Full Metal Packet

Control D
  • 0.0 (0)
  • Tech News

Full Metal Packet is the go-to podcast for security leaders who want the truth about what it takes to defend at scale. Hosted by Yegor and Alex, the founders of Windscribe (trusted by 90M+ people) and Control D, this show pulls back the curtain on how operators actually handle breach incidents, reduce noise, and prepare for the post-AI security world. Season 1 features CISOs, DFIR commanders, and security architects from SaaS, healthcare, government, and hospitality. Each episode dives into: - Breach Incidents → the first 72 hours that define an outcome (de-identified and NDA-safe). - SecOps Therapy → the frictions nobody talks about: burnout, broken workflows, and the fixes that matter. - Security Futures → fresh perspectives on what’s underrated, overhyped, and coming next in a world reshaped by AI. No vendor fluff - just operator-grade conversations that security professionals can apply immediately.

Episodes

  1. May 28

    ISO 27001 Expert: Why Compliance Doesn't Equal Security For CISOs

    John Verry is the Managing Director at CBIZ Cybersecurity, ISO 27001 certified lead auditor since 2006, and has guided hundreds of organizations through ISO 27001, SOC 2, CMMC, FedRAMP, and HITRUST. He has seen firsthand what separates organizations that get genuinely secure from those that just collect certifications. In this episode, John breaks down the gap between compliance and actual security, why shadow AI is already embedded in tools your team uses daily, and why agentic AI is the risk no CISO is truly prepared for yet. He explains: ◼ Why you can be fully compliant and completely insecure at the same time ◼ Why operationalizing your security program inside tools your team already uses matters more than buying another GRC platform ◼ How 65% of SaaS platforms now have AI built in and why most organizations have no inventory of it ◼ Why the EU AI Act's August 2026 deadline is real and what organizations need to do now ◼ Why agentic AI shifts the risk from hallucination to autonomous business decisions made at scale without a human in the loop Timestamps (00:00) Introduction (06:27) Meet John Verry: Managing Director at CBiz Cybersecurity (07:47) What compliance theater actually means and why it matters (09:34) Security is a journey, compliance is a destination (12:30) The most common mistakes companies make after getting certified (15:07) What it actually takes to operationalize a security program (17:34) The merchants of complexity problem and why less tooling wins (20:50) Third party risk management and the hidden operational debt of every new vendor (22:19) What shadow AI is and why most organizations still do not know they are using it (28:21) How to balance moving fast on AI with slow-moving compliance frameworks (31:40) Why ISO 27001 updates slowly and why that might actually be a good thing (36:41) How to risk model different types of AI from Grammarly to agentic systems (40:14) Why shadow AI is lower risk than deeply integrated AI but still dangerous (43:29) Sycophantic AI behavior, what causes it, and why it creates real danger (52:29) AI coding AI, the hard takeoff, and the model collapse problem (54:24) EU AI Act deadlines, ISO 42001, and why AI compliance urgency is now (58:44) How ISO 42001 works as an extension of ISO 27001 (01:01:27) When auditors do not understand AI governance and certifications become theater (01:02:28) The main blocker stopping CISOs from escaping compliance theater (01:05:41) The next 12 to 18 months: why the era of agentic AI is already here (01:07:48) Closing thoughts: What should actually scare every CISO right now Connect with John Verry on LinkedIn https://www.linkedin.com/in/jverry/ Hosts ⬇️ Alex: https://www.linkedin.com/in/alex-paguis-53a21815/ Yegor: https://www.linkedin.com/in/yegor-sak-725330b2/ Powered by Control D

    1h 2m
  2. EX-FBI Agent Breaks Down Breach Realities: Identity Is The New Malware

