Scinary Information Nexus

Scinary Cybersecurity
  • 5.0 (5)
  • TECHNOLOGY
  • UPDATED MONTHLY

Scinary Cybersecurity is here to "Serve and defend those who serve and defend others". To help us "serve and defend" we pull from many different sources - experts, colleagues, industry standards, etc... We hit every subject from all angles making it easy to understand while also letting us go in depth. Making this podcast perfect for cybersecurity beginners and experts alike. Come join us on our journey to constantly educate ourselves and explore the amazing things that are happening in our industry.

  1. MAY 8

    Episode 43: Texas Cyber Command's $100M RFP & Supply Chain Hacks

    Welcome back to the Scinary Information Nexus! We kick off a rainy Texas Friday with some Blackberry Melomel from Texas Meadworks and a little banter before getting into some wild government tech news. This week, Richard, Joseph, Mario, and Brazos break down some highly unusual, militaristic solicitations from the newly formed Texas Cyber Command. What does it mean to establish "operational maneuver" or take back "sovereign IP terrain"? We translate the military jargon into standard cybersecurity terms and look at the reality of this massive, $100+ million project to build a centralized data lake for state endpoints. We talk through the privacy concerns, the "honeypot" risk of building a single massive data repository, and whether mega-contractors like Palantir are the real winners. Later, we look at the open-source supply chain hacks hitting platforms like NPM, PyPI, and Docker Hub. We discuss how malicious package updates quietly scrape API keys, the conspiracy theories behind Team PCP, and why the trend of vibe coding makes dependency management more dangerous than ever. If you're a developer, you might want to double-check what you're deploying. In this episode: Tasting Texas Meadworks Blackberry Melomel Decoding Texas Cyber Command's aggressive solicitations The reality of the estimated $100M+ state data lake and endpoint logging RFP The privacy implications and honeypot risks of a centralized state cybersecurity solution How open-source supply chain attacks on Docker Hub, PyPI, and NPM work Why AI-assisted vibe coding creates a dependency management nightmare The urgent need for developers to fork and audit dependencies Drop your thoughts in the comments: are centralized government data lakes a security necessity or a massive privacy risk? Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InfoSec #VibeCoding #OpenSource

    1h 3m

  2. MAY 1

    Episode 42: Pawn Shop Forensics, Palantir & Techno-Feudalism

    Welcome back to Scinary Information Nexus! Pierre Vivoni steps in for Brazos this week, joining Mario Ortiz and Richard Martin. We start things off with a mystery brew, react to some wild comments from last week, and share a field trip story involving pawn shop laptops, OSINT, and the surprising power of BitLocker. We also talk about "techno-feudalism" and the massive power held by tech monopolies. We cover the influence of the PayPal Mafia, Palantir's ties to the DoD, and how AI companies hoarding hardware are driving up SSD and RAM costs. Plus, we look at the backlash against Microsoft's AI tools acting like telemetry spyware and reports of open-source models secretly exfiltrating data. Later, we get into why so many people still think "the cloud" is magic, and why relentless tech marketing is to blame for disconnecting the public from basic IT realities. We finish out the episode talking about free will and weekend plans involving OPNsense routers. In this episode, we discuss: Pawn shop forensics: What happens when you try to crack un-wiped laptops? Why BitLocker is surprisingly effective against unauthorized access The PayPal Mafia and Palantir's deep connections to government infrastructure How AI hardware hoarding is driving up the price of SSDs and RAM Reports of deceptive open-source projects secretly exfiltrating data Why tech marketing wants you to think the internet is magic Upgrading home networks with OPNsense firewalls Do you think tech marketing is intentionally misleading consumers? Let us know in the comments! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InfoSec #OSINT #OPNsense #ThreatIntel

    54 min

  3. APR 17

    Episode 41: Is Your EDR Actually A Government Backdoor?

    Welcome back to the Scinary Information Nexus! This week, Richard, Joseph, Brazos, and Hunter kick things off with a look at a recent CISA advisory about Iranian threat actors targeting U.S. critical infrastructure. We break down the reality of operational technology (OT) vulnerabilities. Even though nation-state attacks are increasing, the root causes are usually the same: unpatched legacy systems, exposed PLCs, and missing MFA. Then, we get into some cybersecurity conspiracy theories. The crew talks about the "Death of the Internet" driven by AI bots, the FCC's push for U.S.-assembled networking equipment, and the third-party doctrine. Under this doctrine, tech giants can legally hand over your user data to the government without a warrant. We also ask the real questions: Are all EDR platforms just secret government backdoors? From modern tech surveillance to the Snowden leaks, we talk about what it actually takes to maintain online privacy today, or if going totally off-grid is the only option left. Topics covered: The latest CISA advisory on Iranian actors hitting critical infrastructure Why patching and MFA are still failing in OT environments Conspiracy theories: AI bots and the "Death of the Internet" FCC restrictions on foreign routers and supply chain realities How the third-party doctrine bypasses your Fourth Amendment protections Are EDR platforms actually government backdoors? Modern surveillance and escaping the grid Is it still possible to maintain your online privacy, or is going off-grid the only option? Let us know your thoughts in the comments below! Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ 00:00 Intro 01:45 CISA Advisory & Infrastructure Threats 24:25 Conspiracy Theories: Death of the Internet 28:00 Router Bans & Supply Chain Realities 36:00 Third-Party Doctrine & Digital Privacy 43:55 Are EDR Platforms Government Backdoors? 48:10 Escaping the Grid & Tech Surveillance Cybersecurity #InfoSec #Privacy #EDR #Surveillance #Hacking #CISA #SupplyChain

