Chrome just became the attack surface of the week.

We’re breaking down the latest zero-day exploits, what attackers are doing with them, and how SOC teams can respond before it turns into something bigger. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Healthcare security isn’t just about networks anymore. 

In this episode, we dive into the complex world of connected medical devices, the challenges of securing them, and why organizations need a more holistic approach to cybersecurity.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Your firewall could be the entry point. A critical Cisco FMC zero-day is being used in real-world ransomware attacks, turning security tools into launchpads. 

In this episode, we cover what’s happening, how attackers are exploiting edge devices, and how SOC teams can stay ahead.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Suspected Chinese state-linked hackers breached an FBI surveillance network ... not by breaking through the front door, but through a third-party provider.

In this episode of the #SOCBrief, we break down how the attack happened, why supply chain vulnerabilities are one of the biggest risks facing SOC teams today, and what this means for organizations of all sizes. From compromised vendor access to real-world detection strategies, we’re covering how attackers are exploiting trusted connections, and how you can stay one step ahead.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Qilin is quickly becoming one of the most dominant ransomware groups in the world, and it’s not because of groundbreaking tactics. It’s because of their business model.

In this episode, we break down how Qilin operates as a ransomware-as-a-service group, why affiliates are flocking to them (hint: 80–85% payouts), and how that’s fueling explosive growth across industries worldwide. From real-world attack patterns to how they gain access and evade detection, we’re diving into what makes this group so effective, and why organizations should be paying attention. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode of the #SOCBrief, we break down BugSleep, a new backdoor malware tied to the Iranian threat group MuddyWater, and how it’s being used in targeted spear-phishing campaigns against organizations. 

Learn how the malware works, what indicators SOC teams should watch for, and practical steps to detect and defend against these evolving attacks. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

A massive breach has shaken the telecom world. 

In this episode of the #SOCBrief, we break down the alleged TELUS hack claimed by the ShinyHunters threat group, what data may have been stolen, and why the potential exfiltration of massive datasets could have far-reaching consequences for organizations worldwide. From OAuth tokens and API keys to customer PII and enterprise systems, we explore how attacks like this unfold and what organizations should be on the lookout.

🎧 Tune in now at secureafpodcast.com

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

A.I. conversations are everywhere ... but how can businesses realistically use it today? In this episode of Secure AF, we introduce Vector Pulse A.I. and discuss how A.I. can help organizations automate workflows, improve operational efficiency, and support smarter decision-making. 

We also dive into the growing excitement (and concerns) around A.I., common mistakes companies make when adopting it, and practical advice for leaders looking to explore A.I. responsibly.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Geopolitical tensions are rising ... and cyber threats aren’t far behind. In this episode of the #SOCBrief, we break down the escalating U.S.-Iran conflict, the potential cyber retaliation from Iranian threat actors, and the steps SOC teams can take now to stay ahead of attacks and protect critical systems.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Open-source intelligence (OSINT) isn’t just for threat actors ... it’s a powerful advantage for SOC teams too. In this episode, we break down how publicly available data can help you uncover exposed assets, detect vulnerabilities early, and shrink your attack surface before attackers do.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This episode of the #SOCBrief goes beyond day-to-day cybersecurity news and dives into what SOC success actually looks like from the leadership side. Andrew and CISO Jonathan Kimmitt discuss how SOC teams can communicate risk, create meaningful deliverables, use metrics effectively, and gain leadership buy-in for security decisions.

From risk profiles to reporting and real-world decision making, this episode focuses on turning SOC activity into measurable organizational value. 📊

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

AI can categorize images, analyze logs, and surface patterns faster than any human ever could, but it doesn’t understand context, legality, or nuance. In this episode, we discuss how AI is transforming criminal forensics and SOC investigations while examining the ethical, legal, and operational guardrails that must stay in place. As organizations adopt more AI-driven tools, the real challenge isn’t capability ... it’s maintaining responsible human control. 💻🔍

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

No phishing. No user interaction. Just exposed services and a missing authentication check. In this episode of the #SOCBrief, we dive into the SmarterMail RCE flaw already being exploited in the wild and why mail servers continue to be prime ransomware targets. We cover indicators to hunt for, detection tips, and practical steps SOC teams can take to reduce risk fast. 🛡️

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Attackers are hiding remote access trojans (RATs) inside malicious MSI installers disguised as legit software, and it’s surging in early 2026. We break down how these phishing attacks bypass EDR, what to look for, and how SOC teams can stop them before they turn into full-blown breaches. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Romance scams spike around Valentine’s Day ... and they’re more dangerous than you think. In this episode, we break down how scammers build emotional trust, isolate victims, and turn relationships into financial and emotional traps. Learn the warning signs, the psychology behind the scams, and how to protect yourself and the people you love 💞.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week’s #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted tools, and the patching and hunting steps SOC teams should take immediately.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Ransomware is kicking off 2026 at full speed. We break down the top active groups right now, how they’re getting in, what infrastructure they’re targeting, and the key indicators your SOC should be watching to stay ahead. 🔐⚠️

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Insider threats don’t start with malware ... they start with access. From disgruntled employees to overlooked contractors, this episode breaks down real-world cases, common patterns, and how organizations can better protect what matters most. 🎧🛡️

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

CISA has officially retired 10 emergency directives ... marking real progress for federal cybersecurity 🚀 But for the private sector, these “old” vulnerabilities are still very much in play ⚠️ In this #SOCBrief, we break down what was retired, why it matters, and what your SOC should do next.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Kick off 2026 by hitting reset on your SOC 📊. In this episode of the #SOCBrief, we break down key January priorities, from annual security posture reviews and rule tuning to training refreshers and forward planning, so your team starts the year resilient, aligned, and ready for what’s next. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

