Modern Cyber with Jeremy Snyder

Kenneth Ellington of Ellington Cybersecurity Academy

30 min · 16 jun 2026
aflevering Kenneth Ellington of Ellington Cybersecurity Academy artwork

Beschrijving

In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automated incident response. As organizations transition from conceptual AI to deploying agentic AI in production environments, Kenneth shares his extensive hands-on expertise managing complex enterprise security operations across Splunk, Elastic, and Microsoft Sentinel architectures. The conversation dives deep into the realities of alert fatigue, explaining why security analysts remain overwhelmed by false positives and how proper data pipeline management is essential before any AI automation can be effectively introduced. Kenneth unpacks the historical shift from SIEMs acting as long-term historical audit records to highly optimized, real-time threat detection engines, while advocating for cost-effective security data lakes for extended threat hunting visibility. Then, the discussion tackles the nuances of implementing AI in highly regulated sectors like finance and healthcare, demystifying the difference between marketing buzzwords around SOAR platforms and genuinely actionable AI-assisted threat hunting workflows. Wrapping up, Kenneth shares raw insights into the harsh realities of breaking into the cybersecurity industry today, emphasizing the indispensable need for hard technical skills, strong soft skills, and resilient mental models for aspiring SOC analysts facing trial by fire. About Kenneth Kenneth Ellington is a Senior SIEM Engineer and cybersecurity entrepreneur, and the Founder of Ellington Cyber Academy (ECA), where he trains the next generation of detection engineers and threat hunters. He previously served as a Senior Consultant at EY, supporting enterprise security operations and SIEM engineering initiatives across complex environments. Kenneth specializes in detection engineering, threat hunting, and XDR architecture, with deep hands-on experience across Splunk, Elastic, and Sentinel ecosystems. He recently spoke at BSides St. Pete, sharing insights on real-world threat detection and building practical cyber talent pipelines. Episode Links * Ellington Cyber Academy: https://www.ellingtoncyberacademy.com/ [https://www.ellingtoncyberacademy.com/] * Kenneth Ellington on LinkedIn: https://www.linkedin.com/in/kenneth-ellington/ [https://www.linkedin.com/in/kenneth-ellington/]

Reacties

0

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de Modern Cyber with Jeremy Snyder community!

Probeer gratis

Probeer 14 dagen gratis

€ 9,99 / maand na proefperiode. · Elk moment opzegbaar.

  • Podcasts die je alleen op Podimo hoort
  • 20 uur luisterboeken / maand
  • Gratis podcasts

Alle afleveringen

120 afleveringen

aflevering This Week in AI Security - 2nd July 2026 artwork

This Week in AI Security - 2nd July 2026

A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody thinks to inspect, AI development tooling keeps proving to be a soft target, and the infrastructure around AI is becoming a first-class attack surface. Plus an update on the US government's limited release of Anthropic's Mythos model, and a fresh Five Eyes warning that the cyber risk timeline is measured in months, not years. Key Episode Highlights * GuardFall: research from Versa showing a prompt-injection technique that defeats 10 of the 11 most popular open source coding and computer-use agents (Cline, Goose, Aider, Roo Code, OpenHands, and others) using basic bash obfuscation. Roughly 548,000 combined GitHub stars across the affected tools. * Amazon Q auto-load flaw: Wiz found the tool auto-loads an amazonq/mcp.json file from cloned repos with no prompt, consent, or workspace-trust check, opening a path to arbitrary code execution. * Perplexity typosquat: Microsoft Defender uncovered a malicious "Search for Perplexity.ai [http://Perplexity.ai]" extension that captured every keystroke in the address bar and routed it to perplexity-ai.online [http://perplexity-ai.online]. AI chat-skimming extensions total roughly 900,000 installs across 20-plus enterprise networks. * Langflow RCE: a new critical CVE enabling remote code execution and arbitrary Python on exposed instances. Trend Micro documented a 19-day campaign deploying Monero crypto miners. * Mythos, unblocked (with limits): the US government has lifted its export-control block on Anthropic's Mythos 5 release, though the exact terms remain fuzzy. * Five Eyes warning: a joint NSA, GCHQ, and allied-agency statement that frontier AI will accelerate the speed, scale, and sophistication of cyber threats, with Bruce Schneier arguing in The Guardian that AI decouples skill from ability. Episode Links - * https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html [https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html] * https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html [https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html] * https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html [https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html] * https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security [https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security] * https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release [https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release] * https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html [https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html]

