Every year, companies spend billions on security awareness training — yet the breaches keep coming. Why? Because most of it doesn’t work.

In The Brief with Charles Denyer, Episode 20: “The Great Security Awareness Training Scam: How a Billion-Dollar Industry Is Failing to Protect You,” Charles exposes the truth behind the glossy videos, generic PowerPoints, and annual compliance courses that give executives comfort but leave organizations defenseless.

You’ll hear why the once-a-year “click next to continue” model is a dangerous illusion — and how attackers exploit the exact human behaviors these programs fail to change. Through real-world stories, psychological insights, and hard-hitting analysis, Charles reveals how to replace outdated, performative training with continuous, micro-based, real-world learning that actually works.

This isn’t just another cybersecurity talk — it’s a wake-up call for every organization still treating awareness as an obligation instead of a weapon.

Because the next breach won’t come from a firewall failure — it’ll come from a click, a habit, or a moment of misplaced trust that your training didn’t fix.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

Pen Testing Is a Lie: Why Most Tests Are Fluff and What Really Matters in the Cloud

| EP 19

Podcast Episode Description: Every company says they’ve done a pen test — but what if most of them mean absolutely nothing: In The Brief with Charles Denyer, Episode 19: “Pen Testing Is a Lie: Why Most Tests Are Fluff and What Really Matters in the Cloud,” Charles exposes one of cybersecurity’s biggest deceptions — that penetration testing automatically equals protection.

He takes you inside the modern pen-testing industry to reveal how outdated methods, narrow scopes, and automated tools have created a false sense of security. From AWS to Azure, today’s threats don’t target your firewalls — they exploit your configurations, credentials, and APIs hiding in plain sight.

Charles breaks down what real testing looks like in the cloud, why vulnerability scans are not penetration tests, and how companies can evolve toward continuous, intelligence-driven validation that actually strengthens security and compliance.

Whether you’re a CISO, cloud architect, or compliance lead, this episode will challenge everything you think you know about testing, audits, and resilience.

Because the next breach won’t care about your report — only your readiness.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

When a cyberattack hits, it’s not your technology that saves you — it’s your plan. In The Brief with Charles Denyer, Episode 18: “Building a Real-World Incident Response Program for Security & Compliance,” Charles takes listeners inside the chaos of a real breach to reveal how organizations can transform panic into precision.

From the first 30 minutes of a security incident to the final audit report, this episode breaks down the anatomy of a world-class response program — how to identify, contain, eradicate, and recover from an attack with speed and structure. You’ll learn how frameworks like SOC 2, ISO 27001, CMMC, and PCI DSS shape the expectations for readiness, and why documentation and leadership are just as critical as detection tools.

Drawing from decades of consulting experience, Charles exposes the gap between theory and reality — where most “plans” collapse under pressure and where real resilience begins.

Whether you’re a CISO, IT director, or compliance leader, this episode will give you the roadmap to build, test, and prove that your organization can withstand the inevitable.

Because in cybersecurity, it’s not if you’ll be tested — it’s how ready you’ll be when the call comes in.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In the modern workplace, the greatest cybersecurity threat isn’t lurking in some distant data center — it’s sitting right on your desk. In this episode of The Brief with Charles Denyer, Episode 17: “Lock It Down: How to Secure Employee Endpoints,” Charles unpacks the hidden vulnerabilities behind every laptop, phone, and tablet that touches company data.

From the rise of remote work to the explosive growth of ransomware and insider threats, this episode explores how the endpoint became the new frontline of digital warfare. You’ll hear the history of how cybersecurity lost its perimeter, why human behavior remains the weakest link, and how companies can strike a delicate balance between employee privacy and enterprise protection.

