DTF Cyber Podcast

Cyber Podcast
  • 5.0 (2)
  • TECH NEWS
  • UPDATED WEEKLY

Damian, Troy, and Fern break down the week’s biggest hacks, breaches, and zero-days with zero corporate filter. Expect strong opinions, dark humor, and actionable intel from three pros who’ve been in the trenches. New episodes drop when the news is too wild to ignore.

  1. Anthropic Mythos: The AI That Just Fired Its CISO? | #DTF#040

    6D AGO

    Anthropic Mythos: The AI That Just Fired Its CISO? | #DTF#040

    Anthropic just changed the rules of the game with "Mythos"—a frontier-tier model that doesn't just find vulnerabilities; it reasons through a 23,000-word "Living Constitution" to decide if it even wants to help you. In this milestone Episode 40, Damian, Troy, and Fern dive into Project Glasswing, the secret group of 12 companies given early access to this "digital nuke," and debate whether we are heading toward a future of AI-on-AI warfare. From 72% exploit success rates to AI toilets, we cover the technical, the tactical, and the hysterical. Timestamps: •⁠ ⁠00:00 – Intro •⁠ ⁠02:15 – Project Glasswing: Why is Anthropic gatekeeping Mythos? •⁠ ⁠05:39 – The Stats: 72% success in generating working exploits •⁠ ⁠13:30 – Damian’s Deep Dive: Why BSD and zero-days are back in the spotlight •⁠ ⁠19:40 – The 23,000-Word Constitution: Can AI have ethics? •⁠ ⁠28:50 – Troy’s Reality Check: Liability and the "Self-Evolving" rule set •⁠ ⁠42:00 – The Great Debate: Should we bury this tech or embrace it? •⁠ ⁠50:00 – Fern’s Final Thought: AI toilets and the future of fiber

    53 min
  2. Your AI Just Spent $50,000: The Shadow AI Agent Nightmare | #DTF039

    APR 6

    Your AI Just Spent $50,000: The Shadow AI Agent Nightmare | #DTF039

    In this episode, Damian, Troy, and Fern dive into the 'Wild West' of 2026: Shadow AI. From autonomous agents paying unapproved invoices to the rinse and repeat of the 2010 cloud revolution, the team debates whether AI agents are productivity miracles or a liability nightmare for the modern CISO. Timestamps: ⁠00:00 - The $50k Shadow Agent Invoice 01:02 - Fern’s Nightmare Scenario: The AI Agent in Production 02:15 - 2010 vs. 2026: Why Shadow AI is the new Shadow IT 04:14 - Damian’s Technical Deep Dive: The Permission Explosion & Admin Entitlements ⁠11:08 - The State of the Union: CISO Mandates and the "Chief AI Officer" 26:10 - Troy’s CISO Perspective: Managing Identity Governance & Global Risk 40:13 - The Great Debate: Micro-segmentation for AI Agents 46:49 - Final Verdict: Can You Govern What You Can't See? http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

    50 min
  3. The Life and Death Stakes of Healthcare Cybersecurity | #DTF038

    MAR 16

    The Life and Death Stakes of Healthcare Cybersecurity | #DTF038

    In Episode 38 of the DTF Cyber Podcast, Fern and Troy welcome Healthcare CISO, Bob Schlotfelt. We dive into why an incident at a hospital is fundamentally different from a retail breach. While Damian is out, Bob brings decades of insight into protecting patient safety over just protecting data. We discuss the nightmare of unpatchable medical devices, why compliance doesn't equal security, and the hilarious (but effective) ways to get a nurse's attention for security training. Chapter Markers: •⁠ ⁠00:00 - Intro: Netflix vs. Banks vs. Hospitals •⁠ ⁠01:46 - Introducing Bob, Healthcare CISO •⁠ ⁠08:38 - The Threat to Connected Medical Devices •⁠ ⁠18:50 - Fixing "Operational Friction" on the Hospital Floor •⁠ ⁠34:06 - Security Awareness in the Bathroom Stalls? •⁠ ⁠43:09 - Why Compliance (HIPAA) is NOT Security. •⁠ ⁠1:01:00 - Telling Truth to Power: Boardroom Advice. http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