When the threat isn’t external, it’s personal. This episode breaks down insider threats and corporate espionage: how trusted access turns into real risk, what warning signs to watch for, and how organizations can protect themselves. 🔐⚠️

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🎙️ In this episode, CISO Jonathan Kimmitt steps in to break down the latest cybersecurity threats impacting organizations during the holiday season and beyond. From ransomware spikes during understaffed weekends to holiday-themed phishing, critical Patch Tuesday vulnerabilities, and emerging AI-powered social engineering, Kimmitt covers what security leaders need to know as we head into 2026.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this special end-of-year SOC Brief, Andrew breaks down the biggest threat-actor and ransomware trends that shaped 2025,  and what cybersecurity teams should be preparing for in 2026. From AI-powered ransomware and supply-chain attacks to the growing blur between nation-state operations and cybercrime, this episode connects the data, the patterns, and the predictions that matter most heading into the new year. ✨

Tune in at secureafpodcast.com to hear what’s evolving, what’s accelerating, and where defenders have a real chance to shift the advantage before 2026 begins.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week’s SOC Brief dives into why the holidays are prime time for cyberattacks 🎄 from surging phishing attempts to sloppy vendor configs, alert fatigue, staffing gaps, and the seasonal spike in ransomware activity. Andrew and Dylan break down what SOCs should be watching for, how to prep, and how to stay covered even when headcount is low. Stay ahead of the threats this holiday season.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🎉🎙️ EPISODE 100 IS LIVE! We’re celebrating 100 episodes of the Secure AF Podcast!

This special edition features CEO Donovan Farrow and CISO Jonathan Kimmitt as they look back on the history of Alias Cybersecurity, the growth of this show, and the journey that brought us here. And we wouldn’t be here without you, the listeners who made this possible. 💜

Additional links:
Seccon information and tickets: https://seccon.com/
Hacker Gift Guide: https://aliascybersecurity.com/blog/2025-ethical-hackers-holiday-gift-guide/

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This episode dives into one of the darkest issues cybersecurity intersects with: stalking. Kimmitt and Peters discuss real cases, modern cyberstalking tactics, privacy failures, the challenges of protective orders, and what victims can do to stay safe. If you've ever wondered how digital footprints turn into real-world danger, or how to protect yourself, this episode is essential. 🛡️

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Get an inside look at how weekly threat-intel briefings really work in a mature security program. 🔍⚡ In this special episode, vCISO Jonathan Kimmitt breaks down how raw intel turns into real risk decisions, what trends are hitting organizations right now, and how SOC teams can brief leadership in a way that actually drives action. Stay sharp, stay informed, and stay secure. 🔐

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

A new zero-day is already under active exploitation. This week’s SOC Brief breaks down the React2Shell vulnerability (CVE-2025-55182), how attackers moved within hours of disclosure, and what SOC teams need to do now to reduce exposure and stay ahead of fast-moving threats. 🔐🚨

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this #SecureAF episode, Tanner and Dylan share real-world IR stories, common attack vectors, SOC fatigue during holiday PTO, and the #1 thing every organization should do before stepping away for the season. If you’ve ever wondered why cyber incidents always seem to hit when everyone is off work, this one explains it. 🎁💻

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode of the #SOCBrief, we dig into how world events can trigger cyber fallout that lands directly on the desks of security teams. From ransomware crews capitalizing on instability to hacktivists launching DDoS attacks and opportunistic actors going after vulnerable sectors, we talk through why geopolitical tension often leads to increased cyber activity. We break down real patterns, recent trends, and the warnings SOCs should be paying attention to right now ... plus practical defensive steps you can take to stay ahead of emerging threats. ⚠️💻

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

📱 This #SecureAF episode covers the everyday questions and concerns people have when they think something unusual is happening with their devices or accounts. Hickman and Peters talk through typical scenarios, common misunderstandings, and the foundational steps that help people regain control of their accounts.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week’s #SOCBrief dives into the FortiWeb zero-day that’s letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lock down configs, audit firewalls, and patch fast. We break down what happened, who’s affected, and how to defend before attackers pivot deeper into your network.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

We’re back with the Hacker Holiday Gift Guide, and this year’s lineup is stacked with RF gadgets, Wi-Fi tools, red-team essentials, and quirky cyber gifts Tanner swears by. Whether you’re shopping for a pentester, a tinkerer, or someone who just loves breaking things (legally), these picks won’t miss. Get ready to level up your holiday shopping.

Read here ➡️ https://aliascybersecurity.com/blog/2025-ethical-hackers-holiday-gift-guide/

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

A new zero-day. 63 flaws. Endless patching chaos. This week’s #SOCBrief breaks down Microsoft’s November Patch Tuesday and what it means for your SOC. We’ll cover the top critical CVEs, patching priorities, and how to keep your systems resilient before attackers strike.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week, we’re digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence is often more effective than technical skill, and what happens when social engineering meets the physical world. 