    May 12

    EX-FBI Agent Breaks Down Breach Realities: Identity Is The New Malware

    Devon Ackerman is the Global Head of Digital Forensics and Incident Response at Cyber Reason and a former FBI Supervisory Special Agent focused on counterintelligence and cyber investigations. He is also the author of Diving In: An Incident Responder's Journey and one of the most experienced breach investigators working today. In this episode, Devon walks Alex and Yegor through exactly how modern intrusions unfold in the real world, from the first point of entry to full compromise, and what most organizations are still completely missing until the damage is done. He explains: ◼ Why attackers ditched malware and are stealing identities to hide inside normal user behavior ◼ How one phone call to a help desk bypassed MFA and gave full network access without a single alert ◼ Why phishing kits intercept your authentication token, not your password ◼ Why hardware keys stop most kill chains cold and where that still breaks down ◼ The four threat actor categories and why each one requires a different defensive response Time Stamps (00:00) Devon Ackerman Introduction (01:48) Why digital forensics and incident response belong together (04:28) How modern investigations have changed in the last 5 years (06:49) Are attackers moving faster than defenders? (08:41) Can digital forensics become proactive? (11:31) Will AI turn cyber defense into a war of bots? (14:50) Why security adoption still lags behind new threats (16:43) Identity becomes the primary attack surface (19:56) War story: help desk social engineering, password resets, and disabled MFA (22:52) A real vulnerability exploited within 12 hours (25:18) What happens when CVE-to-exploit timelines shrink to minutes (28:29) How adversary-in-the-middle MFA phishing works (33:16) Why MFA bypass is really about intercepting authentication (35:54) Hardware keys and where phishing kill chains usually stop (39:14) Hacktivists, nation-states, organized crime, and initial access brokers (42:47) The economics of selling access vs exploiting it yourself (46:56) Devon’s final advice for defenders: reduce blast radius Connect with the speakers ⬇️ Devon: https://www.linkedin.com/in/devonackerman/ Yegor: https://www.linkedin.com/in/yegor-sak-725330b2/ Alex: https://www.linkedin.com/in/alex-paguis-53a21815/ Powered by Control D

    50 min
  3. Cyberwarfare Is Not What CISOs Think: How to Protect Your Crown Jewels

    Apr 28

    Cyberwarfare Is Not What CISOs Think: How to Protect Your Crown Jewels

    Matan Eli Matalon breaks down AI-driven cyberwarfare, Iran-linked threat intelligence, and what CISOs must protect when attackers are trying to cause disruption. This episode had to pause mid-recording after Matan, a former CISO who reverse-engineered Iran’s Handala malware, received a missile warning and had to take shelter. We picked the conversation back up the next day. Matan Eli Matalon breaks down what cyberwarfare actually looks like on the ground right now: why Iran-linked groups are winning with basic techniques and propaganda, how AI is giving attackers a speed advantage defenders can't match, and what CISOs need to stop doing if they want to protect what actually matters. He explains: Why groups like Handala choose quantity over sophistication and how that makes them harder to defend againstHow AI removes friction for attackers without changing the attacks themselves and why defenders can't keep upWhy protecting everything equally is the fastest way to protect nothingThe 3-step CISO framework: define failure, map every attack path to it, validate it's closed Timestamps: • (00:00) Intro - Cyberwar is already here • (03:00) Disruption over dollars • (06:45) The Handala playbook exposed • (08:07) Inside Handala’s malware • (10:29) AI didn’t make hackers smarter, it made them faster • (12:20) Anthropic’s leaked “Mythos” model • (13:48) Stop protecting everything, protect what can kill you • (18:00) AI is breaking your security perimeter from within • (22:20) The house analogy that changes how CISOs think • (34:25) The CISO isn’t the department of no • (46:45) Agentic AI is a black box and CISOs hate it • (51:05) Slop squatting: the attack no one’s talking about • (54:00) The Iranian hack that almost took everything down • (1:00:00) When the goal is deletion, not data theft • (1:03:18) The backup that wasn’t • (1:06:30) The 3-step framework every CISO needs • (1:08:25) Why this 28-year-old chose defense over offense • (1:10:50) Cybersecurity in 3 years: Matan’s prediction Connect with Matan Eli Matalon on LinkedIn Powered by Control D

