Tech Updates

Andres Sarmiento
  • 5,0 (3)
  • NOTÍCIAS DE TECNOLOGIA

Tech Updates is your quick-hit source for the latest in enterprise technology—all in 10 minutes or less. From cybersecurity and network connectivity to data center innovation, cloud advancements, and the rise of AI, we cover the updates that matter. Each episode delivers vendor announcements, industry trends, and agnostic insights to keep you informed and ahead of the curve. Whether you’re a tech professional or just tech-curious, this podcast is designed to fit into your busy schedule and fuel your knowledge.

  1. Salt Typhoon Explained — The Chinese Telecom Breach, One Year Later (2026)

    HÁ 2 DIAS

    Salt Typhoon Explained — The Chinese Telecom Breach, One Year Later (2026)

    In late 2024, Verizon, AT&T, and T-Mobile all admitted the same thing: their lawful-intercept systems — the ones they build for law enforcement — had been compromised by a Chinese state actor called Salt Typhoon. Years of dwell time. Wiretap infrastructure for politicians, including a presidential campaign. Sixteen months later, what have we actually fixed? Plus — why Volt Typhoon is the warning shot nobody's responding to, and why OT networks are still flat. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ The Salt / Volt / Flax Typhoon lineup — who they are, what they do ✅ How Salt Typhoon abused CALEA — the FBI's own backdoor ✅ Why Volt Typhoon is military pre-positioning, not espionage ✅ CISA's Feb 2026 lessons-learned report — wins and ugly parts ✅ Why OT networks remain "largely unchanged" from pre-2023 posture ✅ The defensive playbook that ties to Network+ Obj 3.5 (out-of-band mgmt, jump servers) ✅ Why this can't be fixed with a product purchase — it needs policy ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ CHAPTERS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0:00 Intro — 3 telecoms, same breach, same actor 0:49 The Typhoon lineup — Salt, Volt, Flax 2:07 CALEA — the 1994 law that became an attack surface 3:42 CISA's 2026 report — wins and ugly parts 5:06 OT is still flat — the uncomfortable truth 6:51 The defensive playbook — segmentation, zero-trust OT, OOB mgmt 8:45 The real lesson — this is policy, not a product ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 THE MEMORABLE LINES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • "The FBI's backdoor is also the PRC's backdoor." • "Predicted — by everyone. Dismissed — by everyone in government. Here we are." • "You don't get promoted for the attack that doesn't happen." • "Volt Typhoon is what happens when nobody replaces the kit." ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 TECH UPDATES · THE PODCAST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 techupdates.it-learn.io Previous → EP19 · AI Is Eating the Grid Up next → EP21 · Non-Human Identities Are Eating Your Network #TechUpdates #SaltTyphoon #VoltTyphoon #CALEA #CriticalInfrastructure #OTSecurity #Telecoms #CISA #CyberPolicy #ChinaCybersecurity

    8 min
  2. Special · S03: The AI Security Engineer — The Job Nobody Knew Existed

    HÁ 3 DIAS

    Special · S03: The AI Security Engineer — The Job Nobody Knew Existed

    $450K. The job didn't exist 24 months ago. Every Fortune 500 is hiring. Episode three of TechUpdates Special Series. AI bug bounties have crossed six figures for a single prompt injection. Frontier labs run model evaluation contests with prize pools in the hundreds of thousands. Two years ago the title "AI Security Engineer" was on zero org charts. Today it's on most of them. What you'll hear: • What an AI security engineer actually does — red-team LLMs, secure RAG pipelines, defend training data and weights, write guardrails • Compensation in price discovery — Fortune 500 $180–250K, big tech $350–500K, frontier labs $700K–$1M+ • The full attack surface: prompt injection, indirect prompt injection, embedding exfiltration, training data poisoning, weight theft, agentic misalignment • A real day — jailbreak harness, code review of an agent, adversarial eval, MCP review, post-mortem on the attack that almost worked • The two paths in — security to AI, or AI to security — and why path three doesn't exist yet • LinkedIn's "responsible AI leader" vs. the actual day (30% red-teaming models, 30% shipping guardrails to production) This is the most leveraged role in security right now. The hype is loud. The opportunity is real. Don't let one stop you from seeing the other. Sources: public AI bug bounty programs at Anthropic / OpenAI / Google · OWASP Top 10 for LLM Applications · industry comp data at frontier labs. Next in the series: The OT/ICS Defender. — Andrés Sarmiento #AISecurity #LLMSecurity #PromptInjection #infosec #cybersecurity #TechUpdates