If you’ve ever wondered how someone can just walk right in and blend into a company they don’t work for… this one’s for you. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🎙️ A new threat is making waves ... Atroposia RAT, a remote access trojan that doesn’t just infiltrate systems but scans them for vulnerabilities to exploit further. In this episode, we break down how this modular malware operates, how it hides, and why its built-in scanner is a game-changer for attackers. Learn the detection cues, patching priorities, and defensive measures SOC teams need to stay ahead.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

“I’m not a robot.” 🤖

Hackers are exploiting fake “I’m not a robot” CAPTCHA pages to deliver malware. Host Andrew Hickman breaks down how this ClickFix attack uses social engineering to steal data and evade detection. Tune in to learn key defense tactics and how to keep your team protected.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week on the #SOCBrief, Andrew breaks down RondoDox, a rapidly growing botnet campaign taking aim at routers, DVRs, and IoT devices worldwide. With over 50 vulnerabilities across 30+ vendors, this “shotgun” exploitation strategy is fueling massive DDoS and crypto-mining attacks.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this week’s #SOCBrief, Hickman and Peters break down Obscura ... a new ransomware variant making waves with aggressive evasion tactics, process terminations, and domain controller targeting. We cover what’s known so far, the risks it poses to businesses, and the key defenses every SOC should prioritize.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

What’s the real difference between a penetration test and a red team engagement, and how can each benefit your SOC? In this episode, Andrew is joined by Tanner, to unpack how pentests uncover vulnerabilities, how red teams stress-test defenders, and why every organization should be leveraging these exercises.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week on #SecureAFPodcast, we’re recapping #SECCON 2025. From the keynote to the villages and everything in between, join us for a look back at the highlights, takeaways, and community moments that made this year’s conference our best yet.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Ransomware is evolving faster than ever, from double extortion tactics to lightning-fast attack chains. In this episode, we break down how these threats work, why every organization is a target, and the layered defenses SOCs can use to detect and stop attacks early. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the risks this poses for browsers, messengers, and crypto wallets, and the proactive defenses SOCs can use to detect and contain these threats before they escalate into larger breaches.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🔎 This episode of The #SOCBrief dives into the world of dark web monitoring in digital forensics and incident response. Learn why leaked credentials are a top threat, how to safely detect exposures, and what steps SOC teams can take to stay proactive.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

💡 This week on The SOC Brief, we’re breaking down incident response (IR) ... why it’s essential, how to build a strong plan, and what SOC teams can do to turn chaos into control. From preparation and containment to recovery and lessons learned, learn how a solid IR strategy saves time, money, and reputation. 

👉 Tune in now at secureafpodcast.com

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Fresh off the chaos of DEF CON 33, Tanner, Hickman, and Will break down the four-day hacker conference, from the eye-opening hacker villages and mind-bending talks to Hickman’s clutch CTF victory and Will’s bold dive into the Social Engineering Community’s Vishing Competition. No sleep, all signal.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode, we break down the emerging Crypto24 ransomware attacks that use living-off-the-land techniques to bypass EDR. We’ll explore how these attacks unfold and the defensive strategies SOCs and organizations can use, like layered security, enhanced monitoring, and rapid response, to stay ahead of evolving threats.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week, we’re unpacking the phishing wave hitting SaaS platforms ... from social engineering to OAuth abuse and AI voice spoofing. Learn why people remain the #1 attack vector and how to stay one step ahead.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

On this episode of the #SOCBrief, we break down attacks on SonicWall firewalls. A wave of ransomware, possibly exploiting zero-day vulnerabilities, is compromising even fully patched systems. Learn how SOCs can respond fast and stay ahead.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week’s SOC Brief unpacks how a misconfigured cloud bucket exposed 72,000+ user images from the Tea app, complete with geolocation metadata and real IDs. From national security risks to doxxing fallout, we break down what went wrong and what your security team must do to avoid the same mistakes.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

A critical zero-day (CVE-2025-53770) is actively targeting on-premises SharePoint servers AND it’s already been used to compromise over 100 organizations. In this #SOCBrief, Andrew and Tanner break down how the exploit works and what steps your team should take now. If your SharePoint instance is public-facing and unpatched ... assume compromise.

🎧 Tune in for insights, mitigation tips, and what to look for in your logs. 

Links: 

• https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
• https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-overview
• https://www.cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this week’s #SOCBrief, we break down why offboarding policies are ABSOLUTELY critical for security teams. Overlooked items from abandoned accounts to old VPN access can leave backdoors wide open. Learn how SOCs monitor, contain, and shut down lingering access, and why communication between HR, IT, and cybersecurity is essential.

🎙️ Tune in. secureafpodcast.com

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🎙️ NEW! Aligned by Design: CISO x Legal

Introducing! A fresh new series that explores the intersection of cybersecurity and legal strategy. Join Alias CISO Jonathan Kimmitt and privacy attorney Tom Vincent as they unpack what happens when technology, compliance, risk, and law collide. 

From real-world experiences to the nuances of the term "breach", these two break down the how, why, and what now? behind every security decision and legal gray area. Whether you're in the trenches of infosec or just trying to keep your data clean, CISO x Legal is your go-to podcast for smarter, sharper, and more aligned security practices.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Hackers just unleashed the largest DDoS attack in history, peaking at 7.3 Tbps and 4.8 billion packets per second. In just 45 seconds, it pummeled its target with the data equivalent of over 9,000 HD movies, a powerful reminder of how far attack capabilities have evolved.

🎧 Tune in to today’s SOC Brief for insights on DDoS attacks and how to up your defenses.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode of The SOC Brief, the team unpacks a critical zero-day vulnerability in Google Chrome (CVE-2025-6554) that’s being actively exploited. Learn how attackers use type confusion bugs to hijack browser memory, what makes this exploit so dangerous, and why it’s targeting high-value organizations. Discover actionable steps for updating Chrome, securing endpoints, and training users to spot phishing attempts before they lead to compromise.

🎧 Tune in and stay prepared.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode, our security engineers break down the latest cybersecurity headlines, from the real scoop behind the “16 billion password” leak to the rise of hacker groups like Scattered Spider. 🕷️

We discuss how attackers bypass MFA, why exploited data keeps resurfacing, and what organizations can do to protect sensitive data. Plus, we dive into industrial control system risks and why basic cybersecurity hygiene matters more than ever. 🛡️

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In this episode of The SOC Brief, Andrew and Dax dive into the world of false positives – those misleading alerts that flood security teams with noise. 