    1h 14m
  4. AI Is Rewriting Cybersecurity in 2026

    Apr 8

    AI Is Rewriting Cybersecurity in 2026

    Matthew Rosenquist, longtime security strategist and former Intel CISO, gives his insights into why 2026 is unlike any year before it in cybersecurity, and what security leaders need to do right now to stay ahead. He explains: Why AI is a force multiplier for attackers first and what that means for defendersHow the vulnerability discovery-to-exploit window has collapsed from months to hoursThe evolution of ransomware into AI-powered blackmail and extortionWhy MCP servers are the next major attack surface nobody is talking aboutThe CISO identity crisis and how to shift from cost center to business partnerShadow AI, prompt injection, and why privacy is on life supportWhat the CISOs who survive AI disruption will do differently from those who don't Episode Timeline: (00:00) Intro and why 2026 hits different for cybersecurity(14:40) How Matthew builds his annual predictions across 4 domains(16:37) Why AI is the first force to dominate all four at once(18:53) Social engineering at scale: AI's first killer app for attackers(21:14) Zero days for $6 and the collapse of the exploit window(24:14) Why human inertia is still the defender's biggest enemy(33:54) Security by design and shrinking the zero day pool(43:39) When tools have agency: the blurring line between AI and humans(51:30) MCP servers, shadow AI and the governance gap no one is closing(58:00) A real world AI phishing attack that almost fooled a security expert(01:05:33) How ransomware is evolving into AI-powered blackmail(01:37:39) The CISO identity shift from cost center to competitive edge Connect with Matthew Rosenquist on LinkedIn Powered by Control D

    1h 32m
  5. Incidents at Scale: What CISOs Get Wrong

    Mar 24

    Incidents at Scale: What CISOs Get Wrong

    Randy Barr has held the CISO title at over 10 companies — including Cisco, Zoom, and BioRender — and has seen every version of how security programs succeed and fall apart. He now leads security at Sequence Security, focused on API security, bot management, and AI protection. In this episode, Randy takes us through what security teams think they're doing well but aren't, what incidents actually look like at scale, and why AI is rewriting the rules faster than most organizations can keep up. He explains: Why compliance and security are not the same thing — and confusing them is dangerousHow insider threats often hide inside your own growth and broken processesWhat a war room actually needs to function under pressureWhy MCP servers and prompt injection are the next wave of incidents no one is ready forHow to build a CISO career that doesn't burn you out Episode Timeline: (00:00) From ASP to cloud to AI — how the security industry has shifted(07:33) Why 80% of internet traffic is now machine to machine(09:46) What most startups get wrong about security programs(15:01) How to make the business case for a security budget(19:36) When buying more tools is actually the wrong move(28:30) War story: stolen servers sold online by an infrastructure manager(36:25) War story part 2: third-party contractors scripting their own reimbursements(42:00) The website defacement that launched Randy's security career(46:11) What a good incident war room actually looks like(53:50) Shadow AI, MCP servers, and the prompt injection risk no one is tracking(01:02:00) Where AI can genuinely replace manual security work(01:12:43) Advice for new and experienced CISOs on what actually matters Connect with Randy on LinkedIn Powered by Control D

