Technically U

Technically U

One podcast keeps IT pros ahead of career-ending surprises. You're in cybersecurity, networking, or IT leadership. You know the feeling—scrambling to explain a breach, outage, or AI disruption you should have seen coming. TechnicallyU give you a 20-minute or more weekly briefing that makes you the smartest person in every meeting. What we actually cover: Why your MFA isn't protecting you like you think AI tools that will replace jobs vs. ones that will save them Cloud architecture mistakes costing companies millions Your competitors are already listening. New episodes every Thursday

  1. The DNS Encryption War: Why Privacy Tools and Security Teams Are Fighting Over DoH

    20 juin

    The DNS Encryption War: Why Privacy Tools and Security Teams Are Fighting Over DoH

    DNS over HTTPS (DoH) encrypts the internet's phonebook—and it's breaking traditional network security. Here's what IT professionals need to know about DoH in 2026, why enterprises are concerned, and how to adapt.🔐 WHAT IS DNS OVER HTTPS:THE PROBLEM DoH SOLVES:- Traditional DNS = plaintext on port 53 (unencrypted since 1983)- ISPs, network operators, anyone on WiFi can see every domain you visit- DNS queries reveal: Health research, job hunting, political views, all browsing activity- Government censorship via DNS blocking- DNS hijacking attacks on public WiFiHOW DoH WORKS:- Wraps DNS queries inside HTTPS connections (port 443)- Encrypted with TLS (same as secure websites)- Network observers see encrypted HTTPS traffic, can't tell it's DNS- RFC 8484 standard (2018)DoH vs DoT (DNS over TLS):- DoT: Dedicated port 853, easier for networks to identify/block- DoH: Port 443 (standard HTTPS), indistinguishable from web traffic- Both: Same encryption strength (TLS)- DoH: Better privacy, harder to block- DoT: Easier for enterprises to monitor/control⚠️ WHY ENTERPRISES ARE CONCERNED:BROWSER-LEVEL DoH BYPASSES CORPORATE DNS:- Firefox enables DoH by default (85%+ US users in 2026)- Chrome auto-upgrades when available- Bypasses network security tools completelyWHAT GETS BROKEN:1. Malware blocking (can't filter queries to C2 servers)2. Content filtering (parental controls, workplace policies)3. Threat detection (can't log DNS queries to identify infections)4. Data loss prevention (can't block file-sharing, personal email)5. Incident response (DNS logs don't exist for forensics)6. Compliance (regulatory requirements to monitor traffic)REAL ATTACKS USING DoH:- Godlua DDoS worm (2019): Used DoH to hide C2 communications- ShadowPad backdoor (2024): Encrypted DNS tunneling- 87% of organizations experienced DNS attacks in 2026- Malware increasingly adopting encrypted DNS to evade detectionNSA WARNING (January 2021, still relevant 2026):"Enterprises should avoid external DoH resolvers. Deploy internal DoH/DoT resolvers and block external endpoints."🛠️ HOW ENTERPRISES ARE ADAPTING:SOLUTION 1: Deploy Internal DoH/DoT Resolvers- Windows Server 2025: DoH support added February 2026- Run corporate DoH server with threat intelligence/filtering- Configure devices via MDM/group policy- Result: Encrypted DNS + enterprise security controlsSOLUTION 2: Block External DoH Providers- Block Cloudflare 1.1.1.1, Google 8.8.8.8, Quad9, etc.- Configure browser enterprise policies to disable DoH- Challenge: 931+ active DoH resolvers globally (can't block all)SOLUTION 3: Firefox Canary Domains- Firefox checks "use-application-dns.net" before enabling DoH- Corporate DNS returns specific response = Firefox disables DoH- Limitation: Only Firefox (Chrome doesn't use canary domains)SOLUTION 4: Roaming Client Agents- Deploy agents on devices (Cloudflare Gateway, Cisco Umbrella, DNSFilter)- Route DoH through corporate resolver- Works on BYOD and remote workers- Identity-aware policies even when encryptedSOLUTION 5: Shift to Endpoint Security- Network visibility lost → endpoint visibility gained- EDR (Endpoint Detection and Response) monitors device processes- TLS certificate monitoring, IP reputation, traffic patterns- Complement, don't replace, DNS security📊 CURRENT STATE (2026):ADOPTION RATES:- Firefox: 85%+ US users on DoH- Chrome: Auto-enabled since 2020- iOS/Android: "Private DNS" in system settings- Windows 11: DoH configuration built-in- Windows Server 2025: DoH server support (Feb 2026)JANUARY 2025 US EXECUTIVE ORDER:- Mandated DNS encryption for federal systems- Accelerated enterprise adoption- Government agencies deploying internal DoH/DoT resolvers

