We are back with another interview and this one is a proper conversation about what security awareness should feel like. Honest, simple and human.
This week I sat down with Dan Thornton, founder and CEO of Goldphish. Dan’s path into cyber started in the Royal Marine Commandos and moved through physical security and crisis management before one attack changed everything. NotPetya wiped out a global organisation he was supporting and it became clear that digital risk now hits harder and faster than anything physical. That moment pushed him into cyber and eventually into building Goldphish.
What I love about Dan is how grounded he is. No jargon. No overcomplication. No feature overload. Just a belief that people deserve better than long training, shame based phishing tests and compliance for the sake of compliance.
In this episode we get into:
Dan is a big believer in incentives. If someone reports quickly, celebrate it. If a team does the right thing, make it visible. Culture grows when people feel supported, not judged.
We also talk about voice scams, deep fakes, business email compromise and how criminals are already using AI to build long form, relationship driven fraud. This space is moving and moving quickly.
There are some fun moments too. Pizza flavoured passwords, the danger of what our ChatGPT histories reveal and a few curveball questions that took us both by surprise.
If you care about human risk, culture and stripping cyber back to what works, this is a great episode to dive into. Dan brings a refreshingly practical view of awareness and why the basics still matter more than anything.
Listen now and imagine what your programme could be if you kept things simple, human and actually enjoyable.
You can find Dan at goldphish.com or on LinkedIn.
You are tuned in to The Awareness Angle, the weekly show where we cut through the cyber noise and get straight to the scams, slip ups, and stories that actually matter.
In this episode, Ant and Luke dig into a fresh batch of breaches, some worrying policy decisions, and a few very human stories from inside the cyber world. From councils leaking resident data, to VPNs quietly opening the door to ransomware, to AI powered scams on your favourite apps, this one is packed.
In this episode
Listen for
Stay connected
New episodes every week. Views are our own, not our employers.
This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack a wave of global cyber stories — from telecom breaches and AI-powered defence tools to sextortion scams and the emotional risks of “friendly” chatbots. It’s a mix of human stories, technical takeaways, and practical lessons for anyone trying to stay safe in an AI-shaped world.
📡 Global Breaches & Third-Party Fallout – LG U+, Toys “R” Us Canada, HSBC, and Verisure all suffer breaches linked to vendors or poor visibility. The takeaway? Even mature orgs keep getting blindsided by supplier access and delayed disclosure.
🤖 OpenAI’s ‘Aardvark’ GPT-5 Agent – A self-fixing AI for security flaws sounds promising—until you realise it’s patching live code. Automation helps, but trust and verification still matter more than ever.
💬 Meta’s Scam Detector – WhatsApp and Messenger now use AI to flag impersonation and job scams. Ant ties this to his own “Tilly from Fram Search” scam attempt, showing how emotional hooks still trump logic.
🧒 AI Sextortion Scams & ReportRemove – Deepfaked nudes used to extort teens; a BBC case highlights the IWF’s lifesaving removal tool. A reminder that awareness isn’t just about security—it’s safeguarding.
👥 Character.AI Blocks Teen Chat – After reports of inappropriate AI conversations, under-18s are now cut off. Ant and Luke discuss why “empathetic” AI companions can quickly turn toxic.
🇬🇧 NCSC Annual Review – Four major UK cyber incidents every week, a 129% rise year-on-year. New SME Cyber Action Toolkit promises easy wins, but small firms still face time and funding barriers.
🧩 Chrome Zero-Day (Memento Mori) – Active exploit patched, but only if users reboot. Awareness message: “Auto-update isn’t a shield—restart and verify.”
💼 Insider Threats & Classroom Tricks – A Reddit post shows real insider exfiltration, while teachers hide invisible AI prompts to catch students using ChatGPT. Both show behaviour—not tech—is the true battleground.
📰 AI Authenticity Crisis – From AI-written beauty magazines to GPT vs Google explainers, even “real” media now demands literacy training to spot synthetic content.
🧠 ‘EtherHiding’ Malware on Blockchain – Malicious code hidden in blockchain assets targets job seekers via fake coding tests. Proof that persistence now has a whole new meaning.
Whether you’re defending systems, teaching staff, or just trying to keep your kids safe online—this episode connects the technical, the human, and the emotional sides of cybersecurity.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Ant Davis and Luke Pettigrew dive into the fast-moving collision between AI innovation, real-world breaches, and human behaviour. From Sotheby’s data leak to AI browsers that remember your every move, this episode explores where awareness, policy, and technology are all being stress-tested.
🏭 Sotheby’s, Muji & JLR Breaches – From luxury auctions to car factories, supply chain ransomware continues to ripple through industries. JLR’s £1.9B loss now marks the UK’s costliest cyber incident.
🧠 Deepfake Politics – A fake video of MP George Freeman “defecting” proves that AI-fabricated political manipulation is no longer hypothetical—it’s here and hyper-local.
📹 YouTube’s Likeness Detection – Google’s new system to identify AI fakes comes with a trade-off: creators must hand over government ID and facial video. Security meets privacy in a messy middle.
🎣 Phishing-as-a-Service – “Whisper 2FA” has powered over 1M phishing attacks, using AJAX to steal live MFA codes. A reminder: phishing kits evolve faster than most awareness programs.
🧭 ChatGPT Atlas Browser – The new AI-integrated browser introduces “memory” and “agent” modes—but also raises massive insider and data leakage risks. Shadow AI just went mainstream.
🧩 Windows Zero-Days – Legacy modem and RASMAN flaws are being exploited in the wild. Microsoft and vendors rush to patch, underlining the ongoing struggle with hidden legacy code.
📈 Reddit’s Reality Check – Security pros report phishing surges of up to 300%, likely linked to the Salesforce leak. Community intel confirms: automation is scaling human deception.
🎙️ Community Highlights – Ant joins the Go Fish podcast and Layer8’s Security Champions project ahead of his talk at the Human Firewall Conference in Cologne.
🔍 Phishing Design & Visual Cues – The hosts dissect a fake rnicrosoft.com email and how simple UI details—like hyperlink colours—still shape digital literacy.