Charles also breaks down what it takes to build a truly rock-solid endpoint protection program — from visibility and control to detection, response, and culture. Whether you’re a security professional, business leader, or simply someone trying to stay safe in an increasingly connected world, this episode will challenge how you think about cybersecurity at its most personal level: the device in your own hands.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In episode 16 of The Brief, Charles Denyer delves into one of the most underestimated yet dangerous security threats facing organizations today: rogue USB drives and unauthorized external storage devices. Starting with the haunting story of the 2008 Agent.btz breach, where a single USB drive infected U.S. military networks with devastating consequences, Charles explores how these tiny, everyday tools can bypass even the most sophisticated security systems.

From data theft and intellectual property loss to malware infections and compliance violations, USB drives present a significant risk. Charles takes listeners through real-world cases, including a government contractor’s $10 million breach and an infected USB attack that gave hackers access to a financial firm for nearly a year.

He explains why USB devices remain such a vulnerability, often overlooked, unmonitored, and misunderstood—and offers a clear, actionable defense strategy. Learn how to lock down USB ports, enforce encryption, deploy Data Loss Prevention (DLP) software, and educate your team about the risks.

If you’re still underestimating the threat of rogue USBs, this episode will change your perspective. Protect your organization before it’s too late.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In this powerful episode of The Brief, host Charles Denyer breaks down the modern realities of managing a distributed workforce — and the hidden cybersecurity threats that come with it. How to Build a Remote Work Policy That Actually Works goes beyond productivity tips and virtual meeting etiquette to reveal why most organizations are one weak password or unsecured Wi-Fi connection away from disaster.

Charles opens with a relatable story of a scattered team juggling time zones and technology — then exposes the deeper truth: remote work has expanded the corporate attack surface like never before. From phishing scams and unsecured home routers to data leakage and compliance violations, the risks are real, rising, and often ignored.

You’ll learn the five essential pillars of an effective remote work policy — covering eligibility, data protection, communication standards, performance management, and company culture — along with practical steps to harden your remote environment and protect your people.

Whether you’re a business leader, HR executive, or IT professional, this episode is your blueprint for balancing flexibility with security in a hybrid world.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In this gripping episode of The Brief, host Charles Denyer exposes the terrifying new frontier of digital deception — where artificial intelligence has turned social engineering into a precision weapon. Phishing 2.0: How Social Engineering Is Evolving with AI takes listeners inside the next generation of cyberattacks, where AI clones voices, mimics emails, and manipulates human behavior with chilling accuracy.

Charles opens with a real-world story of a CEO’s voice being cloned by AI to authorize a six-figure transfer — a warning that the line between real and fake has officially disappeared. From deepfake phone calls to AI-generated “trusted” emails, this episode uncovers how attackers now use machine learning to study targets, analyze emotions, and launch hyper-personalized scams that even seasoned professionals fall for.

You’ll also learn the five critical defenses against AI-powered phishing — from AI-driven email detection to zero-trust verification protocols and realistic simulation training that prepares teams for real-world attacks.

In a world where your own voice can be weaponized against you, awareness is no longer optional — it’s your best defense.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In this chilling episode of The Brief, host Charles Denyer exposes the dark underworld of modern ransomware — a billion-dollar global industry run by organized crime syndicates, state-sponsored hackers, and digital mercenaries. The Ransomware Reckoning: How Cybercriminals Are Winning — and What You Can Do About It pulls back the curtain on how these attacks really work, revealing the secrets most people never hear: ransomware-as-a-service platforms with customer support lines, criminal negotiators guiding victims through Bitcoin payments, and attacks that sit dormant for weeks before striking.

Charles dives deep into the hidden economics, psychology, and geopolitics driving today’s ransomware epidemic — from hospitals forced offline to critical infrastructure held hostage by invisible enemies. You’ll also learn the advanced defense tactics that separate victims from survivors: air-gapped backups, network segmentation, threat intelligence, and realistic ransomware drills.

