Best Cybersecurity Podcasts - Hacking, Threats & InfoSec

GitGuardian found 29 million hard-coded secrets leaked in public GitHub commits in a single year, a 34% jump and the biggest spike they've ever recorded. Dwayne McDaniel joins to break down why AI coding tools, MCP servers, and a false sense of security in private repos are making the problem worse, and what it'll actually take to fix it. Check out the report here - https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2026. Dwayne McDaniel is a Principal Developer Advocate who...

Episode 175: In this episode of Critical Thinking - Bug Bounty Podcast we’re comparing Hackbot setups and results. We also talk about some of the recent ZDI drama, as well as the importance of freaking beautiful POCsFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ Need a Pentest? We just launched CTBB Pentests!https://pentest.ctbb.show/Hack full time? Check out the Full-Time Hunter’s Guild!https://ctbb.show/fthg====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor: Check out Zero Trust Cloud Access from ThreatLockerhttps://www.criticalthinkingpodcast.io/tl-ztca====== Resources ======Another day, another universal linux LPEhttps://x.com/v12sec/status/2054491454064746629ZDI Dramahttps://x.com/ryotkak/status/2052881664909660521Orange Tsai Bug on Edgehttps://x.com/thezdi/status/2054868495888777266Chompie's Exploit in NV Container Toolkithttps://x.com/chompie1337/status/2054882193055601140GitHub Security April bug bounty statshttps://x.com/GitHubSecurity/status/2054274356403138932====== Timestamps ======(00:00:00) Introduction(00:02:14) q param prompt injection & Mobile CSPT(00:14:17) Admin API Key MegaCrit(00:17:13) Hackbots(00:37:10) Pretty POCs and ZDI Drama(00:44:48) GitHub Security April Stats

In 2015, a shadowy group calling themselves "The Impact Team" detonated one of the most explosive data breaches in history—targeting Ashley Madison, a platform built on secrecy with a promise that "Life is short. Have an affair." What they exposed wasn't just a user database—it was a global ledger of private desires, hidden identities, and intimate conversations. Names, emails, locations, financial records… all spilled into the open. Careers unraveled. Relationships collapsed. And for some, the fallout was far more permanent. In this episode of Cyber Distortion, we break down how the breach happened, what the attackers were really after, and why the platform's own design—data retention, weak protections, and misleading "delete" features—made millions of people vulnerable. From credential stuffing and poor hashing practices to the ethics of publishing stolen data, this is a story about what happens when privacy is treated as a product rather than a right. But the real impact goes deeper. The Ashley Madison hack exposed a harsh truth about the modern internet: your most personal data isn't just stored—it's commoditized, retained, and often far less secure than you're led to believe. In a world driven by data, what happens when the things you thought were private become permanent? Join Kevin and Jason as they discuss the event in full detail! Resources MUST-READ BOOKS & DEEP DIVES 1. The Ashley Madison Affair — Brian Krebs A detailed investigative look from one of the most respected voices in cybersecurity. 🔗 https://krebsonsecurity.com/tag/ashley-madison/ 2. Data and Goliath — Bruce Schneier Not specific to Ashley Madison, but essential for understanding how personal data is collected, stored, and exposed at scale. 🔗 https://www.schneier.com/books/data-and-goliath/ 3. Future Crimes — Marc Goodman Explores how cybercrime evolves and why breaches like Ashley Madison are becoming more common—and more damaging. 🔗 https://www.futurecrimesbook.com/ DOCUMENTARY Ashley Madison: Sex, Lies & Cyber Attacks A direct, narrative-driven look at the breach, the victims, and the aftermath. 🔗 https://www.imdb.com/title/tt6104804/ ADDITIONAL RESEARCH & REPORTING Krebs on Security — Original Coverage 🔗 https://krebsonsecurity.com/2015/07/online-cheating-site-ashley-madison-hacked/ WIRED — Deep Technical & Cultural Analysis 🔗 https://www.wired.com/story/ashley-madison-hack/ The Guardian — Timeline & Fallout 🔗 https://www.theguardian.com/technology/ashley-madison Audio Criminal Electronic Vortex Atmospheric Intense Teaser 0_56 Phonk Powerful Dope Dark Day-AI Music Enigma Suspicious Atmosphere Provided by: Filmora, Audiostock and Universal Music for Creators

Nimbus Manticore learning new tricks Phishing moves to real-time credential harvesting India wants 12-hour patches Check out your show notes here: https://cisoseries.com/cybersecurity-news-nimbus-manticore-real-time-credential-harvesting-12-hour-patches/ Huge thanks to our sponsor, Guardsquare Is your mobile app truly protected? Relying on the OS isn't enough. A global study of thirteen-hundred security and developer leaders found that ninety-six percent of teams using layered protection reported significantly fewer security incidents. Don't wait for a breach to harden your defenses. Get the protection needed for modern secuirty risks. Learn more at Guardsquare.com.

CISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microsoft has confirmed a strange Windows Server 2016 update issue where KB5087537 can break domain controller discovery when server hostnames are exactly 15 characters long, raising more questions about patch reliability as update complexity grows. Google has joined a coalition opposing Canada's proposed lawful access legislation, Bill C-22, warning that secret ministerial orders, possible encryption risks, and mandatory metadata retention could weaken security rather than improve it. Critics point to the Salt Typhoon telecom espionage campaign as evidence that lawful intercept systems themselves can become prime targets. Also in this episode: Check Point says Iran-linked threat group Nimbus Manticore has deployed new malware tools including MiniFast and MiniJunk V2, with researchers noting signs that MiniFast may have been developed with AI-assisted coding techniques. The campaign used SEO poisoning and fake Oracle SQL Developer downloads to lure victims. Timestamps: 00:00 Top Headlines Rundown 00:27 Emergency Drupal Patch Order 02:22 Microsoft Server Update Bug 04:02 Canada Lawful Access Battle 05:18 Google's Security Concerns 06:25 Salt Typhoon Lessons 07:35 Iran-Linked AI Malware 09:26 SEO Poisoning Attack 10:09 Wrap Up and Sign Off

The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic’s AI finds thousands of open source flaws, while AI also reshapes bug bounties and fuels supply-chain attacks hitting thousands of GitHub repos. Plus, a new LMS zero-day, bulletproof hosting arrests in the Netherlands, FTC action over bogus “active listening” claims, and another busy week for cyber funding and M&A. Our guest is Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation.” Please disregard all searches for disregard. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Kurtis Minder, author, joining us to discuss his book "Cyber Recon: My Life in Cyber Espionage and Ransomware Negotiation." Selected Reading FBI warns of Kali365 phishing service targeting Microsoft 365 accounts (Bleeping Computer) India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws (Infosecurity Magazine) Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign (Infosecurity Magazine) Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects (SecurityWeek) HackerOne takes an axe to its bug bounty rewards (The Register) Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors (GovInfo Security) Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment (SecurityWeek) Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands (SecurityWeek) FTC to Require Cox Media Group, Two Other Firms to Pay Nearly $1 Million to Settle Charges They Deceived Customers About “Active Listening” AI-Powered Marketing Service (Federal Trade Commission) Socket raises $60 million in Series C funding. (N2K Pro Business Briefing) You can no longer Google the word 'disregard' (TechCrunch) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

For six years, Sophos fought a secret cyber war against a state-backed hacking group targeting its firewalls. This forced Sophos to drastically change tactics to properly secure their firewalls. Was it ethical? Was it effective? They disrupted nine zero-day attacks, exposed who was hacking them, and forced the hackers to change tactics. But at what cost? You have to listen to one of the most audacious corporate cyber defenses ever conducted. Sponsors Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Meter, the company building networks from the ground up. Meter delivers a complete networking stack - wired, wireless, and cellular - in one solution that’s built for performance and scale. Alongside their partners, Meter designs the hardware, writes the firmware, builds the software, manages deployments, and runs support. Learn more at meter.com. Support for this show comes from Drata. Drata is the trust management platform that uses AI-driven automation to modernize governance, risk, and compliance, helping thousands of businesses stay audit-ready and scale securely. Learn more at drata.com/darknetdiaries. Sources https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/ https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived https://www.fbi.gov/wanted/cyber/guan-tianfeng

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Paul Guerra. In this episode: Read the contract How vendors win before the evaluation ends The fallout The real cost A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

TL;DR: Today's pod features Will Gragido, a multi-time returning guest with deep expertise in cyber intelligence, threat actors, and related activity. Will shares his expertise with us on how AI will impact the gathering, analysis, dissemination, and utilization of adversary and threat intelligence. YouTube Video: https://youtube.com/live/l7mrBPRTokQ Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=...

In this episode, Colm Gannon shares his extensive experience at the intersection of technology, online safety, and child protection. We explore the impact of AI, digital trust, age assurance, and the human element in safeguarding children online. If you want to be sure you are up to date with the latest in DFIR, don’t miss an episode!