    1h 1m

  4. APR 3

    Episode 40: When Google Deletes Your Workspace & Intune Becomes a Weapon

    Welcome back to the Scinary Information Nexus! Settle in, because we have a massive week of cybersecurity news to unpack covering bizarre arrests, cloud nightmares, and inside threats. This week, Richard, Joseph, Mario, and Brazos kick things off with the breaking overnight news: a Supermicro co-founder has been arrested for allegedly smuggling $2.5 billion in Nvidia GPUs to China. We debate the real motives - was it just about the money, or is there a deeper, darker reason behind the black market hustle? Then, we revisit the devastating Stryker attack. The team uncovers how the threat actors didn't use crazy malware to wipe the devices, but instead bypassed MFA and simply used a built-in Microsoft Intune feature to destroy the network. We discuss why a "two-key" admin approval system is desperately needed. Finally, we share a terrifying real-world case study we're actively working on: A K-12 school had their entire Google Workspace completely deleted by Google without warning. After a super admin account was compromised to send bulk spam, Google's automated systems nuked the domain—leaving the school completely locked out of email and Drive. In this episode, we discuss: The $2.5 Billion Super Micro scandal: Smuggling GPUs to China. The Stryker Attack: How attackers used Microsoft Intune against them. The desperate need for multi-admin approval in cloud environments. Social Engineering in action: Brazos’s run-in with a fake sheriff. The Google Workspace Nightmare: What happens when an automated system permanently deletes your domain. The dangerous illusion of the "Shared Responsibility" cloud model. Could your entire infrastructure be wiped by a single rogue button? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InfoSec #Podcast #TechNews

    59 min

  5. MAR 20

    Episode 39: Weaponizing Trust: The Threat of Compromised MDMs

    Welcome back to the Scinary Information Nexus! After a category 4 hangover (and some failed attempts to lock him out), Richard is back in the studio with the team to discuss a massive development in critical infrastructure security. This week, we are breaking down the devastating cyberattack on Stryker, a major medical device manufacturer. After an Iranian-backed hacktivist group triggered a catastrophic breach, 70 global offices were shut down and 20,000 machines were wiped. We discuss why Stryker was targeted, the brutal reality of employees having their personal cell phones completely wiped via the company's MDM, and the terrifying differences between financial ransomware gangs and nation-state actors bent purely on destruction. Plus, Mario and the team dive into live stock market tracking to uncover a highly suspicious multi-million dollar stock dump by insiders just weeks before the attack. Was it a coincidence, or the ultimate insider threat? In this episode, we discuss: The Stryker Breach: How Iranian hacktivists took down 20,000 machines globally. BYOD Nightmare: Why connecting your personal phone to company portals can result in total data loss. Cyber Warfare Motives: Sabotage and defacement vs. financial extortion. The "Radicalization Pipeline": How terrorist groups grow (explained via Taylor Swift and Sex and the City fans). Live Conspiracy Theory: Tracking massive insider stock sell-offs right before the breach. A quick teaser for next week's highly anticipated Google discussion. If a nation-state decides your company is their next target, do you stand a chance? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #Stryker #Hacktivism #DataBreach #InfoSec

    1 hr

  6. MAR 13

    Episode 38: Running a Security Operations Center: The Good, The Bad & The AI

    Welcome back to the Scinary Information Nexus! The inmates are running the asylum this week as Richard steps out, leaving Brazos, Joseph, Hunter, and Mario to take the wheel. With all four of the guys having acted as Security Operations Center (SOC) Managers at some point in their careers, the team leverages their shared history to pull back the curtain on what it really takes to run a true SOC. The team kicks things off by calling out "reseller" SOCs that rely purely on automated ticket generation, detailing why immediate human action and response times are critical when the defecation meets the oscillation. We also tackle the elephant in the room: AI. Is it a silver bullet that will replace an analyst, or just an expensive tool running on limited context? Later, the guys debate the merits of hiring generalist analysts versus specialized experts, sharing how correlating data across multiple platforms creates true defense-in-depth. Finally, we offer invaluable, realistic advice for anyone trying to break into the cybersecurity field, and close out by revealing the absolute hardest parts of being a manager. In this episode, we discuss: The Fake SOC Epidemic: What defines a "Real" SOC vs. a reseller rebundling alerts. Why AI won't replace human analysts (and why its lack of context leaves you vulnerable). The "Jack of All Trades" vs. Specialist Analyst debate: Which is better? Breaking into the Industry: Why a home lab, networking, and a degree are still critical. Why soft skills and report writing are the most underrated skills in IT. The absolute hardest parts of managing a SOC, from fighting complacency to avoiding alert fatigue. Want to know what it really takes to secure a network? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ Cybersecurity #InformationSecurity #TechPodcast #InfoSec #CareerAdvice #Homelab

    1h 15m

  7. MAR 6

    Episode 37: Are Tech Vendors Gaming E-Rate?

