyone is off work, this one explains it. 🎁💻 Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get...

Got a question or comment? Message us here! In this episode of the #SOCBrief, we dig into how world events can trigger cyber fallout that lands directly on the desks of security teams. From ransomware crews capitalizing on instability to hacktivists launching DDoS attacks and opportunistic actors going after vulnerable sectors, we talk through why geopolitical tension often leads to increased cyber activity. We break down real patterns, recent trends, and the warnings SOCs should be paying at...

Got a question or comment? Message us here! 📱 This #SecureAF episode covers the everyday questions and concerns people have when they think something unusual is happening with their devices or accounts. Hickman and Peters talk through typical scenarios, common misunderstandings, and the foundational steps that help people regain control of their accounts. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcas...

Got a question or comment? Message us here! This week’s #SOCBrief dives into the FortiWeb zero-day that’s letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lock down configs, audit firewalls, and patch fast. We break down what happened, who’s affected, and how to defend before attackers pivot deeper into your network. Support the show Watch full episodes at youtube...

Got a question or comment? Message us here! We’re back with the Hacker Holiday Gift Guide, and this year’s lineup is stacked with RF gadgets, Wi-Fi tools, red-team essentials, and quirky cyber gifts Tanner swears by. Whether you’re shopping for a pentester, a tinkerer, or someone who just loves breaking things (legally), these picks won’t miss. Get ready to level up your holiday shopping. Read here ➡️ https://aliascybersecurity.com/blog/2025-ethical-hackers-holiday-gift-guide/ Support the sho...

Got a question or comment? Message us here! A new zero-day. 63 flaws. Endless patching chaos. This week’s #SOCBrief breaks down Microsoft’s November Patch Tuesday and what it means for your SOC. We’ll cover the top critical CVEs, patching priorities, and how to keep your systems resilient before attackers strike. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! This week, we’re digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podc...

Got a question or comment? Message us here! In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence is often more effective than technical skill, and what happens when social engineering meets the physical world. If you’ve ever wondered how someone can just walk right in and blend into a company they do...

Got a question or comment? Message us here! 🎙️ A new threat is making waves ... Atroposia RAT, a remote access trojan that doesn’t just infiltrate systems but scans them for vulnerabilities to exploit further. In this episode, we break down how this modular malware operates, how it hides, and why its built-in scanner is a game-changer for attackers. Learn the detection cues, patching priorities, and defensive measures SOC teams need to stay ahead. Support the show Watch full episodes at youtu...

Got a question or comment? Message us here! “I’m not a robot.” 🤖 Hackers are exploiting fake “I’m not a robot” CAPTCHA pages to deliver malware. Host Andrew Hickman breaks down how this ClickFix attack uses social engineering to steal data and evade detection. Tune in to learn key defense tactics and how to keep your team protected. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! This week on the #SOCBrief, Andrew breaks down RondoDox, a rapidly growing botnet campaign taking aim at routers, DVRs, and IoT devices worldwide. With over 50 vulnerabilities across 30+ vendors, this “shotgun” exploitation strategy is fueling massive DDoS and crypto-mining attacks. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! In this week’s #SOCBrief, Hickman and Peters break down Obscura ... a new ransomware variant making waves with aggressive evasion tactics, process terminations, and domain controller targeting. We cover what’s known so far, the risks it poses to businesses, and the key defenses every SOC should prioritize. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! What’s the real difference between a penetration test and a red team engagement, and how can each benefit your SOC? In this episode, Andrew is joined by Tanner, to unpack how pentests uncover vulnerabilities, how red teams stress-test defenders, and why every organization should be leveraging these exercises. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! This week on #SecureAFPodcast, we’re recapping #SECCON 2025. From the keynote to the villages and everything in between, join us for a look back at the highlights, takeaways, and community moments that made this year’s conference our best yet. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Ransomware is evolving faster than ever, from double extortion tactics to lightning-fast attack chains. In this episode, we break down how these threats work, why every organization is a target, and the layered defenses SOCs can use to detect and stop attacks early. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the risks this poses for browsers, messengers, and crypto wallets, and the proactive defenses SOCs can use to detect and contain these threats before they escalate into larger breaches. Support the show Watch full episodes at you...

Got a question or comment? Message us here! 🔎 This episode of The #SOCBrief dives into the world of dark web monitoring in digital forensics and incident response. Learn why leaked credentials are a top threat, how to safely detect exposures, and what steps SOC teams can take to stay proactive. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! 💡 This week on The SOC Brief, we’re breaking down incident response (IR) ... why it’s essential, how to build a strong plan, and what SOC teams can do to turn chaos into control. From preparation and containment to recovery and lessons learned, learn how a solid IR strategy saves time, money, and reputation. 👉 Tune in now at secureafpodcast.com Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, S...

