The Audit - Cybersecurity Podcast

IT Audit Labs
  • 5.0 (7)
  • TECHNOLOGY
  • UPDATED BIWEEKLY

Brought to you by IT Audit Labs. Trusted cyber security experts and their guests discuss common security threats, threat actor techniques and other industry topics. IT Audit Labs provides organizations with the leverage of a network of partners and specialists suited for your needs. ​ We are experts at assessing security risk and compliance, while providing administrative and technical controls to improve our clients’ data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, while our security control assessments rank the level of maturity relative to the size of the organization.

  1. 3H AGO

    Cyber News: Advanced Phishing, ClickFix & AI Wearables

    Microsoft dominates 22% of all phishing attacks, a $800 tool tricks 60% of victims into self-hacking, and Apple's planning a surveillance pin that records everything—welcome to 2025's cybersecurity nightmare. In this episode of The Audit, co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellem are joined by Jen Lotze from IT Audit Labs to dissect three headlines that prove the threat landscape isn't just evolving—it's accelerating. From brand impersonation scams that exploit your brain's pattern recognition to ClickFix malware that bypasses antivirus by weaponizing copy-paste commands, this conversation reveals how attackers are shifting from breaking through defenses to manipulating humans into opening the door themselves.  What You'll Learn: Why trusted brands like Microsoft, Amazon, and DHL are irresistible phishing targets, especially during high-traffic seasons when vigilance naturally dropsHow ClickFix attacks exploit legitimate-looking broken websites to trick users into installing malware through their own command prompts—achieving 60% success rates that evade traditional securityReal-world consequences of sophisticated social engineering, including a $116,000 wire fraud loss that proves even tech-savvy professionals aren't immuneThe privacy and consent implications of Apple's rumored 2027 AI wearable with dual cameras and always-on environmental recordingWhether constant surveillance is becoming the unavoidable price of technological convenience—and what that means for building security cultures in organizations todayFrom training employees to recognize copy-paste scams to navigating the ethics of ambient recording devices, this episode delivers frontline intelligence for security professionals and practical awareness for anyone trying to stay safe online. #phishing #clickfix #cybersecurity #socialengineering #applewearable #privacy #malware #infosec #brandimpersonation

    33 min

  2. JAN 26

    Field Notes: New Year Catch-Up, Coffee, And Team DNA

    In this episode of The Audit, co-hosts Eric Brown and Nick Mellem dive deep into organizational psychology and team dynamics with a refreshingly honest look at how IT Audit Labs is using assessments like CliftonStrengths, Kolbe, and PRINT to decode their team. This isn't fluffy HR talk—it's strategic workforce optimization that directly impacts how security teams respond to threats, collaborate under pressure, and execute on complex projects. Eric and Nick discuss why understanding your team's natural strengths, motivators, and triggers is just as critical as deploying the right tech stack. From reducing meeting bloat to being more intentional with time and resources, they share real-world lessons on building a culture where people operate in their zone of genius. Plus, they tackle the "what tool would you deploy first" scenario—spoiler: it's not what you think. 🔑 KEY TOPICS COVERED: Why organizational assessments (CliftonStrengths, Kolbe, PRINT) matter for security teamsHow to be more intentional with meetings, time, and team collaborationFirst tools to deploy in a new security environment (MFA, YubiKeys, Veronus)The shift from reactive security to proactive team alignmentUsing AI tools like Gemini to streamline communication and decision-making#CliftonStrengths #Cybersecurity #TeamBuilding #ITLeadership #SecurityCulture #CISOLife #InfoSec #OrganizationalPsychology

