What happens when the most secure museum on Earth has a Wi-Fi password that’s literally “louvre”?💎 $100 million in jewels disappear, and the world’s best art collection learns what Defense in Dumb really means.In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer unpack how the Louvre Museum was robbed in broad daylight — not just by thieves, but by bad passwords, unpatched servers, and leadership that never took cybersecurity seriously.👉 Topics include:The Windows Server 2003 still guarding priceless art“Defense in Dumb” vs. real defense in depthWhy pen tests without remediation are a waste of moneyHow boredom and bureaucracy kill security programsThe Rosetta Stone irony: stolen artifacts complaining about theftWhat NIST CSF, GRC, and governance diffusion all have to do with itWhy multi-factor authentication isn’t two French guards and a shrugAnd yes — Leonardo da Vinci had better wireless security.📩 Media & Interview Requests: admin@legitimatecybersecurity.com🎧 Audio listeners: Subscribe on any platform →https://legitimatecybersecurity.podbean.com/👇 Comment below: What’s the dumbest password or security setup you’ve seen in the wild?We might feature your story in a future episode.Chapters00:00 – Cold Open: “Imagine robbing the most secure museum on Earth…”01:00 – Defense in Dumb: Louvre’s password was literally “louvre”02:10 – British & French museums suddenly hate theft03:45 – The Cyber Audit That Nobody Fixed05:30 – Pen Testing vs. Actually Doing the Work07:00 – Roof access, open windows, and Netflix-level stupidity09:00 – Boring but critical: why remediation never happens11:00 – Framework fails: ISO, NIST, GDPR, and no one enforces them13:30 – Cyber careers, boredom, and the “borification” of information16:00 – “It really HUMPS your packets”: why GRC isn’t sexy but matters18:30 – Leadership without packets: Steve Jobs, Woz, and cyber blind spots20:00 – How the Louvre failed every NIST CSF function23:00 – MDR myths: detection ≠ protection25:00 – APTs, insurance loopholes, and cyber blame games29:00 – Governance diffusion: when everyone assumes someone else did it31:00 – Legacy tech, no funding, and free open-source fixes33:00 – PFSense, Security Onion & AI helping broke orgs35:00 – Final Takeaway: “Leonardo da Vinci had better Wi-Fi security.”#LegitimateCybersecurity #LouvreHeist #CyberFail#DataBreach #cybersecurity#Hackers#PenTesting#InfoSec#NISTCSF#GRC#MDR#APT#CyberRisk#MuseumHeist#DefenseInDumb#WindowsServer2003

Tonight’s Halloween special gets deliciously weird. 🦇 Dustin and Frank unpack four true tech “hauntings”:• The Ghost in the Printer—Why old JetDirects spit hieroglyphics at night.• Laughing Alexa—The infamous 2018 bug that creeped out the world.• #GhostText—When delayed SMS messages arrived from the… beyond.• Grace Hopper’s Moth—The first literal computer “bug,” preserved in a logbook.We translate spooky glitches into plain-English cyber hygiene: broadcast storms, wake-on-LAN, noisy IoT, always-listening assistants, SMS spoofing, and why physical world failures (heat, humidity, insects!) still crash modern stacks.🎤 Media & interview requests: admin@legitimatecybersecurity.com🎧 Audio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/💬 Drop your own “haunted tech” stories in the comments—we may read them on-air!Chapter Breaks00:00 – Cold open: “Possessed” printers in Portland01:21 – Halloween setup + how we’ll demystify “paranormal” tech02:14 – Case #1: The Ghost in the Printer (broadcast storms + wake-on-LAN)05:01 – Why vulnerability scans make printers spit gibberish08:32 – Broadcast packets 101 (and why Frank hates wake-on-LAN)12:15 – Case #2: Alexa’s bone-chilling laugh (2018 trigger bug)16:55 – Smart speakers as always-listening risk (home & remote work)18:31 – Agentic AI + voice triggers = future home-automation threats23:16 – Case #3: #GhostText—delayed SMS from the “afterlife”27:42 – “HauntLater.com” (Frank’s dubious startup idea)32:59 – Case #4: Grace Hopper and the first literal computer “bug”36:45 – Physical world vs. digital systems (heat, humidity, pests)39:45 – Wrap & CTA: Share your creepy tech stories#legitimatecybersecurity #cybersecurity #halloweenspecial #ghostinthemachine #infosec #smarthome #iot #gracehopper

Are we watching the ladder get pulled up? A new Harvard-linked analysis shows companies that adopt generative AI hire 7.7% fewer junior roles — a subtle shift with massive consequences for cybersecurity, tech, and the middle class. Frank Downs and Dr. Dustin Brewer break down what’s really happening: the automation sugar high, the hollowing of mid-tier careers, why experience over degree over certifications is driving gatekeeping, and how this ends if we don’t course-correct.Learn more about the study here: https://www.economist.com/graphic-detail/2025/10/13/can-ai-replace-junior-workers?giftId=c059cef1-fdf2-4e22-80f7-e8fc16f025bf&utm_campaign=gifted_articleMedia and interview requests: admin@legitimatecybersecurity.comAudio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/Chapter Breaks00:00 – Cold Open: AI is quietly killing entry jobs00:27 – The stat nobody’s talking about 7.7 percent junior hiring drop02:05 – Correlation vs causation pandemic and RTO chaos03:35 – Gatekeeping madness 8 years of Swift and entry roles needing 5 years04:50 – What employers actually value experience over degree over certs06:20 – Why juniors are disappearing AI excels at lower-level tasks07:40 – The seduction shareholders execs and the AI won’t leave you trap09:00 – Societal fallout angry grads hollowed middle class12:30 – Who replaces us if we skip training14:10 – The wall where AI plateaus and humans must return15:30 – Safe vs squeezed trades and specialists vs shrinking middle16:50 – Adaptation 2.0 lessons from past automation waves19:40 – Tech is not automatic good phones social media and productivity23:30 – Cyber never sleeps always-on culture and cognitive offloading25:45 – AI friends the Zuckerberg take and why it is dangerous29:20 – Phone yes social no ethics engagement and shareholders31:10 – Sign-off Black Mirror the void and what we do next#aijobs #cybersecurity #techcareers #futureofwork #generativeai #automation #entryleveljobs #jobmarket #middleclass #legitimatecybersecurity #ai