Got a question or comment? Message us here! Fresh off the chaos of DEF CON 33, Tanner, Hickman, and Will break down the four-day hacker conference, from the eye-opening hacker villages and mind-bending talks to Hickman’s clutch CTF victory and Will’s bold dive into the Social Engineering Community’s Vishing Competition. No sleep, all signal. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! In this episode, we break down the emerging Crypto24 ransomware attacks that use living-off-the-land techniques to bypass EDR. We’ll explore how these attacks unfold and the defensive strategies SOCs and organizations can use, like layered security, enhanced monitoring, and rapid response, to stay ahead of evolving threats. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get...

Got a question or comment? Message us here! This week, we’re unpacking the phishing wave hitting SaaS platforms ... from social engineering to OAuth abuse and AI voice spoofing. Learn why people remain the #1 attack vector and how to stay one step ahead. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! On this episode of the #SOCBrief, we break down attacks on SonicWall firewalls. A wave of ransomware, possibly exploiting zero-day vulnerabilities, is compromising even fully patched systems. Learn how SOCs can respond fast and stay ahead. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! This week’s SOC Brief unpacks how a misconfigured cloud bucket exposed 72,000+ user images from the Tea app, complete with geolocation metadata and real IDs. From national security risks to doxxing fallout, we break down what went wrong and what your security team must do to avoid the same mistakes. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! A critical zero-day (CVE-2025-53770) is actively targeting on-premises SharePoint servers AND it’s already been used to compromise over 100 organizations. In this #SOCBrief, Andrew and Tanner break down how the exploit works and what steps your team should take now. If your SharePoint instance is public-facing and unpatched ... assume compromise. 🎧 Tune in for insights, mitigation tips, and what to look for in your logs. Links: https://m...

Got a question or comment? Message us here! In this week’s #SOCBrief, we break down why offboarding policies are ABSOLUTELY critical for security teams. Overlooked items from abandoned accounts to old VPN access can leave backdoors wide open. Learn how SOCs monitor, contain, and shut down lingering access, and why communication between HR, IT, and cybersecurity is essential. 🎙️ Tune in. secureafpodcast.com Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Appl...

Got a question or comment? Message us here! 🎙️ NEW! Aligned by Design: CISO x Legal Introducing! A fresh new series that explores the intersection of cybersecurity and legal strategy. Join Alias CISO Jonathan Kimmitt and privacy attorney Tom Vincent as they unpack what happens when technology, compliance, risk, and law collide. From real-world experiences to the nuances of the term "breach", these two break down the how, why, and what now? behind every security decision and legal gray a...

Got a question or comment? Message us here! Hackers just unleashed the largest DDoS attack in history, peaking at 7.3 Tbps and 4.8 billion packets per second. In just 45 seconds, it pummeled its target with the data equivalent of over 9,000 HD movies, a powerful reminder of how far attack capabilities have evolved. 🎧 Tune in to today’s SOC Brief for insights on DDoS attacks and how to up your defenses. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Po...

Got a question or comment? Message us here! In this episode of The SOC Brief, the team unpacks a critical zero-day vulnerability in Google Chrome (CVE-2025-6554) that’s being actively exploited. Learn how attackers use type confusion bugs to hijack browser memory, what makes this exploit so dangerous, and why it’s targeting high-value organizations. Discover actionable steps for updating Chrome, securing endpoints, and training users to spot phishing attempts before they lead to compromise. 🎧...

Got a question or comment? Message us here! In this episode, our security engineers break down the latest cybersecurity headlines, from the real scoop behind the “16 billion password” leak to the rise of hacker groups like Scattered Spider. 🕷️ We discuss how attackers bypass MFA, why exploited data keeps resurfacing, and what organizations can do to protect sensitive data. Plus, we dive into industrial control system risks and why basic cybersecurity hygiene matters more than ever. 🛡️ Suppor...

Got a question or comment? Message us here! In this episode of The SOC Brief, Andrew and Dax dive into the world of false positives – those misleading alerts that flood security teams with noise. They discuss how misconfigurations, lack of context, and overly sensitive rules can lead to alert fatigue. With practical tips on investigation, tuning tools, and understanding your environment, they highlight how reducing false positives helps analysts stay sharp and focused on real threats ⚠️...