They discuss how misconfigurations, lack of context, and overly sensitive rules can lead to alert fatigue. With practical tips on investigation, tuning tools, and understanding your environment, they highlight how reducing false positives helps analysts stay sharp and focused on real threats ⚠️.

#SOCBrief #FalsePositives #SecureAF

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🔐 New SOC Brief Episode: Tracing the Breadcrumbs

Cybercriminals always leave a trail, if you know where to look. In this episode, we break down Indicators of Compromise (IOCs) and how they help security teams detect and respond to threats faster.

🎯 What we cover:
• Real-world incident reports & proof of concept examples
• Threat actor aliases & ransomware group tactics
• File hashes, EDR tools, and forensic breadcrumbs
• Why “the moment you feel most secure, you’re the most vulnerable”

Whether you're in threat intel, SOC operations, or just passionate about cybersecurity, this one’s for you.

👉 Tune in now!
#CyberSecurity #SOCBrief #ThreatIntel #EDR #IOC #InfoSec #Ransomware #IncidentResponse

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🎙️ New Secure AF Episode: Global Wars: Cyber Strikes Back 🌐⚔️

How does global news shape cybersecurity operations? In this episode, we dig into how real-world events influence the threats we track, the way we respond, and the tools we use for social engineering/pentesting.

🔍 We talk threat intel, evolving attack methods, and what teams should be looking out for right now.

🎧 Tune in and stay Secure AF.

#CyberSecurity #SecureAF #ThreatIntel #Podcast

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🎙️ This Week on the SOC Brief:

Join Andrew and Dax as they dive into the emergence of a new threat actor known as SafePay 🕵️‍♂️💻. They break down the latest tactics, techniques, and procedures observed from this group, offering insights into how organizations can stay vigilant. From detection strategies 🔍 to proactive defense measures 🛡️, this episode is packed with actionable advice for keeping your company secure.

Don’t miss it, tune in now! 🔊🎧

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

🔐 Inside the SOC 🔐

Go behind the scenes with the Alias Security Operations Center (SOC) team to learn how they operate, collaborate, and tackle today’s top cyber threats ⚔️.

Find out why a SOC matters, and how organizations can still leverage SOC insights and support, even without one in-house 💼.

🎧 Tap in and get cyber-smart with the experts.

#CyberSecurity #SOC #ThreatIntel #Podcast

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to 🎙️The SOC Brief 🎙️our byte-sized mini series bringing you weekly updates straight from the Security Operations Center.

In this episode, Andrew, Dax, and Dylan break down what life in the SOC looks like, the rise of malvertising, and the emerging threat known as Recipe Lister, discussing how it’s being tracked.

Tune in for a quick, expert-led look into the latest in cybersecurity. 🔍🔐

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Alias Cybersecurity Jonathan Kimmitt is joined by Chad Kliewer to discuss the exciting CISO Showdown competition between Chief Information Security Officers (CISOs) at BSidesOK. They delve into the history of the showdown, how it works, and highlight significance of the championship belt. Tune in as they share insights and fun facts about this unique event! 
 
Don't miss out! Follow us for more updates, episodes, and all things cybersecurity! 
Instagram: @alias_cybersecurity 
X: https://x.com/cyber_af 
LinkedIn: https://www.linkedin.com/company/aliascybersecurity/

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Alias Cybersecurity CISO Jonathon Kimmitt is joined by Derrac Page to discuss the new changes to the HIPAA security rules being set in place this year. Listen as they go over many of the biggest points raised from the 660+ page guidelines and discuss ways that HIPAA Privacy Officers and HIPAA Security Officers can get ahead of compliance.

Sponsored by Arrow Force, an MSP that puts Security First. https://www.arrowforce.com

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Following BSides Oklahoma where Tanner gave an 8 hour training on the basics of penetration testing, Tanner and Keelan give advice on how to present red team/pen test training... specifically how to make the trainings not suck. Sponsored by AFCyberAcademy.com. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

On this week's Secure AF podcast, Tanner poses a controversial question: is SANS the overpriced dinosaur of cybersecurity training? The answer is not a simple one. Listen in as Tanner and CISO Jonathan Kimmitt go in depth on the pros and cons of different security certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), and more.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

As we step into the new year, it's essential to reinforce our defenses against cyber threats. Join Jonathan Kimmitt and Todd Wedel for part 2 of their discussion of cyberresolutions.

Their list includes: 
- **Data Inventory**: Know your data—what, where, and who has access. Regular audits are a must!
- **Backup Strategies**: Implement air-gapped backups and regularly test their effectiveness.
- **Incident Response Playbooks**: Develop and regularly update clear procedures for handling breaches.
-**And more!**

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

 🚀 Kickstart 2025 with Cybersecurity Resolutions! 🔐 

In our latest podcast episode, Todd and Jonathan discuss crucial strategies for a secure year ahead.

Tune in for more insights and make this year your most secure yet! 🎧✨ #Cybersecurity #AI #Secure2025 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Ready for an IR? You may have controls, policies, and procedures, but how do you know they exist? Are robust? Followed and adhered to? Join Jonathan Kimmitt and Alexandria Hendryx as they discuss what a tabletop is, how to conduct one effectively, and why they matter to your organization to prevent and prepare for the hoped never to appear IR.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Join Jonathan Kimmitt and Todd Wedel as they continue discussing how to practice IR aversion tactics. 'Tis the season for IRs and best practice cybersecurity.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

 'Tis the holiday season! A time for family...and breaches. Want to be cyberprepared to spoil the hacker's celebration? Listen to our 2 part series where Jonathan Kimmitt ensures your festivities are without incident. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Firewalls are an often overlooked or unmanaged part of a network infrastructure. Listen as Andrew Hickman and Keelan Knox discuss what they are, why you should pay attention to them, what we've seen on incident responses, and what you need to do to secure your network. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Attend S3CCON? Enjoy experiencing the recap. Miss S3CCON? Hear what was awesome, what we learned, and what to look forward to in 2025!

