DTF Cyber Podcast

The True Cost of AI Hidden Token Costs and Cloud Charges| #DTF044

Are you caught between a bedrock and a hard place with your organization's cloud budget? In Episode 44 of the DTF Cyber Podcast, Damian, Troy, and Fern break down the massive, unexpected financial and operational risks of enterprise AI deployments. From unmonitored AI agents creating a 100,000 "recursive loop" bill overnight to non-technical employees "vibe coding" insecure software with hardcoded secrets, the team looks past the AI hype to expose the real logistics of Day 2 operations. They also dive into the invisible data lake "IO tax," the legal pitfalls of building side projects on corporate tenants, and recent procurement data from Tropic revealing an automatic 20% to 30% "AI tax" on SaaS contract renewals. Don't let runaway token costs erode your profit margins. Hit that subscribe button, leave a thumbs up, and learn how to implement the hard engineering and financial guardrails your business needs today! TIMESTAMPS 00:00:10 - Recursive Loops & The $100,000 Bill Surprise 00:01:14 - Job Security vs. Downsizing Human Capital 00:03:03 - Vibe Coding & Bursting Credit Card Limits 00:07:42 - Model Right-Sizing: Avoiding Over-Compute 00:09:50 - The Invisible Data Lake Tax 00:10:48 - Evaluating Hidden AI Compute Fees in SaaS 00:13:29 - Token Bloat and the Field of Haystacks 00:17:28 - The Cascading Effects of Pay-Per-Use Metering 00:19:19 - The Rise of "Shadow Developers" 00:23:18 - Side Projects & Corporate Intellectual Property Traps 00:25:04 - Implementing Shadow AI Discovery & Security Tools 00:32:18 - The Startup Compliance Dilemma (The Lack of SOC 2) 00:33:21 - Secure Coding Vulnerabilities & AI Hardcoded Secrets 00:41:21 - Tropic's Procurement Insights: Navigating the SaaS AI Tax 00:51:01 - Engaging Finance in AI Strategy & Enforcing Guardrails http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

Agentic SOC: Machine Speed vs. Human Liability| #DTF043

The hackers are already moving at light speed. If you’re still waiting for a human to click "Approve," you’ve already lost the company. But if your autonomous AI nukes a production server during a board meeting, who stands in front of the regulators? In Episode 43, the DTF crew dives into the massive 2026 shift from automated playbooks to Agentic AI. Damian argues that traditional SOAR is dead, Troy warns of the audit trail of a ghost, and Fern wonders if we’re all just vibe coding our way into an existential crisis.In this episode, we cover: - Why Human-in-the-loop is becoming a security vulnerability. - The difference between automation (scripts) and agency (reasoning). - How to govern a fleet of "Digital Interns" without losing control. - Why this technology might finally let you fire your underperforming MSP. Timestamps: 0:00 – Machine speed vs. Human approval 0:37 – The 2026 SOC Reality 2:37 – Fern’s Tesla Nightmare: The terror of Full Self-Driving 5:58 – Defining the 2026 SOC: Automation vs. Agency 10:01 – Why SOAR is officially "Legacy Tech" 15:04 – Reasoning Chains: How AI invents its own playbooks 20:23 – The Digital Intern Analogy: Scaling Tier 1 27:15 – Troy’s Reality Check: Can you audit a ghost? 33:00 – The Model Armor: Wrapping AI in Governance 40:45 – Boardroom Conflict: Who is liable for an AI mistake? 45:20 – The Kill Switch Necessity: Who holds the keys? 50:15 – Killing the MSP: Bringing the SOC back in-house 56:30 – Existential Crisis: Vibe Coding and the future of cyber jobs 1:04:50 – The Bottom Line: Transitioning to an AI Orchestrator 1:09:20 – Final Verdict: Don't be scared, be efficient #CyberSecurity #CISO #AI #AgenticAI #SOC #InfoSec #TechPodcast #DTFcyber http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

200,000 Laptops Wiped in Minutes: The Stryker Attack & The Match Group Leak| #DTF042