    1h 5m
  4. Cybersecurity Salaries 2026: The "AI Squeeze" is Here | #DTF037

    MAR 9

    Cybersecurity Salaries 2026: The "AI Squeeze" is Here | #DTF037

    Is the "Cyber Skills Gap" a myth? In this episode, Damian, Troy, and Fern strip away the HR fluff and talk about the cold, hard reality of the 2026 job market. From entry-level SOC roles being "squeezed" by AI to $3.5M CISO roles that come with massive personal liability, we’re breaking down what you’re actually worth and why your resume is likely being ghosted by a bot. If you aren't negotiating your insurance and building your own AI tools, you're falling behind. THE DEEP DIVE: •⁠ ⁠00:00 – Intro •⁠ ⁠01:11 – Fern’s 2026 Job Hunt: Why 50 applications led to zero interviews. •⁠ ⁠04:20 – The "Skills Gap" Debate: Do companies actually want to hire? •⁠ ⁠09:02 – SALARY: The Entry-Level SOC Analyst floor in 2026. •⁠ ⁠14:15 – The Grocery Store Phone Call: How networking beats the portal every time. •⁠ ⁠19:40 – Damian’s Warning: Why "Prompting" AI makes you obsolete. •⁠ ⁠25:10 – The "AI Squeeze": Can a $200 license replace a Tier 1 Analyst? •⁠ ⁠31:30 – The Reporting Trap: Why CISOs reporting to CIOs is a massive risk. •⁠ ⁠35:41 – SALARY: Engineering, Pen-Testing, and Cloud Security ranges. •⁠ ⁠40:11 – The "AI Premium": How to add 20% to your base salary right now. •⁠ ⁠41:51 – The "Clearance Bump": Is the polygraph worth the extra $30k? •⁠ ⁠43:24 – SALARY: The $3.5 Million CISO—who is actually making this? •⁠ ⁠48:50 – D&O Insurance: If you aren't a "Named Director," you aren't protected. •⁠ ⁠55:30 – Risk Management vs. "Check-the-box" Compliance. •⁠ ⁠01:04:56 – Final Advice: Don't be a holdout for a dead salary. EPISODE HIGHLIGHTS: •⁠ ⁠The AI Squeeze: Troy explains why entry-level salaries are stagnating as automation handles the "low-hanging fruit." •⁠ ⁠Building vs. Prompting: Damian breaks down why the "Prompt Engineer" is a temporary role—you need to build the infrastructure to survive. •⁠ ⁠Executive Liability: Why you should never take a CISO role without checking the company's Directors and Officers (D&O) insurance policy. Are you seeing these salary shifts in your neck of the woods? Drop a comment below with your role and your 2026 outlook. #Cybersecurity #CISO #TechSalaries #AI #CareerAdvice #DTFPodcast #CyberJobs http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

    1h 6m
  5. Why Your Tech Won’t Save You: The Human ROI of Cyber Security | Dom Vogel #DTF036

    MAR 2

    Why Your Tech Won’t Save You: The Human ROI of Cyber Security | Dom Vogel #DTF036

    Chances are you’ve got the best tech money can buy, the latest AI, and the biggest firewalls—but you’re still losing. In this episode of the DTF Cyber Podcast, Damian and Fern sit down with Vancouver-based leadership coach and "positivity troll" Dom Vogel to discuss why the weakest link in cybersecurity isn’t a line of code, it’s the person behind the keyboard. We’re ignoring the hardware today to focus on the Human Side of Security. Dom shares his 20+ years of experience transitioning from corporate burnout to coaching cyber leaders on empathy, branding, and "connected leadership" in the AI era. In this episode, we dive into: * The CIO Branding Problem: A real-world story of how a helpdesk’s "likability index" changed a CEO’s perception of IT. * The 1,000 Applicant Crisis: Why junior roles are getting overwhelmed and how to "short-circuit" the online application black hole. * Certs vs. Communication: Why technical certifications are now "table stakes" and how soft skills are the real differentiator in 2026. * Authentic Leadership: Why vulnerability is a leader’s most powerful tool for building trust and mental resiliency within teams. * Personal Brand vs. Reputation: Understanding the "visceral emotional reaction" people have to your name. Connect with Dom Vogel: LinkedIn: https://www.linkedin.com/in/domvogel/ Website: https://www.vogelleadershipcoaching.com Subscribe to DTF Cyber: Don't miss our upcoming deep dive into 2026 Cyber Salaries and the "AI Premium" in Episode 37! Video Timestamps 00:00 – The Weakest Link: Tech vs. Humans 02:18 – Meet Dom Vogel: The Ball Cap & Beard Guy 03:33 – The CIO Branding Problem: A Helpdesk Story 06:12 – Translating Risk into "Boardroom Conversation" 08:12 – The 1,000 Applicant Problem: Standing Out in Noise 10:07 – Why Applying Online is a "Black Hole" 12:23 – Technical Skills are Now "Table Stakes" 14:51 – Photography & Networking: Fern’s Origin Story 19:05 – Stop Investing Only in Certs 21:07 – Vulnerability: A Leader’s Most Powerful Tool 24:42 – Story: The Helpdesk Manager Who Loved Marketing 28:01 – Will AI Replace the Human Craving for Interaction? 33:32 – Creating Psychological Safety in Your Team 37:56 – The Janitor Test: How to Hire for Culture Fit 42:07 – Operational Leverage: Reinvesting in Your People 47:28 – The "Soft Skills" Payday: Why CISOs Need Sales Training 51:06 – Remote Work vs. Office: The Choice Matters 55:30 – What is a "Positivity Troll"? 59:54 – Personal Brand vs. Reputation: What They Say When You Leave 01:05:02 – How Content Creation Leads to Job Offers http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