Got a question or comment? Message us here! 🔐 New SOC Brief Episode: Tracing the Breadcrumbs Cybercriminals always leave a trail, if you know where to look. In this episode, we break down Indicators of Compromise (IOCs) and how they help security teams detect and respond to threats faster. 🎯 What we cover: • Real-world incident reports & proof of concept examples • Threat actor aliases & ransomware group tactics • File hashes, EDR tools, and forensic breadcrumbs • Why “the moment you ...

Got a question or comment? Message us here! 🎙️ New Secure AF Episode: Global Wars: Cyber Strikes Back 🌐⚔️ How does global news shape cybersecurity operations? In this episode, we dig into how real-world events influence the threats we track, the way we respond, and the tools we use for social engineering/pentesting. 🔍 We talk threat intel, evolving attack methods, and what teams should be looking out for right now. 🎧 Tune in and stay Secure AF. #CyberSecurity #SecureAF #ThreatIntel #Podcast S...

Got a question or comment? Message us here! 🎙️ This Week on the SOC Brief: Join Andrew and Dax as they dive into the emergence of a new threat actor known as SafePay 🕵️‍♂️💻. They break down the latest tactics, techniques, and procedures observed from this group, offering insights into how organizations can stay vigilant. From detection strategies 🔍 to proactive defense measures 🛡️, this episode is packed with actionable advice for keeping your company secure. Don’t miss it, tune in now! 🔊🎧 Su...

Got a question or comment? Message us here! 🔐 Inside the SOC 🔐 Go behind the scenes with the Alias Security Operations Center (SOC) team to learn how they operate, collaborate, and tackle today’s top cyber threats ⚔️. Find out why a SOC matters, and how organizations can still leverage SOC insights and support, even without one in-house 💼. 🎧 Tap in and get cyber-smart with the experts. #CyberSecurity #SOC #ThreatIntel #Podcast Support the show Watch full episodes at youtube.com/@aliascybersec...

Got a question or comment? Message us here! Welcome to 🎙️The SOC Brief 🎙️our byte-sized mini series bringing you weekly updates straight from the Security Operations Center. In this episode, Andrew, Dax, and Dylan break down what life in the SOC looks like, the rise of malvertising, and the emerging threat known as Recipe Lister, discussing how it’s being tracked. Tune in for a quick, expert-led look into the latest in cybersecurity. 🔍🔐 Support the show Watch full episodes at youtube.com/@ali...

Got a question or comment? Message us here! Alias Cybersecurity Jonathan Kimmitt is joined by Chad Kliewer to discuss the exciting CISO Showdown competition between Chief Information Security Officers (CISOs) at BSidesOK. They delve into the history of the showdown, how it works, and highlight significance of the championship belt. Tune in as they share insights and fun facts about this unique event! Don't miss out! Follow us for more updates, episodes, and all things cybersecuri...

Got a question or comment? Message us here! Alias Cybersecurity CISO Jonathon Kimmitt is joined by Derrac Page to discuss the new changes to the HIPAA security rules being set in place this year. Listen as they go over many of the biggest points raised from the 660+ page guidelines and discuss ways that HIPAA Privacy Officers and HIPAA Security Officers can get ahead of compliance. Sponsored by Arrow Force, an MSP that puts Security First. https://www.arrowforce.com Support the show Watch ful...

Got a question or comment? Message us here! Following BSides Oklahoma where Tanner gave an 8 hour training on the basics of penetration testing, Tanner and Keelan give advice on how to present red team/pen test training... specifically how to make the trainings not suck. Sponsored by AFCyberAcademy.com. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! On this week's Secure AF podcast, Tanner poses a controversial question: is SANS the overpriced dinosaur of cybersecurity training? The answer is not a simple one. Listen in as Tanner and CISO Jonathan Kimmitt go in depth on the pros and cons of different security certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), and more. Support the show Watch full episodes at y...

Got a question or comment? Message us here! As we step into the new year, it's essential to reinforce our defenses against cyber threats. Join Jonathan Kimmitt and Todd Wedel for part 2 of their discussion of cyberresolutions. Their list includes: - **Data Inventory**: Know your data—what, where, and who has access. Regular audits are a must! - **Backup Strategies**: Implement air-gapped backups and regularly test their effectiveness. - **Incident Response Playbooks**: Develop and regu...

