Bare Metal Cyber

This episode walks through the Certified Information Systems Auditor (CISA) certification in clear, beginner-friendly language, focusing on what it really means to think like an IT auditor. You will hear how CISA frames technology in terms of controls, evidence, and risk, and why that perspective matters if you want to move closer to audit, governance, or technology risk roles. The narration is based on my Monday “Certifie...

This is your weekly cyber news roll-up for the week ending December 5th, 2025. Holiday shopping dominates the threat landscape, with industrial scale fake Christmas and Cyber Monday stores siphoning card data while a massive breach at Korean retail giant Coupang exposes tens of millions of shoppers. At the same time, attackers are burrowing into the software factory, from exposed secrets in cloud code repositories and mali...

Excel is great for many things — but it is not a governance, risk, and compliance (GRC) platform. In this Cyber Talk developed by BareMetalCyber.com, Dr. Jason Edwards sits down with Dean Charlton, Managing Director of DC CyberTech, to unpack why even the most well-intentioned GRC programs stall out when they live in spreadsheets.

Dean walks through the real-world pain points of “Excel-driven” GRC, from version chaos and ma...

In this episode, we pull back the curtain on Shadow SaaS—the hidden world of unsanctioned apps quietly multiplying across the enterprise. You’ll learn how a single “Sign in with Google” click can spawn a durable, invisible connection, why OAuth tokens never seem to die, and how browser extensions and plug-ins form entire shadow ecosystems. We trace the blast radius from data leaks to compliance failures, and show how disco...

This narrated Insight walks through the Cyber Kill Chain (CKC) and broader cyber attack lifecycle models as practical tools for real-world defenders. You’ll hear how CKC breaks an intrusion into recognizable stages, from reconnaissance to actions on objectives, and how that gives analysts and engineers a common storyline for messy, real-world incidents. The audio stays vendor-neutral and plain-language, focusing on how to ...

Step into the world of CompTIA Security+ (Security+) with this narrated guide designed for early-career technologists and career-changers. This episode explains what Security+ actually covers, who it is really for, and why so many entry-level security and IT roles call it out by name. You will hear how the exam objectives translate into real skills around threats, defenses, secure design, and day-to-day operations, all in ...

This is your weekly cyber news roll-up for the week ending November 27th, 2025. This week revolves around quiet dependencies turning into loud problems, from abandoned calendar links that can be hijacked to analytics and customer platforms leaking sensitive context. You will hear about a breach at an OpenAI analytics vendor that exposes who is building on artificial intelligence, A I, projects and a ransomware hit on Asahi...

In this episode, we uncover the reality of “Zero Trust theater”—where organizations invest in flashy front gates like MFA prompts, dashboards, and vendor logos while leaving the walls behind them flimsy and unprotected. Listeners will learn how these illusions are built, where attackers push through the cardboard, and the specific tactics adversaries use to bypass props. From consent phishing and token replay to legacy car...

This is your weekly cyber news roll-up for the week ending November 21st, 2025. We track a crippling cyberattack on a major automaker that shut factories and erased hundreds of millions in profit. We also follow a suspected China aligned espionage group that turned an artificial intelligence, A I, coding agent into an automated intrusion assistant. Fresh consumer and supporter data breaches, including a social engineering ...

Don’t wait to learn the fire drill while the building’s on fire. In this Cyber Talk developed by BareMetalCyber.com, Army veteran and cyber resilience strategist Daniel Hammond shows how to move past check-the-box drills and turn exercises into a core learning culture. He walks through goal-driven planning (so every exercise serves a sponsor’s real need), the HSEEP spectrum from seminars and workshops to tabletops, drills,...

In this episode, we cut through the alphabet soup of cybersecurity—EDR, NDR, XDR, MDR, and even the tongue-in-cheek WTF-DR. You’ll learn what each of these acronyms really means, how they differ, and where they overlap. More importantly, you’ll gain clarity on how they fit together in practice, why no single tool is enough, and how to build a layered defense without wasting budget on hype. Through clear explanations and vi...

This is your weekly cyber news roll-up for the week ending November 14th, 2025. This week centers on phones, clouds, and core identity systems under pressure from well funded attackers who prefer to move quietly. You will hear how new spyware campaigns abuse Samsung devices and WhatsApp features, while hotel and travel scams blend real booking details with fresh malware delivery. The episode also walks through developer an...

In this episode, we explore phishing as a rigged arena where attackers decide the rules and employees become the unwilling contestants. You’ll learn how phishing has evolved from clumsy spam into precision-engineered deception powered by AI, reverse proxies, and multi-channel choreography. We unpack the psychology that adversaries exploit—urgency, authority, and scarcity—and show how identity protections, layered defenses,...

This is this week’s cyber news for November third through November seventh, twenty twenty-five. The week unfolded with relentless attacks on edge infrastructure, high-stakes data breaches, and fresh discoveries in global espionage campaigns. Cisco faced active exploitation of its Secure Firewalls and routers, SonicWall confirmed a state-backed backup theft, and Conduent revealed exposure of over ten million personal record...

In this episode, The Cult of the Dashboard: Vanity Metrics Anonymous, we expose the seductive world of flashy dashboards and meaningless numbers. Listeners will learn why organizations cling to vanity metrics, how executive reports can hide more than they reveal, and what truly matters when measuring security. From the psychological pull of green stoplights to the perverse incentives that reward compliance theater, the dis...

This is this week’s cyber news for October 27th through October 31st, 2025. The week opens with trusted update lanes under attack and an emergency fix to protect enterprise patching. A zero day in Oracle E-Business Suite put finance and supply-chain records at risk, while a fresh B I N D issue threatened cache poisoning across hundreds of thousands of resolvers. A live Chrome exploit tied to a surveillance vendor kept risk...

In this episode of Bare Metal Cyber, we break down the monthly ritual every security team knows too well: Patch Tuesday. You’ll learn why the very act of publishing a patch creates a roadmap for attackers, how exploits move from proof-of-concept to widespread weaponization in a matter of hours, and why so many organizations struggle with the dreaded “patch gap.” We’ll also explore the speed advantage of adversaries, the re...

This is the Friday Rollup for October twentieth through October twenty-fourth, twenty twenty-five. A turbulent week put resilience and identity under the microscope: a broad Amazon Web Services disruption rippled through logins and checkouts, while a Windows change broke authentication on cloned machines with duplicate S I Ds. We saw active exploitation against Oracle E-Business Suite, critical flaws in T P-Link Omada and ...

In this episode, we unpack why the popular slogan “don’t paste {Sensitive Thing} into {Cool Bot}” has become the lazy default for GenAI policy—and why it fails. Listeners will learn how vague rules fuel shadow AI, create inconsistent behavior, and ultimately increase risk rather than reduce it. We explore how to replace empty slogans with real frameworks: data tier maps, risk-based tool catalogs, guardrails that operate in...