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Jonathan and Todd continue the conversation about how the way we talk about cybersecurity puts us in a deficit against the malicious actors and how we might reframe to better equip the defenders.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Are hackers really as successful as they appear? Or is it that they have better messaging? Join us for a conversation about how marketing around cybersecurity might play a part in the hacker mystique.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

On this episode of the SecureAF Podcast, Keelan Knox interviews our 2024 interns. They share insights on how they got in, what they are learning, and where this will take them.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Alias CEO Donovan Farrow and Business Development Coordinator Trey Allen talk the tips and tricks of the vishing trade. They're gearing up for the DEFCON social engineering village. Listen or watch to hear their tales and experiences to learn how they're going to bring the heat to Las Vegas.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Bryan Filice of Trap Technologies joins Keelan Knox to talk about the current threat landscape and why security has to involve every system, host, and employee. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Ever wonder what your CISO (or CIO or anyone in IT security management) may be thinking? Are you’re the one in that position having those thoughts? Join Jonathan Kimmitt as he describes all the things CISOs wish they say but don't…and why and when they should. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Heard about the recent revelation of the Boeing breach? Join Alias CEO Donovan Farrow on the SecureAF Podcast as he lays out what we know, what we don't, what this means, and what we hope to learn to better protect our companies and communities, locally and nationally. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

AI is all the rage. Or AI having rage is the bigger fear. Doesn't matter where you go, it's a topic of attention. The potential uses and abuses are touted on every news station and from every pundit, whether proponent or naysayer. But what's true? Especially in the realm of cybersecurity?

 Our engineers have on-the-ground knowledge of AI's capabilities, from the theoretical of how AI could be leveraged to the practical of how it actually is employed. Join CEO Donovan Farrow and Principal Security Engineer Tanner Shinn as they discuss the realities of AI to help you cut through the hype.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Seriously, do you know where your data is? It’s an often overlooked question in cybersecurity. In the case of an incident, without knowing where your data is, how do you know what’s been accessed? Where else that data might be? What’s needed to remediate? And what’s less crucial to restore?

But even before an incident, how do you know what to protect if you don’t know where your critical and privileged information is? How do you best allocate time, manpower, and resources in the absence of knowing what needs most attention?

In this episode, we'll discuss how to answer these questions, from what a Data Inventory is to how to conduct one to why one is crucial to your organization’s overall cybersecurity preparation and maturity.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

What good is a Pen Test? There are a host of answers - knowing your environment, identifying dangers, implementing remediations, meeting compliance. 

 But how should a CISO view a Pen Test given their unique role in the organization? How do they best understand the need, the conduct, the reporting, and the follow through? 

On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt shares his experience and expertise both in his years in the role and as a consultant for other organizations. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Cybersecurity is critical to an organization. But cybersecurity is only part of a robust security posture. It’s equally important, and in fact of first importance, to assess information security. You need to assess what privacy guidelines, compliance, and best practices entail what data you can have so you can determine the security needed to keep it safe.

On this episode of the SecureAF Podcast, host Jonathan Kimmitt is joined by Andrew Hernandez, Director of Risk Management at Trapp Technology to discuss why this framework matters and how to position your organization for secure information and cybersecurity.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Scheduling a cybersecurity engagement can be stressful, for client and pentester alike. Both want the same thing - a well conducted, accurate assessment of the client infrastructure to provide the best value add to bolster cybersecurity. 

 It helps to start from a shared set of standard expectations and practices. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox discuss the 5 Rules of Engagement that every pentester and customer should know and commit to. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

wWhat's the Final Frontier? For Trekkies, it's space. For cybersecurity, it's Critical Infrastructure. Might not sound exciting, but the risks from poor security and the rewards of strong controls might get you to sit up and take notice. Maybe even motivate you to boldly go where no ethical hacker has gone before.

 On this episode of the SecureAF Podcast, Donovan Farro and Phillip Wylie discuss why Critical Infrastructure matters, where the vulnerabilities are (such as being 20 yrs behind in awareness and implementation), what Alias does to test, and what you can do to secure your environment. Hear stories ranging from the serious to the surprising. Listen to hear our favorite ICS story from the interwebs - the little known but infamous Turbopig.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Wondering what the best path into cybersecurity is? Here's a hint: There's not one answer.

On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox share very different stories of getting into the field. Even with different paths, they'll share what they have in common and what you should think about and do if you want to become an ethical hacker.

Spoiler alert - one of their recommendations is to find internships. Alias is currently accepting applications here: https://bit.ly/3TMDWM0

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

You may have heard of Penetration Tests. You may know you need one. You may have had one or more. But do you know there's more than one type? More than one take? More than one test?

On this episode of the SecureAF Podcast, Alias Principal Security Engineer Tanner Shinn and CISO Jonathan Kimmitt discuss the types of Pen Tests, how they're conducted, what they measure, and why they are needed. You'll walk away more informed about this important cybersecurity topic and more ready to know what you need to secure your environment. 

We're always here as a resource to educate, empower, and offer the best services to fit your needs.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

There has been a lot of news about the alleged incident experienced by Integris. Some of you may have even received emails from the threat actors revealing personal information to solicit money. This is not the first attack to leverage the threat of leaked data for monetary reward. It is among the first for the threat actors to directly appeal to the individual victims. 