What happens when ONE “cloud” hiccup in Virginia slams the brakes on your life—smart beds trap sleepers, Alexa goes dumb, Venmo sputters, and enterprise apps face-plant? Frank & Dr. Dustin break down Monday’s AWS DNS outage, why the internet’s “old bones” (DNS/IPv4) still run everything, how dependency hell spreads a local failure worldwide, and whether Web3/IPv6/real decentralization can stop the next domino run.👂 Audio listeners: subscribe on any podcast platform via our feed: https://legitimatecybersecurity.podbean.com/🎤 Media & interview requests: admin@legitimatecybersecurity.comChapters below. Drop your wildest “my house broke when AWS sneezed” story in the comments. ⬇️Chapter Breaks00:00 – Cold Open: “This was Monday” doomsday (beds, banks, Blackboard)00:50 – DNS for Normals: the internet’s phone book (and why it failed)02:45 – Single Point of Failure? us-east-1 and the centralization problem04:03 – “There is no cloud, it’s someone else’s computer” (and your bed’s on it)05:21 – How a regional outage went global: dependencies & third-party calls06:40 – SBOMs, supply chain, and internet-scale dependency hell07:24 – Pi-hole story: when your home DNS goes down, everything stops09:12 – Resiliency vs reality: why some services lived while others died10:45 – The domino stack: uptime, TTLs, and stale DNS making pain linger12:18 – Could IPv6 help? (and why we still haven’t adopted it)14:25 – “Second-gen DNS”: what would a safer, faster resolver look like?16:07 – Monopoly math: if busting big clouds won’t happen, what will?18:47 – Web3/Blockchain as a decentralized DNS idea—promise & tradeoffs20:13 – Tor ≠ the model: decentralization without the dark-web baggage22:20 – AI as infrastructure: power, cost, and more single points of failure23:53 – Why blockchain never got sexy (and why it still might)26:24 – Ghosts in the machine? (Spooky season teaser)27:54 – Wrap: what to do before the next Monday#aws #dns #outage #cloudcomputing #cybersecurity #web3 #ipv6 #smarthome #supplychain #sbom #devops #incidentresponse

Your AI assistant is helpful… until it isn’t. In this episode, Frank and Dustin break down the zero-touch exploits (EchoLeak & ShadowLeak) that can hijack AI integrations like email and office suites, quietly exfiltrate your prompts and IP, and even leak them to attacker infrastructure—no clicks required. We also talk about why your chats aren’t protected by legal privilege, how AI activity factored into the California wildfire arsonist story, and what actually works: DLP, model governance, and when you should go local with LLMs.We keep it real (and a little nihilistic) while giving CISOs, IT leaders, and curious humans the playbook to reduce risk without killing innovation.👉 Media & interview requests: admin@legitimatecybersecurity.com🎧 Audio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/💬 Drop your idea for our new sign-off catchphrase in the comments!Chapters:0:00 Cold Open — “What if your AI is spying on you?”0:30 Welcome & Today’s Agenda (EchoLeak, ShadowLeak, legal privilege, arsonist story)1:55 Zero-Touch Exploits Explained (no clicks, still owned)3:11 How It Works via Email & Integrations (silent prompt injection → exfil)4:48 Old Tradecraft, New Target (drive-by vibes, LLMs in the loop)7:55 “Plain-Language Hacking” (Gandalf game, prompt judo)10:27 Why This Still Counts as a Hack (intent, abuse of designed behavior)12:52 Why SOCs Might Miss It (looks like normal AI traffic)14:24 DLP, Asset Mgmt, and the “Hated but Needed” Controls16:44 Should You Run Local LLMs? (pros, cons, update churn)20:30 Liability & Definitions — Is This Really a Hack? (yes, and why)22:25 AI Has No Feelings… But It Leaks Yours (reflection, social engineering)23:16 “No Legal Privilege” Bombshell & The Arsonist Example26:36 Privacy Culture Shift (profiling even when you opt-out)29:45 Cat-and-Mouse Prompts (policy workarounds, “encrypt my answer” tricks)31:19 Don’t Panic, Do Fundamentals — Then Regulate32:36 What Good Regulation Looks Like (and where it fails)35:40 Penalties with Teeth (or companies just budget the fines)38:26 Next Week Tease: DOGE whistleblowers & data handling39:01 Help Us Pick a Catchphrase (Outro & CTAs)#cybersecurity #ai #dataprivacy #pentesting #ZeroTouch #llm #copilot #chatgpt #dlp #infosec #datalossprevention