Please enjoy this encore of Word Notes. A conversational language model developed by the company OpenAI. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/chatgpt⁠ Audio reference link: jeongphill. “Movie - Her, First Meet OS1 (Operation System One, Os One, OS1).” YouTube, YouTube, 29 June 2014, ⁠https://www.youtube.com/watch?v=GV01B5kVsC0⁠.

In this episode of The Phillip Wylie Show, Phillip Wylie sits down with legendary application security pioneer and entrepreneur Jeremiah Grossman to discuss the evolution of web security, vulnerability management, cyber insurance, AI-driven software development, and the future of offensive security.Jeremiah shares his hacker origin story, from hacking his ISP as a teenager to discovering vulnerabilities in Yahoo Mail during the early days of the web. That experience eventually led him to Yahoo and later to founding WhiteHat Security, one of the first SaaS-based web application security companies.The conversation dives deep into how application security evolved from manual testing and early vulnerability scanners into scalable AppSec programs, as well as why modern vulnerability management is still fundamentally broken. Jeremiah explains why only a tiny percentage of CVEs ever lead to real financial loss and how his latest company is approaching vulnerability prioritization differently.========================= Connect with Jeremiah Grossman:LinkedIn: https://www.linkedin.com/in/grossmanjeremiahWebsite: https://www.jeremiahgrossman.comRoot Evidence: https://www.rootevidence.com========================= Connect with your host, Phillip Wylie:https://linkedin.com/in/phillipwylieXhttps://x.com/PhillipWylieInstagramhttps://www.instagram.com/phillipwylie

In this episode of Phoenix Cast, hosts John and Kyle break down a packed week in cyber: the Canvas ed-tech breach by Shiny Hunters that hit 9,000 schools and 275 million records right at testing season (both of their kids' schools are scrambling to go non-digital), Firefox's eye-opening collaboration with Anthropic's Mythos model that surfaced 271 vulnerabilities in a single release for a fraction of the cost of a traditional bug bounty, and the Dirty Frag Linux kernel zero-day that escalates to root in seconds — but whose fix breaks IPsec VPNs and file sharing. They also dig into the new MAR ADMIN making AI training mandatory for every Marine, and John collects on Kyle's gaslighting from two episodes ago about model quality degradation (Anthropic basically said "whoops"). Stick around for John's hot take that ASIs — Authorized Service Interruptions — are officially dead in a world where chained vulnerabilities and 271 patches can drop in a single release.We’d love to hear your thoughts! Tweet us @ThePhoenixCast, and don't forget to join our LinkedIn Group to connect with fellow Phoenix Casters. If you enjoyed the episode, help us out by leaving one of those coveted 5-star reviews on Apple Podcasts. Thanks for listening!Links - Canvas Hack:Canvas Login Portals Hacked - ShinyHunters Extortion Campaign (BleepingComputer)https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/Hackers Deface School Login Pages After Claiming Another Instructure Hack (TechCrunch)https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/2026 Canvas Security Incident (Wikipedia)https://en.wikipedia.org/wiki/2026_Canvas_security_incidentLinks - Firefox Using Mythos:Claude Mythos Has Found 271 Zero-Days in Firefox (Schneier on Security)https://www.schneier.com/blog/archives/2026/04/claude-mythos-has-found-271-zero-days-in-firefox.htmlThe Zero-Days Are Numbered (Mozilla Blog)https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/Behind the Scenes Hardening Firefox with Claude Mythos Preview (Mozilla Hacks)https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/Claude Mythos Finds 271 Firefox Flaws, Mozilla Believes It Shifts Security Toward Defenders (Help Net Security)https://www.helpnetsecurity.com/2026/04/22/claude-mythos-mozilla-vulnerabilities-scanning/Claude Mythos Finds 271 Firefox Vulnerabilities (SecurityWeek)https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/Mythos and Cybersecurity (Schneier on Security)https://www.schneier.com/blog/archives/2026/04/mythos-and-cybersecurity.htmlLinks - Dirty Frag:New Linux ‘Dirty Frag’ Zero-Day With PoC Exploit Gives Root Privileges (BleepingComputer)https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions (The Hacker News)https://thehackernews.com/2026/05/linux-kernel-dirty-frag-lpe-exploit.htmlActive Attack: Dirty Frag Linux Vulnerability Expands Post-Compromise Risk (Microsoft Security Blog)https://www.microsoft.com/en-us/security/blog/2026/05/08/active-attack-dirty-frag-linux-vulnerability-expands-post-compromise-risk/RHSB-2026-003 Networking Subsystem Privilege Escalation - Linux Kernel (Red Hat)https://access.redhat.com/security/vulnerabilities/RHSB-2026-003Dirty Frag PoC Exploit (V4bel/dirtyfrag GitHub)https://github.com/V4bel/dirtyfrag