Got a question or comment? Message us here! 🚀 Kickstart 2025 with Cybersecurity Resolutions! 🔐 In our latest podcast episode, Todd and Jonathan discuss crucial strategies for a secure year ahead. Tune in for more insights and make this year your most secure yet! 🎧✨ #Cybersecurity #AI #Secure2025 Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Ready for an IR? You may have controls, policies, and procedures, but how do you know they exist? Are robust? Followed and adhered to? Join Jonathan Kimmitt and Alexandria Hendryx as they discuss what a tabletop is, how to conduct one effectively, and why they matter to your organization to prevent and prepare for the hoped never to appear IR. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify ...

Got a question or comment? Message us here! Join Jonathan Kimmitt and Todd Wedel as they continue discussing how to practice IR aversion tactics. 'Tis the season for IRs and best practice cybersecurity. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! 'Tis the holiday season! A time for family...and breaches. Want to be cyberprepared to spoil the hacker's celebration? Listen to our 2 part series where Jonathan Kimmitt ensures your festivities are without incident. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Firewalls are an often overlooked or unmanaged part of a network infrastructure. Listen as Andrew Hickman and Keelan Knox discuss what they are, why you should pay attention to them, what we've seen on incident responses, and what you need to do to secure your network. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Attend S3CCON? Enjoy experiencing the recap. Miss S3CCON? Hear what was awesome, what we learned, and what to look forward to in 2025! Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Jonathan and Todd continue the conversation about how the way we talk about cybersecurity puts us in a deficit against the malicious actors and how we might reframe to better equip the defenders. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Are hackers really as successful as they appear? Or is it that they have better messaging? Join us for a conversation about how marketing around cybersecurity might play a part in the hacker mystique. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! On this episode of the SecureAF Podcast, Keelan Knox interviews our 2024 interns. They share insights on how they got in, what they are learning, and where this will take them. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Alias CEO Donovan Farrow and Business Development Coordinator Trey Allen talk the tips and tricks of the vishing trade. They're gearing up for the DEFCON social engineering village. Listen or watch to hear their tales and experiences to learn how they're going to bring the heat to Las Vegas. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Bryan Filice of Trap Technologies joins Keelan Knox to talk about the current threat landscape and why security has to involve every system, host, and employee. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Ever wonder what your CISO (or CIO or anyone in IT security management) may be thinking? Are you’re the one in that position having those thoughts? Join Jonathan Kimmitt as he describes all the things CISOs wish they say but don't…and why and when they should. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! Heard about the recent revelation of the Boeing breach? Join Alias CEO Donovan Farrow on the SecureAF Podcast as he lays out what we know, what we don't, what this means, and what we hope to learn to better protect our companies and communities, locally and nationally. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here! AI is all the rage. Or AI having rage is the bigger fear. Doesn't matter where you go, it's a topic of attention. The potential uses and abuses are touted on every news station and from every pundit, whether proponent or naysayer. But what's true? Especially in the realm of cybersecurity? Our engineers have on-the-ground knowledge of AI's capabilities, from the theoretical of how AI could be leveraged to the practical of how it actually is emp...

Got a question or comment? Message us here! Seriously, do you know where your data is? It’s an often overlooked question in cybersecurity. In the case of an incident, without knowing where your data is, how do you know what’s been accessed? Where else that data might be? What’s needed to remediate? And what’s less crucial to restore? But even before an incident, how do you know what to protect if you don’t know where your critical and privileged information is? How do you best allocate time, ...

Got a question or comment? Message us here! What good is a Pen Test? There are a host of answers - knowing your environment, identifying dangers, implementing remediations, meeting compliance. But how should a CISO view a Pen Test given their unique role in the organization? How do they best understand the need, the conduct, the reporting, and the follow through? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt shares his experience and expertise both in...

Got a question or comment? Message us here! Cybersecurity is critical to an organization. But cybersecurity is only part of a robust security posture. It’s equally important, and in fact of first importance, to assess information security. You need to assess what privacy guidelines, compliance, and best practices entail what data you can have so you can determine the security needed to keep it safe. On this episode of the SecureAF Podcast, host Jonathan Kimmitt is joined by Andrew Hernandez, ...

Got a question or comment? Message us here! Scheduling a cybersecurity engagement can be stressful, for client and pentester alike. Both want the same thing - a well conducted, accurate assessment of the client infrastructure to provide the best value add to bolster cybersecurity. It helps to start from a shared set of standard expectations and practices. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox discuss the 5 Rules of Engagement that every pentester an...

Got a question or comment? Message us here! wWhat's the Final Frontier? For Trekkies, it's space. For cybersecurity, it's Critical Infrastructure. Might not sound exciting, but the risks from poor security and the rewards of strong controls might get you to sit up and take notice. Maybe even motivate you to boldly go where no ethical hacker has gone before. On this episode of the SecureAF Podcast, Donovan Farro and Phillip Wylie discuss why Critical Infrastructure matters, where the vul...