Why train when you can just hire?” In this episode, BlueVoyant Senior Vulnerability & Risk Analyst James Gustafson explains why that mindset—and the myth that AI can replace fundamentals—is putting orgs at risk. From Army “combat cable guy” to enterprise VM leader, James breaks down how to move from scan → prioritize → fix, how to develop junior talent without gatekeeping, and where AI actually helps (and where it absolutely doesn’t).🎧 Audio listeners can subscribe on any platform (Spotify, Apple, etc.) or here: https://legitimatecybersecurity.podbean.com/💼 Media & interview requests: admin@legitimatecybersecurity.comYou’ll learnWhy scan ≠ secure and how to make risk registers stickThe hiring shift: junior roles, budgets, and AI misconceptionsPackets vs. button-ology—what juniors lose when tools do too muchHow to communicate VM risk at 10k+ asset scaleAI’s “sweet spot” for practitioners (and the painful edges)Chapter Breaks00:00 Cold Open — “Misconceptions about what AI can replace”00:17 Intro — Who is James Gustafson (BlueVoyant)01:14 Origin Story — Movies, IRC, and early curiosity03:13 Army to IT — “Combat cable guy” and real-world networking04:31 Breaking In — 2009 job market, degrees & certs05:48 Obsession & Passion — How to pivot from IT to cyber06:39 Where Did Juniors Go? — Budgets + AI hype08:20 AI Reality Check — Risk shifts, phishing, unknowns10:02 History Rhymes — From mainframes to printing press to AI14:05 VM at Scale — Actionable comms, policy, and ownership15:18 Why Orgs Scan but Don’t Fix — The uncomfortable truth17:06 Priorities vs. Patching — Firefights and thin teams18:05 SOC Then vs. Now — Packets, Snort, SIEM & automation19:54 Button-ology vs Fundamentals — Hiring for platforms22:10 Teaching Without Gatekeeping — Recreating “packet” intuition28:07 Training the Next Gen — Translating deep knowledge30:26 Parenting & Passion — “Be excellent at something”34:27 What’s Going Right — Industry sobers up on AI36:33 Thought Experiment — If we “laid down arms” in cyber…38:08 Wrap — Why fundamentals still win#cybersecurity #vulnerabilitymanagement #bluevoyant #ai #riskmanagement #soc #infosec #careerincybersecurity #cve #CISAKnownExploited #wireshark #Qualys #tenable #crowdstrike #microsoftdefender

What if your “credit score” wasn’t the full story?Frank and Dr. Dustin uncover LexisNexis, the massive data broker quietly collecting everything about you — from your social posts and insurance claims to your driving habits (even roller coasters count).💥 In this episode:The hidden company that knows more about you than Equifax or ExperianWhy you can’t easily see, freeze, or delete your LexisNexis fileThe outrageous “roller coaster incident” that broke a man’s insurance ratingHow U.S. privacy laws fail to protect your data — and why you’re still the productPlus: Taco Bell’s failed AI experiment & what it reveals about the limits of artificial intelligence📺 Watch to the end for a hilarious (and slightly terrifying) discussion on AI gone wrong — from 100,000 tacos to SOCs that might order them next.Subscribe for more Legitimate Cybersecurity deep dives — where we mix real-world cyber truths with humor, clarity, and brutal honesty.👉 Listen anywhere you get podcasts💬 Join the community: r/LegitimateCyber🎙️ Hosted by Frank Downs & Dr. Dustin BrewerChapter Breaks00:00 – Cold Open: The roller coaster that broke his insurance00:20 – “There’s a company tracking your life — and it’s not Equifax”01:25 – The Big Three vs. the unseen fourth: LexisNexis03:44 – How LexisNexis profiles you: social, insurance, driving, and debt05:34 – The invisible rules: Not a credit bureau, not regulated07:36 – Frank’s nightmare: trying to request your LexisNexis file09:29 – “It knows your driving habits — and it’s probably wrong”11:51 – Where’s the line for privacy, jobs, and mortgages?13:18 – Data pollution: Can you flood your profile with fake info?14:11 – OPM breach, lost privacy, and why we’ve already been exposed15:34 – Privacy vs. necessity: the cost of living in a connected world17:22 – Capitalism, democracy, and the right to your own data19:44 – “It just hasn’t made you upset yet”: why no one fights back20:48 – Data ownership: should we get paid for our data?23:10 – The last bipartisan law (and why it was about dogs, not data)27:22 – Hard left turn: Taco Bell’s AI disaster29:44 – The limits of AI — and why you’ll always need humans31:17 – Machine learning déjà vu in cybersecurity32:13 – Cloud, costs, and the AI uncanny valley33:37 – Wrap-up: The real threat behind the “shadow credit bureau”#cybersecurity #dataprivacy #lexisnexis #databrokers #ShadowCredit #ai #consumerprotection #privacyrights #infosec #legitimatecybersecurity

Dr. Dustin Brewer just passed his dissertation defense (👑 incoming), so we celebrated the only way we know how: by tackling Reddit’s most controversial cybersecurity questions—no fluff, real talk.In this episode, Frank Downs and (now) Dr. Dustin break down:How to brief a non-technical board so they actually fund security (tie risk to $$, ops impact, and avoid doom-mongering).What should already be automated (network topology & asset management… why isn’t this solved yet?).Should you take a pay cut to break into cyber? The honest “it depends” with finance, family, and sanity in mind.Unpopular opinions: degrees vs certs, do you need to code, and why humility beats fake expertise.“Cybersecurity sucks”—when it does, why it does, and how to know if it’s time to pivot.Where the next gen of cyber talent will come from (CS, bootcamps, liberal arts, law… and maybe alien overlords 👽).👉 New episodes every week.💬 Press or communications inquiries:👇 Chapters below for quick jumping.If you found this helpful, smash Like, drop your spiciest hot take in the comments, and Subscribe for weekly episodes.Chapter Breaks00:00 – Frank crowns Dr. Dustin Brewer (graduation, hoods, and coronation jokes)01:42 – How do you explain risk to a non-technical board?03:16 – From vuln counts to business dollars ($500k vs $23M losses)05:26 – Avoiding “boy who cried wolf” cyber doom-scenarios09:37 – What should already be automated in cybersecurity?10:25 – Network topology & asset management: the automation failures15:25 – Frank’s asset management horror story (Vista laptop box fail)15:51 – Should you take a pay cut to get into cybersecurity?19:20 – Frank’s unsolicited marriage advice for career-changers22:19 – You are not your job: cyber ≠ your identity23:22 – Unpopular opinions: degrees vs certs, no coding required29:30 – Why you still need a risk register29:51 – “There are no experts in cybersecurity”… or are there?35:33 – Does cybersecurity suck? When it does, and why37:37 – Frank’s dentist “tongue suction” horror story → career clarity42:26 – Where the next generation of cyber talent will come from47:48 – Final thoughts & wrap-up#cybersecurity #ciso #riskmanagement #cybercareers #automation #infosec #cyberjobs #reddit #legitimatecybersecurity