Join host Donovan Farrow and guest Chris Yates for a discussion about the cybersecurity backdrop to this assumed incident, what we know about what has happened, and what you can do to protect yourself. Whether you’re a victim in this or not, the podcast will help you better understand what you hear in the news and better protect yourself against attacks.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

You know you need regular penetration tests to ensure your network is secure. You know the steps to remediate the findings and take the recommended actions to continue on a path toward cybersecurity.

But what about what you don't know? What about what the penetration test doesn't cover or doesn't reveal?

On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Director of Security Phillip Wylie share their insights on what penetration tests should cover, what they often don't, and how to verify you're getting what your organization needs. These two bring a holistic viewpoint, from policy and procedure to on-the-ground network testing. 

Find out what you need to know and how to act on it.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

The Solar Winds breach is not news. The CISO being personally named in the investigation is. Although not the first CISO to be so identified, this is the most high profile. 

This raises questions for the future of CISO role and responsibility and IT more generally. Should an individual be held responsible for an incident? What is their responsibility to monitor and report? Does this responsibility extend from C-Suite to SOC Analyst? What legal precedent might this set?

On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Principal Engineer Tanner Shinn discuss these questions. The conversation is far ranging, from the immediate Solar Winds event to the broader questions it poses.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

If you follow our socials, you know Phillip Wylie recently joined the Alias crew! We’re excited to welcome him to help us build our team’s presence supporting organizations’ and individuals’ growth in cybermaturity. 

Join Alias CISO Jonathan Kimmitt to hear his story of getting into cybersecurity, what’s brought him to Alias, and what's to come. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

It requires technical expertise to respond to a breach. It requires thinking like a hacker to know where to go, what to do, and what level of response is appropriate. It requires the human element. But humans aren't machines. Your staff and any outside experts require basic needs to be met: food, shelter (well, at least sleep), probably a lot of caffeine. In a crisis, it's easy to not attend to those. How much easier is it to not attend to the interpersonal dynamics both during and after an incident, to restore your people and not just your network to safety and stability.

On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Communications Director Todd Wedel discuss the human side of incident response. They'll discuss principles and best practices from both a general perspective and from lessons learned in the trenches.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Did you know some ransomware groups have customer support better than major businesses? That the negotiations might feel more like a regular corporate transaction than a back-alley holdup?

On this episode of the SecureAF Podcast, CEO Donovan Farrow and Security Team Lead Tanner Shinn share their experience working the business side of an Incident Response. You'll hear stories of every size and brand of company, lessons learned, and tips for how to respond. 

It's a fitting topic to begin Cybersecurity Awareness Month - join us to become more aware and armed to protect yourself, your business, and your community!

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

You know you may be a target. But what about your family? How could a hacker leverage those closest to you to gain advanced access to your work? Recently on the And Security For All podcast, Alias CISO Jonathan Kimmitt and Security Team Lead Tanner Shinn discussed this question. You can listen to their conversation here. 

On this episode of the SecureAF Podcast, they turn a Blue Team eye to your family. Join us as they discuss steps they currently take or would take with their family to ensure bad actors won’t use them as avenues of attack. Listen for yourself to learn how to keep your family safe. Listen for (or even with!) your organization to learn how to support your employees and coworkers to build a secure company culture, starting at home.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

What were the lessons from Defcon 31? What were the most noteworthy experiences of the conference (Hint: it's not all about the talks and villages). On this episode of the SecureAF Podcast, join Alias Security Team Lead Tanner Shinn and Security Engineer Keelan Knox to hear what they learned and what went down this year at Defcon. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Headed to DEF CON? Want to know what you should know and where you should be? And most importantly, how to survive? On this episode of the SecureAF Podcast, host Donovan Farrow and guest Tanner Shinn talk all thing DEF CON. New to DEF CON? Learn from us how to make the most of the experience. Returning to DEF CON? Remember best talks and best places to go and people to meet (including our team!). Not attending this year? Get a sense of what you’re missing and why you should attend next year.

Watch or listen, then hit us up in person. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Digital forensics may be something you don't think about. Or think about only after an incident or breach. But knowing what techniques and tools are used will help equip you to understand your potential vulnerabilities and strengthen your security posture. And you'll gain more insight into the work an Incident Response team does. In this episode of the SecureAF Podcast, Alias CEO and digital forensics expert, consultant, and expert witness will share his experience and expertise. He'll share the technical techniques and tools, including in the video version a demonstration by our digital forensics engineer Andrew Peters, as well as stories of exploits and engagements. Listen to hear this important and interesting topic from our dynamic leader. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

The SecureAF Podcast is 50! Listen this week as our hosts discuss a critical topic in cybersecurity. 

Your environment may be unique. Your business may feel to small to be noticed. But to a hacker, everyone is a target of opportunity, and every target may yield to the same avenues of attack. On this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss how to view your environment from the perspective of the attacker. And it’s not just your network. It’s your people. Our hosts will cover how to consider not just appropriate security controls but how to approach culture change so that your people become your first line of defense. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Want to become a Pentester rather than a Thintester? Want to find out what a Thintester even means? 

In this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss one of our often-asked questions: What do I need to do to become a Pentester? They'll talk about what qualities and experiences prepare you for the role (you might be surprised!) and why knowing the why more than just the what of how to use tools and leverage exploits matter. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

SecureAF host Donovan Farrow shares news about transitions with the SecureAF Podcast and exciting announcements about what else is coming for the Alias podcast lineup.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

The Internet of Things (IoT) and connection Operational Technology (OT) devices has opened up possibilities for extending interconnectivity and creating means of more immediate controls on crucial systems and everyday devices. These open opportunities for hackers to exploit their connections and leverage access for malicious and destructive ends.

