The cybersecurity market is saturated with "AI washing," forcing CISOs to rigorously vet vendors promising "autonomous" capabilities that often lack genuine intelligence. This episode provides a battle-tested framework for demanding proof over promises, revealing critical technical red flags like claims of zero hallucinations or a lack of essential data residency guarantees. Learn how to avoid creating new liability and instead achieve measurable ROI, such as an average 80% reduction in false positive alert volume, by focusing on analyst augmentation over replacement.
https://cisomarketplace.com/blog/cisos-guide-ai-security-vendor-evaluation
 
Sponsors: 
www.cisomarketplace.com
www.cisomarketplace.services
 

This episode explores the alarming trend of catastrophic, back-to-back outages in late 2025, including the AWS DNS failure, Microsoft’s Azure Front Door configuration cascade, and the Cloudflare collapse, all caused by configuration errors in highly concentrated edge services. We analyze how a single error in one cloud region can create a dependency avalanche that paralyzes thousands of third-party services across finance, healthcare, education, and transportation globally. Finally, we discuss why cloud providers must be classified and regulated as critical infrastructure and detail the urgent steps security leaders must take to implement multi-cloud resilience and manage systemic risk.
https://breached.company/when-markets-overheat-the-suspiciously-timed-cme-cooling-failure-that-halted-silvers-historic-breakout
https://www.securitycareers.help/the-cisos-nightmare-trifecta-when-data-centers-vendor-risk-management-and-insider-threats-collide
https://www.securitycareers.help/the-ai-data-center-gold-rush-when-1-trillion-in-investments-meets-community-resistance/?ref=breached.compan
https://breached.company/when-the-cloud-falls-third-party-dependencies-and-the-new-definition-of-critical-infrastructure
https://breached.company/microsofts-azure-front-door-outage-how-a-configuration-error-cascaded-into-global-service-disruption
https://breached.company/when-cloudflare-sneezes-half-the-internet-catches-a-cold-the-november-2025-outage-and-the-critical-need-for-third-party-risk-management
Sponsors:www.breached.company
www.compliancehub.wiki
www.cisomarketplace.com
 

Australia is implementing the world's first nationwide age restriction—commonly called a "ban"—on social media access for users under 16, with full enforcement beginning on December 10, 2025. This controversial law is facing a constitutional challenge in the High Court, led by teenagers who argue the restriction violates the implied freedom of political communication and forces platforms to deploy invasive, inaccurate age verification technologies that threaten the privacy of all Australians. We explore the government's rationale regarding mental health protection against warnings from critics that the rushed ban isolates vulnerable youth, drives them toward less regulated corners of the internet, and serves as a blueprint for global surveillance infrastructure.
https://www.myprivacy.blog/breaking-high-court-challenge-threatens-australias-world-first-social-media-ban
https://www.compliancehub.wiki/eu-chat-control-passes-committee-on-november-26-2025-voluntary-surveillance-mandatory-age-verification-and-the-political-deception-that-got-it-through
https://www.compliancehub.wiki/european-parliament-votes-for-age-limits-on-social-media-the-push-for-real-age-verification-through-digital-wallets
 
Sponsorswww.compliancehub.wiki
www.myprivacy.blog 

The cybersecurity landscape continues to evolve, demonstrating worrying trends as rapidly advancing Generative AI capabilities enable sophisticated attacker tactics, making phishing attempts much more targeted and customized. This episode explores how pervasive digital dark patterns leverage consumer cognitive biases, tricking users into sharing personal information and navigating manipulative interfaces, like pre-selected consent checkboxes, for corporate gain. Ultimately, this manipulation sustains the "consumer privacy paradox," where individuals who intellectually value security readily compromise their data for immediate convenience or functionality.
 
Sponsors:
www.cisomarketplace.com
www.scamwatchhq.com
 
Merch - 25% off Black Friday
securitybydesignshop.etsy.com 
 

Smart devices like Amazon's Alexa and modern smart TVs are perpetually monitoring domestic life, utilizing technologies such as Automatic Content Recognition (ACR) to harvest viewing habits and inadvertently recording private conversations through frequent, long-duration misactivations. These recorded interactions are sent to the cloud for training sophisticated AI systems through human review, a mandatory data collection process that companies are reinforcing by eliminating user privacy options, such as Amazon discontinuing the "Do not send voice recordings" feature. We explore how this pervasive data harvesting fuels targeted advertising and investigate the technical lengths users must go to—such as deploying network-level ad blockers like PiHole or building local, internet-free systems like Home Assistant—to regain privacy.
 
Sponsors:
www.secureiot.house
www.secureiotoffice.world
www.cisomarketplace.com 
 
Merch - 25% off Black Friday
securitybydesignshop.etsy.com

Threat actors are exploiting human psychology using sophisticated techniques like AI-powered deepfakes and emotional manipulation to bypass traditional security defenses. This episode explores how nonprofits and consumer organizations are increasingly targeted by highly effective scams, including CEO impersonation fraud, Business Email Compromise (BEC), and fraudulent social media donation requests. We break down the new threat landscape, highlighting why effective countermeasures require comprehensive security awareness training and strong organizational policies to combat the persuasive principles of Liking, Authority, and Scarcity.
 
Sponsors:www.cisomarketplace.com
www.scamwatchhq.com
 
Merch - 25% off Black Friday
securitybydesignshop.etsy.com
 

We dive into the most financially devastating threats of 2025, revealing how ransomware, which accounted for 76% of incurred losses in one portfolio, and vendor breaches continue to drive significant financial damage. The discussion explores how AI is turbocharging social engineering and credential stuffing (which caused a 250% increase in Account Takeover attacks in 202), enabling threat actors like Scattered Spider to "log in" using valid credentials rather than breaking in. We break down critical defenses—from Multi-Factor Authentication (MFA) to tokenization—and examine how everyday human mistakes, like pasting production credentials into random online formatting tools, create massive enterprise risk.
 
Sponsors:www.cisomarketplace.com
www.scamwatchhq.com
 
Merch - 25% off Black Friday
securitybydesignshop.etsy.com
 
 

This podcast dissects adversary tactics, techniques, and procedures (TTPs), focusing on how attackers leverage social engineering and human psychological weaknesses like fear and trust to gain unauthorized access. We explore the proactive strategies of Red Teaming and Breach and Attack Simulation (BAS), which use the MITRE ATT&CK framework to emulate real-world attacks and test defensive capabilities. Tune in to understand the critical security metrics—like Mean Time to Detect (MTTD), Mean Time to Resolve (MTTR), and Reporting Rate—that quantify security program success and resilience against modern threats.
 
Sponsors:
www.cisomarketplace.services
securitybydesignshop.etsy.com - 25% off Black Friday Sale