Off the Wire: A Play by Play on Cybersecurity and Technology Issues

Anthony Kent & Tanner Greer
  • 5.0 (16)
  • Technology
  • Updated Bimonthly

A bi-weekly podcast that helps you curb cybersecurity risk and tackle technology challenges

  1. Jun 1

    Hardware Quotes Are Expiring in Hours: What’s Going On?

    Why Hardware Prices Are Skyrocketing in 2026 (RAM, SSDs, Servers) — and What You Can Do Hardware budgets are breaking. Quotes that were good for 30 days are now expiring in hours. That $80k workstation quote? It's $160k now. That server quote near $1M? Already $1.3M — and climbing. In this episode, Tanner and Anthony break down what's actually driving the spike in RAM, SSDs, hard drives, servers, and networking gear — and it's not just tariffs. AI data center buildouts are pulling manufacturers toward high-margin HBM memory (roughly 10x the margin of standard DRAM), leaving everything else fighting for supply. With only three major players (Samsung, SK Hynix, Micron) and factory expansions that take 2-3 years, relief isn't coming fast. More importantly — what do you do about it right now? They cover practical steps: faster approval cycles, buying ahead, standardizing hardware, right-sizing, considering refurb and used gear, extended refresh cycles, cloud compute, and leasing. Plus how to brief leadership before the budget conversation catches you off guard. This one's for anyone managing IT budgets at a lean organization — co-op, municipal, small enterprise. The volatility is real and it's not going away anytime soon. 00:00 Truck Price Shock Skit 01:54 Hardware Quotes Going Wild 02:46 Real World Sticker Stories 04:36 Why Memory Costs Surge 07:01 HBM vs DRAM Margins 09:08 Factories Tariffs New Normal 13:44 Beyond RAM Storage Crunch 16:53 Quotes Expire Faster Than Ever 20:23 Practical Ways To Cope 26:36 Refurb Longer Cycles Cloud 32:21 When Relief Might Come 37:01 Wrap Up Lead With Communication Off the Wire is a cybersecurity and IT leadership podcast for practitioners at small-to-medium organizations and electric cooperatives.

    38 min

  2. May 18

    The SaaSpocalypse: How AI Is Killing (and Reshaping) SaaS Tools

    The SaaSpocalypse: How AI Is Killing (and Reshaping) SaaS Tools In this episode of Off The Wire, Anthony and Tanner discuss the “SaaSpocalypse”—how AI is disrupting and potentially replacing many SaaS products—citing examples like Figma being hit after Claude Design launched, reduced need for Canva due to AI tools, and vulnerable niche apps like Grammarly as Copilot and Google tools bake AI directly into core suites. They debate whether AI pricing is currently subsidized, noting high API, hardware, and power costs that could drive subscriptions much higher over time. They explore how AI could become the primary interface layer, reducing the need for traditional web UIs and even replacing documentation platforms by querying SharePoint-backed datasets through an agent. For IT leaders, they recommend evaluating SaaS at renewal time, starting with narrow tools, moving gradually, and prioritizing cost savings while accounting for change management and human behavior. 00:00 SaaSpocalypse Explained 00:14 Figma And Canva Wakeup Call 01:35 SaaS Vendors Racing To Add AI 02:53 Why AI Pricing Will Rise 07:25 Which Tools Are Most Vulnerable 11:20 AI As The New Interface Layer 16:47 Advice For CIOs And IT Leaders 25:10 LinkedIn And The AI Slop Problem 31:00 Final Takeaways And Wrap Up

    32 min

  3. May 4

    Anthropic’s “Mythos” Leak, Project Glasswing, and the 90-Day Patch Countdown

    Anthropic’s “Mythos” Leak, Project Glasswing, and the 90-Day Patch Countdown Hosts Tanner and Anthony discuss reports of Anthropic’s new “frontier” general-purpose model, Mythos (Mythos Preview), described as exceptionally strong at finding and exploiting novel security bugs and allegedly sitting on thousands of unpatched zero-days affecting major operating systems and browsers. They review examples cited, including decades-old FreeBSD and OpenBSD flaws and a Linux kernel issue, and note a separate security firm (Aisle) replicated parts of the findings using open-weight models, though Mythos appears better at moving from detection to exploitation. The episode explains how Mythos became public via leaks, then outlines Anthropic’s Project Glasswing: about 50 vendors received 90 days of access plus credits to patch systems, with Mozilla reportedly patching 271 Firefox issues. They close with preparation steps for lean IT teams: asset inventory, vendor outreach, risk-based prioritization, mitigation and isolation, patch validation, workload planning, governance and insurance review, stronger detection controls, least privilege/zero trust, and verifying backups. 00:00 Too Dangerous to Release 01:45 Meet Mythos Preview 02:25 Zero Days Found 05:19 Can Others Replicate It 06:46 Efficiency and Edge Models 08:17 Leaks and Access Blunders 10:42 Project Glasswing Explained 15:10 90 Day Clock and Fallout 16:24 Break and Subscribe 17:05 Prep Plan for IT Teams 19:05 Patching Priorities and Testing 21:00 Controls Backups and Wrap Up 24:02 Final Thoughts and Sign Off