Why should you listen to us? Honestly—you shouldn’t. But if you do, know this: we’re not just two jokers talking theory.In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer open up about their real beginnings—from accidental entry into US Intelligence after 9/11, to packet-hunting puzzles, Wi-Fi tinkering, and Linux dependency hell, to Dustin’s Coast Guard days that led him into DoD cyber operations and battlefield coding.What you’ll hear:Frank’s unexpected pivot from English major → Arabic → US Intelligence → Packet Hunters → ISACA → vCISODustin’s childhood obsession with modems, Prodigy, and “Hackers” → DoD cyber ops → Iraq deployment software award → BlueVoyant leadershipWhy Wireshark still matters more than ever in an encrypted worldThe three inflection points that changed Frank’s career foreverWhy frameworks (NIST, ISO, HITRUST) keep failing—and Dustin’s PhD research into the human factor of securityWhat we focus on today: AI, vCISO work, penetration testing, and the balance of family + cyber🎯 If you’re looking for career inspiration, real stories, and unfiltered lessons from two practitioners who’ve done the work—this episode is for you.Timestamps below.📩 Questions? admin@legitimatecybersecurity.com💬 Drop a comment—we reply fast.🔔 Subscribe for more real-world cybersecurity with humor and honesty.Chapter Breaks00:00 Cold Open – “Why should you listen to us? You shouldn’t.”00:19 Meet your hosts: Dustin & Frank00:36 Why this episode: career steps & credibility check01:23 Setting the stage: our backgrounds in cyber02:06 Frank’s accidental entry into cybersecurity (post-9/11, US Intelligence)03:26 The language grind: Arabic immersion & Spanish surprises05:24 From Nordstrom suits to DoD analyst (wrong master’s degree first!)07:15 Building real skills, Packet Hunters, and ISACA transition07:40 Discovering Wireshark: packets as puzzles with real-world impact09:02 Wi-Fi experiments, streaming flex, and home internet humility09:48 Frank’s advice: explore cyber early—or you’ll be miserable10:19 Dustin’s story begins: Palm Bay, Florida + engineering neighbors11:14 Simpsons saxophone teacher → first coding mentor12:32 AOL for DOS, Prodigy, CompuServe → modem obsession13:26 Networking excitement & “Hackers” movie inspiration14:23 Linux from scratch & dependency hell at age 1515:17 School vs passion: community college frustrations → military track16:25 Coast Guard IT school → voluntold to Fort Meade (DoD cyber ops)18:03 Ground-up learning → teaching others by doing19:13 Linux from scratch = trial by fire learning19:51 Wireshark packet analysis as the foundation skill21:02 Policy + frameworks: the cowboy days before NIST awareness22:43 Frank’s 3 inflection points: contracting leap, Packet Hunters, discovering NIST25:50 Dustin’s inflection points: first root login, Project Phalanx, Iraq software success27:54 Building impactful systems → Army Achievement Medal for battlefield code29:27 Perspective: cyber ops under fire → calm in the private sector30:22 Frank now: family focus, vCISO variety, and AI’s cultural impacts34:14 Tech culture & identity: from iPods to Meta glasses34:53 Dustin now: pen testing, vuln mgmt, and a PhD on framework adoption37:42 Why frameworks keep failing: the human layer39:31 Rethinking cybersecurity like medicine, not just militaristic defense40:15 How to reach us & engage with the show41:04 Sign-off#cybersecurity #careerstories #packets #wireshark #linux #dod #usintelligence #techcareers #careeradvice #pentesting #vCISO #humanfactors #ai #frameworks

Are algorithms helping—or handling—you? Frank and Dustin dive into how recommender systems, data brokers, and AI-powered platforms shape your news, drives, purchases, health, and even relationships. From TikTok fear-mongering to Cambridge Analytica, OPM’s breach fallout, Google Maps routing incentives, Amazon “sponsored” defaults, and Facebook’s engagement shift—this episode asks the hard question: are you in control, or are you being steered?We also hit the nuance: when AI spots tumors earlier and flags outbreaks faster, do the ends justify the data means? Echo chambers, algorithm “poisoning,” privacy laws (or lack thereof in the U.S.), and the real-world line between convenience and manipulation—plus the wild story of a nurse who could smell disease before doctors could test for it.🎧 Subscribe for sharp, funny, no-fluff cyber talk every week.💬 Drop your take: are you comfortable trading agency for convenience?—👥 Hosts: T. Frank Downs & Dustin Brewer🎙️ Podcast + clips: @LegitimateCybersecurity🧠 Subreddit: r/LegitimateCyber🔔 Like, subscribe, and share to beat the algorithm at its own game.Chapter Breaks00:00 – Cold Open: “If you’re not paying, you’re the product.”01:20 – TikTok: personalization vs. geopolitics02:37 – OPM breach & SF-86: the most intimate data spill04:08 – Data brokers & geolocation: finding anyone (even Congress)05:22 – The U.S. privacy gap (hello CCPA, goodbye federal law)06:11 – Shadow credit files: LexisNexis, GM telemetry & your insurance07:45 – Maps that nudge: are routes sold to brands?08:23 – Amazon’s “sponsored” defaults & subtle purchase steering09:39 – “Emergent behaviors” & divisive feed design10:53 – Can we trust any filter—and do we have options?11:30 – AI is code (and code is messy): hallucinations & ad-stuffed search12:27 – Living private vs. living miserable: the balance problem15:16 – Biased training data: we met the trainer and it’s us17:47 – Medicine wins: diagnostics vs. the data tradeoff19:30 – Joy Milne & “the smell of disease”: human pattern-finding#cybersecurity #algorithms #privacy #ai #databrokers #tiktok #opm #EchoChambers #RecommenderSystems #DigitalEthics #Nudging #LegitimateCybersecurity22:44 – AI for signals, humans for meaning23:34 – Robots, laundry… and the rental future24:57 – Do people want out of echo chambers?26:57 – Comfort vs. being “right”: why rage sells27:24 – Algorithm poisoning ethics: self-defense or sabotage?28:11 – The kindness trap: loneliness, AI compliments & harms30:16 – What practitioners should do: policy, guardrails, education32:25 – The inevitable? Choosing agency in a steered world33:16 – Outro: “If this was recommended to you…”

