The Art of Security

Learning Cybersecurity: Education, Experience, and AI

Cybersecurity is one of the few professions where the learning never stops. New technologies, evolving threats, and the rapid rise of AI constantly reshape what security professionals need to know. In this episode of The Art of Security, Josh Davies and Tyler Reguly sit down with Dr. Mansour Alqarni of Fanshawe College to explore the current state of cybersecurity education and what it takes to build the next generation of security professionals. They discuss the cybersecurity skills gap, the role of colleges and universities in preparing students for the workforce, the balance between theory and hands-on experience, and whether cybersecurity should be considered an entry-level career path. The conversation also dives into the impact of AI on security operations, hiring, and education and why critical thinking and continuous learning may be more important than ever. Whether you're a student considering a career in cybersecurity, a hiring manager evaluating talent, or a seasoned practitioner looking to stay ahead of industry changes, this episode offers valuable insights into how cybersecurity professionals are trained, developed, and prepared for the challenges ahead. Topics covered: • The different paths to a cybersecurity career • Teaching security in the age of AI • Practical experience vs academic theory • AI's impact on SOC analysts and security teams • The importance of soft skills and trust Subscribe now for more expert insights and security conversations.

Named Vulnerabilities, CVEs & the Problem With Security Hype

Why do vulnerabilities like Heartbleed, PrintNightmare, and Log4Shell get memorable names while thousands of other CVEs go unnoticed? In this episode of The Art of Security, Josh Davies and Tyler Reguly debate whether named vulnerabilities help cybersecurity awareness or create dangerous hype cycles. From CVE identifiers and responsible disclosure to media sensationalism and "boy who cried wolf" fatigue, the conversation explores how branding vulnerabilities impacts SOC teams, executives, researchers, and the wider industry. A must-watch for SOC analysts, threat researchers, vulnerability management teams, CISOs, business leaders, and cybersecurity practitioners who want to understand how vulnerability naming and security hype shape real-world response, risk perception, incident prioritization, and executive decision-making.

Supply Chain Compromise: Trust Is the Target

We're told to patch fast, trust updates, and rely on the software ecosystems that power modern business. But what happens when that trust becomes the attack vector itself? In this episode of The Art of Security, Josh Davies and Tyler Reguly dive into the growing world of software supply chain compromise — from malicious open source packages and compromised dependencies to sleeper-agent style attacks that quietly infiltrate trusted projects for years before striking at scale. Josh and Tyler unpack how attackers are weaponizing trust, automation, and AI-assisted development to spread compromise at scale, while exploring practical defenses and why today's "patch immediately" mindset may no longer be enough. When trust is the delivery mechanism, every dependency becomes part of your attack surface. Make sure to subscribe to the podcast!

The Art of Collective Defense

When one organization gets breached, attackers don't just win — they get better. In this episode of The Art of Security, we explore a powerful idea: Cybersecurity isn't a solo fight but a shared one. And when defenders collaborate, everyone gets stronger. Josh Davies and Tyler Reguly are joined by Jennifer Quaid and Bob Gordon from the Canadian Cyber Threat Exchange [https://cctx.ca/] (CCTX) to break down what effective collaboration really looks like in practice. From real-world intelligence sharing to cross-industry cooperation, they unpack how organizations can turn threat data into actionable defense and why keeping insights siloed only benefits attackers. You'll learn: * Why "when one wins, we all win" is more than just a slogan * How intelligence sharing improves detection, response, and resilience * The role of trust, community, and diverse perspectives in cybersecurity If you think cybersecurity is just about tools and technology, this conversation will challenge that assumption. Because in today's threat landscape, defense is a team sport. Subscribe for more real-world insights on cybersecurity, threat intelligence, and the decisions that shape effective defense.

Stop Patching Everything: Rethinking Vulnerability Management with RSnake

In this episode of The Art of Security, Josh Davies and Tyler Reguly take a hard look at vulnerability management (VM) — one of the oldest and most widely adopted practices in cybersecurity — and ask a simple question: are we doing it wrong? Joined by special guest Robert "RSnake" Hansen, we unpack the critical differences between vulnerability management and patch management, and explore why treating them as the same thing may be holding organizations back. From the overwhelming volume of CVEs to the limitations of scoring systems like CVSS, this conversation challenges conventional thinking. Why do so few vulnerabilities actually lead to real-world breaches or business loss? And if that's the case, why are security teams still trying to patch everything? This episode is all about cutting through the noise and focusing on what truly reduces risk. If you've ever felt overwhelmed by vulnerability backlogs or questioned whether your VM program is actually making an impact, this conversation will challenge your assumptions — and give you a new lens to think about security.