    Welcome back to the Scinary Information Nexus! Richard, Joseph, and Brazos are back in the studio (with Richard’s mic volume officially audited and validated) to tackle a massive topic for the K-12 sector: E-Rate funding. This week, we are joined by special guest Ginnie Harwood, founder of Bespoke Consulting and a veteran of the EdTech and E-Rate space. Ginnie walks us through the 30-year evolution of the FCC’s E-Rate program, jumping from 1996 phone lines to modern-day cloud networks. We pull back the curtain on the competitive bidding process, discussing how some vendors "game the system" by writing hyper-specific RFPs to lock out the competition, and the headache of cost-allocating firewall hardware from its cybersecurity licensing. The crew naturally pivots to the FCC's new $200M Cybersecurity Pilot Program. Is it actually helping the small, rural schools that need it the most, or are massive 150,000-student districts swooping in to claim the cash? In this episode, we discuss: Ginnie’s journey from selling fiber optics to building massive E-Rate consulting departments. The mechanics of E-Rate, USAC, and the Universal Service Fund tax. The "Rigged RFP": How vendors legally edge out competition during the bidding process. The nightmare of hardware vs. licensing: Why firewalls are funded, but UTM isn't. The FCC $200M Cybersecurity Pilot Program: The good, the bad, and the controversies. ECF, COVID-19 connectivity, and pallets of fully-funded Chromebooks. Why E-Rate compliance isn't just about cost - it's about knowing the gray areas. Are the federal funds actually leveling the playing field for education? Let's discuss. Connect with Ginnie Harwood & Bespoke Consulting: https://www.bespokeconsulting.net Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ cybersecurity #edtech #fcc #informationsecurity #infosec

    1h 9m

  8. FEB 27

    Episode 36: Alert Fatigue & How Private Equity is Ruining Cybersecurity Tools

    Welcome back to the Scinary Information Nexus! After last week's lost episode (thanks to some corrupted files), Richard, Joseph, Mario, and Hunter are back in the studio-while Brazos is off spreading the good word in Tennessee. This week, the team tackles "Alert Fatigue." If your Security Operations Center (SOC) is blasting you with a thousand alerts a day, are you actually secure, or are you just being conditioned to ignore the warning sirens? We dive into the philosophy behind how Scinary built its SOC, the difference between "Alert Fatigue" and "Data Fatigue," and why picking up the phone to talk to your IT director is sometimes the best cybersecurity tool you can have. Then, the guys drop the hammer on private equity firms and the "enshittification" of corporate tech. From Tenable (Nessus) quietly hiding web application plugins behind an exorbitant paywall, to Ivanti gutting their engineering teams right before suffering catastrophic VPN vulnerabilities, the truth about corporate cybersecurity might make your blood boil. Plus, stick around for the end as the guys recount a hilarious team outing in Waco involving terrible hotdogs, a brutally fast chess match, and a trip to Benny's Hog Shed. In this episode, we discuss: Alert Fatigue vs. Data Fatigue: What's the difference? Why Scinary refuses to be a "black box" SOC. The nightmare scenario of a student configuring "Shadow IT" environments. Enshittification: How private equity is ruining security tools. Tenable's secret paywalls and our search for OpenVAS alternatives. Why CISA ordered federal agencies to rip out Ivanti VPNs. Team building in Waco: Wienerschnitzel regrets and chess dismantling. Are you worn out by your security alerts? Let's discuss. Connect with Scinary Cybersecurity: https://www.scinary.com https://x.com/scinarycyber https://www.linkedin.com/company/scinarycyber/ AlertFatigue #Cybersecurity #InfoSec #Tenable #Nessus #Ivanti #PrivateEquity #SOC #CybersecurityPodcast #ThreatHunting

    1h 2m
See All (44)

5
out of 5
5 Ratings

About

Scinary Cybersecurity is here to "Serve and defend those who serve and defend others". To help us "serve and defend" we pull from many different sources - experts, colleagues, industry standards, etc... We hit every subject from all angles making it easy to understand while also letting us go in depth. Making this podcast perfect for cybersecurity beginners and experts alike. Come join us on our journey to constantly educate ourselves and explore the amazing things that are happening in our industry.

Information

  • Creator
    Scinary Cybersecurity
  • Years Active
    2022 - 2026
  • Episodes
    44
  • Rating
    Explicit
  • Copyright
    © 2026 Scinary Cybersecurity
  • Show Website
    Scinary Information Nexus

You Might Also Like