🎬 AI & Authenticity – OpenAI’s first brand ad was filmed on 35mm film. Even AI firms are leaning on the “human touch” to rebuild audience trust.
🛠️ Tools Worth Knowing – Shoutout to Pistachio App, a clean, transparent platform for phishing simulations and insider risk detection—proof that simplicity wins adoption.
🚨 TikTok, SIM Farms & SMS Blasters – Latvian police seize 40,000 SIMs in a major fraud ring, while a UK man is jailed for sending parcel scam texts on the Tube—awareness in action.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack a packed lineup of real-world cybersecurity stories — from paper-based recovery plans to AI data leaks, healthcare ransoms, and the human messiness behind governance and awareness. It’s all about what happens when the systems fail, the people improvise, and resilience gets real.
📄 Paper Plans & Power Cuts – The NCSC urges organisations to keep printed incident plans. The hosts ask the hard question: how do you “open your playbook” if it’s been ransomwared?
☁️ Cloud “Whoopsie” of the Week – A misconfigured “Invoicedly” S3 bucket leaks sensitive financial data. Simple mistakes, big consequences.
🤖 Shadow AI at Work – 77% of employees reportedly paste company data into ChatGPT. Culture or control — what’s the real fix?
🏥 Healthcare Ransomware Ethics – X-rays and ECGs leaked online reignite debate over whether private healthcare firms should ever pay.
📬 Court-Themed Phishing – Fake legal summonses using SVG attachments show how scammers are levelling up in realism.
💬 Discord Support Leak Confusion – Government IDs appear in a third-party breach; finger-pointing follows. Who’s really accountable?
💸 Capita’s £14M Lesson – The ICO fine lands, proving that prevention costs less than penalties. A nod to burnt-out IR teams who rarely get a break.
🧠 F5 Networks Intrusion – Nation-state attackers lurked for months before discovery. The takeaway? Patch, disclose, repeat.
📉 Deloitte’s $440K AI Blunder – A government report filled with hallucinated citations — proof that even consultants need a human review step.
🧩 Awareness Corner – Ant previews his HuFiCon talk in Cologne and shares Layer8’s open research on what makes security champions work.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Ant Davis and Luke Pettigrew unpack the latest in cybersecurity and human risk — from fake job recruiters flooding LinkedIn to deepfake chaos and a nursery hack that shocked the UK. Whether it’s scams, software flaws, or stolen art, this episode is all about where human behaviour meets digital consequence.
🕵️♂️ LinkedIn Recruitment Scam – “Open to Work” Trap
When Ant switched on “Open to Work,” fake recruiters arrived within seconds — zero followers, spam hashtags, and mismatched job offers. It’s a stark reminder of how social engineering preys on urgency and hope. Pause, verify, and think before engaging.
🎮 Unity Vulnerability – Game Engine Flaw
A high-severity Unity exploit forced Steam to block unpatched games. It’s a lesson in patch psychology — users delay for convenience, but the cost of waiting is higher than the update itself.
🎬 AI Video Boom & Deepfake Concerns
Sora 2 becomes the fastest-downloaded app ever as creators like MrBeast warn of deepfake chaos — from fake celebrity videos to stolen likenesses. The takeaway: verification and transparency are the new currency of trust online.
🧒 Kido Nursery Hack – Teenagers Arrested
Two 17-year-olds were charged over a ransomware attack on a UK nursery chain — an alarming example of how young people can be drawn into cybercrime, and why early education and deterrence are essential.
🎨 Author’s iPad Theft – Six Years Lost
The Boy, The Mole, The Fox and The Horse author lost years of unreleased artwork after his iPad was stolen. A real-world reminder: backups only matter if they actually work — and you’ve tested them.
🌐 Domain Hijack – Puffin Books / Andy Cope
A hijacked author website redirected visitors to adult content. It’s a simple DNS lapse with reputational fallout — renew your domains, secure your logins, and monitor what matters.
💬 Discord Vendor Breach – Third-Party Risk
A vendor compromise exposed 70,000 Discord users. Even if your systems are secure, partners can still sink you. Limit data retention and review vendor practices regularly.
🎰 DraftKings Credential Stuffing
Attackers accessed accounts through reused passwords — fewer than 30 victims, but entirely preventable. MFA and unique credentials remain the simplest, strongest defence.
☁️ Salesforce / Scattered Spider
Ransomware actors claim 1.5 billion records — one of the largest alleged data thefts to date. Another case of companies refusing to pay, proving resilience and communication are as vital as response plans.
🎤 Wrap-Up & Awareness Takeaways
Ant plugs upcoming appearances at HuffyCon (Human Firewall Conference, Cologne) .
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into a packed line-up of stories that show just how wide the cyber threat landscape has become—from luxury retailers and carmakers taken offline, to insider risks, ransom trends, and the latest fights between governments and Big Tech. It’s not just about breaches and numbers; it’s about people, trust, and the human cost behind the headlines.
🛍️ Harrods, Renault & Asahi Hit – A wave of big-name attacks highlights how third-party breaches ripple across industries—and why some victims keep getting hit again.
💰 Ransomware Stats That Shock – Hiscox research shows 27% of SMEs targeted last year, 80% paying up, and only 60% recovering data. We debate whether ransom bans are coming.
🧑💻 Insider Temptations – Hackers offered the BBC’s Joe Tidy a cut of ransom if he gave insider access. It’s a stark reminder of how disgruntled staff can become the weakest link.
🎒 Nursery Data Fallout – After outrage, hackers “apologised” and claimed to delete leaked children’s profiles. We unpack what this says about criminal limits and reputational damage.
📧 Oracle Extortion Emails – CLOP-linked scammers target execs directly with extortion threats. Why quiet, internal responses can make things worse.
🕹️ Platforms Under Pressure – Imgur blocked in the UK, Roblox culls 8 million games for age compliance. VPNs remain the obvious workaround, but at what risk?
😓 Cybersecurity Burnout – The BBC spotlighted Ant on stress in cyber jobs. We talk long hours, mental health, and why culture matters as much as controls.
🍏 UK vs Apple – A Technical Capability Notice demands more government access. Apple’s pushback could have knock-on effects for WhatsApp, Meta, and beyond.
