Tech Updates

Andres Sarmiento

Tech Updates is your quick-hit source for the latest in enterprise technology—all in 10 minutes or less. From cybersecurity and network connectivity to data center innovation, cloud advancements, and the rise of AI, we cover the updates that matter. Each episode delivers vendor announcements, industry trends, and agnostic insights to keep you informed and ahead of the curve. Whether you’re a tech professional or just tech-curious, this podcast is designed to fit into your busy schedule and fuel your knowledge.

  1. 10. Juni

    Cisco Live 2026 Explained — Cloud Control, AgenticOps, Post-Mythos Security

    450%. That's how much more network traffic an AI agent generates than a human doing the same task. Cisco measured it, put it on the big screen at Cisco Live 2026, and then rebuilt its entire company around it. Last week in Las Vegas, Cisco made its biggest platform bet in two decades: every product — Catalyst, Meraki, Nexus, security, collaboration, Splunk — managed from one place, Cisco Cloud Control. This episode tears down what's real, what's vapor, and what it means for your network. What you'll hear: • Cloud Control — what it actually unifies, the AI runbooks, autonomous remediation, and the Codex natural-language agent builder • Cisco IQ, the sleeper hit — 2,036 customers onboarded vs. 800 expected, 88% support-case routing, the end of the 35-minute data-collection phase • The math: 450% more traffic per agent · AI traffic tripling in 3 years · tokenomics ($200/week per AI employee → $400M/year at 40,000) • Post-Mythos security — Live Protect rebootless mitigation, Nexus 9K smart switches with L4 firewalls in the data plane, the agentic SOC discarding 92% of alerts • Vendor English, translated — AgenticOps, "trillions of agents," and which claims are shipping vs. decorative • The Monday playbook — four things to actually do this week The products are real. The math is scary. The dashboard promise? Ask us again at Cisco Live 2027. Sources: Cisco Live 2026 keynotes (Robbins, Patel, Centoni — Las Vegas, June 2026) · Cisco Newsroom keynote TL;DR · SiliconANGLE five takeaways · Computer Weekly post-Mythos analysis · Anthropic Claude Mythos / Project Glasswing disclosures (April 2026). — Andrés Sarmiento #CiscoLive #networking #AgenticOps #CloudControl #cybersecurity #TechUpdates

    Cisco Live 2026 Explained — Cloud Control, AgenticOps, Post-Mythos Security
  2. 21. Mai

    Non-Human Identity Security Explained — The 45:1 NHI Crisis in 2026

    45 to 1. In the average enterprise, for every human user there are 45 machine identities. Every API key. Every service account. Every agent token. Every secret in every config file. Your IAM platform probably tracks about 2% of them. That's where the breaches are coming from now — Snowflake, GitHub PATs, Azure IMDS. This episode unpacks the NHI crisis, the vendor landscape, and the three control patterns that actually work this quarter. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ What counts as a non-human identity (it's more than service accounts) ✅ The 45:1 ratio — and why it's 200:1 in agentic shops ✅ Why "service account" is doing too much work (meet Dave) ✅ How Snowflake, GitHub PAT theft, and Azure IMDS all trace to NHIs ✅ Why your PAM solution doesn't cover any of this ✅ The NHI vendor landscape — Astrix, Oasis, Clutch, Teleport, Natoma ✅ The 3 control patterns that work (inventory, rotate, scope down) ✅ Why agents make this 10× worse by 2027 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ CHAPTERS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0:00 Intro — the 45:1 ratio 0:49 What is an NHI? (it's not just service accounts) 2:05 Dave is your problem 2:48 The breach file — Snowflake, GitHub PAT, Azure IMDS 4:20 Why PAM doesn't cover this 5:24 The NHI vendor landscape (still a 2-year-old category) 6:30 The 3 control patterns that work 7:46 Agents are NHIs — the 500:1 future ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 THE MEMORABLE LINES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • "A service account was created by Dave in 2017, has god-mode permissions, no rotation policy, is used by 42 systems nobody audited, and Dave left in 2020." • "Snowflake did what Snowflake was told to do. The instructions were 'trust this credential.' Guess what didn't have MFA." • "We are about to go from 45-to-1 to 500-to-1." • "Stop hardcoding secrets in your Git repos. Every scanner finds them in the first five minutes." ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🛠 THE 3 FREE CONTROL PATTERNS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • Inventory — you can't secure what you can't see • Rotate — replace long-lived creds with short-lived alternatives • Scope down — every NHI has more perms than it needs ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 TECH UPDATES · THE PODCAST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 techupdates.it-learn.io Previous → EP20 · Typhoon Season, One Year Later End of the EP17–21 arc. Thanks for listening. #TechUpdates #NHI #NonHumanIdentity #IAM #Snowflake #GitHub #PAM #Astrix #Oasis #Teleport #IdentitySecurity #CyberSecurity

