Navy Officer Reveals the Threat Modeling Mindset Most Cybersecurity Teams Are Missing episode artwork

EPISODE · Jun 16, 2026 · 1H 11M

Navy Officer Reveals the Threat Modeling Mindset Most Cybersecurity Teams Are Missing

from Full Metal Packet

Ben Lipczynski is the Director of Security and Regulatory Services at Origina and a former British Royal Navy officer with 12 years operating nuclear submarines and global networks. He brings an operator-level perspective on what separates a contained incident from a months-long operational nightmare.In this episode, Ben breaks down why patching is not a silver bullet, why legacy systems are more defensible than most teams assume, and what the submarine service taught him about knowing your critical systems before an attacker finds them for you.He explains:◼ Why siloed teams and poor system knowledge cause more breaches than sophisticated attacks ever do◼ Why upgrading to the latest version often introduces more vulnerabilities than it removes◼ How 700 scan findings came down to 20 real actions after proper contextual analysis◼ Why the CVE volume problem is about to get significantly worse and what to do about it◼ Why defense in depth, not patching, is the only strategy that holds up when an attacker gets insideTime Stamps:(0:00) Introduction(0:53) What corporate security teams get wrong vs. the military(2:22) The submarine mindset: 90% training, 10% operations(4:48) Operational clarity in the military: everyone knows the mission and their role(6:59) Military structure vs. corporate agility — opposites or the same need?(10:38) Why Ben left the Navy for cybersecurity(14:32) "Take a marching pace" — thinking before acting in incident response(18:09) The iPad water treatment plant story — OT connectivity creep in the real world(25:30) The myth of N-minus-one: legacy doesn't mean insecure(28:10) Open source dependency risk — 60% of vulnerabilities aren't in the core code(31:01) Slop squatting: attackers pre-registering AI-hallucinated package names(33:00) What to do when you can't patch — contextual risk-based defense in depth(36:26) The patch validation problem — exploits now arrive within hours of a CVE(44:00) Fully patched, still taken down — architecture beats updates(51:26) Log4J case study: why deleting the library beat the patch cycle(55:23) Practical advice for security teams managing legacy systems(1:02:22) The CVE volume crisis — is the current patching model even tenable?(1:07:21) Bold prediction: CVE text itself will become an attack vector for AI agentsConnect with the speakers ⬇️:Ben Lipchinski: https://www.linkedin.com/in/benlipczynskisecurity/Yegor Sak: https://www.linkedin.com/in/yegor-sak-725330b2/Alex Paguis: https://www.linkedin.com/in/alex-paguis-53a21815/Powered by Control D

NOW PLAYING

Navy Officer Reveals the Threat Modeling Mindset Most Cybersecurity Teams Are Missing

0:00 1:11:08

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Raw Force

Apr 29, 2026 ·111m

Dixie Cups

Apr 18, 2026 ·89m

Wyatt Vurp

Apr 9, 2026 ·82m

Full Metal RPG The Full Metal RPG Crew Tabletop RPG Podcast that talks about Tough subjects and probably has some fun. Explicit Shut Up I Love It Sasha Feiler and Joe Cabello Many years ago, Sasha Feiler and Joe Cabello met in line for an improv show. They were young, dumb, and full of it. What followed were comedy shows so explicit, “genitalia” was practically a term of endearment.Fast forward 5 dogs, 6 cats, and way too many weird inside jokes later, Sasha and Joe are no longer young or dumb—but they’re still brimming with you-know-what. Here, they’ve teamed up to bring you a podcast where they interview a guest who passionately defends something universally hated, misunderstood, forgotten, overlooked, Mandela-effected, canceled—you name it. The key? They LOVE it. From toupees... to B-movies... to aliens, psychedelics, and the occasional surprise character, Sasha and Joe are here to spread love to the world that birthed them (but maybe should’ve used protection).So come and get that love because no one else will give it to you like we do.Also, don’t forget to check out the Patreon Bonus version of the show:https://www.patreon.com/c/ShutUpILoveItP Explicit Unauthorized Disclosure Kevin Gosztola Become a Paid Subscriber: https://anchor.fm/unauthorized-disclosure/subscribe"Unauthorized Disclosure" is a weekly podcast hosted by Rania Khalek and Kevin Gosztola. It focuses on issues and topics that are overlooked or pushed aside by the more mainstream media.The hosts champion adversarial journalism. Guests featured are often rarely heard or unheard voices. Or they are voices who we think can benefit from a space to have conversations, which allow for dissent and the unpacking of unpopular ideas.SUBSCRIBE on Spotify for $4.99/month and gain access to full episodes instead of clips or highlights from each week's show. Explicit Needless to Say... NTS Podcast In a world full of social divide, does anyone really need another comedy podcast starring four guys in a garage? According to Craig, Brad, Matt and Dave, yes ... yes they do.So, if you were into Opie and Anthony when they got along, Howard Stern when he wasn’t star-humping, or Ron Bennington when he still had a Fez, Needless to Say might be exactly what you’re looking for. Explicit

Frequently Asked Questions

How long is this episode of Full Metal Packet?

This episode is 1 hour and 11 minutes long.

When was this Full Metal Packet episode published?

This episode was published on June 16, 2026.

What is this episode about?

Ben Lipczynski is the Director of Security and Regulatory Services at Origina and a former British Royal Navy officer with 12 years operating nuclear submarines and global networks. He brings an operator-level perspective on what separates a...

Can I download this Full Metal Packet episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!