CYBR.HAK.CAST Episode 13: Winn Schwartau

CYBR.HAK.CAST Episode 14: Tim Medin

On this episode of CYBR.HAK.CAST, Tim Medin joins hosts Michael Farnum and Phillip Wylie to talk about offensive security, the evolution of penetration testing, and why defenders need to stop relying solely on compliance checklists and start thinking like attackers. Along the way, the crew swaps war stories about old-school hacker culture, Dallas conference history, and why cybersecurity still misses the basics despite years of progress. SHOW NOTES: Things Mentioned: * Red Siege: https://redsiege.com/ [https://redsiege.com/] * Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/ [https://www.cybrsecmedia.com/conference/] * CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ [https://www.linkedin.com/company/cybr-sec-careers/about/?ref=cybrsecmedia.com] fundraisers: * Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz [https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] Episode 13 Timestamps: 00:00 – Welcome and CYBR.HAK.CON hype Michael Farnum and Phillip Wylie open the show, joke about football rivalries, and discuss the upcoming CYBR.HAK.CON conference in Dallas. Tim Medin joins the conversation and talks about why Dallas has long needed a larger hacker-focused event. 07:10 – Cybersecurity community and workforce development The hosts discuss the mission behind CYBR.SEC.Careers and their nonprofit work supporting youth and veterans entering cybersecurity through mentorship, education, and community programs. 10:15 – CYBR.HAK.CON speakers, villages, and AI CTFs Phillip and Michael preview the conference lineup, including Jason Haddix, Dustin “Wirefall” Dykes, and Larcy Robertson. They also discuss the AI Village, lockpicking, ham radio activities, and an AI-focused capture-the-flag challenge. 14:45 – Tim Medin’s origin story Tim shares how hacking curiosity started with bypassing school computer restrictions to play Wolfenstein in the early 1990s. He talks through his path from electrical engineering and OT systems into networking, penetration testing, and eventually founding Red Siege. 24:30 – Acuvant, FishNet, and merger chaos The group laughs about the infamous Acuvant/FishNet rivalry and the awkward branding chaos that followed their merger into Optiv. The discussion turns into a nostalgic look at old-school security culture and industry evolution. 34:00 – “Offense for Defense” and the problem with checkbox security Tim explains the philosophy behind his CYBR.HAK.CON talk, focused on teaching defenders how attackers actually operate. He discusses tools like BloodHound and PingCastle and argues that many organizations still miss foundational weaknesses because they focus too heavily on compliance instead of attacker behavior. 44:20 – Why “assume breach” changes penetration testing The conversation shifts into modern penetration testing methodology, including assumed breach scenarios where testers start with stolen credentials or internal access instead of trying to break in from scratch. The hosts explain why this more accurately reflects how real-world attackers operate today. 57:00 – Security culture, budgets, and uncomfortable truths The group discusses how some organizations intentionally avoid testing systems they know are vulnerable because they fear accountability more than compromise. Tim argues that security culture failures often become more dangerous than technical weaknesses. Do you have

CYBR.HAK.CAST Episode 13: Winn Schwartau

This episode of CyberHackCast features Winn Schwartau in a wide-ranging, philosophical discussion that moves from the early, experimental days of cybersecurity to today’s hyper-commercialized landscape—and into his current work on “cognitive security.” Schwartau argues that the biggest threat facing defenders isn’t just technical, but cognitive: overwhelming information flows that push humans into “mental DDoS.” He introduces the concept of “critical ignoring” as a prerequisite to critical thinking, framing cybersecurity, biology, and human cognition as interconnected systems governed by OODA loops. The conversation culminates in a provocative question: are we already experiencing a “cognitive Pearl Harbor,” where belief systems – not infrastructure – are the true attack surface? SHOW NOTES: Things Mentioned: * Winn's website: https://www.winnschwartau.com/ [https://www.winnschwartau.com/] * The Cognitive Security Institute: https://www.cognitivesecurityinstitute.org/ [https://www.cognitivesecurityinstitute.org/] * Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/ [https://www.cybrsecmedia.com/conference/] * CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ [https://www.linkedin.com/company/cybr-sec-careers/about/?ref=cybrsecmedia.com] fundraisers: * Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz [https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] Episode 13 Timestamps: 00:00 – 06:00 — Intro + Community updates Hosts (Michael Farnham, Philip Wiley) open with banter and promote CyberHackCon, speakers, and CyberSecCareers nonprofit workforce initiatives. 06:00 – 14:00 — Schwartau’s origin story From fixing TVs as a kid to early work in computing and security in the 1980s. Emphasis on “tabula rasa” era—no rules, everything experimental. 14:00 – 20:00 — Early cybersecurity vs. today Discussion on how innovation has been constrained by VC pressure, commercialization, and loss of “garage-level” experimentation. 20:00 – 28:00 — Transition to cognitive security Schwartau explains his shift from traditional cybersecurity to studying cognition, neurophysics, and system-level survival models. 28:00 – 40:00 — “Critical ignoring” vs. critical thinking Core thesis: humans cannot process all incoming information. Filtering (ignoring) must come before analysis, or we enter cognitive overload (“mental DDoS”). 40:00 – 50:00 — Parallels to SOC operations Hosts connect ideas to alert fatigue and AI-driven SOC tooling—reducing noise to enable meaningful analysis. 50:00 – 60:00 — OODA loops and time-based reality Everything—cyber, biology, cognition—operates in delayed reaction loops. We are always reacting to the past. 60:00 – 70:00 — Cognitive overload and misinformation Exploration of disinformation, narrative formation, and limits of human processing in modern environments. 70:00 – End — “Cognitive Pearl Harbor” Schwartau poses the central question: has a large-scale cognitive attack already occurred? Discussion spans individual, enterprise, and societal levels. Do you have a question for the hosts? Reach out to us at media@cscgroupllc.com [media@cscgroupllc.com]  Keep up with CYBR.SEC.CON.: * LinkedIn [https://www.linkedin.com/company/cybrseccon/?ref=cybrsecmedia.com] * X [https://twitter.com/cybrseccon?ref=cybrsecmedia.com]