What do submarines, Linux servers, Apple X Servers, and SOC analysts all have in common? They were all part of Chris Adkins’ path into cybersecurity. In this episode of Legitimate Cybersecurity, Frank and Dustin dive deep with Chris as he shares his unique journey from being a sonar technician in the U.S. Navy to breaking into cyber through a SOC—and eventually advising top companies through breaches and building cyber programs.We cover:How non-traditional paths (like the Navy) can launch cyber careersThe evolution of SOC life and tools (FireEye, ArcSight, Palo Alto, CrowdStrike, etc.)The AI security paradox: why AI will cause more breaches, not fewerWhy leadership culture determines breach resilienceThe controversial new “Letters of Marque” bill that could legalize U.S. cyber privateersThis episode is packed with career lessons, insider war stories, and the kind of weird/funny hypotheticals that only Legitimate Cybersecurity delivers.⏱️ Chapter Breaks00:00 – Intro & Chris’ non-traditional entry into cyber01:20 – Life on submarines & discovering IT underwater04:20 – From BackTrack to BP: finding cybersecurity as a career07:00 – SOC life at BP: Panama shifts, POCs, and new tools10:40 – FireEye, EDR, and the evolution of detection tech13:50 – Why AI may actually increase breaches16:30 – Career changers & why it’s hard to “get into cyber”20:00 – The problem with cybersecurity education & perception27:30 – The “Letter of Marque” bill: cyber privateers?!38:40 – Post-breach consulting: calming chaos & fixing culture44:20 – Bias, assumptions, and the hidden root of breaches50:00 – If SOCs ran on ChatGPT: complaints & HR problems52:40 – Funniest phishing excuses & cyber training fails59:40 – Leadership, culture, and why CEOs define cyber success1:03:30 – Wrap up & Chris’ future return#Cybersecurity #Hacking #AI #SOC #CyberCareers #LegitimateCybersecurity #NavyToCyber #Infosec

Former FBI agent and attorney Vincent “Vinnie” D’Agostino (now Head of Digital Forensics & Incident Response at BlueVoyant) joins us to unpack dark web takedowns, real DFIR process, and how a “range” of skills (law, tech, stand-up, curiosity) compounds into cyber success.We cover:How a team helped take down the dark web—twiceDFIR reality vs myth: scoping, persistence hunts, EDR triage, due diligence in M&AThe RDP ≈ drunk driving analogy you’ll never forgetFBI - Private sector: what translates (and what doesn’t)Career advice for students & pros in the age of AI: become “rangeful,” seize moments👥 Guest: Vincent D’Agostino — Head of DFIR @ BlueVoyant; former FBI agent & attorney🎙 Hosts: Frank Downs & Dustin Brewer📌 Subscribe for deep, funny, legit cyber every week.Chapter List0:00 Cold Open — “Dark Web x2”0:22 Intro & Who is Vincent D’Agostino1:05 8086, 5MB HDD & falling in love with computers5:30 From law to FBI: timing, tech, and reality checks10:45 Cyber squads, TOR, Bitcoin & dark web context16:30 DFIR in practice: scoping, EDR, persistence hunts24:30 The RDP ≈ drunk driving analogy every CISO needs29:30 Competence over politics (how to show up in calls)34:30 Career “Range”: why hobbies compound into expertise45:30 M&A due diligence: IR skills without the sirens51:00 Humor as a tool: rapport in dark situations57:00 3 Takeaways + Subscribe/Next Episode#DarkWeb #DFIR #DigitalForensics #IncidentResponse #FBI #BlueVoyant #Cybersecurity #CyberPodcast #ThreatHunting #EDR #Velociraptor #SentinelOne #Ransomware #CISO #Bitcoin #TOR #BlueTeam #CareerAdvice #AI #LegitimateCybersecurity #MandA #DueDiligence