    8 min
  3. AI Data Center Power Crisis 2026 — Microsoft, Amazon, Meta Go Nuclear

    7 DE MAI.

    AI Data Center Power Crisis 2026 — Microsoft, Amazon, Meta Go Nuclear

    In 2024, Microsoft signed a 20-year power purchase agreement to restart Three Mile Island. The nuclear plant. The one from the disaster. In 2025, Amazon bought a small modular reactor. In 2026, Meta locked up 20 years of natural gas at a cost nobody will put on record. We are watching hyperscalers become utilities. This episode covers the numbers, the deals, the grid bottleneck, the green accounting scandal, and the policy fight coming to your electric bill. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ The 2020 → 2030 data center power trajectory (spoiler: vertical) ✅ Training energy costs for GPT-4 class vs GPT-5 class models ✅ The PPA deals board — Microsoft/TMI, Amazon/SMR, Google/geo, Meta/gas ✅ Why the US grid can't take it — 5-to-7-year interconnect queues ✅ The Loudoun County story — one Virginia county, 35% of global cloud ✅ The Scope 3 carbon accounting scandal ✅ Who actually pays for this (hint: your electric bill) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ CHAPTERS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0:00 Intro — Microsoft reopens Three Mile Island 0:44 The data center power trajectory (2020 → 2030) 2:00 The deals board — who bought what 3:38 The grid breaks — PJM, ERCOT, interconnect queues 5:10 Loudoun County, Virginia — the canary 6:29 The green accounting scandal 7:53 Who pays — your electric bill 9:09 Watch list — the 2027 indicators ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 THE MEMORABLE LINES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • "The thing about nuclear is, everyone's pro-nuclear until it shows up next to their data." • "You cannot offset training a frontier model with forest credits. The carbon is burning. The trees are optional." • "By 2030, data centers will consume the electricity of an always-on Japan that does nothing but run AI." • "Most creative accounting since WeWork." ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 TECH UPDATES · THE PODCAST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 techupdates.it-learn.io Previous → EP18 · The Supply Chain Attack Nobody's Talking About Up next → EP20 · Typhoon Season, One Year Later #TechUpdates #AIPower #DataCenters #ThreeMileIsland #SMR #Hyperscalers #GridInfrastructure #Microsoft #AWS #Meta #Google #Sustainability

    8 min
  4. Special · S02: The Detection Engineer — How $240K Roles Replaced the SOC

    6 DE MAI.

    Special · S02: The Detection Engineer — How $240K Roles Replaced the SOC

    $240K. No degree required. The SOC analyst is dead. Episode two of TechUpdates Special Series. The SOC industry quietly restructured itself in the last 18 months — tier-one analyst headcount shrinking, SIEM vendors pivoting their pitch — and one role pulled away with software-engineer-grade compensation. The Detection Engineer. What you'll hear: • What detection engineers actually do (write detections, tune false positives, hunt, partner with the red team) • The pay reality — tier-1 SOC $80K vs. principal detection engineer $350K+ at top tech • Detection-as-code: why "80 alert categories become 800 detections" with the same headcount • A real day — standup, tuning, hunt, purple team, coffee. No on-call rotation at well-run shops. • The 6-year path in (vs. the 15-year CISO ladder) — and why zero certifications matter for this role • LinkedIn's "cyber sherlock" branding vs. the YAML-wrangling reality If you're a SOC analyst right now, this episode is your map. The role that's replacing yours pays more, ships actual code, and treats security as a software-engineering discipline — not a queue you acknowledge. Sources: public Splunk and Elastic detection-as-code case studies · industry compensation surveys at Fortune 500 / FAANG / streaming companies. Next in the series: The AI Security Engineer. — Andrés Sarmiento #cybersecurity #DetectionEngineering #ThreatHunting #SOC #SIEM #TechUpdates

    8 min
  5. npm Supply Chain Attack Hit 47K Apps — What Happened and How to Defend