    25 min

  4. Apr 20

    Why OT Monitoring Is Now a Necessity (Tools, Baselines, and Incident Response): OT Security Part 4

    OT Security Part 4: Why OT Monitoring Is Now a Necessity (Tools, Baselines, and Incident Response) In this Off the Wire episode, Tanner and Anthony wrap part four of their OT security miniseries by focusing on OT monitoring and why it’s needed, noting that over 90% of small and medium businesses with OT environments lack monitoring and that AI is lowering the time and effort required for attacks. They explain how legacy OT systems were built without security, often use unencrypted or proprietary protocols, and can’t run agent-based tools like EDR, making specialized monitoring essential. The discussion covers how monitoring complements preventive controls, helps establish a communications baseline, flags anomalies (like unexpected east-west traffic), supports forensics and log retention, integrates alerts with email and SIEMs, and validates segmentation and documented exceptions. They also debunk the “air-gapped OT” myth, stress mapping all IT/OT bridges, recommend an OT-specific incident response plan, and list tool options including Malcolm, Security Onion, Dragos (free under $100M revenue), and vendors like Darktrace, Tenable OT, Cisco Cyber Vision, Nozomi, and SCADAfence, alongside drivers like NERC CIP, CMMC, mandates, and cyber insurance. 00:00 Recording The Intro 00:02 Why OT Monitoring Matters 00:31 Small Targets AI Threat 02:31 OT Risks Real World Impact 05:39 OT Is A Different Animal 08:35 Baselines For Segmentation 10:03 Air Gap Myth Bridges 12:09 SCADA Migration Opportunity 13:21 Realistic OT Attack Chain 15:47 What to Monitor in OT 16:11 Five Key Visibility Signals 19:21 OT Incident Response Planning 20:27 Picking Monitoring Tools 22:41 Compliance and Budget Levers 24:13 OT Security Checklist 26:52 Final Thoughts and Next Episode

    28 min

  5. Apr 6

    Managing Third-Party Remote Access: Tools, Risks, and Practical Tips (Off the Wire Part 3)

    Managing Third-Party Remote Access: Tools, Risks, and Practical Tips (Off the Wire Part 3) In part three of Off the Wire’s four-part miniseries, the hosts discuss third-party remote access risks and why VPNs with MFA alone are insufficient, citing major breaches like Target and Toyota and a 2023 vendor compromise as wake-up calls. They review third-party access tools (BeyondTrust/Bomgar, SecureLink, ManageEngine PAM360, and OT-focused options like Claroty and Slo), explaining benefits such as role-based access control, detailed logging and session recording, layered approvals, session time limits, vendor-managed user provisioning, automatic deprovisioning, individual accountability, passwordless access, and rapid access shutdown when relationships end. They describe these tools as proxy-based “airlocks” that prevent lateral movement and enable oversight. Implementation advice includes treating it as non-negotiable while documenting exceptions, requiring ticket numbers, routing requests via chat, ensuring multiple approvers, sending logs to a SIEM, updating incident response plans, auditing access annually, and providing vendors a setup one-pager. 00:00 Third Party Access Intro 01:19 Why VPN Is Not Enough 01:51 Real World Breach Examples 02:44 Wake Up Call Story 04:33 Tool Options Overview 06:11 Key Features And Benefits 14:39 How These Tools Work 16:51 Vendor Pushback And Compliance 21:49 Implementation Tips Checklist 26:59 Wrap Up And Final Tip

    28 min

  6. Mar 23

    Securing the Browser to Protect IT and OT Networks: Part 2 in OT Mini Series

    OT Security Miniseries: Securing the Browser to Protect IT and OT Networks In this Off the Wire Podcast OT miniseries episode based on the Dragos OT report, the hosts explain how OT environments are often compromised through IT networks and focus on the browser as a major attack target alongside email. They discuss practical ways to harden browser security, including DNS filtering (with examples like blocking newly registered domains and improving visibility), CIS browser hardening benchmarks and policies (updates, extension restrictions, disabling built-in password saving, limiting browsers), and the role of secure web gateways/web proxies with SSL inspection and DLP considerations. They also cover enterprise password managers, passkeys, and new enterprise browser tools that provide granular controls and DLP for web apps (including AI use cases), plus how EDR and SIEM telemetry support detection and response. They close with a recommended rollout order and preview upcoming episodes on third-party vendor management and OT network monitoring. 00:00 Mini Series Setup 00:43 Why Browsers Are Targeted 03:43 DNS Filtering Basics 06:41 Remote Protection Benefits 09:06 CIS Browser Hardening 11:30 Locking Down Extensions 14:11 Secure Web Gateway Proxies 16:56 Subscribe and Share 17:43 Enterprise Password Managers 19:23 Password Manager Benefits 20:22 Hosting and Vendor Risks 21:12 Passkeys and Unique Logins 23:37 KeyPass and Offline Vaults 24:05 Enterprise Browser Overview 25:53 DLP and Download Controls 26:40 BYOD Visibility and AI Policies 30:21 AI Extensions and Control 32:14 EDR and SIEM Telemetry 35:37 Layering Tools Before EDR 36:54 Practical Rollout Roadmap 40:55 OT Tie In and Next Episodes