📊 Security Champions & Community Research – Fresh insights from Layer 8’s survey on what makes champion programs succeed—and why open-source research helps awareness pros.
🤖 Shadow AI at Work – Staff still pasting secrets into ChatGPT despite training. Should companies ban tools outright, or build safer corporate alternatives?
🔐 Password Managers Ranked – Wired tips Bitwarden for most users, ProtonPass for free setups. The takeaway: stop reusing passwords, start managing them properly.
🎭 AI Video & Deepfake Surge – From TikTok character swaps to OpenAI’s Sora 2, the line between fake and real gets blurrier by the day. What it means for scams, politics, and trust.
From ransomware payments to burnout, insider risks to AI misuse, this episode connects the dots on how cyber threats are evolving—and why awareness needs to evolve too.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into everything from car factories grinding to a halt to ransomware crews dumping nursery data online. It’s a mix of big-business losses, government experiments with digital ID, and the human cost of attacks that don’t care who they hit.
🚗 Jaguar Land Rover Shutdown – Millions lost each day, suppliers in crisis, and no cyber insurance in sight. We unpack why this wasn’t “just an IT problem.”
✈️ Airports Held to Ransom – Collins Aerospace software outage takes down check-in systems across Europe. We look at third-party risks and déjà vu comparisons with the CrowdStrike fiasco.
🪪 UK Digital Identity Scheme – A bold plan for online trust, or surveillance by stealth? We explore what it could mean for privacy and daily life.
🎒 Nursery Ransomware Leak – Criminals publish children’s profiles and family data. The ethics are grim, but it raises bigger questions about ransom bans and government policy.
⚖️ Law Firms in the Crosshairs – Weak passwords, outdated tech, and no MFA. Why smaller firms are prime targets—and how class actions are fuelling the chaos.
💻 GitHub & npm Security Overhaul – After 500+ compromised packages, stronger controls are here. But will devs embrace them, or find ways around?
🎙️ Deepfakes & Fake Voices – A survey says 44% of businesses hit by audio deepfakes. We’re sceptical—but the tactics are real, and awareness needs to evolve.
🍪 Cookie Banners on the Way Out – The EU may finally kill off endless pop-ups. Great for users, but what replaces them?
Along the way, Ant recaps highlights from KnowBe4’s CyberSecure Leeds and the SANS Security Awareness Summit, with stories of romance scams, AI panels, and why awareness needs a human edge.
If you care about supply chain fragility, human risk, and how attackers exploit the cracks in everyday systems, this one’s full of lessons.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
02:57 — Cybersecurity Awareness & Community Engagement
06:00 — Password Manager Vulnerabilities
09:00 — AI Ransomware & the Rise of AI in Cybersecurity
12:01 — Cyber Attacks on Major Corporations
17:20 — Reflections on Cybersecurity Trends
18:37 — Compensation Claims & Data Breaches
22:26 — SalesLoft Drift Breach: Implications & Insights
27:17 — Cyber Awareness & Phishing Campaigns
32:31 — AI, Misinformation & Media Risks
37:41 — Emerging Cybersecurity Threats
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew hit episode 52—a year of weekly podcasts—by digging into some of the biggest cyber stories shaking business, government, and everyday users. From billion-record breaches to fake podcast invites delivering malware, it’s another mix of serious lessons and eyebrow-raising human behaviour.
🎉 Free Hoxhunt Cybersecurity Awareness Month videos on AI phishing, deepfakes, and messaging scams. https://hoxhunt.com/cam-toolkit
🗂️ APCS Data Breach – UK background check provider compromised, exposing passports, NI numbers, and driver’s licences. We break down identity risks, government liability, and how reporting muddied the waters.
🤝 SalesLoft / Drift / Salesforce Breach – ShinyHunters claim 1.5B Salesforce records stolen, hitting over 760 companies (including big-name cyber vendors). OAuth token theft shows how fragile supply chains can be.
📦 npm Supply Chain Attack (“Shai-Hulud”) – 187 npm packages hijacked with self-propagating malware, stealing tokens and secrets. GitHub’s slow response raises serious trust questions.
🚗 Jaguar Land Rover Attack – A September 1st ransomware hit halted UK car sales and production, with ripple effects on suppliers and staff. Linked to Scattered Spider—again.
📱 Apple Backports Zero-Day Fix – Even iPhone 6s got patched after targeted attacks. We explain what “zero-day” really means and why it matters beyond the headlines.
🎙️ Fake Podcast Invites – Attackers posing as podcast hosts tricked victims into downloading AMOS Stealer. Media credibility is becoming a new social engineering vector.
🚇 Teenagers Behind TfL Cyber Attack – Two 18–19 year olds caused £39m in disruption. A case study in wasted cyber talent—and organised crime’s youth recruitment problem.
🤖 ShadowLeak vs ChatGPT – Prompt injection attack silently exfiltrated Gmail data from OpenAI’s “Deep Research” agent. Key lesson: don’t hook AI tools directly into sensitive accounts.
📲 TikTok’s Oracle Buyout – Larry Ellison takes 80% ownership in a politically charged deal. But does it actually solve the data-to-China question—or just shift control to another power?
🎭 Lighter Bits – Siri flunks, ChatGPT flexes, and a Trump/Starmer deepfake sparks laughs and awareness lessons.