    30 DE ABR.

    npm Supply Chain Attack Hit 47K Apps — What Happened and How to Defend

    In February, a maintainer of a widely-used npm package pushed a release that shipped malware to 47,000 downstream applications. The maintainer's GitHub account had been compromised four months earlier. Nobody noticed. It happened again in March. Again in early April. This episode is the supply chain security story the vendors aren't telling you correctly. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ The 4 Q1 2026 supply chain incidents you may have missed ✅ Maintainer takeover — the 5-step playbook attackers actually use ✅ Why SBOM (Software Bill of Materials) doesn't prevent this ✅ SLSA (pronounced "salsa") levels — and why 1% of enterprise hits Level 3 ✅ Sigstore adoption by registry — the ugly numbers ✅ The pragmatic defense playbook for a 50-person shop ✅ What package maintainers need to hear right now ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ CHAPTERS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0:00 Intro — the February npm incident 0:49 The Q1 2026 timeline — 4 incidents, 4 vectors 2:01 Maintainer takeover — the 5-step template 3:39 SBOM theater vs reality 4:35 SLSA adoption by level 5:39 Sigstore adoption by registry 6:36 The pragmatic defense — what to do this quarter 8:29 To the maintainers watching — enable MFA. Please. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 THE MEMORABLE LINES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • "An SBOM is a receipt. It's proof you bought the groceries. It does not mean you cooked dinner." • "94% of enterprise builds are still at SLSA Level 1." • "If your CI can push to npm, steal crypto wallets, and read your production database — that's not a CI account. That's a supervillain." • "We are collectively running on trust and good luck." ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🛡 THE PRAGMATIC DEFENSE CHECKLIST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • Hard-pin every dependency · no floating ranges • Dependabot/Renovate with auto-merge OFF · review every diff • Dependency firewall (JFrog, Cloudsmith, Artifactory) • Minimize your supply chain — every dep is a trust decision • Segregate build credentials · principle of least privilege on CI ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 TECH UPDATES · THE PODCAST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔗 techupdates.it-learn.io 🔔 Subscribe for the full EP17–21 run. Previous → EP17 · The Collapse of SaaS Up next → EP19 · AI Is Eating the Grid #TechUpdates #SupplyChainSecurity #npm #SBOM #SLSA #Sigstore #DevSecOps #OpenSource #MaintainerSecurity

    9 min
  6. Special · S01: The CISO Under Fire — $1.4M Comp, SEC Subpoena, Same Job

    29 DE ABR.

    Special · S01: The CISO Under Fire — $1.4M Comp, SEC Subpoena, Same Job

    $1.4M comp. SEC subpoena. Same job. Welcome to TechUpdates Special Series — four episodes on the cybersecurity roles people actually want to hear about. We start with the only C-suite job in tech where doing it right can still get you indicted: the CISO. What you'll hear: • What a CISO actually does (and what they delegate) • The real comp ladder — Series B startup $250K → Fortune 500 $800K → big tech $1.4M+ • The Tim Brown and Joe Sullivan reckoning: why CISOs now face personal SEC and DOJ exposure • A composite 24-hour day, from 7 AM board prep to a 3 AM pager • The 15-year path to the seat — and the 18-month average tenure once you're in • What LinkedIn promises ("strategic visionary") vs. what the calendar actually delivers (60% vendor management) We say it straight: this is the most consequential security job in tech when the company backs you, and the worst job in tech when they don't. Pick the company before you pick the title. Sources referenced: SEC v. SolarWinds & Timothy G. Brown (Oct 2023) · United States v. Joseph Sullivan (Uber, conviction Oct 2022) · public CISO compensation surveys. Next in the series: The Detection Engineer — the role that quietly killed the SOC. — Andrés Sarmiento #cybersecurity #CISO #infosec #SecurityLeadership #SolarWinds #TechUpdates

    7 min
  7. Is SaaS Dead? How AI Agents Are Killing Enterprise Software in 2026

    23 DE ABR.

    Is SaaS Dead? How AI Agents Are Killing Enterprise Software in 2026

    "SaaS is dead." Satya Nadella said it on All-In in late 2024. Everyone laughed. Eighteen months later, Klarna went on the record — they fired Salesforce, fired Workday, and replaced them with Python scripts wired to Claude. ~$40M in annual SaaS spend. Gone. This episode breaks down what's actually happening to enterprise software, which layer is getting compressed, which layer is getting bigger, and what IT buyers should do Monday. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📚 WHAT YOU'LL LEARN ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ✅ What Nadella actually predicted vs what sounded absurd at the time ✅ The Klarna playbook — exactly what got replaced, and with what ✅ The 4 layers of every SaaS product (and which 3 are now commodity) ✅ Which SaaS categories are getting compressed (middleware, dashboards, generic CRM/HRIS) ✅ Which categories get bigger (infra, APIs-as-products, vertical SaaS, IAM, GRC) ✅ The per-seat pricing collapse — what vendors are trying instead ✅ What to actually do Monday if you're in IT leadership ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⏱ CHAPTERS ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0:00 Intro — "SaaS is dead" 0:38 The Klarna teardown 1:26 What SaaS actually sold — the 4 layers 2:37 What's getting cooked — dying categories 3:54 What survives — the layer that gets bigger 5:15 Pricing model chaos 6:26 What to do Monday — 5-step playbook 7:52 The real story — the dashboard tax is dead ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎯 THE MEMORABLE LINES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ • "Companies were paying two thousand dollars a seat for permissions and a log file." • "Buyer's market for the first time in a decade." • "The middle layer is getting compressed — infrastructure is bigger than ever." • "Do not sign a three-year SaaS deal in 2026. Do not." ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📡 TECH UPDATES · THE PODCAST ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Tech Updates covers the real stories behind enterprise tech — no hype, no vendor pitches. Host: Andrés Sarmiento. 🔗 techupdates.it-learn.io 🔔 Subscribe for the rest of the EP17–21 run: SaaS, Supply Chain, AI Power, Typhoons, NHIs. Up next → EP18 · The Supply Chain Attack Nobody's Talking About #TechUpdates #SaaS #Klarna #EnterpriseTech #AgenticAI #Nadella #ITLeadership #CIO #EnterpriseSaaS

