Managing Third-Party Remote Access: Tools, Risks, and Practical Tips (Off the Wire Part 3)

Hardware Quotes Are Expiring in Hours: What’s Going On?

Why Hardware Prices Are Skyrocketing in 2026 (RAM, SSDs, Servers) — and What You Can Do Hardware budgets are breaking. Quotes that were good for 30 days are now expiring in hours. That $80k workstation quote? It's $160k now. That server quote near $1M? Already $1.3M — and climbing. In this episode, Tanner and Anthony break down what's actually driving the spike in RAM, SSDs, hard drives, servers, and networking gear — and it's not just tariffs. AI data center buildouts are pulling manufacturers toward high-margin HBM memory (roughly 10x the margin of standard DRAM), leaving everything else fighting for supply. With only three major players (Samsung, SK Hynix, Micron) and factory expansions that take 2-3 years, relief isn't coming fast. More importantly — what do you do about it right now? They cover practical steps: faster approval cycles, buying ahead, standardizing hardware, right-sizing, considering refurb and used gear, extended refresh cycles, cloud compute, and leasing. Plus how to brief leadership before the budget conversation catches you off guard. This one's for anyone managing IT budgets at a lean organization — co-op, municipal, small enterprise. The volatility is real and it's not going away anytime soon. 00:00 Truck Price Shock Skit 01:54 Hardware Quotes Going Wild 02:46 Real World Sticker Stories 04:36 Why Memory Costs Surge 07:01 HBM vs DRAM Margins 09:08 Factories Tariffs New Normal 13:44 Beyond RAM Storage Crunch 16:53 Quotes Expire Faster Than Ever 20:23 Practical Ways To Cope 26:36 Refurb Longer Cycles Cloud 32:21 When Relief Might Come 37:01 Wrap Up Lead With Communication Off the Wire is a cybersecurity and IT leadership podcast for practitioners at small-to-medium organizations and electric cooperatives.

The SaaSpocalypse: How AI Is Killing (and Reshaping) SaaS Tools

The SaaSpocalypse: How AI Is Killing (and Reshaping) SaaS Tools In this episode of Off The Wire, Anthony and Tanner discuss the “SaaSpocalypse”—how AI is disrupting and potentially replacing many SaaS products—citing examples like Figma being hit after Claude Design launched, reduced need for Canva due to AI tools, and vulnerable niche apps like Grammarly as Copilot and Google tools bake AI directly into core suites. They debate whether AI pricing is currently subsidized, noting high API, hardware, and power costs that could drive subscriptions much higher over time. They explore how AI could become the primary interface layer, reducing the need for traditional web UIs and even replacing documentation platforms by querying SharePoint-backed datasets through an agent. For IT leaders, they recommend evaluating SaaS at renewal time, starting with narrow tools, moving gradually, and prioritizing cost savings while accounting for change management and human behavior. 00:00 SaaSpocalypse Explained 00:14 Figma And Canva Wakeup Call 01:35 SaaS Vendors Racing To Add AI 02:53 Why AI Pricing Will Rise 07:25 Which Tools Are Most Vulnerable 11:20 AI As The New Interface Layer 16:47 Advice For CIOs And IT Leaders 25:10 LinkedIn And The AI Slop Problem 31:00 Final Takeaways And Wrap Up