    1h 13m
  6. 72 Hours to Report or Else: The New Compliance Nightmare

    FEB 23

    72 Hours to Report or Else: The New Compliance Nightmare

    In this episode, Damian, Troy, and Fern dive into the heated controversy surrounding new federal reporting mandates. We explore the "Feds vs. Firewalls" dynamic: does mandatory reporting actually help stop the bad guys, or is it just a massive resource drain on teams already fighting for their lives? We break down the 72-hour reporting window for significant incidents and the even tighter 24-hour requirement if you decide to pay a ransom. From the ambiguity of what defines a "significant incident" to the personal liability risks for CISOs, we’re looking at the real-world implications of these 2026 directives. Key topics include: * The struggle between immediate threat response and mandatory paperwork. * How the SBA size threshold might pull 30,000 "non-critical" companies into these rules. * The "minimum viable content" framework for initial reports. * Why the "don’t pay" mantra is harder to follow when human lives are on the line. Timestamps 00:00 – Intro 02:46 – The Car Crash Analogy: Should you call 911 or save the body? 03:55 – Defining Critical Infrastructure: Telecom, Energy, and Gas. 04:41 – The Ticking Clock: Does the 72 hours start at detection or declaration? 05:15 – The 24-Hour Ransom Rule: What happens if you pay? 06:48 – Private Sector Concerns: Will this extend beyond the 16 critical sectors? 09:34 – The Executive War Room: Who is responsible for the communications? 10:47 – Partnering with the FBI: Intel sharing vs. criminal investigation 12:23 – Global Context: The EU’s 24-hour "Early Warning" requirement 15:03 – The Resource Drain: Why incident responders are in revolt 16:59 – CISA vs. FBI: Simplifying the reporting paperwork 20:49 – The ROI of Reporting: What’s in it for the private company? 21:49 – The 30,000 Entity Controversy: Mid-sized companies as "covered entities" 25:56 – Cyber Awareness: Learning from past incidents to prevent future attacks 28:56 – "Minimum Viable Content": Reporting when facts are still changing 34:00 – Legal Risks: Consent to search and "anything you say can be used against you" 36:59 – The "Office Space" Effect: Bureaucracy vs. Collaboration. 40:41 – Voluntary vs. Mandated: The role of ISACs and InfraGard. 48:22 – The Moral Dilemma: Why outlawing ransom payments is complicated 51:13 – 2026 Deadlines: Upcoming CISA Town Halls and feedback loops. 54:33 – Career Implications: Will GRC finally get the respect it deserves? http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