    27 min

  3. JAN 12

    AI Architecture: Stop Button Pushing, Start Building

    What if the difference between AI mediocrity and breakthrough isn't the tool—it's how you architect your approach? Carter Jensen from The Uncommon Business joins the crew to reveal why most people are stuck "button pushing" while others are unlocking 3X productivity gains. This isn't theory; it's the frontline reality of businesses transforming workflows with the right AI architecture.  If you're tired of surface-level AI hype and ready for actionable intelligence on integrating AI into security, compliance, and everyday business operations, this episode delivers. Whether you're Blockbuster or Netflix is up to you. 🎯 What You'll Learn: AI Architecture vs. Button Pushing – The mindset shift that unlocks 3-4X productivity gains instead of mediocre resultsReal Cybersecurity Wins – How IT teams use AI to speed through compliance audits (PCI, CJIS, HIPAA) and tackle complex security workflowsEnterprise Implementation Truth – Why expensive AI tools fail without strategy, and what actually works for business adoptionThe AI Bubble Debate – Is this hype or the biggest business transformation since the internet? Carter brings receipts from the frontlinesDon't let your team fall behind while competitors architect their way to 4X output. This episode arms IT leaders, CISOs, and security professionals with the mindset shift needed to deploy AI that actually moves the needle. Like, share, and subscribe for more cutting-edge cybersecurity and AI implementation strategies!  #ArtificialIntelligence #Cybersecurity #AIforBusiness #ITaudit #ComplianceAutomation

    41 min

  4. 12/29/2025

    The Audit 2025: Deepfakes, Quantum & AI That Changed Everything

    In this special year-end episode, Joshua Schmidt revisits the most mind-bending moments from The Audit's 2025 season. From Justin Marciano and Paul Vann demonstrating live deepfakes in real-time (yes, they actually did it on camera) to Bill Harris explaining how Google's quantum experiments suggest parallel universes, to Alex Bratton's urgent warning about the AI adoption crisis happening right now in boardrooms everywhere.  What You'll Learn:  How adversaries are using free tools to create convincing deepfakes for job interviews and social engineering attacks—and why this represents a national security threat  Why NASA shut down its quantum computer after getting results that "challenge contemporary thinking" (and the wild theories circulating about what they discovered)  The critical mistake companies are making with AI integration: racing ahead without governance, security frameworks, or responsible use policies  How the Pi-hole community exemplifies open-source security at its best—enterprise-grade protection at fractions of the cost  Why IT teams saying "no" to AI isn't realistic, and what responsible AI adoption actually looks like This isn't just a recap—it's a wake-up call. These conversations reveal the inflection points where standing still means falling behind. Whether you're a CISO, security analyst, IT auditor, or business leader trying to navigate AI adoption, these clips offer the perspective you need heading into 2026.  Don't wait until 2026 to realize you missed the critical shift. Subscribe now for cutting-edge cybersecurity insights that keep you ahead of evolving threats.  #cybersecurity #deepfake #quantumcomputing #AI #infosec #ethicalhacking #cyberdefense #2025yearinreview

    23 min

  5. 12/15/2025

    Gaming to Cybersecurity: How AI Agents Fight Alert Overload

    What if you could hire an army of AI security analysts that work 24/7 investigating alerts so your human team can focus on what actually matters? Edward Wu, founder and CEO of DropZone AI, joins The Audit crew to reveal how large language models are transforming security operations—and why the future of cyber defense looks more like a drone war than traditional SOC work.  From his eight years at AttackIQ generating millions of security alerts (and the fatigue that came with them), Edward built DropZone to solve the problem he helped create: alert overload. This conversation goes deep on AI agents specializing in different security domains, the asymmetry problem between attackers and defenders, and why deepfakes might require us to use "safe words" before every Zoom call.  What You'll Learn:  How AI tier-1 analysts automate 90% of alert triage to find real threats faster Why attackers only need to be right once, but AI can level the playing field Real-world deepfake attacks hitting finance teams right now The societal implications of AI-driven social engineering at scale Whether superintelligence will unlock warp engines or just better spreadsheets If alert fatigue is crushing your security team, this episode delivers the blueprint for fighting back with AI. Hit subscribe for more conversations with security leaders who are actually building the future—not just talking about it.  #cybersecurity #AIforCybersecurity #SOC #SecurityOperations #AlertFatigue #DropZoneAI #ThreatDetection #IncidentResponse #CyberDefense #SecurityAutomation