This isn’t just an episode about cybersecurity — it’s a wake-up call for every business leader, IT professional, and everyday listener who lives and works in a connected world. Because in today’s digital battlefield, the question isn’t if you’ll be targeted… it’s when.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 11 of The Brief, Charles Denyer explores one of the most pressing and persistent cybersecurity challenges today: managing remote workforces. As remote work becomes the new normal, the security risks that come with distributed teams—especially third-party contractors and non-company developers, are growing fast. From shadow IT to weak access controls, Charles walks you through the real-world threats, the different types of remote workers you need to watch for, and how to build a security strategy that doesn’t crumble just because someone’s working from their couch.

Subscribe, share, and stay tuned—because the future of security starts with the truth.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 12 of The Brief, Charles Denyer takes a hard look at the one risk that’s been here since the dawn of cybersecurity—and is still the biggest threat today: human behavior.

From phishing emails to accidental data leaks, credential sharing to rogue insiders, the truth is clear: your tech stack may be bulletproof, but your people? Not so much. In this episode, Charles breaks down how attackers exploit human nature, why awareness training isn’t enough, and what it takes to build a modern security culture that works with human behavior instead of pretending it doesn’t exist.

He also introduces a critical fifth segment—Security by Design for Humans—to help leaders rethink how policies, systems, and daily workflows can reduce human error at the source.

Subscribe, share, and stay vigilant. Because the future of security isn’t about avoiding risk—it’s about understanding it.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 10 of The Brief, Charles Denyer challenges the outdated model of annual compliance audits and introduces the transformative power of continuous compliance. With the rapid evolution of cyber threats and regulatory landscapes, relying on periodic checks is no longer sufficient. Continuous compliance, powered by modern Governance, Risk, and Compliance (GRC) tools like Drata, Vanta, and Secureframe, offers real-time monitoring, automated evidence collection, and proactive risk management. This episode delves into how these platforms enable organizations to maintain an always-on compliance posture, ensuring they're always audit-ready and resilient against emerging threats.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• ⁠charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In this episode of The Brief, Charles Denyer dives into a growing security concern: unapproved file sharing tools. Tools like Dropbox, Box, Egnyte—while excellent for personal use and even for collaboration—are increasingly being used by employees to share sensitive company data, often without IT's knowledge or approval. Charles explores the risks these tools pose to your organization's security and compliance, and how unregulated file-sharing is creating chaos within businesses. Tune in to learn why it's more than just a convenience—it's a major vulnerability.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In this episode of The Brief, Charles Denyer dives into one of the most pressing and often overlooked threats facing organizations today: third-party risk. As businesses increasingly rely on external vendors, suppliers, and contractors, the potential threats they introduce are more significant than ever. From supply chain attacks to vulnerabilities introduced by outsourced IT support, the dangers are often silent but deadly. Join Charles as he explores how third-party risks are evolving, why they’re a growing problem, and how you can protect your organization from being compromised through the cracks of your vendor relationships.

Subscribe, share, and stay tuned—because the future of security starts with the truth.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In this episode of The Brief, Charles Denyer dives into one of the most pressing and often overlooked threats facing organizations today: third-party risk. As businesses increasingly rely on external vendors, suppliers, and contractors, the potential threats they introduce are more significant than ever. From supply chain attacks to vulnerabilities introduced by outsourced IT support, the dangers are often silent but deadly. Join Charles as he explores how third-party risks are evolving, why they’re a growing problem, and how you can protect your organization from being compromised through the cracks of your vendor relationships.

Subscribe, share, and stay tuned—because the future of security starts with the truth.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 06 of The Brief, Charles Denyer uncovers a growing cybersecurity reality—silent assessments. These unannounced evaluations of your digital infrastructure are often initiated by customers or partners trying to independently verify your security posture. Without notice or permission, they’re scanning your systems, looking for weaknesses, and drawing conclusions—sometimes before you even know they’re watching. Charles breaks down why it’s happening, what it means for CISOs and compliance leaders, and how you can stay ahead of this new form of digital scrutiny.