    Non-Human Identity Security Explained — The 45:1 NHI Crisis in 2026
  3. 20. Mai

    Special · S04: The OT/ICS Defender — Why Volt Typhoon Should Worry You

    $140K. When you mess up, the lights go out for real. Final episode of TechUpdates Special Series. The most consequential security job almost nobody talks about — defending the systems that keep the country running. Power grids. Water utilities. Petrochemical plants. Pipelines. What you'll hear: • What OT/ICS defenders actually do — segmentation, SCADA patching, PLC defense, plant-engineer coordination • Comp reality — why OT pays 40–60% less than cloud security at the same companies, and the "purpose tax" • The real stakes: Ukraine 2015 grid attack · Triton 2017 (Saudi Arabia) · Oldsmar 2021 · Aliquippa 2023 · Volt Typhoon pre-positioning across U.S. critical infrastructure • A real day — substations at 6 AM, vendors that still ship Windows 7 SCADA, plant managers explaining why your last predecessor retired in 2015 • The two paths in — plant engineer to security, or IT security to OT — and why CISSP doesn't help but GICSP does • LinkedIn's "critical infrastructure defender" vs. the actual day (30% travel to plants, 20% talking plant engineers into caring) When you mess up here, there's a body count. When you do it right, nobody notices the lights stayed on. That's the whole job description. And it matters more every year as adversaries pre-position inside the operational networks of utilities they intend to disrupt on a date of their choosing. Sources: CISA joint advisory on Volt Typhoon (early 2024) · Ukrainian power grid attack (Dec 2015) · Triton/TRISIS analysis (Saudi Arabia, 2017) · Oldsmar water treatment incident (Florida, 2021) · Aliquippa Municipal Water Authority compromise (Pennsylvania, 2023, attributed to CyberAv3ngers). That wraps the Special Series. Pick the role that fits you. The field is wide. — Andrés Sarmiento #OTSecurity #ICSSecurity #CriticalInfrastructure #VoltTyphoon #cybersecurity #TechUpdates

    Special · S04: The OT/ICS Defender — Why Volt Typhoon Should Worry You
  4. 14. Mai

    Salt Typhoon Explained — The Chinese Telecom Breach, One Year Later (2026)

    In late 2024, Verizon, AT&T, and T-Mobile all admitted the same thing: their lawful-intercept systems — the ones they build for law enforcement — had been compromised by a Chinese state actor called Salt Typhoon. Years of dwell time. Wiretap infrastructure for politicians, including a presidential campaign. Sixteen months later, what have we actually fixed? Plus — why Volt Typhoon is the warning shot nobody's responding to, and why OT networks are still flat. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ The Salt / Volt / Flax Typhoon lineup — who they are, what they do ✅ How Salt Typhoon abused CALEA — the FBI's own backdoor ✅ Why Volt Typhoon is military pre-positioning, not espionage ✅ CISA's Feb 2026 lessons-learned report — wins and ugly parts ✅ Why OT networks remain "largely unchanged" from pre-2023 posture ✅ The defensive playbook that ties to Network+ Obj 3.5 (out-of-band mgmt, jump servers) ✅ Why this can't be fixed with a product purchase — it needs policy ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ CHAPTERS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0:00 Intro — 3 telecoms, same breach, same actor 0:49 The Typhoon lineup — Salt, Volt, Flax 2:07 CALEA — the 1994 law that became an attack surface 3:42 CISA's 2026 report — wins and ugly parts 5:06 OT is still flat — the uncomfortable truth 6:51 The defensive playbook — segmentation, zero-trust OT, OOB mgmt 8:45 The real lesson — this is policy, not a product ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 THE MEMORABLE LINES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • "The FBI's backdoor is also the PRC's backdoor." • "Predicted — by everyone. Dismissed — by everyone in government. Here we are." • "You don't get promoted for the attack that doesn't happen." • "Volt Typhoon is what happens when nobody replaces the kit." ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 TECH UPDATES · THE PODCAST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 techupdates.it-learn.io Previous → EP19 · AI Is Eating the Grid Up next → EP21 · Non-Human Identities Are Eating Your Network #TechUpdates #SaltTyphoon #VoltTyphoon #CALEA #CriticalInfrastructure #OTSecurity #Telecoms #CISA #CyberPolicy #ChinaCybersecurity

    Salt Typhoon Explained — The Chinese Telecom Breach, One Year Later (2026)

Info

Tech Updates is your quick-hit source for the latest in enterprise technology—all in 10 minutes or less. From cybersecurity and network connectivity to data center innovation, cloud advancements, and the rise of AI, we cover the updates that matter. Each episode delivers vendor announcements, industry trends, and agnostic insights to keep you informed and ahead of the curve. Whether you’re a tech professional or just tech-curious, this podcast is designed to fit into your busy schedule and fuel your knowledge.