Got a question or comment? Message us here! Wondering what the best path into cybersecurity is? Here's a hint: There's not one answer. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox share very different stories of getting into the field. Even with different paths, they'll share what they have in common and what you should think about and do if you want to become an ethical hacker. Spoiler alert - one of their recommendations is to find internships. Alias is currently ...

Got a question or comment? Message us here! You may have heard of Penetration Tests. You may know you need one. You may have had one or more. But do you know there's more than one type? More than one take? More than one test? On this episode of the SecureAF Podcast, Alias Principal Security Engineer Tanner Shinn and CISO Jonathan Kimmitt discuss the types of Pen Tests, how they're conducted, what they measure, and why they are needed. You'll walk away more informed about this important cyber...

Got a question or comment? Message us here! There has been a lot of news about the alleged incident experienced by Integris. Some of you may have even received emails from the threat actors revealing personal information to solicit money. This is not the first attack to leverage the threat of leaked data for monetary reward. It is among the first for the threat actors to directly appeal to the individual victims. Join host Donovan Farrow and guest Chris Yates for a discussion abo...

Got a question or comment? Message us here! You know you need regular penetration tests to ensure your network is secure. You know the steps to remediate the findings and take the recommended actions to continue on a path toward cybersecurity. But what about what you don't know? What about what the penetration test doesn't cover or doesn't reveal? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Director of Security Phillip Wylie share their insights on what penetrati...

Got a question or comment? Message us here! The Solar Winds breach is not news. The CISO being personally named in the investigation is. Although not the first CISO to be so identified, this is the most high profile. This raises questions for the future of CISO role and responsibility and IT more generally. Should an individual be held responsible for an incident? What is their responsibility to monitor and report? Does this responsibility extend from C-Suite to SOC Analyst? What legal...

Got a question or comment? Message us here! If you follow our socials, you know Phillip Wylie recently joined the Alias crew! We’re excited to welcome him to help us build our team’s presence supporting organizations’ and individuals’ growth in cybermaturity. Join Alias CISO Jonathan Kimmitt to hear his story of getting into cybersecurity, what’s brought him to Alias, and what's to come. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podca...

Got a question or comment? Message us here! It requires technical expertise to respond to a breach. It requires thinking like a hacker to know where to go, what to do, and what level of response is appropriate. It requires the human element. But humans aren't machines. Your staff and any outside experts require basic needs to be met: food, shelter (well, at least sleep), probably a lot of caffeine. In a crisis, it's easy to not attend to those. How much easier is it to not attend to the inter...

Got a question or comment? Message us here! Did you know some ransomware groups have customer support better than major businesses? That the negotiations might feel more like a regular corporate transaction than a back-alley holdup? On this episode of the SecureAF Podcast, CEO Donovan Farrow and Security Team Lead Tanner Shinn share their experience working the business side of an Incident Response. You'll hear stories of every size and brand of company, lessons learned, and tips for how to ...

Got a question or comment? Message us here! You know you may be a target. But what about your family? How could a hacker leverage those closest to you to gain advanced access to your work? Recently on the And Security For All podcast, Alias CISO Jonathan Kimmitt and Security Team Lead Tanner Shinn discussed this question. You can listen to their conversation here. On this episode of the SecureAF Podcast, they turn a Blue Team eye to your family. Join us as they discuss steps they curren...

Got a question or comment? Message us here! What were the lessons from Defcon 31? What were the most noteworthy experiences of the conference (Hint: it's not all about the talks and villages). On this episode of the SecureAF Podcast, join Alias Security Team Lead Tanner Shinn and Security Engineer Keelan Knox to hear what they learned and what went down this year at Defcon. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and any...

Got a question or comment? Message us here! Headed to DEF CON? Want to know what you should know and where you should be? And most importantly, how to survive? On this episode of the SecureAF Podcast, host Donovan Farrow and guest Tanner Shinn talk all thing DEF CON. New to DEF CON? Learn from us how to make the most of the experience. Returning to DEF CON? Remember best talks and best places to go and people to meet (including our team!). Not attending this year? Get a sense of

Got a question or comment? Message us here! Digital forensics may be something you don't think about. Or think about only after an incident or breach. But knowing what techniques and tools are used will help equip you to understand your potential vulnerabilities and strengthen your security posture. And you'll gain more insight into the work an Incident Response team does. In this episode of the SecureAF Podcast, Alias CEO and digital forensics expert, consultant, and expert witness will shar...