2 jul 202612 min
aflevering This Week in AI Security - 25th June 2026 artwork

This Week in AI Security - 25th June 2026

This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that humans never caught, chaining old bugs into new high-impact attacks, and getting jailbroken within days of launch. On top of that: a fresh zero-click exfiltration chain in Microsoft 365 Copilot, a database that doubles as a covert attack channel, a major open source patching initiative from OpenAI and Trail of Bits, and a NIST proof that no fixed set of guardrails can hold forever. Key Episode Highlights * SquidBleed: a Squid proxy flaw sitting in the default config since a 1997 commit, surfaced almost instantly by Claude Mythos Preview under Project Glasswing. Roughly 30 years undetected by humans. * The HTTP/2 Bomb: a denial-of-service attack chaining an HPACK compression bomb with a Slowloris-style memory hold, built by an AI model that read the codebases and stitched together two old CVEs. * The Daybreak Initiative: OpenAI pairs GPT-5.5 Cyber with Trail of Bits to find and fix flaws across 30-plus critical open source projects. * Five Eyes alarm: NSA and CISA issue a rare joint statement warning that frontier AI will transform offense and defense, with a timeline measured in months, not years. * SearchLeak: Varonis discloses a zero-click Microsoft 365 Copilot Enterprise chain that pulls mail, calendar, and files from a single crafted link. Already patched server-side, no customer action needed. * "Oops, I weaponized the database": SpecterOps shows native AI features in Microsoft SQL Server 2025 doubling as a covert command and control and exfiltration channel. Microsoft says it's working as designed. * Meta hits pause: an internal program training AI on employee behavior is halted after sensitive data was exposed to the entire workforce. * Fable 5 jailbroken: Bruce Schneier reports Anthropic's new Mythos-class model bypassed within days, with its 120,000 character system prompt leaked to GitHub. * NIST proof: a peer-reviewed result showing no finite set of guardrails can be universally robust against an adaptive adversary. Episode Links * https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html * https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377 * ‍https://openai.com/index/patch-the-planet/ * ‍https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ * https://specterops.io/blog/2026/06/10/oops-i-weaponized-the-database-abusing-ai-features-in-mssql-2025/ * https://www.wired.com/story/meta-accidentally-let-employees-access-each-others-keystroke-data/ * https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html * https://www.nist.gov/news-events/news/2026/06/nist-mathematical-proof-supports-transition-continuous-monitor-and-update

2 jul 202613 min
aflevering Taylor Hersom of Eden Dta artwork

Taylor Hersom of Eden Dta

In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth. They discuss why startups often overinvest in technical security tools while underinvesting in the actual foundation of customer trust. Taylor unpacks how compliance frameworks like SOC 2 and ISO 27001 act as a powerful "trust escrow" for businesses and explains the complex nuances of the Cybersecurity Maturity Model Certification (CMMC) for government contractors and their subcontractors. The conversation also tackles the escalating challenge of shadow IT driven by AI tools, the urgent need for structured AI governance, and why the cybersecurity industry must shift away from relying on static employee policies toward implementing automated technical controls that eliminate human error entirely. About Taylor Hersom Taylor is the Founder of Eden Data, a modern cybersecurity firm recently acquired by Riveron, where it now plays a key role in expanding the firm’s risk advisory platform. A former Deloitte leader and CISO, Taylor brings deep expertise in governance and compliance frameworks, including SOC 2, ISO 27001, and HIPAA. Since founding Eden Data, he has helped hundreds of startups and scaleups—including Nooks AI, Zendesk, Bitly, and Kindbody—navigate everything from early-stage compliance to IPO readiness. He has earned Partner of the Year awards four years in a row from Drata. With his background, Taylor speaks to the evolving intersection of cybersecurity, compliance, and enterprise growth, showing how trust can be a powerful driver of business success. Episode Links Eden Data: https://www.edendata.com/ [https://www.edendata.com/] Taylor Hersom on LinkedIn: https://www.linkedin.com/in/taylorhersom/ [https://www.linkedin.com/in/taylorhersom/]