ChatGPT-5 is here — but is it really the leap forward everyone’s claiming? In this episode of Legitimate Cybersecurity, Frank and Dustin break down the hype vs. reality. From coding disasters that “look pretty but don’t work,” to AI being more like “that coworker who makes everything harder,” we explore what this means for hackers, defenders, and the future of cybersecurity.👉 Is ChatGPT-5 truly artificial intelligence, or just machine learning with a better paint job?👉 Can AI pass cybersecurity exams like the CISSP?👉 Will AI babysit your kids one day — and should that terrify you?Stay tuned for the myths, the laughs, and the real risks.Watch to the end for a wild take on Star Trek, civil wars, and whether AI could really replace humans.#AI #CyberSecurity #ChatGPT5 #Hacking #TechNewsChapter List:0:00 – Cold Open (funny/hooky clip)0:10 – Welcome + Episode Setup1:00 – What’s Actually New in ChatGPT-5?3:00 – Pretty Code That Doesn’t Work5:00 – AI as the Annoying Coworker7:00 – Is This Really AI or Just ML?10:00 – Hackers Don’t Care If It’s Wrong13:00 – Cognitive Offloading + Laziness Debate15:30 – Weird Time: Frank’s Coding Fail Story18:30 – The Rise of Prompt Engineers21:00 – AI Gone Wrong (Teen Suicide Example)23:30 – Postmodern Truth & Poisoned Data Sources27:00 – Can AI Pass the CISSP? Cheating & Proctors33:00 – The Real Definition of AI (John McCarthy 1956)36:00 – AI Slop in Writing and Coding38:30 – Certification Exams & The Drunk Security Practitioner40:30 – Wrap Up: ChatGPT-5 = Faster, Not Smarter#ChatGPT5 #CyberSecurity #ArtificialIntelligence #TechNews #Hacking #MachineLearning #AIHype

What if you could break down every cyberattack into just 7 steps?In this episode of Legitimate Cybersecurity, Frank and Dustin dive deep into the Cyber Kill Chain — Lockheed Martin’s 7-stage framework for understanding and stopping attacks — and compare it to the MITRE ATT&CK framework, hacker methodology, and even… honeypots, magicians, and Christopher Nolan films.We cover:The 7 stages: Recon, Weaponization, Delivery, Exploitation, Installation, C2, and Actions on ObjectivesWhy insurance companies make cyber defense harderWhy honeypots are the “magician’s trick” of cybersecurityHow to explain attacks to executives so they actually careTangents about Comic-Con, The Simpsons, Star Trek, and South Park (because of course we did)Whether you’re a seasoned pro or just cyber-curious, this episode makes frameworks fun. And dangerous. And maybe slightly nerdy.💬 Drop your favorite Kill Chain phase in the comments!#CyberKillChain #CyberSecurity #EthicalHacking #MITREATTACK #PenTesting #InfoSec #Honeypots #CyberInsurance #CyberDefense #NIST #LockheedMartin #LegitimateCybersecurityPodcastChapter List00:00 – Welcome & accidental name change to “The Cyber Kill Chain Podcast”00:37 – Comic-Con chaos & nerd solidarity01:40 – What is the Cyber Kill Chain? (And why Lockheed Martin made it)03:18 – Cyber Kill Chain vs. MITRE ATT&CK: Different perspectives05:22 – Insurance nightmares & cyber policy loopholes08:03 – The 7 stages explained (Recon → Actions on Objectives)14:42 – Framework overload & mapping standards18:59 – Real-world pen test insights & APT patience21:19 – Teaching grad students & professor naming quirks23:03 – AI politeness, South Park, and AI “relationships”25:01 – Cybersecurity fatigue & losing the funding edge28:22 – Where defenders can actually break the Kill Chain29:41 – Honeypots: magician’s trick or wizard’s weapon?34:42 – Christopher Nolan, The Prestige, and Wireshark wizardry38:13 – Why conveying frameworks simply wins the boardroom40:26 – Wrapping up: Vote for us & leave your questions

Quantum computing is no longer science fiction—it’s a ticking clock for modern encryption. In this episode of Legitimate Cybersecurity, Frank and Dustin break down Q-Day, the moment when quantum computers may render current cryptography useless. We explore how close we really are, the science (and hype) behind quantum technology, and what CISOs should be doing NOW to prepare. Along the way, expect tangents about Star Trek, Ant-Man, AI, and a few moments that’ll make you laugh out loud.🎙️ Got a topic or guest suggestion? Email us at: admin@legitimatecybersecurity.com👍 Like, comment, and subscribe for weekly cybersecurity deep-dives that mix humor with hard truths.Chapters:00:00 – The ASMR Frank & Star Wars Quantum Vibes02:12 – What is Q-Day & Why Does It Matter?05:54 – How Cold is Quantum? (Hint: Near Space Cold!)09:40 – Breaking Encryption: The Qubit Threat14:45 – How CISOs Should Handle Quantum Hype19:16 – Hidden Financial Meltdowns & The Transfer of Wealth23:32 – Quantum Internet & Faster-Than-Light Data28:26 – Hackers, Ant-Man, and Sci-Fi Meets Science33:26 – Turning Q-Day Concerns into Real Security Wins35:49 – Final Thoughts & How to Prepare Today#quantumcomputing #QDay #cybersecuritypodcast #encryption #postquantumcryptography #ai #nisteoameni #ciso #legitimatecybersecurity #techfuture #startrek #antman

