The Audit - Cybersecurity Podcast

IT Audit Labs

The Audit - Cybersecurity Podcast from IT Audit Labs features trusted security experts, industry leaders, and practitioners who unpack the threats, tactics, and trends shaping today’s risk landscape. With 90+ episodes and a top 10% global ranking on Listen Notes, The Audit goes beyond surface-level security talk. Each episode explores real-world threats, attacker techniques, compliance challenges, cyber risk, and the decisions security teams face before, during, and after an incident. IT Audit Labs helps organizations identify risk before attackers exploit it. Through threat assessments, security control reviews, compliance expertise, and a trusted network of partners and specialists, we help teams find their soft spots, strengthen their defenses, and make smarter security decisions. Listen in for sharp conversations, practical insight, and a clearer view of what’s coming next in cybersecurity.

  1. 2d ago

    Cyber News: Bug Bounty Fail, Open-Source Malware & Facebook SMB Phishing

    An underground forum post breaks down how hackers scan, exploit, and cash out on vulnerabilities — and it reads like a step-by-step guide. Meanwhile, Microsoft is catching heat for stonewalling a researcher who found real zero-days, and a new phishing campaign is hitting small businesses through the platforms they trust most.  The OG crew — Joshua Schmidt, Eric Brown, and Nick Mellem — digs into this week's biggest cybersecurity headlines with sharp takes and real-world context that practitioners can actually use.  🗞️ This week's stories:   Underground hacker forum "Hacking for Profit" breaks down the full vulnerability exploitation playbook — and what it means for your security gaps  Gray hat researcher Chaotic Eclipse discloses zero-days to Microsoft, gets stonewalled on bug bounty, and now July 14th Patch Tuesday just got interesting  Third-party plugins and open source tools: the supply chain risk hiding in your dev pipeline (and tools like Akido and Veracode that help)  Meta Business Suite phishing campaign targeting SMBs — and a live near-miss story from Joshua himself  SMS phishing: a new IT Audit Labs team member got hit on day three, before his welcome post even went live  Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers the intel to do it. Like, share, and subscribe for weekly cybersecurity coverage.  #cybersecurity #infosec #bugbounty #phishing #zerodayvulnerability #supplychainsecurity #microsoftsecurity #ethicalhacking #ciso #itauditlabs

    36 min

  2. Jun 1

    AI vs. Law Enforcement: Deepfakes, Doxing & Deception

    What happens when a deepfake video becomes probable cause? Law enforcement agencies are already grappling with AI-generated evidence, doxing attacks on officers, and a training gap that's growing wider every six weeks. If the justice system can't keep up with the AI threat curve, the consequences won't just be policy problems — they'll be people's lives.  In this episode of The Audit, former firefighter-paramedic turned strategic communications consultant Braden Frame — founder of Modern Cartographers and Modern Fortis — joins co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum to break down the rapidly evolving AI threat landscape facing law enforcement and public safety. Braden draws a sharp parallel between law enforcement's slow adoption of social media a decade ago and the AI reckoning happening right now — and why that delay could be catastrophic this time around.  🔍 What We Cover:  How AI-generated fake evidence is already entering courtrooms — and why it'll only get harder to detect Why law enforcement is repeating its social media mistakes with AI adoption The guardrails debate: Venice AI, unregulated tools, and who pays the price when there are no limits Doxing attacks on officers and public servants — and how to defend your personal information AI in the field: body cam transcription, paramedic decision support, and where the tech actually works today Authenticity as a weapon: why real human voices will matter more than ever in the age of AI slop  Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!  #AI #cybersecurity #lawenforcement #deepfakes #doxing #publicsafety #infosec #artificialintelligence #AIthreats

    46 min

  3. May 18

    Cyber News: Iranian Hacker, Quantum Ransomware and Rogue AI

    What would you do if ransomware told you not only that your data was gone — but that it was encrypted with a quantum-safe algorithm and you have 72 hours to pay? That's not a hypothetical anymore.  In this live news episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum are joined by IT Audit Labs member Bill Harris for a rapid-fire breakdown of the week's most important cybersecurity stories — and a few conversations that went places nobody expected.  🎯 Stories & Topics Covered:  Iranian Cyber Group Handala Targets U.S. Troops — WhatsApp-based psychological ops against service members in Bahrain, and what OPSEC looks like when soldiers can't leave their phones at home Agentic AI Risk Goes Live — A real incident where an AI deleted a production database in 9 seconds, and why "trust but verify" has never mattered more Quantum-Safe Ransomware (Kyber) — The first confirmed ransomware family using NIST's post-quantum cryptographic standards, and why it's more marketing than menace — for now Robinhood Email Exploit via Gmail Dot Trick — How threat actors weaponized a years-old stolen email list using a quirk in how Google and Robinhood handle email addresses differently Bitwarden/Checkmarks Supply Chain Attack — Why even security-first tools aren't immune, and how Bitwarden's 90-minute response time became a case study in breach communication Apple's AI Strategy: Late on Purpose? — Is Apple sitting out the AI arms race, or quietly building something nobody's seen yet? Eric's AI Email Vision — A live whiteboard idea for using agentic AI as a personal email firewall that could eliminate phishing at the infrastructure level Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!  #cybersecurity #ransomware #postquantum #AI #infosec #ethicalhacking #supplychain #phishing #NIST #agentic #bitwarden #OPSEC #cyberdefense #ITaudit #TheAudit