In short, this all shows how fragile trust really is—whether in supply chains, AI tools, or the platforms we rely on every day.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
02:57 — Cybersecurity Awareness & Community Engagement
06:00 — Password Manager Vulnerabilities
09:00 — AI Ransomware & the Rise of AI in Cybersecurity
12:01 — Cyber Attacks on Major Corporations
17:20 — Reflections on Cybersecurity Trends
18:37 — Compensation Claims & Data Breaches
22:26 — SalesLoft Drift Breach: Implications & Insights
27:17 — Cyber Awareness & Phishing Campaigns
32:31 — AI, Misinformation & Media Risks
37:41 — Emerging Cybersecurity Threats
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew kick off Cybersecurity Awareness Month with new short videos made in collaboration with Hoxhunt—covering spear phishing, deepfakes, and the psychology behind social engineering. Then it’s straight into the big security stories of the week: from iCloud phishing invites to Scattered Spider’s latest breach, and why even attackers are installing antivirus.🎉 Free Hoxhunt Cybersecurity Awareness Month videos on AI phishing, deepfakes, and messaging scams. https://hoxhunt.com/cam-toolkit📅 Apple iCloud Calendar Phishing – Scammers use Apple’s own domain to push fake calendar invites tied to PayPal scams. If it looks odd, it probably is—delete, don’t click.✈️ Qantas Breach & Accountability – Scattered Spider strikes again, hitting 5.7M customers. Qantas cut exec bonuses by 15%—a rare move leaders elsewhere might want to note.🎥 Nexar Dashcam Database Leak – 130TB of video, GPS, and metadata left exposed in an AWS bucket. Dashcams are becoming rolling surveillance devices—often with little oversight.🕵️ Inside the Attacker’s Browser – Huntress stumbled onto open C2 servers, exposing adversary tools, comms, even their use of Bitdefender and Malwarebytes. A rare window into cybercrime operations.🎮 Plex Breach & Messaging Missteps – Usernames, emails, and hashes leaked. Plex’s reset advice was buried in long paragraphs—a reminder that breach comms need to be blunt and clear.📜 Reddit’s Wildest Breaches – Job scams running PowerShell commands, council-wide malware spreads, and SOC analysts debating true vs false positives. We unpack what awareness pros can take from the chaos.🎭 Deepfakes vs Reality – A Trump clip went viral with viewers insisting it was AI. ITV even shared it as genuine before higher-res footage confirmed it was real. Awareness lesson: in 2025, people doubt the truth as much as they fall for fakes.The week’s major cyber headlines, decoded into useful takeaways—and sprinkled with moments that make you raise an eyebrow.
🕒 Timestamps
00:00 — Introduction & Milestone Celebration
02:57 — Cybersecurity Awareness & Community Engagement
06:00 — Password Manager Vulnerabilities
09:00 — AI Ransomware & the Rise of AI in Cybersecurity
12:01 — Cyber Attacks on Major Corporations
17:20 — Reflections on Cybersecurity Trends
18:37 — Compensation Claims & Data Breaches
22:26 — SalesLoft Drift Breach: Implications & Insights
27:17 — Cyber Awareness & Phishing Campaigns
32:31 — AI, Misinformation & Media Risks
37:41 — Emerging Cybersecurity Threats
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew celebrate the 50th episode with community shoutouts, fresh awareness content, and a packed lineup of security stories. From password manager flaws to the first AI-powered ransomware. Whether it’s car dealerships grinding to a halt or deepfakes making truth harder to pin down, this one’s about the evolving risks, and the practical takeaways that matter most.
🎉 50th Episode & Community Updates – We mark the milestone with a shoutout to Liam, our first official member, plus new merch, Discord updates, and free Hoxhunt awareness videos on AI phishing, deepfakes, and messaging scams.Get the Cybersecurity Awareness Month videos here! https://riskycreative.com/en-gbp/pages/cybersecurity-awareness-month
🔑 Password Manager Autofill Flaw – A clickjacking bug in major tools (1Password, Bitwarden, LastPass, NordPass, ProtonPass) lets hidden fields steal your credentials. We explain why you shouldn’t ditch password managers—but why autofill and MFA settings matter more than ever.
🤖 The First AI Ransomware – “PromptLock” uses a local AI model (gpt-oss-20b) to generate its own malicious code on demand. Lightweight, cross-platform, and harder to detect—it’s a glimpse of where AI-driven attacks are heading.
🚗 Jaguar Land Rover Breach – Registrations halted, staff sent home, and Scattered Spider linked to an exploit of SAP NetWeaver. With hackers claiming stolen data but JLR insisting otherwise, we also warn about opportunistic “compensation scam” ads targeting worried customers.
💬 SalesLoft/Drift Breach – Stolen authentication tokens exposed Salesforce integrations at companies like Google, Palo Alto, and Zscaler. We break down what UNC6395 pulled off, why SaaS “shiny tools” can be risky, and the urgent need for token hygiene.
📧 Phishing Campaigns That Work – From “lost puppy” photos to cider raffles and free pizza, Reddit’s favourite phish templates spark a debate: are tricksy simulations effective, or should awareness always tie back to real workplace processes?
🎭 Deepfakes & Denial – Joe Rogan fooled by a fake video, Trump dismissing real footage as AI. We explore the new problem of “liar’s dividend”—where fakes make truth itself harder to defend.
🖼️ Hidden Gemini Prompts in Images – Malicious instructions embedded in pictures, not just text. We ask: when AI gets conflicting commands, what wins? Policies and training will need to catch up fast.
This week’s major cyber headlines, decoded into useful takeaways—and sprinkled with moments that make you raise an eyebrow.
🕒 Timestamps00:00 — Introduction & Milestone Celebration
02:57 — Cybersecurity Awareness & Community Engagement
06:00 — Password Manager Vulnerabilities
09:00 — AI Ransomware & the Rise of AI in Cybersecurity
12:01 — Cyber Attacks on Major Corporations
17:20 — Reflections on Cybersecurity Trends
18:37 — Compensation Claims & Data Breaches
22:26 — SalesLoft Drift Breach: Implications & Insights
27:17 — Cyber Awareness & Phishing Campaigns
32:31 — AI, Misinformation & Media Risks
37:41 — Emerging Cybersecurity Threats
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew come together for a special in-person episode while filming new Cybersecurity Awareness Month videos. From exposed AI chats to insider sabotage, telecom breaches, and Denmark’s bold new deepfake law, the conversation digs into how human behaviour, weak controls, and patchy regulation continue to shape today’s cyber risks.
🤖 AI Data Leaks – Elon Musk’s Grok chatbot exposed over 370,000 private conversations in Google search results due to a flawed share feature.
🍏 Mac Malware Masquerades – A new info-stealer (“Shamos”) tricks users with fake fixes and malvertising, targeting those with admin rights or poor IT support.
🕵️ Insider Sabotage – A developer planted a kill switch in his former employer’s systems, locking out staff after termination and causing massive damage.