Today on Legitimate Cybersecurity, Frank and Dustin dive deep into the weird, wild, and worrying world of IoT (Internet of Things) — from smart thermostats and connected doorknobs to pacemakers with IP addresses and hacked fish tanks.You’ll hear real-life stories of IoT gone wrong (including a connected beer brewer used for hacking), explore the creepy rise of biohacking and RFID implants, and find out what happens when Roombas spy on you in the bathroom.We also break down why IoT devices are so vulnerable, the challenges with industry standards like Zigbee and Matter, and whether privacy laws like HIPAA and GDPR are enough to protect us in a hyper-connected future.This episode blends expert insight, sarcasm, and actual advice — with a few nostalgic tech throwbacks thrown in.👉 Tell us in the comments: Would YOU put an RFID chip in your hand? Or is that a step too far?🧠 Topics Covered:Biohacking at DEF CONIoT in Human EvolutionPacemaker recalls & medical device hacksWhy Ring doorbells talked to childrenThe Fish Tank Casino HackWhy Alexa might be gaslighting youISO standards, Z-Wave, Zigbee, MatterSmart home fails (IKEA blinds, anyone?)Why Apple might be the “luxury” privacy modelCRISPR, AI, and Neuralink🔗 Don’t forget to like, comment, and subscribe. It helps us battle the algorithm overlords and keeps our IoT-connected fridge from judging us.🗳️ We’ve been nominated for the Podcast Awards! Vote for us at podcastawards.net📬 Press inquiries, sponsorships, or topic requests?Email us at: admin@legitimatecybersecurity.comChapter List:00:00 – Intro: Is IoT Out of Control?00:27 – How IoT Went from SCADA to Dog Collars01:50 – IoT & Cognitive Offloading: Are We Getting Lazier?04:31 – Biohacking: RFID Chips & Pacemaker Hacks09:02 – Self-CRISPR?! The Shocking Reality12:15 – Mark of the Beast vs. Palm Scanners: Privacy Panic15:03 – Your Coffee Maker Could Burn Down Your House16:26 – Hacking Beer Makers & Server Farms22:26 – Casino Hacked by a Fish Tank?23:25 – Ring Cameras Talking to Kids: IoT Nightmares25:25 – Roombas Spying on You in the Bathroom27:52 – Cheap IoT: A Privacy Disaster Waiting to Happen?30:25 – Apple vs. Android: Who’s Winning the Privacy War?32:03 – Outro & Podcast Awards Announcement#IoT #Biohacking #Cybersecurity #RFIDImplants #CRISPR #SmartHomeSecurity #ConnectedDevices #InternetOfThings #PacemakerHack #FishTankHack #RingCameraHack #PrivacyMatters #AIandCyber #TechEthics #CyberAwareness #Neuralink #HackedDevices #LegitimateCybersecurity #CyberThreats #SmartDeviceFails

Dr. Charles Harry — former NSA leader, cybersecurity strategist, and professor at the University of Maryland — joins Legitimate Cybersecurity to expose the hidden gaps in U.S. cyber defense. From nation-state strategy to local school vulnerabilities, this episode uncovers why most cybersecurity efforts are missing the mark… and how to fix it.We explore:Strategic cyber risk (not just IT vulnerabilities)Mapping 50,000+ exposed devices across U.S. countiesThe "operational art" of cyber warfareWhy grants are being wastedThe AI & quantum arms race vs. China💣 This episode is packed with insights for CISOs, policy makers, military analysts, and tech leaders alike.🎙️ Listen to the audio version on Spotify, Apple Podcasts & more.📩 For guest inquiries or partnerships, reach us at: admin@legitimatecybersecurity.comVote for our podcast at: podcastawards.com#Cybersecurity #CyberWar #CharlesHarry #LegitimateCybersecurity #CyberStrategy #NISTCSF #QuantumSecurity #AIInCybersecurity #PublicSectorCyber #NvidiaVsChina #RiskManagement #CyberGovernance00:00 – Cold Open + Intro00:22 – Meet Dr. Charles Harry01:52 – What Is Strategic Cybersecurity?05:02 – Risk at the Sector Level08:22 – Cyber Operational Art: The Missing Middle13:47 – Mapping 50,000+ Public Sector Devices21:00 – Why Federal Cybersecurity Grants Fail28:00 – Red Team vs. Blue Team: The Divide That Shouldn't Exist34:02 – Risk Frameworks: Useful or Useless?43:02 – Quantum & AI: Reshaping the Threat Landscape48:50 – Nvidia vs. China: The True Arms Race53:10 – Final Thoughts + How to Build a Strategic Cyber Defense

🎙 In this episode of Legitimate Cybersecurity, we dive deep into the unsettling reality of AI in modern cybercrime.Senator Marco Rubio was impersonated by AI in a high-level cyber deception campaign, and that's just the beginning.Frank and Dustin unpack:🧠 Deepfake threats to democracy🔐 Signal messaging & nation-state exploitation🧪 Data poisoning and post-truth dangers🛡️ AI in cybersecurity: helper or hazard?🎭 Aquaman scams grandma?!🗳️ The future of elections in the AI ageThis is the episode that asks: What is truth? And can we still trust anything we see or hear?👉 VOTE for us in the Technology category at PodcastAwards.com👉 Like, Subscribe, and hit that 🔔 — it helps more than you know!#Cybersecurity #AIThreats #Deepfakes #AIinCyber #MarcoRubio #Cybercrime #DataPoisoning #LegitimateCybersecurity #PostTruth #ElectionSecurity #PodcastAwards #AIDeepfakes #ChatGPT #GrokAI #QuantumComputingChapter Breaks:00:00 – Welcome to the AI Chaos01:00 – Marco Rubio’s Deepfake Scandal03:30 – Signal App, Trust, and Exploitation06:00 – Grandma Got Catfished by Aquaman (Real Story)08:30 – AI: Making Hacking Easier or Dumber?11:00 – Prompt Injection, Scambaiting, and Evil Clippy13:30 – Deepfakes vs. Quantum Computing16:00 – The Dystopia of AI Dating and “Spin the DJ”19:00 – Truth, Misinformation, and Model Poisoning23:00 – Blockchain for Truth? (Business Idea Alert)25:30 – Star Wars, White Lotus, and the Collapse of Truth28:00 – Elections, Echo Chambers, and Deniability30:00 – Vetting Info in the AI Age33:00 – Should ChatGPT Run a Town?34:00 – Final Thoughts + Next Episode Preview (The Economics of Cyber)