    28 min
  2. Container Security Explained: Kubernetes, Docker & Cloud Native Threats

    14 juin

    Container Security Explained: Kubernetes, Docker & Cloud Native Threats

    🔐 Are your containers actually secure… or just assumed to be?In this episode of Technically U, we take a deep, structured dive into Container Security, breaking down how modern environments built on Docker and Kubernetes are secured—and more importantly, how they’re attacked.Containers have revolutionized application deployment, but they’ve also introduced an entirely new security model. Unlike traditional virtual machines, containers share a kernel, are highly dynamic, and require a completely different approach to security.🎯 In this episode, you’ll learn:Why containers are NOT virtual machines (and why that matters for security)How container isolation actually works:NamespacescgroupsCapabilitiesSeccompThe real risks of container escape attacks and shared kernel vulnerabilitiesWhy misconfiguration is the #1 cause of container breachesThe dangers of privileged containers and over-permissioningA full breakdown of the container security lifecycle:Build (image security, scanning, secrets management)Registry (supply chain risks, image signing)Orchestration (Kubernetes security, RBAC, etcd protection)Runtime (monitoring, anomaly detection, threat prevention)The most common Kubernetes attack vectors:Exposed dashboardsWeak RBAC policiesFlat networking (lack of segmentation)Secrets exposureResource exhaustion attacksHow to implement Network Policies and microsegmentationTools used in real-world environments: Falco, Trivy, Sysdig, OPA, VaultA practical container security checklist you can apply immediately🚨 Key Insight:Containers are not inherently insecure—but they require a completely different security mindset. Most breaches aren’t caused by sophisticated attacks… they’re caused by simple misconfigurations.💡 Who this episode is for:Network EngineersCybersecurity ProfessionalsDevOps EngineersCloud ArchitectsAnyone working with Kubernetes or containerized applications🎧 Technically U – Tech made simple. One concept at a time.👉 Whether you're running a single Docker container or managing a large Kubernetes cluster, understanding these security principles is critical to protecting modern cloud-native environments.

    9 min
  3. Your Device Has a Secret Fingerprint — And Websites Know It

    28 mai

    Your Device Has a Secret Fingerprint — And Websites Know It

    Have you ever logged into your bank account and seen the message: “We don’t recognize this device”?That message may be powered by one of the most important cybersecurity tools most people have never heard of: device fingerprinting. In this episode of Technically U, we break down how websites, banks, apps, payment platforms, and security systems can recognize your device based on clues like your browser, operating system, screen size, location, time zone, IP address, graphics behavior, and even how your device renders web content. Device fingerprinting can help protect you from fraud, account takeover, bots, credential stuffing, and suspicious logins — but it also raises serious privacy concerns because it can be used to track users even when cookies are deleted or blocked. We explain it in a way that everyday users can understand, while also covering technical details for cybersecurity professionals, including browser signals, WebGL fingerprinting, canvas fingerprinting, behavioral analytics, bot detection, session protection, and risk-based authentication. Device fingerprinting is one of the hidden cybersecurity functions working behind the scenes every day. It helps protect your accounts — but it also shows how much your device may reveal without you realizing it. 📢 Your support means the world to us! Every subscriber motivates our team to create even better educational and awareness videos. Hit that subscribe button and be part of our journey! Technically UTech made simple. One packet at a time.

    22 min
  4. DTLS: Why VoIP Calls and Video Conferences Need Different Encryption Than HTTPS