Subscribe, share, and stay tuned—because the future of security starts with the truth.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: @charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 05 of The Brief with Charles Denyer, Charles explores a critical, yet often overlooked, compliance risk: Shadow Compliance. This episode delves into the dark side of GRC (Governance, Risk, and Compliance) programs where non-compliant systems, processes, and teams are operating just outside the radar of your formal compliance efforts.

Charles exposes the dangers of blind spots in your GRC program and offers strategic insights to detect and address shadow compliance. You'll learn why ungoverned processes can be even more dangerous than missed audit findings and how to create a compliance culture that brings everything into the light.

This episode is crucial for compliance officers, risk managers, and anyone leading or advising on governance, risk, and compliance. If you’re looking to prevent hidden vulnerabilities and create a truly secure, compliant organization, listen in.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: /charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime to Charles at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 04 of The Brief with Charles Denyer, Charles calls out one of the most dangerous blind spots in modern organizations: leadership. While technical teams wrestle with frameworks and controls, executives and boards often operate with a dangerously incomplete view of compliance and security. The result? Breaches that were “technically compliant,” risk reports no one understands, and strategies built on paper-thin assumptions.

This episode is a wake-up call for leadership. Charles outlines the five critical questions every board and executive team should be asking — not just to survive audits, but to prevent real-world failures. He breaks down how responsibility must extend beyond the CISO, and why security cannot be siloed within IT. With sharp insights and real-world examples, Charles shows how cultural and structural shifts at the top can make or break your organization’s risk posture.

If you're an executive, board member, or security leader trying to align compliance with business risk, this is the episode you can’t afford to miss.

Because when leadership is blind, the entire organization is at risk. Listen in, and learn how to lead with clarity, accountability, and action. Subscribe now and start changing the way your board talks about compliance.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: /charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime to Charles at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

In Episode 03 of The Brief with Charles Denyer, Charles shifts the conversation from critique to action, revealing how to rebuild a broken compliance program from the ground up. After exposing the harsh truth in earlier episodes—that most compliance efforts are little more than performance—Charles now delivers a practical, no-nonsense blueprint for making compliance real.

This episode breaks down four essential steps every organization must take: auditing past audits to uncover blind spots, replacing outdated evidence collection with real-time enforcement, implementing automated visibility into compliance posture, and building a culture where every employee understands and owns their role in security.

Packed with tactical advice, and hard-earned lessons from the field, Charles challenges listeners to stop confusing documentation with protection and start building systems that actually reduce risk. Whether you’re a CISO, compliance lead, or business leader tired of check-the-box audits, this episode gives you the tools—and the mindset—to turn things around.

If you’re ready to move past the illusion and finally build a compliance program that holds up under pressure, this is your starting point.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: /charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime to Charles at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

You’ve got the policies. You’ve passed the audits. On paper, your compliance program checks all the boxes. But is it actually keeping your business secure—or just putting on a good show?

In Episode 02 of The Brief with Charles Denyer, Charles Denyer pulls back the curtain on the illusion of “compliance success.” He explains why most programs are designed to impress auditors—not protect against real-world risks—and how this mindset leaves organizations exposed.

Charles breaks down five defining traits of truly effective compliance programs: continuous, technical, cross-functional, transparent, and respected. Through real-world examples and actionable tips, he shows how to shift from checkbox compliance to a living, breathing risk management system integrated into your daily operations.

If you're ready to move beyond performative policies and build a compliance program that actually works under pressure, this episode is your starting point.

The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at:

• charlesdenyer.com

• Instagram: @denyer.charles

• Facebook: /charles.denyer

Questions/Topics/Advertising:

Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime to Charles at info@charlesdenyer.com

Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

The Brief with Charles Denyer is your guide to cybersecurity, AI, compliance, risk, and data privacy. Each week, Charles brings sharp insights and practical strategies to help you reduce risk, cut costs, and protect what matters most. From regulatory chaos to AI uncertainty, Charles breaks down the issues leaders face today — with real answers and real solutions.

Listen on Apple, Spotify & more.
Learn more: charlesdenyer.com
Contact: info@charlesdenyer.com