    1h 4m
  7. OpenClaw: The Dangerous Evolution of Autonomous AI Agents

    FEB 16

    OpenClaw: The Dangerous Evolution of Autonomous AI Agents

    In this episode of the DTF Cyber Podcast, Damian, Troy , and Fern dive into the rapid and often confusing shift from tools like Clawdbot to Moltbot and finally OpenClaw. They discuss why these autonomous agents are more than just a productivity trend—they represent a significant new attack surface for the modern enterprise. From the "Toddler with a Chainsaw" analogy to the risk of "Shadow AI" in the workplace, we break down the security implications of giving AI bots unfettered access to your network and credentials. 00:00 – Intro 01:19 – The rebranding maze: From Clawdbot to OpenClaw 02:35 – What is an AI bot? First impressions of autonomous control 05:02 – The "Poor Installation" risk and isolated environments 07:21 – The "Age of Ultron" scenario: Efficiency vs. Security 08:45 – Privacy concerns: Bots with access to banking and travel rewards 10:15 – The Starbucks test: Automation vs. user friction 12:15 – When AI goes rogue: Extortion and covering tracks in closed environments 16:04 – Third-party AI risk and the lifespan of autonomous agents 18:24 – Shadow AI: Bots as the new high-tech "mouse jiggler" 20:19 – Inherited Identity: When bots gain your admin privileges 21:40 – Advice for Organizations: How to check your environment for OpenClaw 26:36 – A nightmare for the SoC: Signals, logs, and new attack surfaces 28:53 – 6,000 actions a minute: Why human analysts can't keep up 37:38 – The "Toddler with a Chainsaw" warning 42:07 – Action Items: Three steps to secure AI in your organization 55:35 – Lessons from outages: Why you shouldn't "open the world" on day one!

    57 min
  8. When the World is on Fire: Mental Health and Cyber Incidents

    FEB 2

    When the World is on Fire: Mental Health and Cyber Incidents

    Is the constant wave of alerts keeping you up at 3 a.m.? In this episode of the DTF Cyber Podcast, industry veterans Damian, Troy, and Fern dive deep into the reality of mental health and burnout in the cybersecurity industry. Special guest CISO, Vito Rocco jumps deep into this conversation. With 78% of professionals feeling stressed out and 62% citing alert overload as a primary cause, it's clear the industry needs a culture shift. We discuss the pressures of catastrophic risk , the fear of missing critical alerts, and actionable strategies for leaders and analysts to combat fatigue—from tuning systems to building empathy. Plus, we explore the importance of diverse leadership and setting personal boundaries in a 24/7 world. If you are feeling stressed out and think you need help, please don't go through it alone—seek support from friends, leadership, or a mental health professional. Timestamps: 00:00 - Intro: The reality of cybersecurity exhaustion. 04:19 - 78% of the industry is stressed: The anticipation and reality of major incidents. 07:33 - The hidden stress of the SOC: Alert overload, perfectionism, and the fear of missing the "big one." 12:50 - Building the pipeline: Training talent from within vs. hunting for unicorns. 15:06 - Beating alert fatigue: How to automate, tune the noise, and grow from entry-level to senior analyst. 18:24 - Burnout isn't just about workload: Why empathy and recognition from leadership matter. 23:05 - Building a support system: The importance of therapy and talking it out. 25:05 - Leadership strategies: Connecting with your team beyond transactional work. 35:37 - Why you must use your PTO (and the trap of "Unlimited PTO"). 42:25 - Setting personal boundaries and managing communication in a 24/7 global team. 53:07 - Using turnover rates as a measurement for team health. 1:07:48 - The power of diverse leadership and the rise of female CISOs. 1:18:01 - Conclusion and final thoughts on seeking help. http://cyberpodcast.net Spotify: http://spotify.cyberpodcast.net Apple: http://apple.cyberpodcast.net X: https://x.com/dtfcyberpodcast IG: https://www.instagram.com/dtfcyberpodcast/ Linkedin: DTF: https://www.linkedin.com/company/dtf-cyber-podcast/ Damian: https://www.linkedin.com/in/damianchung/ Troy: https://www.linkedin.com/in/kosovotroy/ Fern: https://www.linkedin.com/in/fernrojasaz/ Business Inquiries: dtf at cyberpodcast dot net Everything here is our personal hot takes — not our employers, not the vendors we roast, not legal advice. Just three idiots with mics trying to keep you from getting pwned.

    1h 22m
See All (39)

Ratings & Reviews

5
out of 5
2 Ratings

About

Damian, Troy, and Fern break down the week’s biggest hacks, breaches, and zero-days with zero corporate filter. Expect strong opinions, dark humor, and actionable intel from three pros who’ve been in the trenches. New episodes drop when the news is too wild to ignore.

Information

  • Creator
    Cyber Podcast
  • Years Active
    2025 - 2026
  • Episodes
    39
  • Rating
    Clean
  • Copyright
    © Copyright 2026 Cyber Podcast
  • Show Website
    DTF Cyber Podcast

You Might Also Like