📱 Telecom Breach in Belgium – Orange Belgium exposed data of 850,000 customers, raising sim-swapping and phishing risks despite quick containment.
📲 Android Developer Verification – From 2026, only verified developers will be able to distribute apps—even outside Google Play—in a long overdue accountability move.
⚖️ Legal Battles Over Online Safety – 4chan and Kiwi Farms challenge the UK’s Online Safety Act in US courts, arguing it violates First Amendment rights.
📊 The UK Government’s Costly Leak – A hidden-tab spreadsheet exposed Afghan allies’ identities, despite staff being explicitly warned. A breach officials called “the most expensive email ever sent.”
🎭 Denmark’s Deepfake Law – A pioneering amendment gives people copyright control over their likeness and voice—even extending 50 years after death.
📡 Wi-Fi Motion Tracking – Researchers show Wi-Fi signals can map human posture and movement indoors, raising both fascinating applications and surveillance fears.
📧 Email Unsubscribe Hack – A hidden Gmail feature lets users see all active subscriptions and unsubscribe in one place—finally making inbox clean-up easier.
Whether you’re building awareness programs, tracking regulations, or just trying to keep up with scam tactics, this in-person episode packs sharp insights and practical takeaways.
Note: Apologies for the changes in video brightness/exposure throughout the episode — filming conditions varied during recording.
🕒 Timestamps
00:00 — Introduction & Collaboration Announcement
01:07 — Cybersecurity Awareness Month: Key Topics
01:55 — News Roundup: Breaches & Security Flaws
08:26 — Insider Threats & Malicious Code
11:26 — Telecom Data Breach: User Awareness
13:37 — Android Developer Verification & Security
17:28 — Legal Challenges in Online Safety Regulations
20:34 — Password Breaches & Public Perception
23:55 — Government Data Breach & Accountability
29:45 — Denmark’s Deepfake Legislation
31:18 — Cultural Views on Hackers
33:26 — Wi-Fi Signal Tracking Technology
36:51 — Email Unsubscribe Features & UX
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew unpack the latest mix of cyber weirdness, policy drama, and awareness lessons—from fake law firm emails dropping malware to pro-Russian hackers playing with dam floodgates. It’s a week of scams, slips, and security culture stories you’ll want to hear.
🇬🇧 Age Verification Laws – UK and Texas push mandatory ID scans for adult sites. We break down the privacy pitfalls, weak safeguards, and why VPNs only complicate things.
🍏 Apple vs. UK Backdoors – Reports say the UK quietly dropped its iMessage backdoor push. We look at privacy pressure, government demands, and why the crypto wars never end.
📩 “Noodle-o-file” Infostealer – Malware dressed up as copyright takedown notices. Fake law firms, DLL sideloading, and another reason not to trust scary attachments.
💳 15.8M PayPal Credentials? – A threat actor claims to be selling plaintext logins. Likely infostealer loot, not PayPal itself—but a sharp reminder for MFA and unique passwords.
📊 Workday Breach – Social engineering exposed employee data. We unpack the follow-on risks when attackers weaponise stolen contact lists.
📱 iOS & Android Messaging Security – Could iOS 26 finally encrypt RCS end-to-end? We look at global habits—and why iMessage, WhatsApp, and SMS all carry different risks.
💧 Norway Dam Hack – Pro-Russian attackers briefly hijacked hydropower floodgates. A stark warning on hybrid cyber campaigns hitting critical infrastructure.
🛑 Malicious VPN Extension – “Free VPN.1” hit 100k+ Chrome installs while screenshotting users. How does malware this blatant slip past Chrome’s checks?
🌐 Google Chrome Zero-Day – Google’s AI tool “Big Sleep” spotted a critical V8 flaw. Emergency patches are out for Chrome and Edge—update now.
📒 SANS 2025 Awareness Report – From 1,000+ pros: small teams, social engineering still top risk, AI as an assistant (not replacement), and a rebrand to “Workforce Security & Risk Training.”
⚽ NowTV’s Anti-Piracy Ad – Lag, pop-ups, and missed goals used to mock illegal streams. We explore how entertainment risks mirror security awareness.
If you want the week’s biggest cyber stories distilled into actionable insights—with a side of human behaviour and tech nostalgia—this episode has it all.
🕒 Timestamps
00:00:00 — Episode Introduction
00:03:48 — Porn Censorship: Internet Impact
00:07:36 — UK Government Demands Apple Backdoor
00:11:24 — Noodle-o-file: Emerging InfoStealer Threat
00:20:47 — PayPal Credential Dump: Security Risks
00:24:07 — Workday Breach: Social Engineering Tactics
00:26:33 — Potential Messaging Security Upgrades
00:30:41 — The Evolution of Communication Tools
00:32:08 — Cyber Threats to Critical Infrastructure
00:34:30 — VPN Risks and Privacy Concerns
00:39:30 — Google AI’s Role in Cybersecurity
00:41:20 — Key Insights from SANS Security Awareness Report
00:51:19 — Creative Approaches to Cybersecurity Awareness
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew share their experiences from the SANS Security Awareness Summit, exploring the latest threats, innovative awareness strategies, and the ever-evolving cybersecurity landscape. From vulnerabilities in everyday devices to scams targeting car finance payouts, this episode is packed with lessons for anyone trying to keep people—and their data—safe.
🎨 SANS Summit Insights – Key takeaways from the event for security awareness professionals, including trends, challenges, and the latest thinking in behavior-driven cybersecurity training.
🖥️ Lenovo Webcam Vulnerabilities – Why even seemingly harmless devices can create serious security risks, and what organizations should do to protect themselves.
💰 Car Finance Scams & Pig Butchering – How scammers exploit emerging financial schemes, and practical tips for spotting and preventing fraud.
🔐 Ransomware Risks – Why ransomware remains a top concern for CISOs, and how strong recovery plans are critical for organizational resilience.
🎮 Educational Games in Security Awareness – Exploring innovative approaches to train users and improve engagement with cyber awareness programs.
🛡️ Ad Blockers & Online Safety – The importance of blocking malicious ads and protecting users from hidden threats online.
💾 Farewell to AOL Dial-Up – A nostalgic look at the end of an era and what it reminds us about evolving tech and persistent risks.