CYBR.HAK.CAST Episode 12: Fergus Hay of The Hacking Games

In this episode of CYBR.HAK.CAST, hosts Phil Wylie [https://www.linkedin.com/in/phillipwylie/] and Michael Farnum [https://www.linkedin.com/in/mfarnum/] sit down with Fergus Hay [https://www.linkedin.com/in/fergus-hay-013a41/], CEO and co-founder of The Hacking Games [https://www.thehackinggames.com/], to explore how the cybersecurity industry is overlooking a massive pool of untapped talent: young gamers. Hay shares how his journey began not from a technical background but from concern as a parent, after learning that many cybercriminals are recruited from gaming communities. The conversation dives into the need to reframe hacking as a creative, problem-solving mindset rather than purely criminal behavior, the strong overlap between gamers and hackers, and why traditional cybersecurity training fails to connect with Gen Z. Together, they discuss how engaging kids within gaming environments — rather than restricting them — can help guide them toward ethical hacking and ultimately strengthen the future cybersecurity workforce. SHOW NOTES: Things Mentioned: * The Hacking Games: https://www.thehackinggames.com/ [https://www.thehackinggames.com/] * Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/ [https://www.cybrsecmedia.com/conference/] * CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ [https://www.linkedin.com/company/cybr-sec-careers/about/?ref=cybrsecmedia.com] fundraisers: * Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz [https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] * CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9 [https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] * Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity. Episode 12 Timestamps: 0:00 – 1:25 Intro, conference chatter, Zero Trust World recap, RSA mentions 1:25 – 3:30 Guest intro: Fergus Hay + early discussion about hacker culture and community 3:30 – 5:00 CYBR.HAK.CON promotion (lineup, CFPs, community focus) 5:00 – 7:30 Fergus origin story + founding of The Hacking Games * Not technical background * Parental motivation * Discovery: kids are being groomed via gaming platforms 7:30 – 9:30 Parenting + real-world exposure * Controlled gaming environments still vulnerable * Grooming reality * Question: regulate vs guide kids 9:30 – 12:00 Reframing hacking * Media failure * “Hacker = criminal” narrative problem * Hacking as a mindset, not a crime 12:00 – 14:00 Gamers = hackers pipeline * Pattern recognition * Neurodiversity * Alan Turing + Enigma analogy 14:00 – 16:00 Gaming as a training ground * 3.2B gamers * 93% of Gen Z gaming * “Gaming is a live laboratory” 16:00 – 18:30 The Hacking Games model * Gen Z teaching Gen Z * Authenticity over corporate training * Youth-led cy