    1h 15m
  6. Incident Response: EU vs. US Policy Gaps

    Mar 10

    Incident Response: EU vs. US Policy Gaps

    Alejandro Rivas Vazquez has spent nearly two decades running DFIR services and now advises on preparedness through his boutique consultancy, VeraBeam. He’s sat in boardrooms, testified as an expert witness, and been on the phone at 1am when OFAC changed the rules mid-ransomware negotiation. In this episode, Alejandro breaks down why the EU and US approach cyber incidents from fundamentally different starting points, and what happens when those worlds collide inside a real investigation. He explains: Why lawyers belong in the room (and exactly when they don't)How the EU's hyper-regulation actively hinders incident responseWhy business email compromise costs more than ransomware — and gets less attentionWhat preparation actually means before an incident hitsHow DFIR is professionalizing, and where AI fits into its future Timestamps (00:00) Alejandro's path from Big Four IT risk to DFIR(07:45) How Operation Night Dragon changed the industry(16:20) Boardrooms, expert witnesses, and CISO liability(25:35) EU vs. US: regulation-first vs national security-first(32:15) When Europe's privacy laws block your own investigation(41:48) CISO personal liability: insurance, risk acceptance, and burnout(54:18) War story: business email compromise and the board member who went rogue(01:01:45) The single decision that separates contained from catastrophic(01:09:26) Midnight OFAC call during an active ransomware response(01:14:00) Why DFIR merged and where the profession is heading(01:20:09) AI as force multiplier: threat, opportunity, and the hallucination danger zone(01:33:53) Practical advice: what EU and North American CISOs should do this quarter Connect with Alejandro on LinkedIn Powered by Control D

    1h 30m
  7. How CISOs Should Rationalize the Security Stack

    Feb 24

    How CISOs Should Rationalize the Security Stack

    Ralph Chammah, Co-Founder & CEO of Blacklight AI, shares a builder’s perspective shaped by years in cybersecurity analytics—what breaks in real SOC environments, and what it takes to make detection actually usable at scale. In this episode, Ralph explains why “AI-first” security isn’t a label—it’s an operating model for reducing alert noise, improving context, and helping teams detect behavior that rule-based systems routinely miss. He explains: Why security stacks get noisy (and what “AI-first” should actually mean)How to cut through acronyms like XDR/MDR and evaluate real valueHow to use context + behavior patterns to catch insider risk and compromiseWhy privacy/trust decisions (local vs external processing) matter in AI securityHow replay/simulation helps validate detections and reduce false positives Episode Timeline: (01:46) Meet Ralph + what Blacklight AI does(06:45) Why he left the Big 4 to build a product(12:26) Tool overload, acronyms, and differentiation (XDR/MDR)(18:10) Why AI belongs in detection (and how to avoid bad signals)(21:44) Trust & privacy: where the data goes (and why)(23:16) “Battle scars” from SIEM life: parsers, missing fields, manual grind(29:32) Selective ingestion vs. “pipe everything” into the magic box(31:32) Validation: replaying history + simulation to prove detections(35:35) Biggest high-risk wins: insider threat + slow-burn intrusions(39:13) Jaguar Land Rover breach story + business impact(47:27) Quickest wins: what to connect first by maturity level(49:55) What tools he’d remove first (and why)(59:39) Platform vs point solutions: the real trade-off Connect with Ralph on LinkedIn Powered by controld.com

    1h 6m
  8. Black-Box Security Is Failing CISOs: Build Provable Security

    Feb 10

    Black-Box Security Is Failing CISOs: Build Provable Security

    Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, brings a rare perspective shaped by government cyber operations, Big Tech, and building security platforms from first principles. In this episode, Maxime breaks down why modern security fails when it relies on black boxes, and what changes when you treat security like cloud infrastructure in an AI-driven world. He explains: Why “trust me bro” security models quietly fail CISOsHow government cyber ops reshaped his view of threat modelingWhat provable security actually looks like in practiceWhy transparency beats vendor magic every timeHow AI should amplify SecOps teams, not replace them Episode Timeline: (00:00) From hacker curiosity to cybersecurity foundations (07:45) Lessons from government cyber operations (16:07) The shock of moving into private-sector security (25:35) Why most security platforms repeat the same mistakes (32:15) Provable security vs “trust me” security (41:40) Treating security like cloud infrastructure (49:50) AI’s real role in the future of SecOps (59:52) What CISOs should demand next from security vendors Connect with Maxime on LinkedIn Powered by Control D

    1h 1m
  9. “I Was the Breach”: Inside a $3M Ransomware Crisis Every CISO Should Study