📈 Metrics & Behavior Change – Measuring the real-world impact of awareness initiatives and ensuring programs actually improve security behavior.
If you want the week’s biggest cyber stories distilled into actionable insights—with a side of human behaviour and tech nostalgia—this episode has it all.
🕒 Timestamps00:00:00 Intro: SANS Security Awareness Summit
00:02:54 Summit Insights: Keynote Takeaways
00:05:54 Why Security Awareness Training Matters
00:07:56 Cybersecurity News: Latest Vulnerabilities & Scams
00:11:56 Browser Security & Ad Blockers
00:15:54 Scams Targeting Car Finance Payouts
00:18:48 Critical Password Vault Vulnerabilities
00:19:52 Cyber Attack Hits French Telecom
00:22:03 Wrap-Up: Final Thoughts
00:22:38 Ransomware: Escalating Threats
00:24:48 The St. Paul Cyber Attack Explained
00:27:56 Common Password Security Myths
00:35:22 Cyber Awareness & Education Strategies
00:38:13 AOL Dial-Up Service Retires
00:42:04 Scam Calendar Invitations: How They Work
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from privacy holes in the UK’s Online Safety Act to deepfake diet scams and a ransomware payout denied over missing MFA. It’s a mix of policy, people, and pure cyber weirdness you won’t want to miss.
🇬🇧 UK Online Safety Act – New age verification rules put privacy on the line, with overseas firms handling sensitive data, no clear safeguards, and easy VPN workarounds.
🖥️ Microsoft Recall Risks – Despite Microsoft’s reassurances, Recall can still capture passwords, credit card details, and private chats—data that’s stored locally and vulnerable if your device is compromised.
💰 Hamilton’s Insurance Nightmare – A ransomware recovery claim denied because the city hadn’t implemented MFA as required by their cyber policy.
🛡️ Proton Authenticator Launch – Free, privacy-first 2FA app with encryption, cross-device sync, and no ads or tracking.
🛍️ Deepfake Diet Scams – Fake online health stores use AI-generated before/after shots and impersonate real dietitians to push unregulated products.
📞 Google Salesforce Breach – Voice phishing used to gain CRM access, proving social engineering still outpaces many technical controls.
🎧 Pandora Data Breach – Third-party platform compromise exposed customer names and emails—possible link to ShinyHunters.
📱 WhatsApp Scam Takedowns – 6.8M accounts shut down in six months, many tied to organised crime networks in Southeast Asia.
🖥️ Old Tech Risks – From Windows Server 2003 to WEP Wi-Fi, outdated systems are still in active use, posing massive security risks.
📧 Reply-All Apocalypse – The 2016 NHS mass email storm shows how human error can grind operations to a halt.
🕵️♂️ North Korean IT Workers – Thousands of covert contractors using fake IDs to funnel foreign pay back to the DPRK regime.
💬 Community & Social Reactions – From phishing test backlash to TikTok debates, we dive into what people are really saying about security awareness.
If you want the week’s big cyber stories distilled into practical takeaways—with a side of eyebrow-raising human behaviour—this one’s got it all.
🕒 Timestamps
00:00:00 – Intro & studio update
00:03:08 – VPN chaos & Online Safety Act
00:06:05 – Labour’s VPN warning
00:08:57 – Sims beat facial recognition
00:11:10 – Spotify’s age checks
00:12:42 – Funny VPN reel
00:16:08 – YouTube uses AI to guess age
00:17:16 – Google AI search shake-up
00:21:10 – Lovense email leak
00:23:31 – Copilot Mode & privacy
00:27:05 – Allianz breach
00:29:28 – St. Paul ransomware
00:32:53 – NASCAR ransom
00:35:31 – Orange France hack
00:36:42 – QR code TikTok goes viral
00:39:47 – Copilot Vision backlash
00:42:19 – CybSafe SebDB 4.0
00:44:42 – Free maturity model tool
00:48:58 – SANS Summit preview
00:52:53 – Shoutout to Dan Connolly
00:55:08 – Phishing test horror story
01:01:09 – Bin chaos = bad UX
01:04:40 – Bird audio encryption
01:08:58 – Fable Security debut
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew untangle the week’s biggest cybersecurity themes—from silent data breaches to AI tool mishaps and the slow-moving train of regulatory change. Whether it’s government policies, scam trends, or workplace surveillance, this episode covers the tensions between safety, privacy, and the real-world consequences of overlooked vulnerabilities.🔞 The UK Online Safety Act & Age Verification – Luke breaks down the new age checks for adult content in the UK. Will they work? Will people just use VPNs? We explore the privacy trade-offs, the rise in demand for incognito browsing, and what the law might mean for future content regulation.📈 VPN Usage Spikes – Anthony talks about the broader privacy impact, including a 30% spike in VPN signups, especially among iPhone users. Is this privacy-conscious behaviour—or just workarounds?🚗 Digital Surveillance Creep – From employer device monitoring to always-on productivity tools, we dive into how digital surveillance is quietly creeping into the workplace and public life—and how it's being normalised.🏁 NASCAR & Allianz Breaches – Luke highlights recent major data breaches in both the finance and sports sectors. Allianz Life’s 12-million user exposure shows just how fragile enterprise security postures can be, while NASCAR joins a growing list of entertainment brands hit by attackers.🧠 Phishing Tests Reconsidered – Are traditional phishing tests actually backfiring? We debate whether they build resilience or just resentment—and how security teams can rethink the human risk approach.🖥️ Microsoft Copilot Mode & Surveillance Concerns – Anthony explains how Microsoft’s “Copilot Vision” could log user activity in the name of productivity. We discuss where the line is between helpful automation and invasive oversight.📜 GDPR vs AI Regulation – The conversation shifts to Europe’s privacy regulation legacy. We compare GDPR’s maturity to newer AI regulations and ask whether privacy is still being prioritised as new tech emerges.🧑🎓 Youth & Cyber Literacy – What are schools actually teaching about cybersecurity and digital literacy? We explore the lack of early education on scams, security, and safe digital habits—and why that matters for the next generation.Whether you’re leading security comms, shaping policy, or just trying to stay one step ahead of the next privacy headache—this episode packs practical insights, candid takes, and a few unexpected side quests.
