Backup Betrayal: Ransomware vs. Recovery Plans No One Tested

Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI

Secrets used to mean a few privileged accounts and maybe a shared root password. Now they are everywhere: in CI/CD pipelines, SaaS connectors, infrastructure automation, and AI prompts. In this narrated edition of “Secrets Everywhere: Managing the Credential Sprawl in Dev, Ops, and AI,” we walk through how normal development, operations, and AI workflows quietly generate a tangle of keys, tokens, and passwords that no vault dashboard really captures. You’ll hear how this sprawl emerges, why “we have a secrets manager” is not enough, and where the real blast radius hides in everyday work. This episode is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.

Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users

In this narrated edition of “Service Accounts Never Die: Cleaning Up the Immortal Infrastructure Users,” we walk through the long, boring, critical work that quietly defines your real risk surface. You will hear how non-human identities pile up across cloud platforms, directories, Kubernetes clusters, and CI pipelines, and why they are so hard to question once they are in place. The episode explains why immortal service accounts are not a tooling glitch but the predictable output of incentives that make creation easy, retirement scary, and ownership fuzzy. It is based on my Wednesday “Headline” feature in Bare Metal Cyber Magazine.

Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy

This narrated edition of “Crime-as-a-Service Nation: Inside the Cybercrime Franchise Economy” takes you inside the modern Cybercrime-as-a-Service (CaaS) landscape and treats it like what it has become: a franchise-style industry with brands, affiliates, and repeatable revenue. Across the episode, we unpack how cybercrime evolved from lone operators and small crews into a structured economy with tool developers, infrastructure providers, initial access brokers, and money-movers all playing defined roles. You’ll hear why understanding those roles, incentives, and dependencies gives security and technology leaders far better levers than simply chasing the latest gang name or malware family.

Shadow Security: The Unofficial Defenders Fixing Things After Hours

The unofficial defenders in your organization are already hard at work: senior engineers, platform specialists, and security leads quietly fixing real risks after hours. In this narrated edition of Shadow Security: The Unofficial Defenders Fixing Things After Hours, we unpack why that shadow security layer exists and what it means for your leadership decisions. The episode walks through the lived reality of midnight hotfixes, off-calendar changes, and undocumented scripts, and explains how structures like the change advisory board (CAB) and the security operations center (SOC) unintentionally push smart people off the official path. It is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.

Security Talent Reboot: Building Teams in a Burnout Era

In this narrated edition of “Security Talent Reboot: Building Teams in a Burnout Era,” we explore why so many security organizations look healthy on slides while feeling exhausted in real life. You will hear how burnout shows up long before resignations, why “fully staffed” can still mean functionally underpowered, and how architecture, process, and tooling quietly tax the people you depend on most. The focus stays squarely on decisions leaders control: what you reward, how you design work, and which trade-offs you are willing to make to protect your team’s ability to think clearly.