    42 min

  4. May 4

    Inside Email Security: Phishing, Hackers, and Harmony Checkpoint

    Most organizations think they're protected. They're not. Microsoft Defender sounds solid on paper — but in the real world, it's letting phishing, malware, and business email compromise walk right through the door. In this episode of The Audit, the crew pulls back the curtain on one of the most exploited attack surfaces in any organization: email.  Co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem are joined by IT Audit Labs' own Cameron Birkland — fresh off three first-place CTF wins in Vegas — for a live walkthrough of Check Point Harmony Email, a tool that plugs directly into your Microsoft 365 environment and shows you exactly what your current setup is missing.  🎯 What you'll learn in this episode:  Why out-of-the-box Microsoft Defender consistently fails against advanced phishing and BEC attacks — and what "good" email security actually looks like How Check Point Harmony uses machine learning and contextual AI analysis (not just signature matching) to catch threats that bypass traditional filters How threat actors silently set up forwarding rules and inbox monitoring to loot data for weeks — without triggering a single alert IT Audit Labs' new "14 plus one" email security assessment — a 14-day live scan of your Microsoft 365 environment with a full debrief, no disruption required A live demo of the Harmony dashboard: phishing reports, geo-anomaly detection, OneDrive malware scanning, and DLP for exposed sharing links Whether you're securing a 50-person company or advising a 5,000-user enterprise, this episode gives you the practitioner-level insight to finally close the gap in your email defenses.  Don't wait until your organization is the next headline. Subscribe for weekly cybersecurity insights from the practitioners actually doing the work. Like, share, and leave us a review on Apple Podcasts if this episode hit home.  #emailsecurity #cybersecurity #phishing #businessemailcompromise #Microsoft365 #infosec #checkpoint #harmonyemail

    32 min

  5. Apr 20

    Ghost in the Machine: AI Identities & the Spiritual Red Teaming

    Your organization may have hundreds of AI agents running right now that your security team doesn't know exist. Every single one is an identity. Every identity is an attack surface.  In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Madhav Nakar, security researcher on the Phantom Labs team at BeyondTrust, to break down one of the most underexplored threats in enterprise security today: untracked AI agents creating exploitable "ghost identities." Madhav just returned from RSA — where he noticed every booth had an AI angle and a bubble forming — and he's here to cut through the noise with hard-hitting research and practical guidance.  🔍 Key Topics Covered:  How low-code platforms let non-technical users spawn unvetted AI agents — and why that's a goldmine for attackers Ghost identities: what happens when AI agents run on untracked, over-privileged system identities The AWS sandbox DNS exfiltration proof-of-concept from BSides (BeyondTrust research) Why siloed AWS, Azure, and Okta teams create hidden privilege escalation paths "AI vs. AI" — the emerging defender model where autonomous systems monitor each other Browser extension cross-contamination and prompt injection risk for enterprise Claude deployments The three conditions that make any AI agent dangerous: private data access + untrusted instructions + tool execution Madhav's framework: inventory → least privilege → visibility — the basics that still matter most Bonus: Madhav shares how "spiritually red-teaming yourself" — facing fear, breaking false narratives, and building trust — maps directly to how security professionals should approach zero trust and identity management. Plus: Joshua, Eric, and Nick on conquering stage fright and what that has to do with cybersecurity culture.  Don't wait for a ghost identity to become a ghost incident. Subscribe for weekly cybersecurity insights from practitioners, researchers, and the people defending the frontlines.  #GhostIdentities, #AIAgentSecurity, #NonHumanIdentity, #ZeroTrust, #TheAuditPodcast