Are you curious about penetration testing, aka legal hacking? In this episode of Legitimate Cybersecurity, Frank and Dustin tear down the myths of hacking, break down real-world pen testing, and share hilarious (and horrifying) war stories from the field.We cover:✅ The skills you actually need to get into pen testing✅ What certs like OSCP, CEH, and GPEN really mean✅ Why most companies have no idea what’s on their network✅ Real pen test experiences gone sideways✅ Why you might still get arrested after a bug bounty✅ And how to break into the field—even without a degree🎙️ WE NEED YOUR HELP! 🎙️We’re in the running for Best Technology Podcast at PodcastAwards.com — and we’d love your vote!🗳️ Go to https://www.podcastawards.com, register, and vote for Legitimate Cybersecurity in the Technology category.Your vote helps real, nerdy cybersecurity voices rise to the top!📌 Like, Subscribe & Share.🔔 Click the bell to get notified about new episodes (and Frank’s midlife crises).📎 Check the show notes for career resources, links, and our Hack the Box profile recs!#PenTesting #EthicalHacking #CybersecurityCareers #OSCP #CEH #GPEN #HackTheBox #RedTeam #CyberSecurityPodcast #InfoSec #HackerLife #BugBounty #CybersecurityTraining #CyberMythsBusted #ITSecurity #SecurityTesting #KaliLinux #CyberCareer #podcastawards Chapter Breaks00:00 - Intro: What Is Penetration Testing?01:31 - Myths vs. Reality of Hacking02:40 - What Kind of People Make Good Pen Testers?05:33 - You Don’t Need a Degree To Be a Hacker07:19 - Why AI-Generated Code Is Easy to Hack09:16 - Cybersecurity Certifications (OSCP, CEH, GPEN)12:16 - Is CEH Still Worth It?14:42 - What EC in EC-Council *Actually* Stands For16:20 - Pen Test Expectations vs. Reality19:35 - Types of Pen Tests: Internal, External, Web App, Social Engineering22:12 - Cost, Scope & Asset Prioritization24:00 - What If You Don’t Know Your Own Assets?26:58 - Pen Test Reports: Why No One Reads Them28:55 - Remediation Is Scarier Than the Hack30:49 - Hacker Teams: Foothold → Escalation → Ransom32:31 - The Most Hilarious Old Systems We’ve Found34:28 - You Must *Love* Computers To Hack Well37:03 - Want to Be a Hacker? Here’s Your Roadmap39:51 - Military & DOD Paths To Cyber Careers40:44 - Vote for Us, Subscribe, and Frank’s Midlife Crisis

Sorry in advance for the wonk audio!!AI is everywhere—and it's not just writing poems or generating cat pics. In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Burr dive deep into the impact of artificial intelligence on the world of cybersecurity.From the myth of Artificial General Intelligence (AGI) to AI-powered pentesting and blue team burnout, we demystify the buzzwords, talk real-world applications, and get a little weird with some philosophical takes. And yes, Clippy makes a comeback.🧠 Topics Covered:What AI really is (with NIST definitions)Can AI replace cybersecurity professionals?AI in offensive vs. defensive securityLLM hallucinations and real-world risksDeepfakes, phishing, and governance toolsThe rise of AI girlfriends 😬🧪 Outrageous Statements Segment:We say wild things. Sometimes they’re true. Sometimes they’re spicy. Always entertaining.📍 Special shoutouts to:Dr. Charles Harry (coming soon!)Clippy (RIP king)👂 Listen on Spotify, Apple, or wherever you get your podcasts.👉 Like, Subscribe, and Share if you want to see Eeyore smile again.#cybersecurity #artificialintelligence #pentesting #podcast #Deepfakes #chatgpt #llm #infosec #aiincybersecurity #generativeai #clippyisback 00:00 – Intro: Art, AI, and Losing Viewers00:33 – The Hollywood AI Myth: Smart Computer = Death02:25 – Breaking Down AI Fear and Misunderstanding03:47 – What AI Actually Is (and Isn’t)05:19 – Remembering Clippy: The First “AI Assistant”06:20 – Demystifying AI Through NIST Definitions08:45 – AI vs. Machine Learning: What’s the Difference?11:18 – What is a Large Language Model (LLM)?12:31 – Generative AI & Artificial General Intelligence (AGI)13:56 – Can AGI Replace Humans? A Futurist’s Perspective16:00 – AI's Limits: Empathy, Reasoning, and Hallucinations18:09 – Should AI Do the Menial Work While Humans Create?19:03 – AI as Friend, Lover, and Therapist: A Cultural Shift21:00 – The Danger of Replacing Human Connection22:36 – AI Marriages and Japan's Pillow Brides24:00 – AI Partners = Modern Incel Cat Ladies?25:00 – Satire, Safety, and Securing Your AI Spouse26:31 – Why AI Still Can’t Replace Real Human Emotion27:19 – Hollywood’s Obsession With AI Relationships29:03 – Don’t Replace Human Connection With Anything29:31 – AI in Offensive Cybersecurity & Pen Testing31:33 – AI-Powered Pentests: Regulation vs. Automation33:13 – Exploit Development, Intuition & Quantum Chaos34:45 – Use AI to Handle the Mundane, Focus on the Critical36:03 – Deepfakes, CEO Scams & Social Engineering37:23 – AI + Polymorphic Code = Scary Smart Attacks38:55 – AI for Blue Teams: Helping Analysts, Not Replacing Them41:21 – AI in Governance: From Policy Writing to NIST Alignment43:11 – Academic Uses: Research, Summaries, & Cleanups45:40 – What’s Coming: Academic Deep Dive Next Week47:06 – Staying Relevant: Experiment, Learn, and Evolve48:57 – AI as a Communication Tool in Cybersecurity50:21 – NEW SEGMENT – Outrageous Statements Begins!51:01 – AI Writes Better Phishing Emails?51:23 – Will AI Replace SOC Analysts?52:51 – Can You Use AI to Build a Risk Register?54:31 – Mickey, MidJourney, and Deepfake Ethics55:31 – AI Hallucinations Will Cause Real Incidents