In this episode of the DTF Cyber Podcast, Damian, Troy, and Fern tackle the terrifying reality of 2026: Identity is the new weapon of mass destruction. From the architectural suicide pact that allowed a 200,000-device wipe at Stryker to the personal blackmail engines fueled by the Match Group data breach, the team explores why your own IT tools are being turned against you. Timestamps 00:00 – The "Architectural Suicide Pact" (Stryker & Match overview). 00:44 – Vegas Recording: Fern introduces the location (Findlay Automotive Group conference room). 03:00 – The 2026 Trend: Troy explains why exfiltration is the new ransomware end-game. 04:44 – The Match Incident: Troy breaks down the "Blackmail Engine" and voice-cloning risks. 07:09 – Governance Failures: Damian explains Multi-Admin Approval (MAA) and why it failed at Stryker. 10:00 – The Platform Myth: Troy discusses the "Holy Grail" of full-stack identity. 12:54 – Just-In-Time (JIT) Access: Damian breaks down automating validation for critical tasks. 18:30 – Observability Strategy: Troy discusses mapping security tools to the MITRE ATT&CK framework. 20:50 – The Cost of Downtime: Analyzing the $10M/day loss of the MGM hack. 25:40 – The SaaS Trap: Troy identifies over-privileged accounts in Salesforce and stale SaaS apps. 30:40 – Executive Friction: The Reporting Structure debate: Where the CIO and CISO clash. 33:00 – The Reporting Debate: Troy argues why the CISO should report to Legal or Risk. 38:50 – Innovate or Die: Damian's take on why blocking AI is a losing strategy. 40:40 – Closing Thoughts: Troy’s final plea to fix the Basics before moving to AI. 44:59 – Final Wrap-up: Thanking Findlay Automotive Group and the Henderson, NV hosts.

Your Resume is Boring. Here’s Why You’re Still Stuck in Entry-Level | #DTF041

Is your resume landing in the trash before a human even sees it? This week on the DTF Cyber Podcast, Troy, Damian, and Fern get brutally honest about the cybersecurity job market. We aren't just talking about certifications; we're talking about why the standard advice is failing the next generation of cyber professionals. Troy reveals why he trashed 48 resumes in one morning, Damian explains why a GitHub repo is worth more than a degree, and Fern asks the questions every job-seeker is thinking but is too afraid to ask. If you're stuck in the entry-level trap, this episode is your roadmap out. Don't forget to Like, Subscribe, and hit the Bell to stay ahead of the curve! TIMESTAMPS: ⁠00:00 — Cold Open: Why Degrees Don't Stop Breaches 01:21 — Tale of Two Cities: The Cyber Bootcamp Reality 03:14 — The AI Crunch: Reskilling Mid-Flight 06:15 — Recipe vs. Cooking: Why Certifications Aren't Enough 08:28 — Project-Based Hiring: What Damian Looks for First 11:29 — The Debate: Is AI Replacing Human Thought? 15:12 — Adaptability: Finding Your Spot in the AI Workforce 20:02 — Proof of Record 22:18 — Soft Skills: The Differentiator in a Level Playing Field 23:48 — Bypassing Automated Resume Systems 27:31 — State of Fear: Lessons from Multi-Million Dollar Firms 30:15 — Stolen Valor: Spotting Fakes in Cybersecurity 32:09 — The Failure Interview: What Did You Learn? 35:13 — Leadership Relations: Building Bridges Before the Fire 40:36 — Pen Testing: Strategic or Not? 44:23 — Setting Yourself Apart 47:08 — The Open Source Debate 53:42 — Practical Projects: Using YouTube & Portfolios to Stand Out 1:03:17 — Fern’s Final Thought: Stop Hiding Your Value 1:04:05 - Episode 41 Anthem

Anthropic Mythos: The AI That Just Fired Its CISO? | #DTF#040

Anthropic just changed the rules of the game with "Mythos"—a frontier-tier model that doesn't just find vulnerabilities; it reasons through a 23,000-word "Living Constitution" to decide if it even wants to help you. In this milestone Episode 40, Damian, Troy, and Fern dive into Project Glasswing, the secret group of 12 companies given early access to this "digital nuke," and debate whether we are heading toward a future of AI-on-AI warfare. From 72% exploit success rates to AI toilets, we cover the technical, the tactical, and the hysterical. Timestamps: •⁠ ⁠00:00 – Intro •⁠ ⁠02:15 – Project Glasswing: Why is Anthropic gatekeeping Mythos? •⁠ ⁠05:39 – The Stats: 72% success in generating working exploits •⁠ ⁠13:30 – Damian’s Deep Dive: Why BSD and zero-days are back in the spotlight •⁠ ⁠19:40 – The 23,000-Word Constitution: Can AI have ethics? •⁠ ⁠28:50 – Troy’s Reality Check: Liability and the "Self-Evolving" rule set •⁠ ⁠42:00 – The Great Debate: Should we bury this tech or embrace it? •⁠ ⁠50:00 – Fern’s Final Thought: AI toilets and the future of fiber