    41 min

  6. Apr 6

    Cyber News: Iran Attacks, Greyware, and Backdoor Code

    What if the tools protecting your organization were the ones compromising it? In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem — joined by IT Audit Labs team member Samuel Cala live in the St. Paul studio — unpack a wave of cybersecurity stories that all converge on one unsettling theme: trust is being exploited at every layer of the stack.  From an Iranian-linked APT group targeting U.S. healthcare infrastructure, to a sophisticated GitHub Actions supply chain attack that backdoored an AI coding library used by thousands of developers — the crew breaks down exactly how threat actors are weaponizing the tools, platforms, and third-party services organizations depend on daily.  They also dive into a disturbing revelation about AI-powered audit certifications: one company allegedly fabricated compliance evidence to hand out ISO 27001 and SOC 2 certifications at a fraction of the cost — raising serious questions about what those credentials are actually worth.  In this episode:  🇮🇷 Iran's escalation from cyber espionage to active disruption — what signals to watch for 🔗 The GitHub Actions / LiteLLM supply chain attack explained step by step 🧾 How an AI certification firm allegedly faked audit evidence — and what it means for your vendor trust 📡 FCC bans on foreign-made routers and the gray market hardware problem hiding in plain sight 🤖 OpenAI kills Sora — what it signals about where AI is actually headed Whether you're a CISO trying to defend against nation-state threats or a developer trusting open-source libraries, this episode delivers the context — and the hard questions — you need to stay ahead.  Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!  #cybersecurity #supplychainattack #infosec #threatintelligence #ISO27001 #SOC2 #githubsecurity #irancyberattack #aicybersecurity #itauditlabs

    34 min

  7. Mar 23

    Cognitive Surrender: How AI Weaponizes Human Psychology

    A $25 million wire transfer. A fake CFO. An entire executive team that didn't exist. This is what modern cybercrime looks like — and your firewall won't stop it.  In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum sit down with James McDowell — forensic psychology expert, cybercrime researcher, and adjunct professor at American Military University — to explore the chilling intersection of AI, human psychology, and cybercrime. James introduces the concept of "cognitive surrender": the slow, dangerous transfer of our thinking to AI tools, and how threat actors are exploiting it at scale.  What You'll Learn:  What "cognitive surrender" is and why it's cybercrime's greatest accelerant How a $25M deepfake scam bypassed every red flag a trained employee had The psychology behind System 1 vs. System 2 thinking — and why attackers time their strikes around your lunch break Why voice passwords and family code phrases are becoming critical security tools How FraudGPT and dark-web AI models are lowering the barrier for cybercriminals What James's wave theory reveals about how we trust — and how that trust gets exploited 📖 Guest: James McDowell Forensic psychologist, cybercrime researcher, and author of Forensic Psychology and the Human Side of Cybercrime. James teaches at American Military University and leads research at [Research Institute] focused on the psychology of cyber offenders and victims.  📚 Book available on Amazon and Routledge. Search: Forensic Psychology and the Human Side of Cybercrime  Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers the psychological intelligence to help protect your business. Like, share, and subscribe for more in-depth security discussions!  #cybersecurity #cybercrime #socialengineering #deepfake #AIthreats #infosec #phishing #cyberpsychology #ethicalhacking #CISO

    43 min

  8. Mar 9

    Surviving a Cardiac Event: Biometric Data and the Risks Nobody Talks About

    What if the device keeping you alive was also a cybersecurity vulnerability? That's not a hypothetical — it's Victor Barge's reality.  In this episode of The Audit, IT Audit Labs' Global Delivery Director Victor Barge shares the story of his sudden cardiac event and the life-saving defibrillator now implanted in his chest and the eye-opening security questions that followed. Co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum connect Victor's story to the real-world cyber risks organizations ignore every single day.  What you'll learn in this episode:  How modern pacemakers and defibrillators transmit biometric data 24/7 — and what happens if that data is compromised Why the 2017 Abbott pacemaker recall of 500,000 devices is a warning the industry hasn't fully heeded The parallel between reactive healthcare and reactive cybersecurity — and why waiting costs you more Why billion-dollar organizations are still storing passwords in spreadsheets in 2026 What continuous monitoring in IT security can learn from real-time cardiac telemetry Whether you're a CISO, IT auditor, or just someone wearing a smartwatch, this episode will make you rethink what "sensitive data" really means.

    37 min
See All (94)

Ratings & Reviews

5
out of 5
7 Ratings

About

The Audit - Cybersecurity Podcast from IT Audit Labs features trusted security experts, industry leaders, and practitioners who unpack the threats, tactics, and trends shaping today’s risk landscape. With 90+ episodes and a top 10% global ranking on Listen Notes, The Audit goes beyond surface-level security talk. Each episode explores real-world threats, attacker techniques, compliance challenges, cyber risk, and the decisions security teams face before, during, and after an incident. IT Audit Labs helps organizations identify risk before attackers exploit it. Through threat assessments, security control reviews, compliance expertise, and a trusted network of partners and specialists, we help teams find their soft spots, strengthen their defenses, and make smarter security decisions. Listen in for sharp conversations, practical insight, and a clearer view of what’s coming next in cybersecurity.

Information

You Might Also Like