In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler explore a pressing security shift: adversaries are increasingly bypassing traditional credential theft to exploit the AI systems already embedded within corporate environments. The hosts discuss how "agentic" AI solutions often operate with overprivileged non-human identities, granting bots excessive access to data and infrastructure that far exceeds their functional requirements.

This resurgence of "standing access" for machine accounts—a vulnerability CISOs thought they had mitigated—is being exacerbated by the rapid, near-universal adoption of AI development tools. Using real-world examples, ranging from inadvertent AI-generated discounts to the complex liability of autonomous vehicles, Chris and Ken illustrate the risks of prompt injection and data poisoning. The episode serves as a critical call to action for security teams: to treat AI agents with the same rigorous identity management and just-in-time provisioning standards historically reserved for human users before these misconfigurations lead to massive data exfiltration.

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler explore the often-misunderstood world of mainframe computing. Despite the pervasive narrative that mainframes are "antiquated" technology, the hosts argue that they remain the gold standard for availability, integrity, and resilience in high-stakes environments like banking, healthcare, and government.

The discussion clears up common misconceptions, noting that modern mainframes are not just running legacy code like COBOL, but are fully capable of integrating with modern development tools and languages. Steffen and Buckler highlight that while the cloud offers flexibility, it lacks the sheer stability and performance consistency of the mainframe. For security professionals, the episode serves as a powerful reminder that "older" doesn't mean "insecure." In many cases, these systems provide a level of physical and logical isolation that modern, network-dependent architectures struggle to match. Ultimately, the hosts invite listeners to rethink the mainframe's role in the modern stack, proving it remains the undisputed champion of mission-critical compute.

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler discuss transformative announcements from the Microsoft Build Conference 2026. The central focus is Microsoft’s shift toward ARM-based architecture in partnership with NVIDIA, exemplified by the new RTX Spark superchip. This development marks a pivotal transition: moving personal AI agents from cloud-reliant models to high-performance, local desktop environments.

The hosts argue that this architectural evolution is a "security-first" milestone, allowing for local AI compute that significantly reduces privacy risks, data leakage, and the need for cloud-based credit systems. Beyond personal privacy, the discussion highlights the environmental benefits of distributed computing, noting that local processing mitigates the massive energy and land demands of hyperscale data centers. Steffen and Buckler conclude that the rapid democratization of AI is occurring faster than expected, signaling a new era where powerful, secure AI agents function as teammates rather than mere tools, fundamentally reshaping the future of personal computing.

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler revisit a foundational IT principle: the Single Point of Failure (SPOF). Using the mantra "two is one, and one is none," the hosts explore why modern organizations often overlook critical dependencies that, if compromised, can bring down entire systems.

The discussion traverses the spectrum from analog to digital, using the infamous train failures at Denver International Airport (DIA) as a prime example of a catastrophic physical SPOF that leaves thousands of travelers stranded. On the technical side, the hosts contrast fragile, linear network designs with the resilient, "spider-web" architecture of the modern internet and the hierarchical, distributed nature of the Domain Name System (DNS).

Ultimately, Chris and Ken emphasize that while total redundancy is often cost-prohibitive, effective risk management requires identifying your most critical assets and building deliberate, tiered resilience—ensuring that when a failure inevitably occurs, the entire system doesn't collapse.

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler shift focus from software to the often-overlooked realm of hardware security. The conversation centers on a recent Government Accountability Office (GAO) report detailing federal efforts to identify and remove telecommunications and surveillance equipment containing intentional backdoors and vulnerabilities linked to foreign actors—specifically from the People's Republic of China.

The hosts emphasize that hardware integrity is a critical national security concern, not just an enterprise compliance hurdle. While they caution listeners against panic-buying new routers, they highlight the inherent risks of using "end-of-life" hardware that no longer receives security patches. Ken and Chris advocate for rigorous asset inventories and proactive replacement cycles, noting that even "legendary" workhorses like the classic WRT54G eventually reach the end of their secure lifecycle. Ultimately, the episode serves as a vital reminder: security requires vigilance at every layer of the stack, starting with the physical devices on your network.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler dissect Google’s recent discovery of the first clearly documented AI-assisted zero-day exploit. A threat actor utilized a Large Language Model (LLM) to develop a Python script designed to bypass two-factor authentication (2FA) on a widely used open-source system administration tool.

The hosts highlight the "smoking guns" that betrayed the AI’s involvement: an uncharacteristic abundance of educational docstrings, specific Python formatting typical of LLM training data, and a telltale hallucinated CVSS score. While this signals a productivity boost for adversaries, Chris and Ken offer a witty yet grounded take: AI doesn’t instantly transform a novice into a "development wizard." The technology often mirrors the operator’s technical gaps, leading to documented code that is "ripe for the picking" by defenders. Ultimately, the duo emphasizes that while the toolkit has shifted, the solution remains anchored in fundamental cyber hygiene—rigorous patching, skeptical link-clicking, and a granular understanding of network dependencies.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler tackle the controversial intersection of digital privacy and state legislation. The discussion centers on Utah’s recent mandate requiring adult content providers to verify ages even when users are behind a VPN. This creates a technical "catch-22," forcing providers to either implement invasive identity checks or block privacy-enhancing tools entirely—a move the hosts argue is both technically infeasible and a threat to legitimate encryption use cases.

The conversation extends to California’s 2027 law, which aims to push age verification onto operating system providers. Chris and Ken break down the "whack-a-mole" reality of tracking rotating IP blocks and the inevitable collision with international privacy regulations. They warn that these laws, often drafted by "tech-illiterate" legislators, risk pushing states into a digital "stone age."

Ultimately, the hosts call on security professionals to advocate for privacy and offer their technical expertise to policymakers to prevent the enactment of unenforceable, privacy-destroying mandates.

In this special "Star Wars Day" edition of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler bridge the gap between sci-fi fantasy and modern security awareness. Utilizing the legendary franchise as a backdrop, the hosts deconstruct the glaring cybersecurity failures of the Galactic Empire to provide actionable lessons for today’s information security professionals.

The discussion highlights a total lack of port security and network authentication, famously exploited by R2-D2 to gain administrative control over complex systems through simple physical links.

Chris and Ken move into data integrity and insider threats, citing the deletion of the planet Kamino from the Jedi archives as a failure that underscores the critical need for file integrity monitoring and immutable backups. Finally, the duo examines the success of social engineering and "tailgating" throughout the series, drawing parallels to real-world threats like dressing as maintenance staff or carrying large boxes to bypass physical security checkpoints. By analyzing these galactic blunders, the episode reminds listeners that foundational cyber hygiene remains the ultimate defense against the "Dark Side."