CYBR.HAK.CAST Episode 11: Theresa Lanowitz

The software supply chain has quietly become one of the most critical — and least controlled — risk areas in cybersecurity. But according to industry veteran Theresa Lanowitz [https://www.linkedin.com/in/theresalanowitz/], that’s starting to change, driven by a surprising source: the CEO. In this episode of CYBR.HAK.CAST, she and hosts Michael Farnum [https://www.linkedin.com/in/mfarnum/] and Phillip Wylie [https://www.linkedin.com/in/phillipwylie/] trace the evolution of today’s software risk landscape back to decades-old challenges in application security, where development and security teams often operated in silos. While tooling has improved and DevSecOps has gained traction, many of the same underlying problems persist, only now they’re amplified by AI and global software dependencies. SHOW NOTES: Things Mentioned: * Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/ [https://www.cybrsecmedia.com/conference/] * CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ [https://www.linkedin.com/company/cybr-sec-careers/about/?ref=cybrsecmedia.com] fundraisers: * Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz [https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] * CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9 [https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] * Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity. Episode 11 Timestamps * 03:30 – 08:00 – Theresa Lanowitz’s background: early IoT, Sun Microsystems, Gartner, AT&T * 08:00 – 15:00 – Application security history and the developer vs. security disconnect * 15:00 – 20:00 – Evolution from SQL injection to AI-era prompt injection risks * 20:00 – 30:00 – Software supply chain risks, third-party dependencies, and open source challenges * 30:00 – 36:00 – AI’s role in expanding the attack surface and introducing new vulnerabilities * 36:00 – 42:00 – CEO awareness and why supply chain risk is now a board-level issue * 42:00 – 48:00 – Real-world anecdote: “checkbox security” and vendor trust pitfalls * 48:00 – 55:00 – Hardware supply chain risks, chips, and critical infrastructure exposure * 55:00 – End – AI, OWASP guidance, and the path forward for securing the supply chain Do you have a question for the hosts? Reach out to us at media@cscgroupllc.com [media@cscgroupllc.com]  Keep up with CYBR.SEC.CON.: * LinkedIn [https://www.linkedin.com/company/cybrseccon/?ref=cybrsecmedia.com] * X [https://twitter.com/cybrseccon?ref=cybrsecmedia.com] * Facebook [https://www.facebook.com/cybrseccon] * Instagram [https://www.instagram.com/cybrsecmedia?utm_source=ig_web_button_share_sheet&igsh=ZDNlZDc0MzIxNw==] Keep up with CYBR.SEC.Media: * LinkedIn [https://www.buzzsprout.com/2237227?ref=cybrsecmedia.com] * X< [https://x.com/CYBRSECMedia?ref=cybrsecmedia.com]

CYBR.HAK.CAST Episode 10: Chris Glanden

In this episode of CYBR.HAK.CAST, hosts Michael Farnum and Phil Wylie talk with Chris Glanden, founder and CEO of Barcode and co-founder of the Cyber Circus Network, about his unconventional path into cybersecurity, his passion for storytelling, and the creative projects he’s bringing to the industry. Glanden discusses how storytelling can help explain cybersecurity issues to broader audiences through documentaries and narrative podcasts, including his films about AI and transhumanist hacker Len Noe. Glanden also introduces GhostLine, a privacy-focused platform that anonymizes video and voice in real time for interviews, journalists, and whistleblowers, and previews his new narrative podcast series “Fallout,” which dramatizes real incidents where AI systems fail and examines their human consequences. SHOW NOTES: Things Mentioned: * His career so far: https://pr0ph-1t.com/wp-content/uploads/2025/10/CG_CV.pdf [https://pr0ph-1t.com/wp-content/uploads/2025/10/CG_CV.pdf] * His website: https://pr0ph-1t.com/ [https://pr0ph-1t.com/] * Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/ [https://www.cybrsecmedia.com/conference/] * CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ [https://www.linkedin.com/company/cybr-sec-careers/about/?ref=cybrsecmedia.com] fundraisers: * Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz [https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] * CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9 [https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAznX8BNRuE7M9-TAcZRXWBU_xVm1GyipA] * Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity. EPISODE 10 Timestamps: 5:30 – 10:30 | Chris Glanden’s background and origin story Glanden describes starting in film school before leaving to support his family, entering IT through a cable company support job, and eventually building a career in technology and cybersecurity. 10:30 – 15:30 | Transition from IT into cybersecurity After years in IT support roles, Glanden transitions into security around 2012 after joining a newly formed security team at a bank and attending Hacker Halted, where he becomes immersed in hacker culture. 15:30 – 18:30 | Consulting career and launching Barcode podcast Glanden moves into cybersecurity consulting before launching the Barcode podcast during COVID-19, taking advantage of remote accessibility to interview major security figures. 18:30 – 21:30 | Cybersecurity career path discussion The hosts discuss the importance of IT experience before entering cybersecurity, emphasizing that security roles typically require foundational technology knowledge. 21:30 – 29:00 | Documentary filmmaking and storytelling in cybersecurity Glanden explains his interest in filmmaking, including his documentary on AI weaponization and his latest documentary about transhumanist hacker Len Noe. 29:00 – 31:00 | Film festival screenings and documentary distribution The documentary has been screened at Black Hat, Hacker Halted