24 jun 202642 min
aflevering This Week in AI Security - 18th June 2026 artwork

This Week in AI Security - 18th June 2026

In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's radical new 3-day vulnerability remediation timeline and how autonomous threats are now weaponizing application monitoring software. Key Episode Highlights: * The Global Kill Switch: Just five days after launch, the US Department of Commerce invoked a sweeping export control directive against Anthropic's Claude Fable model after an Amazon-discovered jailbreak was flagged to national security officials. This action triggered a total global deactivation, limiting access exclusively to US citizens. * The "Lethal Trifecta" of Agent Hijacking: Toxic researchers define the critical conditions where AI agents become highly weaponizable: concurrent access to sensitive data, exposure to untrusted external content, and the ability to execute outbound actions. * Sentry "Agentjacking": Attackers are injecting malicious Markdown into standard Sentry error logs to bypass WAF and EDR tools, silently hijacking the AI agents developers deploy to automatically triage and fix code errors. * CISA BOD 2026-04: As the "Vulnpocalypse" pushes the projected 2026 vulnerability count to 66,000, CISA has issued an emergency Binding Operational Directive that slashes the required patching timeline for critical software flaws down to a blistering 3 days. * Hugging Face Framework RCE: A newly disclosed critical vulnerability (CVE-2026-4372) proves that a single polluted line in a Hugging Face configuration file can grant full Remote Code Execution on enterprise inference servers. * The Shai-Hulud Miasma: A sophisticated 4.6MB payload is now exploiting static code analysis within AI development pipelines. The worm intentionally embeds instructions regarding heavily restricted topics (e.g., bomb-making) into error logs to intentionally trigger LLM safety halts, effectively blinding AI security monitoring tools. Episode Links https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/ https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html https://blog.securityjoes.com/post/shai-hulud-miasma-when-a-supply-chain-worm-learned-to-hijack-ai-coding-agents https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html https://www.brinztech.com/breach-alerts/brinztech-ai-infrastructure-alert-authentication-evasion-broken-access-controls-and-automated-agent-manipulation-the-in-the-wild-scanning-exploitation-loop-of-praisonai-cve-2026-44338 https://www.toxsec.com/p/agentic-ai-attacks-explained-lethal-trifecta https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/ https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/ https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-config-injection/ https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html

18 jun 202614 min
aflevering Kenneth Ellington of Ellington Cybersecurity Academy artwork

Kenneth Ellington of Ellington Cybersecurity Academy

In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automated incident response. As organizations transition from conceptual AI to deploying agentic AI in production environments, Kenneth shares his extensive hands-on expertise managing complex enterprise security operations across Splunk, Elastic, and Microsoft Sentinel architectures. The conversation dives deep into the realities of alert fatigue, explaining why security analysts remain overwhelmed by false positives and how proper data pipeline management is essential before any AI automation can be effectively introduced. Kenneth unpacks the historical shift from SIEMs acting as long-term historical audit records to highly optimized, real-time threat detection engines, while advocating for cost-effective security data lakes for extended threat hunting visibility. Then, the discussion tackles the nuances of implementing AI in highly regulated sectors like finance and healthcare, demystifying the difference between marketing buzzwords around SOAR platforms and genuinely actionable AI-assisted threat hunting workflows. Wrapping up, Kenneth shares raw insights into the harsh realities of breaking into the cybersecurity industry today, emphasizing the indispensable need for hard technical skills, strong soft skills, and resilient mental models for aspiring SOC analysts facing trial by fire. About Kenneth Kenneth Ellington is a Senior SIEM Engineer and cybersecurity entrepreneur, and the Founder of Ellington Cyber Academy (ECA), where he trains the next generation of detection engineers and threat hunters. He previously served as a Senior Consultant at EY, supporting enterprise security operations and SIEM engineering initiatives across complex environments. Kenneth specializes in detection engineering, threat hunting, and XDR architecture, with deep hands-on experience across Splunk, Elastic, and Sentinel ecosystems. He recently spoke at BSides St. Pete, sharing insights on real-world threat detection and building practical cyber talent pipelines. Episode Links * Ellington Cyber Academy: https://www.ellingtoncyberacademy.com/ [https://www.ellingtoncyberacademy.com/] * Kenneth Ellington on LinkedIn: https://www.linkedin.com/in/kenneth-ellington/ [https://www.linkedin.com/in/kenneth-ellington/]

16 jun 202630 min