Anthropic’s “Mythos” Leak, Project Glasswing, and the 90-Day Patch Countdown

Anthropic’s “Mythos” Leak, Project Glasswing, and the 90-Day Patch Countdown Hosts Tanner and Anthony discuss reports of Anthropic’s new “frontier” general-purpose model, Mythos (Mythos Preview), described as exceptionally strong at finding and exploiting novel security bugs and allegedly sitting on thousands of unpatched zero-days affecting major operating systems and browsers. They review examples cited, including decades-old FreeBSD and OpenBSD flaws and a Linux kernel issue, and note a separate security firm (Aisle) replicated parts of the findings using open-weight models, though Mythos appears better at moving from detection to exploitation. The episode explains how Mythos became public via leaks, then outlines Anthropic’s Project Glasswing: about 50 vendors received 90 days of access plus credits to patch systems, with Mozilla reportedly patching 271 Firefox issues. They close with preparation steps for lean IT teams: asset inventory, vendor outreach, risk-based prioritization, mitigation and isolation, patch validation, workload planning, governance and insurance review, stronger detection controls, least privilege/zero trust, and verifying backups. 00:00 Too Dangerous to Release 01:45 Meet Mythos Preview 02:25 Zero Days Found 05:19 Can Others Replicate It 06:46 Efficiency and Edge Models 08:17 Leaks and Access Blunders 10:42 Project Glasswing Explained 15:10 90 Day Clock and Fallout 16:24 Break and Subscribe 17:05 Prep Plan for IT Teams 19:05 Patching Priorities and Testing 21:00 Controls Backups and Wrap Up 24:02 Final Thoughts and Sign Off

Why OT Monitoring Is Now a Necessity (Tools, Baselines, and Incident Response): OT Security Part 4

OT Security Part 4: Why OT Monitoring Is Now a Necessity (Tools, Baselines, and Incident Response) In this Off the Wire episode, Tanner and Anthony wrap part four of their OT security miniseries by focusing on OT monitoring and why it’s needed, noting that over 90% of small and medium businesses with OT environments lack monitoring and that AI is lowering the time and effort required for attacks. They explain how legacy OT systems were built without security, often use unencrypted or proprietary protocols, and can’t run agent-based tools like EDR, making specialized monitoring essential. The discussion covers how monitoring complements preventive controls, helps establish a communications baseline, flags anomalies (like unexpected east-west traffic), supports forensics and log retention, integrates alerts with email and SIEMs, and validates segmentation and documented exceptions. They also debunk the “air-gapped OT” myth, stress mapping all IT/OT bridges, recommend an OT-specific incident response plan, and list tool options including Malcolm, Security Onion, Dragos (free under $100M revenue), and vendors like Darktrace, Tenable OT, Cisco Cyber Vision, Nozomi, and SCADAfence, alongside drivers like NERC CIP, CMMC, mandates, and cyber insurance. 00:00 Recording The Intro 00:02 Why OT Monitoring Matters 00:31 Small Targets AI Threat 02:31 OT Risks Real World Impact 05:39 OT Is A Different Animal 08:35 Baselines For Segmentation 10:03 Air Gap Myth Bridges 12:09 SCADA Migration Opportunity 13:21 Realistic OT Attack Chain 15:47 What to Monitor in OT 16:11 Five Key Visibility Signals 19:21 OT Incident Response Planning 20:27 Picking Monitoring Tools 22:41 Compliance and Budget Levers 24:13 OT Security Checklist 26:52 Final Thoughts and Next Episode

Managing Third-Party Remote Access: Tools, Risks, and Practical Tips (Off the Wire Part 3)

Managing Third-Party Remote Access: Tools, Risks, and Practical Tips (Off the Wire Part 3) In part three of Off the Wire’s four-part miniseries, the hosts discuss third-party remote access risks and why VPNs with MFA alone are insufficient, citing major breaches like Target and Toyota and a 2023 vendor compromise as wake-up calls. They review third-party access tools (BeyondTrust/Bomgar, SecureLink, ManageEngine PAM360, and OT-focused options like Claroty and Slo), explaining benefits such as role-based access control, detailed logging and session recording, layered approvals, session time limits, vendor-managed user provisioning, automatic deprovisioning, individual accountability, passwordless access, and rapid access shutdown when relationships end. They describe these tools as proxy-based “airlocks” that prevent lateral movement and enable oversight. Implementation advice includes treating it as non-negotiable while documenting exceptions, requiring ticket numbers, routing requests via chat, ensuring multiple approvers, sending logs to a SIEM, updating incident response plans, auditing access annually, and providing vendors a setup one-pager. 00:00 Third Party Access Intro 01:19 Why VPN Is Not Enough 01:51 Real World Breach Examples 02:44 Wake Up Call Story 04:33 Tool Options Overview 06:11 Key Features And Benefits 14:39 How These Tools Work 16:51 Vendor Pushback And Compliance 21:49 Implementation Tips Checklist 26:59 Wrap Up And Final Tip