The Cyber Threat Perspective

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/bb/b1/d1/bbb1d198-b57b-b9d3-8b1b-c6d0b7aa9356/mza_6262877414617383753.jpg/600x600bb.jpg

The Cyber Threat Perspective

SecurIT360

191 episodes

11 hours ago

In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht...

Show more...

All content for The Cyber Threat Perspective is the property of SecurIT360 and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht...

Show more...

Episodes (20/191)

The Cyber Threat Perspective

Episode 155: How We Use AI Offensively

In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht...

6 days ago

37 minutes

The Cyber Threat Perspective

Episode 154: Pentesting on a Budget for IT Admins

This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect their environments. All tools, checklists, guides and resources can be found here: https://go.spenceralessi.com/budget Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on s...

1 week ago

25 minutes

The Cyber Threat Perspective

Episode 153: How to Prove Your Security Works Before Attackers Do

In this episode, we dig into how to move from “we think we’re secure” to “we can prove it.” We’ll lay out a practical loop for validating controls, gathering evidence, and tracking results that leadership understands. If you’ve ever wondered how to demonstrate security value beyond dashboards and audits, this is your playbook. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://g...

2 weeks ago

33 minutes

The Cyber Threat Perspective

(replay) Common Pentest Findings That Shouldn't Exist in 2025

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday. Blog: https://offsec.blog/ You...

3 weeks ago

27 minutes

The Cyber Threat Perspective

Episode 152: What is Offensive Security?

In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it’s not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. We’ll break down what each of these means, how they’re different, and how we do things at SecurIT360. By the end, you’ll have a clearer picture of how offensive security fits into a bigger securi...

1 month ago

43 minutes

The Cyber Threat Perspective

Episode 151: Tool Time - PingCastle for Defenders

In this episode, we’re digging into a super awesome Active Directory security tool called PingCastle. We’ll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why. 👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here. Blog: https://offsec.blog/ Youtube: https://www....

1 month ago

42 minutes

The Cyber Threat Perspective

Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend

https://offsec.blog/budget In this episode, we’re tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentest, file the report away, and move on without leveraging it for strategic value. We’ll break down how to translate findings into business language, influence leadership, and turn vulnerabilities into funding for better defenses. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreat...

1 month ago

30 minutes

The Cyber Threat Perspective

Episode 149: Building a Security Stack That Works A Practitioner’s Perspective

In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into the balance between technical defenses and business-driven risk management, from budgeting and vendor selection to measuring success and preparing for emerging threats. Whether you’re a hands-on practitioner or a security leader, you’ll walk away with p...

1 month ago

36 minutes

The Cyber Threat Perspective

Episode 148: Securing Windows: Common Misconfigurations That Give Attackers The Advantage

This is the webinar I gave in August 2025 on the topic of common Windows misconfigurations I see during internal pentests. Make sure you grab your free gifts! https://securit360.com/free-gifts https://links.spenceralessi.com/creds https://go.spenceralessi.com/windows-slides Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://secur...

2 months ago

54 minutes

The Cyber Threat Perspective

Episode 147: When to Accept the Risk

In this episode, we’re digging into one of the most overlooked parts of a penetration test, when it actually makes sense to not fix a finding. Not every vulnerability deserves equal treatment, and sometimes accepting the risk is the most mature decision a business can make. We’ll cover how to recognize those situations, avoid common pitfalls, and document your choices so they stand up to scrutiny. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter:...

2 months ago

39 minutes

The Cyber Threat Perspective

Episode 146: What Are the Security Implications of AI?

In this episode of The Cyber Threat Perspective, we’re exploring the broader security implications of artificial intelligence. AI is transforming everything—from how we defend our networks to how attackers exploit them. We’ll break down the risks, the opportunities, and what security teams need to be thinking about right now as AI becomes embedded in both our tools and becomes a part of our daily life. Spencer's next webinar 8/28 12pm Eastern Topic: Securing Windows, Common Misconfigurations ...

2 months ago

45 minutes

The Cyber Threat Perspective

Episode 145: What To Do Minute 1 When Incident Response Arrives

In this episode, we're diving into what to do the minute incident response arrives. That first moment matters—a lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help or hinder the investigation. We’ll cover the do’s, don’ts, and common mistakes we see, so you’re ready when the heat is on. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on soci...

2 months ago

33 minutes

The Cyber Threat Perspective

Episode 144: How Cyber Threat Actors Are Using AI

In this episode of The Cyber Threat Perspective, we're diving into one of the most pressing trends in cybersecurity: how threat actors are using AI. From deepfake scams and AI-generated phishing emails to automated malware and voice cloning, attackers are leveraging artificial intelligence to scale their operations and sharpen their tactics. We’ll break down real-world examples, tools like WormGPT, and what this means for defenders going forward. Blog: https://offsec.blog/ Youtube: https://ww...

3 months ago

31 minutes

The Cyber Threat Perspective

Episode 143: Stop Wasting Money on Pentests - Do This First

In this episode, we break down a question that often gets overlooked: When should you not do a penetration test? Not every organization needs a pentest right away, and choosing the wrong assessment can waste time, money, and effort. We’ll walk through the differences between pentests, vulnerability scans, and risk assessments — and when each one is the right move. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer ...

3 months ago

44 minutes

The Cyber Threat Perspective

Episode 142: How Active Directory Certificates Become Active Threats

In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. We’ll break down how AD CS works, how it gets abused, and what defenders need to do to lock it down. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberth...

3 months ago

35 minutes

The Cyber Threat Perspective

Episode 141: Are You Making These Windows Security Mistakes

It’s easy to overlook small misconfigurations on Windows endpoints, but those little mistakes can create big opportunities for attackers. In this episode, we break down the most common Windows security missteps we see in real-world environments, from missing the basics to reused local admin passwords. If you’re a sysadmin, IT admin, or just responsible for keeping Windows machines secure, this one's for you. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ...

3 months ago

30 minutes

The Cyber Threat Perspective

Episode 140: Financial Services Cybersecurity Challenges & How to Address Them - Part 2

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. We’ll break down common attack paths, what makes financial orgs so attractive to threat actors, and most importantly, what IT and security teams can do to stay ahead. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security p...

3 months ago

43 minutes

The Cyber Threat Perspective

Episode 139: Financial Services Cybersecurity Challenges & How to Address Them - Part 1

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the most targeted industries on the planet. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberth...

4 months ago

41 minutes

The Cyber Threat Perspective

(Replay) How We Evade Detection During Internal Pentests

(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general. Resources (Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 ...

4 months ago

40 minutes

The Cyber Threat Perspective

Episode 138: The 7 Questions Every Security Leader Should Ask After a Pentest

In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn’t just about checking a box, it’s an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether you’re a CISO, IT director, or team lead, this episode wil...

4 months ago

42 minutes