The Cyber Threat Perspective
The Cyber Threat Perspective
SecurIT360
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting [email protected]
[Replay] Episode 172: The Biggest Security Blind Spots in Midsized Companies
Some of the most dangerous security gaps aren't sophisticated — they're the ones hiding in plain sight. In this replay, Brad and Spencer break down the biggest blind spots they see over and over in mid-size companies: poor asset inventory, flat networks, flat identities, overconfidence in security tools, credential reuse, and the emerging risks with AI. If any of these hit home, go to our website, fill out the form, and see if we're a fit for you. Blog: https://offsec.blog/ Youtube: https://w...
Jun 25
33 min
Episode 185 | A Toddler with a Bazooka: The Real Risk of AI Agents
AI agents can search the web, manipulate files, run commands, make API requests, access cloud platforms, and operate fully autonomously. They are powerful, they are here, and most organizations have no security controls around them whatsoever. In this episode, Brad and Spencer break down the five major AI agent risk categories security teams need to understand right now, using Simon Willison's "lethal trifecta" as a framework and building on it with two additional risk areas they see in the f...
Jun 18
45 min
Episode 184 | Active Directory Isn't Dead. It's Just Undefended.
Think Active Directory is dead? Think again. According to Microsoft data, 86% of organizational workloads still touch Active Directory, and nearly 20% of organizations don't expect to reach a hybrid state for 10-20+ years. In this episode, Brad and Spencer break down why AD attack paths remain one of the most critical threats in enterprise environments and what defenders can do about it right now. Spencer also previews his ContinuumCon workshop "Killing AD Attack Paths Once and For All" wher...
Jun 11
28 min
Episode 183 | OWASP Top 10 Part 2: Security Misconfigurations That Get You Hacked
Security misconfiguration is one of the most frequently found vulnerabilities in web application pen testing — and most of the fixes are just a checkbox. In Part 2 of their OWASP Top 10 series, Brad Causey and Jordan Natter cover OWASP A05: Security Misconfiguration with real stories from recent engagements and practical takeaways for developers, security teams, and organizations of all sizes. In this episode: Hardcoded Active Directory credentials and API keys discovered in a public GitHub r...
Jun 5
28 min
Episode 182: Patching Crisis — Vulns Now #1 Attack Vector (2026 Verizon DBIR)
Hosts Brad Causey and Spencer Alessi break down the 2026 Verizon Data Breach Investigations Report, focusing on the findings that actually matter for IT and security teams. The biggest surprise: vulnerability exploitation has overtaken stolen credentials as the top initial access vector, accounting for 31% of attacks, while credential abuse dropped to just 13%. This completely flips the script on years of "identity is the new perimeter" thinking. Topics covered include: Vulnerability explosio...
May 27
30 min
[Replay] Episode 159: How to Break Into Cybersecurity — What Actually Works
We're re-releasing one of our most practical episodes this week — originally published November 2025, and still one of the best roadmap conversations we've had on the show. Brad and Spencer share no-fluff advice for breaking into cybersecurity, whether you're switching careers, starting from scratch, or leveling up from a general IT role. They cover what employers actually look for, the fastest paths in, and what to skip. If you're exploring a cybersecurity career, or know someone who is, thi...
May 20
44 min
Episode 181: AI Zero Days (Google Threat Intelligence Report)
Brad and Spencer break down Google Threat Intelligence Group's latest report on how adversaries are weaponizing AI across the entire attack lifecycle. The big takeaway isn't that AI has magically replaced attackers, but that it's making certain workflows faster, more scalable, and more repeatable. More importantly, AI platforms, agent skills, integrations, and dependencies are now becoming targets themselves. Topics covered include: AI for vulnerability discovery and exploit development: Goog...
May 12
41 min
Episode 180: Cybersecurity Echo Chambers — How to Think Critically in a Hype-Driven Industry
In Episode 180, hosts Brad Causey and Spencer Alessi tackle a critical but often overlooked issue in cybersecurity: the echo chambers that can undermine critical thinking and effective security programs. Inspired by recent experiences at the ILTA Evolve conference, Spencer and Brad explore how cybersecurity professionals, from practitioners to executives, can fall into bubbles where everyone reinforces the same ideas without questioning underlying assumptions. Topics covered include: What cyb...
May 7
29 min
Episode 179: OWASP Top 10 Part 1 - Broken Access Control, IDOR, and CORS Explained
In Episode 179 of the Cyber Threat Perspective podcast, host Brad Causey and web app pen tester Jordan Natter kick off a multi-part series on the OWASP Top 10, the newly updated list of the most common and critical web application security risks, with a fresh version released in 2025. Before diving in, Brad sets the record straight on something that's been bugging him for 20 years: the OWASP Top 10 is an awareness document, not a compliance framework, not a pen test checklist, and not a compr...
Apr 30
28 min
Episode 178: Internal Security Controls That Actually Frustrate Attackers
In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year. This isn't a vendor comparison or a theoretical framework. It's an honest account of what works, what gets misconfigured, and what separates organizations that slow attackers down from those that don't. ...
Apr 22
31 min
Load more