    42 min

  7. Mar 9

    Email Protection for OT Security: Stop Impersonation, Phishing, and Inbox Threats (Series Part 1)

    Email Protection for OT Security: Stop Impersonation, Phishing, and Inbox Threats (Series Part 1) In this Off the Wire Podcast episode (part 1 of a four-part miniseries inspired by the Dragos OT security report), Tanner and Anthony explain why email remains one of the most common paths attackers use to move from IT into OT, highlighting growing sophistication from LLM-enabled spearphishing and simple employee-impersonation attacks using lookalike Gmail accounts. They argue that relying only on built-in Microsoft 365 tools can leave gaps and require heavy manual work, and they outline key capabilities of dedicated email security platforms: behavioral detection, impersonation protection, post-delivery remediation to remove emails from many mailboxes, mailbox visibility, DLP for PII, shadow IT/SaaS discovery, and automated user reporting workflows. They discuss major vendors, compare gateway vs API-based deployments, stress proof-of-concept testing in monitor mode, and preview upcoming episodes on browser protection, third-party remote access, and OT monitoring. 00:00 Impersonation Email Crisis 00:51 OT Report Sparks Mini Series 02:12 Phishing Gets Smarter With AI 03:13 Why Email Is The Weak Link 04:57 Why Built In Tools Fall Short 08:23 Modern Email Security Features 12:36 Break And Subscribe 13:22 Top Vendors And Deployment Models 17:43 How To Evaluate The Right Tool 22:02 Proof Of Concept And Rollout Tips 25:35 Results And OT Security Takeaway 27:23 Final Thoughts And Next Episode

    29 min

  8. Feb 23

    2026 Dragos OT Report: Foreign Adversaries Inside Utility Networks + How to Protect Your OT Environment

    2026 Dragos OT Report: Foreign Adversaries Inside Utility Networks + How to Protect Your OT Environment In this Off The Wire episode, Anthony and Tanner break down the 2026 Dragos OT report, describing it as sobering and highlighting claims that foreign adversaries are already embedded in U.S. utility networks. They discuss how these actors differ from typical fast-moving ransomware by staying hidden, mapping OT environments, studying SCADA points, alarms, configuration files, and normal process behavior, with detection potentially taking days even in best cases. The conversation covers attacker specialization and handoffs between teams for initial access, reconnaissance, and exploitation, sometimes involving transactions between groups. They highlight the gap between vulnerability disclosure, patch availability, and exploitation (reported as ~24 days), and emphasize the need for mitigation beyond patching. Visibility is a major theme: only 46% reportedly have OT monitoring, with average detection cited as ~5 days with monitoring versus ~42 days without, often only discovered after something breaks. They discuss why OT is hard to secure (limited logging, fragile legacy systems, insecure protocols like Telnet/LDAP, flat networks, and weak IT/OT separation) and why monitoring helps detect anomalies and insecure traffic. The episode also addresses third-party and remote-access risk, including targeting of engineering firms and edge devices, exploitation of cellular router devices, and the growing reliance on stolen credentials and valid logins (including MFA fatigue), citing a stat that 73% of breaches involve stolen credentials. They note a reported 49% increase in ransomware groups affecting OT, 119 groups targeting OT, and over 3,300 impacted OT environments, with many OT incidents misclassified as IT-only. The hosts recommend focusing on fundamentals: an OT incident response plan, asset inventory, behavior-based monitoring, tight restrictions on remote access, and unique credentials supported by password managers. They announce a five-episode miniseries springboarding from this overview, with upcoming episodes on OT monitoring/visibility, securing users via a secure browser approach, improving email defenses against phishing, and revisiting third-party remote access. 00:00 Dragos 2026 OT Report: Why This One Hits Different 01:24 Adversaries Already Inside: Quiet Recon in Utility OT Networks 02:59 Specialized Attack Teams & Access Handoffs (Initial Access → Recon → Exploit) 05:07 Patch Lag vs Exploit Speed: Why Mitigation Matters in OT 06:24 Visibility Gap: OT Monitoring Stats and Detection Time Reality 07:49 Why OT Monitoring Works: Protocols, Anomalies, and Holistic Context 09:56 Third-Party Remote Access: Vendors, VPNs, Edge Devices, and Cellular Routers 13:07 Valid Credentials Are the New Exploit: Detecting “Legit” Logins 17:06 Ransomware Moves Into OT: Scale, Misclassification, and Rising Risk 18:56 Old Problems Still Breaking OT: Flat Networks, Legacy Protocols, No Segmentation 22:15 Disruption Is the Goal: OT Security Fundamentals to Focus On Now 25:58 Mini-Series Preview + Final Takeaways (Stolen Credentials, Next Episodes) 29:01 Wrap-Up and What’s Next: OT Monitoring & Visibility Episode Teaser

    30 min
See All (70)

5
out of 5
16 Ratings

About

A bi-weekly podcast that helps you curb cybersecurity risk and tackle technology challenges

Information

You Might Also Like