    Jan 28

    “I Was the Breach”: Inside a $3M Ransomware Crisis Every CISO Should Study

    Matt Lee, now Senior Director of Security & Compliance at Pax8, reveals how a ransomware blast at his former MSP triggered a multi-million-dollar fallout, 26 client disruptions, and a complete redefinition of what security leadership really means in today’s world. Matt is a battle-tested cybersecurity leader known for translating complex technical crises into practical security transformation. In this raw, revealing episode, he opens up about the breach that changed everything - and how it helped shape the philosophy behind Secure by Demand. He explains: How a hidden ransomware infection derailed a multi-company mergerWhat most MSPs get dangerously wrong about security riskThe real cost of reactive security: layoffs, lawsuits, and insurance gapsWhat “Secure by Demand” really means (and why it’s missing from most strategies)Why security maturity is the new battleground (not just tooling)How to lead through cyber chaos without losing your sanity Episode Timeline: (00:00) Intro: Who is Matt Lee and why this episode matters(02:42) Matt’s origin story - from hacker kid to MSP tech(06:19) Falling into security: “I just added ‘and Security’ to my badge”(11:30) The merger that hid a ticking ransomware time bomb(17:04) Voldemort incident discovery: “We bought a company mid-breach”(20:47) The day it hit: Ransomware spreads to 26 client businesses(25:15) What went wrong: due diligence gaps, supply chain blindness(30:22) Incident response chaos and internal suspicion(36:48) Fallout: 18-month recovery, insurance battles, FBI involvement(41:35) Live Compromised: The philosophy Matt built from the wreckage(47:10) The birth of “Secure by Demand” - a challenge to the industry(53:01) Software design flaws: why vendors ship insecure defaults(56:20) Advice for CISOs and MSPs: mindset, tooling, and where to start(59:40) Real-world examples: empathy, leadership, and rebuilding trust(01:03:15) Final reflections: Why the industry needs hard conversations Connect With Matt on LinkedIn Powered by Control D

    1h 19m

  10. 10/02/2025

    Full Metal Packet: The Missing Conversations in Cybersecurity

    When a breach hits, the first 72 hours decide everything. But the stories, decisions, and philosophies behind those critical hours rarely make it into public conversation. That’s what Full Metal Packet is here to change. Hosted by Yegor and Alex - the founders of Control D (and before that, Windscribe, now trusted by 90M+ people) - this podcast is where operators, CISOs, and security leaders finally get candid. Season 1 brings you: Breach Incidents → Inside the calls leaders had to make under fire, anonymized and NDA-safe.SecOps Therapy → The frictions nobody talks about: burnout, workflows, and the daily grind of running security.Security Futures → What’s underrated, what’s overhyped, and how AI will reshape security in the years ahead. No blame. Just raw, operator-grade conversations from the people who’ve lived it. Guests already include CISOs from SaaS, healthcare, and hospitality — the voices shaping security today. If you’re a security leader, this is where your peers will be telling their stories. And if you’re listening, it’s where you’ll find the missing conversations you’ve been waiting for. Subscribe now and join us for Season 1 of Full Metal Packet.

    1 min

Trailer

About

Full Metal Packet is the go-to podcast for security leaders who want the truth about what it takes to defend at scale. Hosted by Yegor and Alex, the founders of Windscribe (trusted by 90M+ people) and Control D, this show pulls back the curtain on how operators actually handle breach incidents, reduce noise, and prepare for the post-AI security world. Season 1 features CISOs, DFIR commanders, and security architects from SaaS, healthcare, government, and hospitality. Each episode dives into: - Breach Incidents → the first 72 hours that define an outcome (de-identified and NDA-safe). - SecOps Therapy → the frictions nobody talks about: burnout, broken workflows, and the fixes that matter. - Security Futures → fresh perspectives on what’s underrated, overhyped, and coming next in a world reshaped by AI. No vendor fluff - just operator-grade conversations that security professionals can apply immediately.

Information

  • Creator
    Control D
  • Years Active
    2025 - 2026
  • Episodes
    10
  • Rating
    Explicit
  • Copyright
    © Copyright 2026 Control D
  • Show Website
    Full Metal Packet