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants third party submissions for KEV AI infrastructure is “systemically” insecure Much, much more This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! This episode is also available on YouTube

Got a question or comment? Message us here! In this episode of the #SOCBrief, we break down the ShinyHunters breach of Instructure’s Canvas LMS and what it means for security teams everywhere. From exploiting a lesser-monitored service to exfiltrating millions of records, this attack highlights the growing risk of third-party vendors and supply chain exposure. We walk through how the breach unfolded, key indicators of compromise, and the practical steps SOC teams can take to detect, mon...

Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have the advantage. Cisco meets Mythos Can the aging CVE system survive AI Patch deployment latency in the AI age MSFT's official YellowKey BitLocker bypass mitigation Ubiquiti patches 5 serious vulnerabilities Drupal attacked by a PostgreSQL injection Microsoft terminates SMS as a second factor GitHub hacked - all of its source code exfiltrated Russia is using very old Western software Why to get a no-charge AI chatbot account New Sci-Fi on Netflix What we learn from Mozilla's use of Mythos Show Notes - https://www.grc.com/sn/SN-1080-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com doppel.com cyberhoot.com/securitynow trustedtech.team/securitynow365 XBOW.com

OpenAI is now allowing some ChatGPT users to connect their bank accounts and financial data directly to the platform. In this episode, we discuss the technology behind the feature, the convenience it promises, and the serious privacy and security questions it raises. From AI-generated budgeting advice to the risks of centralized financial profiling, we examine what happens when conversational AI gains visibility into your spending habits, debts, subscriptions, and financial goals. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** ChatGPT Can Now Connect to Your Bank Account and See All Your Transactions https://gizmodo.com/chatgpt-can-now-connect-to-your-bank-account-and-see-all-your-transactions-2000759306 ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Should AI Have Access to Your Financial Life? appeared first on Shared Security Podcast.

From Law Enforcement to Cyber Threat Intelligence: Andrew “GingerHacker” Crotty’s Journey into CybersecurityIn this episode of Simply Offensive, Phillip Wylie sits down with Andrew “GingerHacker” Crotty to talk about breaking into cybersecurity, building a career in cyber threat intelligence (CTI), and creating content that helps others enter the industry. Andrew shares his unconventional path from law enforcement and military service into cybersecurity and explains how curiosity, persistence, and community shaped his success.The conversation dives into what cyber threat intelligence actually looks like day to day, how CTI teams support incident response, and practical advice for professionals who want to pursue careers in intelligence, SOC operations, or offensive security. Andrew also discusses his YouTube channel and nonprofit efforts focused on helping newcomers break into cyber.Connect with Andrew “GingerHacker” Crotty:LinkedIn: https://www.linkedin.com/in/andrew-crotty-gingerhacker/YouTube: https://www.youtube.com/channel/UCGX_oAbc0_CLEdwMI5n64oQ=========================Connect with your host, Phillip Wylie:LinkedIn: https://linkedin.com/in/phillipwylieYouTube: https://youtube.com/@PhillipWylie=========================Presented by Suzu Labs=========================All the ways to connect with @Suzulabshttps://suzulabs.comhttps://x.com/suzulabshttps://www.linkedin.com/company/suzu-labs/

We're re-releasing one of our most practical episodes this week — originally published November 2025, and still one of the best roadmap conversations we've had on the show. Brad and Spencer share no-fluff advice for breaking into cybersecurity, whether you're switching careers, starting from scratch, or leveling up from a general IT role. They cover what employers actually look for, the fastest paths in, and what to skip. If you're exploring a cybersecurity career, or know someone who is, thi...