🕒 Timestamps00:00:00 – Intro & studio update
00:03:08 – VPN chaos & Online Safety Act
00:06:05 – Labour’s VPN warning
00:08:57 – Sims beat facial recognition
00:11:10 – Spotify’s age checks
00:12:42 – Funny VPN reel
00:16:08 – YouTube uses AI to guess age
00:17:16 – Google AI search shake-up
00:21:10 – Lovense email leak
00:23:31 – Copilot Mode & privacy
00:27:05 – Allianz breach
00:29:28 – St. Paul ransomware
00:32:53 – NASCAR ransom
00:35:31 – Orange France hack
00:36:42 – QR code TikTok goes viral
00:39:47 – Copilot Vision backlash
00:42:19 – CybSafe SebDB 4.0
00:44:42 – Free maturity model tool
00:48:58 – SANS Summit preview
00:52:53 – Shoutout to Dan Connolly
00:55:08 – Phishing test horror story
01:01:09 – Bin chaos = bad UX
01:04:40 – Bird audio encryption
01:08:58 – Fable Security debut
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle: Interviews, Anthony is joined by Harley Sugarman, co-founder of Anagram Security, a company taking a fresh, no-nonsense approach to security awareness. Think short, sharp challenges, real behaviour change, and zero tolerance for checkbox compliance.
We talk about why so much training still misses the mark—and how Harley’s background (which involves a surprising early career twist we won’t spoil here) helps him see awareness through a very different lens.
🧯 Smoke, Mirrors & Metrics – “Most training is built to satisfy auditors, not change behaviour.”
📉 Bad Metrics, Bad Decisions – “Completion rates aren’t proof of learning. They’re proof someone clicked play.”
🧠 Nudges, Not Magic – Nudges are useful, but they’re not the main event—and people can smell the white noise.
🧍 Stop Calling People ‘Risks’ – “You can’t build trust while labelling people as the problem.”
📚 The Anagram Origin Story – From puzzle-based security training to bite-sized interactive learning—why they’re doing it differently.
🤖 The AI Bit – Why most “AI-powered training” isn’t as clever as it sounds, and what actually works.
🎩 The Secret Ingredient – Let’s just say Harley’s old job involved a bit of sleight of hand—and it explains a lot about how he thinks about engagement.
If you’re tired of awareness that ticks boxes but changes nothing, this one’s packed with ideas, honesty, and a few good laughs.
The Awareness Angle: Interviews is our ongoing series of honest, practical conversations with the people reshaping how we think about human risk, behaviour change, and learning that actually works.
🕒 Timestamps
00:00 Intro: Why Security Awareness Still Matters
00:35 How Awareness Training Has Evolved
03:52 Measuring Success: Metrics That Miss the Mark
09:58 Human Risk: What Are We Really Solving For?
15:34 Where AI Fits in Security Awareness
19:11 People Over Systems: A Needed Mindset Shift
25:05 Smarter, Fresher Training Approaches
30:41 What’s Next for Awareness Programs?
32:16 Compliance Isn’t Awareness (But It’s Changing)
34:54 Anagram’s Shift from Training to True Awareness
39:04 Standing Out in a Crowded Awareness Market
40:51 Reframing Human Risk Management
45:27 Real Change Requires behavioural Shifts
46:07 Diverse Paths into Security Awareness
50:34 Buzzwords We Need to Ditch
54:09 Human Risk + Communication = The Real Challenge
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dig into everything from dodgy data startups to accidental database wipes by AI tools. Whether it’s passwords, passkeys, or privacy, this episode covers the real-world risks that slip through the cracks of digital life—and what security professionals can learn from them.
🔍 Farnsworth Intelligence & $50 Breach Data – A sketchy startup offers hacked data for pocket change. We unpack the ethical nightmare and what it says about the commodification of stolen info.
🔐 158-Year-Old Business Crushed by a Weak Password – Ransomware took down The Royal Mint’s paper supplier. One reused password triggered a chain reaction of damage.
🧽 Clorox Hit by “Just Asking” – Hackers used basic social engineering to trick staff into sharing passwords. The result? A lawsuit and $49M in damages.
📁 SharePoint Exploits Still Work – Legacy SharePoint systems are being targeted in the wild. We explain why updating your systems is table stakes—not optional.
🧠 Windows 11 Copilot Vision – Microsoft’s AI assistant watches how you work. We look at the privacy implications of system-level activity tracking.
🔑 Passkey Friction & Frustration – They're the future of authentication—but only if users understand them. We break down what’s working, and what’s still broken.
🇬🇧 UK Online Safety Act – New laws now require age verification for adult content in the UK. But what does that mean for privacy and enforcement?
🤖 AI Deletes a Database (Oops) – A dev tool gave one engineer too much power. We talk about guardrails, defaults, and the real risks of AI in production.
👾 Reddit Malware Ads – Malicious ads are sneaking through Reddit’s filters. We discuss the broken reporting flow and why community trust is on the line.
📉 QR Codes That Expire? – Ever scanned a QR code that no longer works? We explain why some codes time out—and what that means for security and UX.
📞 The Netstat Scam – Fake ISP reps use netstat commands to convince victims their connection is “compromised.” Old trick, still effective.
🪪 Fake IDs & Physical Access Risks – It’s not just digital anymore. We explore how low-tech social engineering can breach high-security environments.
🔁 Ring.com Login Confusion – A bug in Ring’s login system left users rattled. It’s a small issue, but a big reminder about user trust and account security.
📣 Bonus: Ant is heading to the SANS Security Awareness Summit in Chicago! Expect livestreams, interviews, and plenty of behind-the-scenes content.
🕒 Timestamps
00:00 Introduction and Overview
02:57 Breach Marketplace: Ethics & Stolen Data
05:53 One Weak Password Crashes 158-Year-Old Firm
09:12 Clorox Breach via Simple Social Engineering
11:57 SharePoint Exploits Still Active in the Wild
15:07 Windows Copilot: Privacy or Overreach?