    28 mai

    DTLS: Why VoIP Calls and Video Conferences Need Different Encryption Than HTTPS

    Your Zoom call, WebEx meeting, VoIP phone conversation, and WebRTC video chat may all be encrypted — but they are not using HTTPS. Why? Because HTTPS relies on TLS over TCP, while real-time communications usually run on UDP. In this episode of Technically U, we break down DTLS — Datagram Transport Layer Security — the encryption protocol that makes secure real-time communication possible. DTLS gives voice, video, gaming, IoT, VPNs, and live streaming the security benefits of TLS while still supporting the speed and flexibility of UDP. You’ll learn why traditional TLS works well for websites, APIs, and file downloads, but creates problems for real-time traffic where delays, retransmissions, and packet ordering can ruin the user experience. We also explain how DTLS handles packet loss, out-of-order delivery, replay protection, handshake reliability, and secure key exchange. Topics covered include: What DTLS is Why TLS does not work well over UDP TCP vs UDP for real-time communications How DTLS secures VoIP and video conferencing DTLS-SRTP and WebRTC encryption How DTLS is used in IoT, VPNs, gaming, and live streaming DTLS 1.2 vs DTLS 1.3 Common DTLS security mistakes Why certificate validation still matters How DTLS protects real-time traffic without breaking performance DTLS is the unsung hero behind secure real-time communications. Every VoIP call, browser-based video meeting, WebRTC session, and many IoT communications rely on encryption that can survive packet loss, jitter, and unreliable networks. We are Technically U, and our motto is: Tech made simple. Subscribe for more clear breakdowns on networking, cybersecurity, encryption, protocols, enterprise technology, and the systems that power modern communication.

    3 min
  5. AI Agents Are Replacing Jobs AI Chatbots Never Could: Here's the Difference

    21 mai

    AI Agents Are Replacing Jobs AI Chatbots Never Could: Here's the Difference

    AI agents are changing the workplace faster than most people realize. Unlike AI assistants such as ChatGPT, Claude, Gemini, or Copilot, AI agents do more than answer questions — they can take action inside business systems, complete workflows, update records, process requests, and make decisions within defined rules. In this episode of Technically U, we break down the real differences between AI assistants and AI agents, why companies are deploying them aggressively in 2026, and which jobs are most at risk of automation. You’ll learn how AI agents are being used in customer service, IT support, sales operations, data entry, finance, scheduling, and business operations. We also explain why the shift from “AI-assisted work” to “AI-executed work” is so important, what employees should do to stay relevant, and how managers should decide what to automate first. Topics covered include: AI assistants vs AI agents How autonomous AI agents work Jobs being automated by AI agents Salesforce AgentForce, Microsoft Copilot Studio, Google Workspace AI, and ServiceNowAI agents Why 2025–2026 became the breakout period for AI agents The economics behind AI automation Skills employees need to protect their careers How managers should roll out AI agents responsibly AI is not replacing every job — but AI agents are replacing specific tasks at scale. The question is no longer whether this technology is coming. It is already here. Subscribe to Technically U for clear, practical breakdowns of enterprise technology, cybersecurity, AI, automation, and the future of work.

    10 min
  6. DHT Security Explained: Why Distributed Hash Tables Are Fundamentally Vulnerable

    13 mai

    DHT Security Explained: Why Distributed Hash Tables Are Fundamentally Vulnerable

    What if the technology powering BitTorrent, IPFS, and blockchain networks… is fundamentally insecure? In this episode of Technically U, we take a deep dive into Distributed Hash Table (DHT) security—and uncover why one of the internet’s most important decentralized technologies still faces unsolved security challenges after more than 20 years of research. DHTs enable peer-to-peer networking without central servers, making them powerful for censorship resistance and scalability. But that same openness introduces serious vulnerabilities that attackers can exploit. 🎯 In this episode, you’ll learn: What a Distributed Hash Table (DHT) is and how it works How DHTs power systems like BitTorrent, IPFS, blockchain node discovery, and Tor The three major attack types: Sybil Attacks – fake identities controlling the network Eclipse Attacks – isolating victims from the real network Routing & Storage Attacks – manipulating or corrupting data Real-world examples of DHT attacks, including IPFS and Ethereum vulnerabilities Why attackers can execute large-scale attacks at surprisingly low cost Key defense strategies: Proof-of-Work and Proof-of-Space Routing table diversity and multi-path lookups Cryptographic verification and redundancy Reputation systems and behavioral analysis Why no perfect solution exists (and likely never will) The fundamental tradeoffs between security, decentralization, anonymity, and performance 🚨 Critical Insight: DHTs are designed to be open and permissionless—but that same design makes them inherently vulnerable to Sybil attacks. Without a central authority, there is no way to fully prevent attackers from creating unlimited identities. 💡 Why this matters: DHTs are widely used in modern infrastructure. Understanding their limitations is critical for: Network engineers Cybersecurity professionals Blockchain developers Anyone building or relying on decentralized systems 🎧 Technically U – Tech made simple. One packet at a time. 👉 If you’re building on DHT-based systems, remember: Use multiple layers of defense, monitor for attacks, and never treat DHT data as your only source of truth.