    8 min
  8. RSAC 2026 Recap: Agentic AI, the Death of the SIEM, and 22-Second Breakouts

    17 DE ABR.

    RSAC 2026 Recap: Agentic AI, the Death of the SIEM, and 22-Second Breakouts

    In 2022, the median time between initial access and the secondary threat hand-off was 8 hours. At RSAC 2026, Mandiant put the new number on the main stage: 22 seconds. That one stat explains everything that got announced in San Francisco this year. This episode of Tech Updates is a full RSAC 2026 recap — the product flood, the agentic AI pivot, and the six predictions every CISO and senior engineer should be tracking over the next 12 months. ⏱ CHAPTERS 0:00 — Intro 0:03 — Cold open: the 22-second attacker hand-off 0:31 — Segment 1: Agentic AI, for real this time 2:20 — Agent Identity & Runtime Control 3:35 — Agentic SOC & the Death of the SIEM 5:09 — AI-Generated Code Security 5:43 — Post-Quantum, Quietly 6:36 — Palo Alto's Full Stack 6:55 — The Cryptographers' Panel 8:10 — Six Predictions for the Next 12 Months 10:45 — The honest takeaway 🔑 VENDORS & PRODUCTS COVERED • Cisco DefenseClaw · Duo IAM for agents • Microsoft Entra ID + Foundry guardrails • Teleport Beams (per-agent Firecracker micro-VMs) • 1Password Unified Access (Anthropic, Cursor, GitHub, Perplexity, Vercel) • Astrix Security · shadow agent coverage • Databricks Lakewatch — agentic SIEM • Google Cloud Triage & Investigation Agent • Accenture + Anthropic Cyber.AI • CrowdStrike Charlotte AI AgentWorks • SentinelOne Prompt AI Agent Security • Secure Code Warrior Trust Agent: AI • Black Duck Signal • ZeroTier Quantum (hybrid PQC transport) • Palo Alto Prisma AIRS 3.0 · Agentic SASE · Prisma Browser for Business • pQCee crypto-agile CNG • SandboxAQ AQtive Guard • Acalvio 360 Deception 🎤 KEY QUOTES "With chatbots you worry about getting the wrong answer. With agents you worry about taking the wrong action." — Jeetu Patel, Cisco "AI will kill the SIEM in 2026." — Ali Ghodsi, Databricks CEO (CNBC) "The cryptographic algorithms have really held up over the last 25 years. You can't say that about a lot of areas within cybersecurity." — Paul Kocher, 25th Cryptographers' Panel "We're spending more on cybersecurity than ever before, but the breaches keep happening. Something is fundamentally broken about how we've approached this problem." — Karl Van den Bergh, Illumio 🎯 SIX PREDICTIONS FOR THE NEXT 12 MONTHS 1. Non-human identity becomes the primary identity problem 2. MCP is now part of the attack surface — treat it like an API gateway 3. The SOC gets automated, or it gets outrun 4. Prompt injection is the new SQL injection 5. Post-quantum is closer than you think (CNSA 2.0 deadlines are real) 6. Active defense and deception are coming back 📚 SOURCES Mandiant M-Trends 2026 · RSAC 2026 official press releases · SecurityWeek daily roundups · Help Net Security · Futuriom · Google Cloud blog · Lumu Technologies recap · Biometric Update · Govtech Lohrmann column · Hive Pro disclosure of Operation Olalampo + Rust-based Char backdoor 🎧 LISTEN & SUBSCRIBE Spotify · Apple Podcasts · YouTube techupdates.it-learn.io New episode every week. #RSAC2026 #AgenticAI #Cybersecurity #SIEM #ZeroTrust #PostQuantum #InfoSec #CISO #MCP #PromptInjection #AIAgents #RSAConference

    12 min
Ver tudo (23)

Classificações e avaliações

5
de 5
3 avaliações

Sobre

Tech Updates is your quick-hit source for the latest in enterprise technology—all in 10 minutes or less. From cybersecurity and network connectivity to data center innovation, cloud advancements, and the rise of AI, we cover the updates that matter. Each episode delivers vendor announcements, industry trends, and agnostic insights to keep you informed and ahead of the curve. Whether you’re a tech professional or just tech-curious, this podcast is designed to fit into your busy schedule and fuel your knowledge.

Informações

  • Criado por
    Andres Sarmiento
  • Anos de atividade
    2025 - 2026
  • Episódios
    23
  • Classificação
    Livre
  • Copyright
    © Andres Sarmiento
  • Site do podcast
    Tech Updates