    35 min

  6. 12/01/2025

    Critical Infrastructure: Everything is Connected and Vulnerable

    When hackers target the systems controlling your water, power, and transportation, the consequences go far beyond data breaches—people can die. Leslie Carhartt, Technical Director of Incident Response at Dragos, pulls back the curtain on one of cybersecurity's most critical blind spots: industrial control systems that keep society running but remain dangerously exposed.  What You'll Learn:  Why industrial control systems can't be updated like your laptop—and what that means for security How threat actors are using AI to generate custom malware for power plants and water treatment facilities The real state of critical infrastructure security (spoiler: forget about air gaps) Why commodity ransomware has become an existential threat to industrial operations The five critical controls organizations should implement right now to defend OT environments Don't wait until your organization becomes the next headline. Like, share, and subscribe for more in-depth security intelligence that goes beyond the buzzwords.  #industrialcybersecurity #criticalinfrastructure #OTsecurity #ICS #SCADA #dragos #incidentresponse #ransomware #AIthreats #cybersecurity #infosec

    33 min

  7. 11/17/2025

    Red Team Warfare: A Navy Cyber Officer's Inside Look at Military Offensive Operations

    What if your security team is playing defense while hackers play offense 24/7? Foster Davis, former Navy cyber warfare officer and founder of BreachBits, breaks down why traditional penetration tests become obsolete in weeks—and how continuous red teaming changes the game. From hunting pirates in the Indian Ocean to defending critical infrastructure, Foster shares hard-earned lessons about adversarial thinking, operational risk management, and why the junior person in the room might spot your biggest vulnerability.  What You'll Learn:  Why red teaming creates psychological advantages penetration testing can't match How operational risk management translates technical findings into executive action The real cost of point-in-time security assessments (hint: ask St. Paul, Minnesota) Military-grade frameworks for continuous threat simulation in civilian organizations Why attackers operate 365 days a year—but most organizations test once Don't let your organization become another headline. Security teams need to think like attackers, not just defenders. Subscribe for more conversations that challenge conventional cybersecurity thinking.  #RedTeam #CybersecurityStrategy #PenetrationTesting #MilitaryCyber #ThreatHunting #InfoSec

    41 min

  8. 11/03/2025

    Field Notes: AI's $10 Trillion Lie + Coffee Roasting & Starlink Hacks

    What if everything AI tells you about cybersecurity costs is completely wrong? The Audit crew unpacks a shocking data black hole that has infected every major AI model—plus field-tested tech that actually works. In this laid-back Field Notes episode, Eric Brown, and Nick Mellum return from Gartner's CIO Symposium with insights that'll make you question your AI outputs. From discovering that the "trillions in cybercrime" statistic is pure fiction (the real number is 16.6 billion) to hands-on reviews of Starlink Mobile and Nothing earbuds, this episode delivers practical intelligence you won't find in vendor pitches. Don't wait for the next data breach to question your assumptions. Subscribe for monthly Field Notes episodes that cut through the noise with honest, technical conversations you can trust. #cybersecurity #AI #artificalintelligence #GartnerCIO #infosec #starlink #fieldnotes #cybertrends #datasecurity #AIbias

    26 min
See All (85)

Ratings & Reviews

5
out of 5
7 Ratings

About

Brought to you by IT Audit Labs. Trusted cyber security experts and their guests discuss common security threats, threat actor techniques and other industry topics. IT Audit Labs provides organizations with the leverage of a network of partners and specialists suited for your needs. ​ We are experts at assessing security risk and compliance, while providing administrative and technical controls to improve our clients’ data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact, while our security control assessments rank the level of maturity relative to the size of the organization.

Information

  • Creator
    IT Audit Labs
  • Years Active
    2022 - 2026
  • Episodes
    85
  • Rating
    Explicit
  • Copyright
    © 2026 The Audit - Cybersecurity Podcast
  • Show Website
    The Audit - Cybersecurity Podcast

You Might Also Like