    9 min
  7. 802.1X Explained: The Technology Controlling Who Gets on Your Network

    10 mai

    802.1X Explained: The Technology Controlling Who Gets on Your Network

    Who is allowed on your network—and how is that decision made?In this episode of Technically U, we break down IEEE 802.1X, the powerful security framework behind Network Access Control (NAC) that determines whether devices can connect to your wired or wireless network. Whether you're plugging into an Ethernet port or connecting to corporate Wi-Fi, 802.1X is working behind the scenes to authenticate users, validate devices, and enforce security policies—often in just seconds. 🎯 In this session, you'll learn: What 802.1X authentication is and why it matters How RADIUS servers, switches, and endpoints (supplicants) work together The step-by-step 802.1X authentication process Key protocols like EAP, PEAP, and EAP-TLS explained simply The difference between WPA2/WPA3 Enterprise vs PSK Wi-Fi How enterprises use dynamic VLAN assignment for secure segmentation What MAC Authentication Bypass (MAB) is and when it’s used How NAC solutions (Cisco ISE, Aruba ClearPass, FreeRADIUS) enhance security The role of 802.1X in Zero Trust architectures Real-world deployment tips and common challenges 🚀 Why this matters: Modern networks are no longer defined by location—they’re defined by identity. With remote work, IoT devices, and increasing cyber threats, 802.1X is a foundational layer of enterprise security. If you're in IT, networking, cybersecurity—or just want to understand how secure networks actually work—this episode gives you a clear, practical breakdown.

    9 min
  8. Encrypted Wavelength Services: (Part 3) Securing Data at the Optical Layer

    30 avr.

    Encrypted Wavelength Services: (Part 3) Securing Data at the Optical Layer

    🔐 Is your private network actually secure… or just private? In Part 3 of our Wavelength Services series on Technically U, we dive into encrypted Wavelength services—and why security at the optical layer is becoming critical for modern enterprise networks. Even with HTTPS, VPNs, and application-layer encryption, your data still travels across carrier-owned fiber infrastructure. And yes—fiber tapping is rare, but it’s possible. That’s why organizations handling sensitive data are adding encryption at the Wave layer for true defense in depth. 🎯 In this episode, you’ll learn: Why optical layer encryption matters—even if you already use TLS or IPsec The real-world risks of fiber tapping and physical infrastructure exposure The three main encryption approaches: Layer 1 (OTN) Encryption – maximum security at the optical layer MACsec (Layer 2) – the enterprise standard for low-latency encryption IPsec (Layer 3) – familiar but less efficient for high-speed Waves Key tradeoffs in latency, throughput, and packet overhead How MACsec (IEEE 802.1AE) works and why it’s widely adopted The role of AES-256-GCM encryption in securing optical traffic Customer-managed vs Carrier-managed encryption models Best practices for key management, HSMs, and key rotation Emerging risks like quantum computing (“harvest now, decrypt later”) Compliance frameworks driving encryption requirements: FIPS 140-2 / 140-3PCI-DSSHIPAANSA CSfC (Commercial Solutions for Classified) 🚨 Key Insight: A dedicated Wavelength circuit is private—but without encryption, it’s not fully secure. Optical-layer encryption ensures that even if fiber is compromised, your data remains unreadable. 💡 Who should care about encrypted Waves? Financial institutions and trading platforms Healthcare organizations handling patient data Government and defense contractors Enterprises moving sensitive intellectual property Any organization with high-value data in transit 🎧 Technically U – Tech made simple. One packet at a time. 👉 Full Series Recap: Part 1: What Wavelength services are and how they work Part 2: Engineering for resiliency (failover, protection, redundancy) Part 3: Security and encryption at the optical layer

    8 min

À propos

One podcast keeps IT pros ahead of career-ending surprises. You're in cybersecurity, networking, or IT leadership. You know the feeling—scrambling to explain a breach, outage, or AI disruption you should have seen coming. TechnicallyU give you a 20-minute or more weekly briefing that makes you the smartest person in every meeting. What we actually cover: Why your MFA isn't protecting you like you think AI tools that will replace jobs vs. ones that will save them Cloud architecture mistakes costing companies millions Your competitors are already listening. New episodes every Thursday