On this episode of the SecureAF Podcast, special guest Brian Contos joins us to explore this new world of devices and dangers. Discover how IoT, OT & network devices are being hacked and by whom - Understand how these devices are being successfully leveraged for persistence and evasion - Explore war stories that illustrate the most vulnerable and compromised devices - Evaluate various tactics to take back control of your IoT, OT & network devices.  

Join us for this engaging and crucial conversation.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Building a cybersecurity career is a two-way street. There are the questions for those who do the hiring and those who are being hired - they're the same set of questions - What should and do employers look for? What education or certifications are needed? How do employers find and attract good talent? 

In this episode of the SecureAF Podcast, Chad Kliewer with ISC(2) joins host Donovan Farrow to talk about best principles and practices. Hiring managers - Learn how to find the best cybersecurity staff. Career seekers - Learn what managers are looking for. Spoiler alert: Certifications don’t get jobs, people do.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Back the blue. Don’t start a fight; always finish one. Hold the door. Yes, ma’m. Don’t mess with Texas. From serious to seemingly frivolous, we’re steeped in ways to think, act, and believe. What if those are all expressions of a “code” that social engineers can use to leverage better exploits? On this episode of the SecureAF Podcast, Alias Cybersecurity Director of Communication Todd Wedel will share how this code works and how it can make you a better social engineer. #cybersecurity #infosec #socialengineering #cultureofhonor

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

How do you work with vendors to ensure they are meeting your requirements for regulatory compliance? In this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt will share his experience and expert tips on how to work with vendors to ensure a secure partnership. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

How do people really change their cyber behavior? 

On this episode of Secure AF, Kevin Sesock met with us to discuss the challenges and pitfalls of traditional approaches to security training and his framework for training that doesn't suck.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

How do you build a Security Operations Center from the ground up? 

On this episode of Secure AF, Gharrett Workun and Wade VanDeburgh met with us to discuss how they lead the development of a SOC, as well as strategized creative ways to keep their team engaged. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Why aren’t we paying more attention to API security? Application Programming Interfaces (APIs) offer a wide range of ever expanding capabilities, but cybersecurity needs to catch up to keep these attack surfaces secure.

On this episode of Secure AF, Phillip Wylie, Manager of Tech Evangelism & Enablement at CyCognito met with us to discuss the topic of his article Securing APIs Through External Attack Surface Management.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

How are cybersecurity professionals doing in the fight against hackers? Are the hackers winning? 

This episode we chat with Donovan Farrow, CEO and Founder of Alias, as he breaks down the past present and future of cybersecurity.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Knowing how to build something isn’t the same as knowing how to fix it. All too often, IT and Cybersecurity get lumped together and one is asked to do the other’s job. Though they may seem similar from the outside, both roles are uniquely important for sustaining your organization’s data and network infrastructure.

Join us for this episode of the Secure AF Podcast where we spoke with technical writer Todd Wedel about the differences between IT and Cybersecurity and how to better utilize each skill set.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

We've talked about password security a lot on this podcast, and we’ll definitely keep talking about it. What we haven’t discussed enough is password security from the system administrator side. 

What can admins do to better protect their users from themselves? Find out in this episode of the Secure AF podcast as we talk with security engineer, Robert Leasure.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week on the Secure AF Podcast, we spoke with cybersecurity professionals about their experiences in the industry. Join guest host Wes Malone as he explores three different points of view from inside the cyber world. 

We were curious to find out how cyber pros felt about the industry. It was great hear from three individuals who got started and ended up on such different paths. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Mental health is one of those things that, while we’re getting better, we still often struggle to talk about and deal with. Our industry can be especially stressful and many cybersecurity professionals experience everything from imposter syndrome to burnout.

We spoke with security engineer, Kallen Curtis, to discuss some of the most common mental health issues we face in the cybersecurity industry, how to identify them, and how to combat them.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

As an internet user, your anonymity is not guaranteed.  Who has access to your information? Whose tracking your online habits? And how can you protect your privacy online? Find out in this Episode of the Secure AF Podcast!

We spoke with two of our security engineers here at Alias, Andrew Lemon and Tanner Shinn, about how to stay anonymous online.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

It’s Cybersecurity Awareness Month, are your passwords secure? Find out in this episode of the Secure AF Podcast! 

We chatted with Technical Writer, Todd Wedel, to dive into why password security matters and how you can make stronger passwords.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

On this episode of the Secure AF Podcast, we spoke with Robert Leasure, security engineer at Alias, to explore some of the most interesting things we have discovered on pen tests.

As pentesters, we encounter a lot of surprising things you’d never expect to be vulnerable to cyberattacks. Even the smallest lapses in security can lead to a huge breach.  

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week we spoke with our digital forensics expert, Andrew Peters, to highlight some important uses for memory forensics and how data can be recovered using computer memory.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

This week we have a special bonus episode of the Secure AF Podcast where we got to speak with CEO and Founder of Alias, Donovan Farrow, about his thoughts on our Inc. 5000 placement! 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Our engineers just got back from the largest hacker conference in the nation. So join us for this episode where we discuss all the stuff Principal Security Engineer, Andrew Lemon, and Security Engineering Lead, Tanner Shinn, learned from the many talks and villages at DEFCON!

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Join us this episode as we speak with Technical Writer, Todd Wedel, about how to improve your Red Team skills. Catch the biggest phish with these phishing tips!

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

As a small business, it's important you can still protect yourself and provide eyes on your network. 

With this in mind, I invited Alias Security Engineering Lead Andrew Hickman as we discuss SIEM tools and why even small businesses need them.  

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

In infosec, it's an intimidating task approaching new tools and exploits with the intent to determine how they work or if they'll break anything you didn't mean to break. 