Today we are joined by Todd Bertsch. Todd is a keynote speaker, mental fitness coach, and creator of the Spark Framework—a system rooted in neuroscience and behavioral psychology that focuses on building resilience, leadership clarity, and sustainable personal growth through small, consistent changes. After overcoming early struggles with addiction and pivoting from entrepreneurship into coaching during the COVID pandemic, Todd now helps leaders strengthen their "mental muscle" by identifying negative thought patterns and shifting into a more constructive, resilient mindset. [March 16, 2026] 00:00 – Intro 00:26 - Intro Links Social-Engineer.com - http://www.social-engineer.com/ Offensive Security Vishing Services - https://www.social-engineer.com/offensive-security/vishing/ Offensive Security SMiShing Services - https://www.social-engineer.com/offensive-security/smishing/ Offensive Security Phishing Services - https://www.social-engineer.com/offensive-security/smishing/ Call Back Phishing - https://www.social-engineer.com/offensive-security/call-back-phishing/ Adversarial Simulation Services - https://www.social-engineer.com/offensive-security/adversarial-simulation/ Social Engineering Risk Assessments - https://www.social-engineer.com/offensive-security/social-engineering-risk-assessment/ Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb CLUTCH - http://www.pro-rock.com/ innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 01:27 - Todd Bertsch Intro 02:39 - Todd's Origin Story 05:47 - Trauma and the Spark 08:30 - COVID Pivot to Coaching 10:58 - Mental Fitness for Leaders 14:37 - The Spark Framework Explained 17:04 - Curiosity and Burnout 18:37 - Small Steps, Big Change 19:35 - Protein-First Plan 20:09 - Weightloss Breakthrough 21:02 - Micro-Changes for Lifestyle 21:54 - Atomic Habits and Momentum 23:44 - Accountability and Coaching 24:08 - One Inch Wins Story 24:48 - Patience, Gratitude, and the Journey 28:34 - Connect with Todd and Book Picks https://www.toddbertsch.com/ https://www.linkedin.com/in/toddmbertsch/ https://www.instagram.com/theboltwithtoddb/ Recommended Books: The 7 Habits of Highly Effective People – Stephen R. Covey The Go-Giver – Bob Burg & John David Mann 32:12 - Mentors and Closing

A huge thank you to ISACA Sacramento for hosting an incredible appreciation event and welcoming the WakeUpX team in to capture some amazing conversations. The energy in that room was something else, packed with passionate professionals, emerging talent, and leaders who genuinely invest in this community. We walked away with outstanding interviews and video content that we can't wait to share with you. More episodes from this event are coming, so stay locked in. 🔒I sat down with Anil Reddy (Kondakrindi), founder of ARK Strategies Inc., a CMAS-certified small business IT consulting firm that works directly with state and local government agencies across California, Nevada, Oregon, Washington, and beyond. Anil brings over 25 years of corporate experience and 10 years of deep focus on cybersecurity, in a space that desperately needs leaders who understand both the technology and the public sector mission behind it.What started as a leap of faith during the pandemic has grown into a firm specializing in cloud security, penetration testing, vulnerability assessments, security policy development, and digital transformation, powered by platforms like Microsoft Power Platform, Salesforce, ServiceNow, and Workday.We talked about:💼 Why he left the 9-to-5 to build his own consulting firm🏛️ How he landed his first public sector engagement with zero prior policy writing experience (and scored perfectly on the CISM to prepare)🤝 Why relationships, integrity, and community are the real foundation of a consulting business🔐 How he handles the stress of security breaches at 2am🤖 His perspective on where AI is headed and what it means for security🌐 Why he's expanding ARK Strategies beyond California and what "serving the citizens" actually means to himOne moment that stuck with me, Anil said, "Don't just bring the problems. Bring the solutions." That's the entrepreneurial mindset right there.For anyone looking to break into cybersecurity, he had this to say: start with education, get certified, then go show leaders what you know. Simple. Actionable. Real.🎧 Listen on Spotify, watch on YouTube, and follow along at wakeupxpodcast.com for more conversations with CISOs, CTOs, CEOs, serial entrepreneurs, and the professionals shaping the future of cybersecurity.This is just the beginning, we have major guests coming up across tech leadership, cyber defense, and entrepreneurship. You don't want to miss what's next.👉 Connect with Anil: linkedin.com/in/anil-reddy-kondakrindi-1933891🌐 Learn more about ARK Strategies: ArkStrategiesInc.com🎙️ More episodes: wakeupxpodcast.com#WakeUpXPodcast #Cybersecurity #Entrepreneurship #PublicSector #ISACA #ISACASacramento #CyberLeaders #SmallBusiness #ITConsulting #ARKStrategies #CISM #SecurityPolicy #DigitalTransformation #CloudSecurity #SacramentoTech #CyberCommunity #PodcastAlert