17:57 Passkeys: Why Users Still Struggle
21:05 UK Age Checks: Safety vs. Privacy
24:01 AI Deletes Database: The Risks of Autopilot
37:44 Replit’s Data Loss Incident
39:11 What Is Vibe Coding?
42:08 Password Management Still a Mess
46:03 Reddit Malware Ads Slip Through
50:11 QR Codes That Expire? UX Meets Security
52:17 Netstat Scam: An Old Trick Returns
55:58 Phishing Emails from Local Councils
01:01:57 Gift Card Scams and Account Takeovers
01:03:23 Fake IDs and Physical Access Risks
01:10:39 Ring.com Login Bug Raises Trust Issues
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle, Anthony Davis and Luke Pettigrew dive into some of the most unexpected and revealing cyber stories of the week. From job offers to gym selfies to your dog’s microchip, this week’s stories prove no part of daily life is off-limits to cyber risk.
📸 Fitness App Photo Leak – A design flaw exposed thousands of users’ near-nude progress pics. We talk about the risks of default sharing settings and poor privacy design.
🐾 Pet Microchip Scams – Fraudsters are now using fake pet registry emails to phish for personal data. Yes, even your dog’s ID is fair game.
🛗 Windows Update Stalls Elevator – An elevator froze mid-floor during a Windows update. Embedded system risks are more common than you think.
📥 Phishing & New Hires – A new study suggests phishing simulations during onboarding may actually make things worse. We break down the nuance.
🤖 AI Prompt Abuse in Gemini – With the right input, scammers can weaponise AI responses. What does this mean for user trust and LLM safeguards?
🧳 Secret Government Breach – A low-profile government breach forced thousands to relocate. We discuss the hidden human cost of high-stakes incidents.
🧬 Reddit’s Selfie-Based Age Check – Reddit quietly rolled out biometric verification. Where do we draw the line between safety and privacy?
👜 Luxury Brands Breached – Another week, another fashion label hit. It’s a reminder that no amount of prestige protects poor security posture.
📞 The Persistence of Tech Support Scams – Fake warnings and rogue pop-ups are still fooling people. Why are they so effective—and what’s missing from awareness?
💬 Security Is Emotional – We close with a reminder: breaches impact people, not just systems. Awareness programs need empathy, feedback, and real-world context to work.
If you’re building awareness programs—or just trying to stay one step ahead—this episode is packed with stories that stick.
🕒 Timestamps
00:00:00 – Intro, newsletter & YouTube plug
00:02:25 – Laurie Steuart interview recap
00:03:34 – Fitify app leaks private user photos
00:09:01 – WeTransfer AI terms backlash
00:14:32 – US National Guard hacked by Salt Typhoon
00:17:42 – Reddit age verification and Online Safety Act
00:25:54 – Pet microchip renewal phishing scam
00:31:33 – Indian police raid tech support scam call centre
00:38:23 – Secret Afghan relocation after data breach
00:44:44 – Louis Vuitton customer data breach
00:48:02 – Keepnet report: new hires more likely to fall for phishing
00:53:20 – Listener email: Boris on scam victim impact
00:58:30 – Chris Stokel-Walker’s anti-phishing placebo post
01:03:03 – Windows update traps user in elevator
01:06:15 – Gemini phishing via AI summary exploit
01:13:09 – Announcement: Ant at SANS Chicago
01:14:06 – Outro and wrap-up
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0
This week on The Awareness Angle Interviews, Anthony chats with Lori Steuart—a cybersecurity marketer with a passion for storytelling, content that resonates, and turning awareness from a box-tick into something people actually care about.
From synthesisers to password managers, from yoga habits to ransomware planning, Lori brings a refreshingly human and honest perspective to what makes security communication land—or fall flat.
🔍 Cutting Through the Noise – Why most awareness content gets ignored, and how to make yours stick.
📖 Storytelling, Synths & Security – Lori shares how emotion and context help make complex topics relatable—even when they’re technical.
📣 Content People Want to Read – We talk about why trust beats fear, how to avoid “AI ick,” and why marketing is more about the reader than the writer.
🧠 Security as a Habit – What secure behaviours have in common with piano practice, bike training, and building any real muscle?
👀 Risk in Unexpected Places – Why marketing teams may be one of the riskiest parts of your org—and how to secure them without sounding like the fun police.
🛠️ From Small Teams to Strong Culture – Whether you’re a team of one or ten, Lori offers practical ways to build trust, reinforce secure habits, and communicate clearly (even on bad news days).
💬 A Thousand Seconds a Day – How small nudges and daily context can shape long-term behaviour, without resorting to doom and gloom.
If you’re looking to make your security messages more human, memorable, and effective, this one’s packed with perspective, laughs, and plenty of practical takeaways.
The Awareness Angle: Interviews is our series of real, candid conversations with the people reshaping security culture from the inside out, released alongside our regular episodes.
🕒 Timestamps
00:00 Introduction and Setting the Stage
03:00 Exploring Cybersecurity Marketing
05:59 The Importance of Authentic Content
08:58 Understanding Demand in Marketing
12:04 The Challenge of Awareness in Cybersecurity
14:56 Building Secure Habits
17:49 The Role of Password Managers
21:01 Ransomware Concerns for Small Businesses
23:56 The Impact of Ransomware on Operations
27:00 Storytelling in Marketing
29:56 Conclusion and Key Takeaways
34:51 Sensing the Unseen: The Art of Repair
36:52 Emotional Intelligence in Cybersecurity
38:54 Building Habits: The Power of Small Steps
40:55 Nudge Theory: Subtle Influences in Cybersecurity Awareness
42:22 Collaborative Content Creation: The Workshop Approach
44:23 The Importance of Feedback in Communication
48:59 AI in Content Creation: A Double-Edged Sword
53:37 Standing Out in a Crowded Market
56:41 Creating Trust Through Positive Engagement
01:02:58 Cross-Department Collaboration for Better Outcomes
📩 For links, videos, and the newsletter – head to riskycreative.com
💬 Check Out This Episode's Discussion Points
📧 hello@riskycreative.com
🔗 riskycreative.com
🎵 Our Intro & Outro Song (© 16! by falling forever)
License: https://creativecommons.org/licenses/by/4.0