With this in mind, I invited Alias Security Engineering Lead Tanner Shinn as we discuss homelabs. Why you need them, how you set them up, and more.   

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

How secure is your password really? Well it's time to find out. On this episode of the Secure AF podcast, you'll leave with a high level look of what password cracking is as well as how you can use better passwords. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Learn practical tips on how you can backup your devices. Hard drive failure, weather, accidental deletion are just a few ways your data can be accidentally deleted. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Join our host Teddie as she sits down with Andrew Peters and talks about Digital Forensics. What is it? And why would I need it? Listen in to find out. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

"Top 10 Gifts for the Hacker in Your life" articles are incredibly common. But how do you know if some of the tools listed are actually worthwhile? On this episode, we went through a couple lists and categorized the tool as either l33t or lame based on real experience.  

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Open source intelligence (OSINT) is a way of gathering data that is entirely publicly available. Learn how red team engineers use OSINT when on an engagement, the tools they typically use, and how people use OSINT in their daily lives without even realizing it. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Miss out on DEF CON this year? A few of the Alias team members went and got to experience the hybrid conference in-person. Learn what the conference was like from Andrew Lemon and Tanner Shinn, security engineers at Alias. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Ever wonder how a hacker chooses what company to attack? I know I do. Which is why I brought Donovan Farrow, CEO of Alias, to join me on this episode of the Secure AF podcast.

Learn why he thinks hackers target or don’t target specific companies. And if you think “this would never happen to me, I’m too small a business” - well - don’t be so sure.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Lately, I’ve wondered what happens on pen testing engagements when a client is so secure, the engineers aren’t able to get very far. What prevents them from moving? And how upset do the pen testers actually get? 

So, with those questions in mind, I invited Alias engineers Andrew Lemon and Tanner Shinn for a little bit of story time. 

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Learn how to break into the cybersecurity industry with these career tips. In this episode, we talk about what you need with experience, certificates, passion, and networking to kickstart your career in cybersecurity. 

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Rules were made to be broken, right? Not these rules. 

In this episode of the Secure AF podcast, get a high level look at rules of engagement. Learn why this document is critical to performing pen tests on a client. 

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Port scanning. You've probably heard the phrase. But do you know what it means for your business? Should you port scan? What if somebody is scanning your company?

In this episode of the Secure AF podcast learn more about port scanning. Get an understanding of what a port is, what happens when people port scan, and why it matters to you.

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Cyber security insurance is no joke. 

And spoiler alert: everybody needs it. 

In this episode of the Secure AF podcast learn more about cyber security insurance. Get an understanding of what it is, what it covers, what is doesn't cover, and more.

Like our show? Subscribe wherever you're listening! Or if you're listening on our website, bookmark the page so you can easily return.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Phishing is one of the leading methods hackers use to get your information. So what should you do to protect yourself? Know how to spot a phishing attempt. In this episode of the Secure AF cyber security podcast, Teddie Underkoffler and Donovan Farrow of Alias talk about what phishing is, how you can spot it, and what you should do if you think you've been phished. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Have you started to hear more and more about the new CMMC regulations?

The new CMMC framework is designed to assess and enhance the cyber security standing of government contractors. The primary purpose is to ensure any business handling controlled unclassified information is protected from digital attacks. 

As with anything new, there's a lot of uncertainty and fear surrounding the framework. That's why we met with Fred Tschirgi of Broadmoor Consulting to help people understand what to expect with the arrival of CMMC.

Spoiler alert: there's no reason to stress about it. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

How can you protect a network if you don't know what's on it? That's what network monitoring is for. In this episode of the Secure AF podcast, the Alias team discusses network monitoring. How it's done, what it is, why you should have it, and more. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Ransomware. Just about everybody has heard of it. With all the recent attacks, it's hard to avoid it. In this episode of the SECURE AF podcast, the Alias team discusses ransomware, what it is, and how you can keep yourself safe from the threat. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

On this episode of SECURE AF podcast, get to knew three members of our security team! Wayne Kimberling, Andrew Lemon, and Jeff Bowie talk about their experiences with AF and how the three of them got their starts in information security. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

On this episode of SECURE AF podcast, the AF team interviewed Chris Boykin with Future Com! Alias is proud to partner with Future Com. Check out this episode to learn more about them as well as hear some feats of social engineering we've pulled off together.

Learn more about Future Com: www.myfuturecom.com

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

We're not medical professionals so we can't give you coronavirus advice (besides, you've probably heard what you need to know by now); however, we CAN give you advice on how to be safe from a different kind of virus! 

On this episode of SECURE AF podcast, the AF team went remote and recorded our first ever video podcast! Learn how you can protect your business, employees, and loved ones from falling victim to the latest string of cyber attacks praying on remote workplaces and COVID-19 fears.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to Secure AF! A podcast about all things information security. Join the AF team as we talk security trends and current AF happenings with our guest, Bonus!

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to Secure AF! A podcast about all things information security. Deepfakes are only going to become more and more prevalent. Listen to this episode to learn what deepfakes are, how you can spot them, and how they'll change digital security.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to Secure AF! A podcast about all things information security. IoT or the Internet of Things is a hot topic in information security right now. Listen to this episode to learn what IoT is and how you can keep your data secure. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to Secure AF! A podcast about all things information security. Recently, a few popular VPNs announced they were breached. Listen to this episode to find out what that means for consumers. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to Secure AF! A podcast about all things information security. October is Cyber Security Awareness Month so the Alias team goes through some easy tips you can follow to keep yourself secure. 

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to Secure AF! A podcast about all things information security. DEFCON is one of the largest hacker conventions in the world, and the Alias Forensics team got to take it on. Listen for our insight on the DEFCON experience.

Support the show

Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.