The Capital One Breach and the 1% Security Gap Nobody Fixed episode artwork

EPISODE · Jun 30, 2026 · 1H

The Capital One Breach and the 1% Security Gap Nobody Fixed

from Full Metal Packet

Ross Young was inside Capital One when the 2019 breach happened and he's breaking down what the headlines got wrong.From WAF misconfigurations to AI-powered attacks moving at machine speed, this episode is a tactical masterclass for security leaders who want to stop wasting budget and start building real defences.Ross Young is a former intelligence officer turned enterprise CISO. He was at Capital One during the 2019 breach, authored Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste, and is now co-founder & CEO of Clear Capabilities, building AI agents to automate the parts of security that drain teams dry.In this episode, Ross explains:◼ The exact WAF misconfiguration that enabled the Capital One breach and why it's probably still hiding in your environment◼ Why your security tools are likely only 40–72% effective, and how to calculate your true effective protection score◼ Which security categories are largely security theater (DLP, third-party risk management) and where budget should actually go◼ How AI is shifting the speed of attacks vs. defenses and what defenders must do right now to keep up◼ Why AI agents need kill switches, audit trails, and rollback processes before they ever go liveTime Stamps(00:00) Introduction: Ross Young's Path From Offense to CISO(00:29) Inside the 2019 Capital One AWS Breach(07:14) Evidence Every CISO Should Collect After a Breach(08:26) The Swiss Cheese Firewall Problem(11:17) Misaligned Incentives Between Developers and Security(13:10) Risk Acceptance: The MRI Machine and the CFO's Math(17:55) Murder Boards: Killing Underperforming Security Tools(24:18) Why Vendor Choice Matters Less Than Configuration(28:32) Where Security Budgets Should Actually Go(32:39) AI Is Closing the Attacker-Defender Speed Gap(36:25) Stopping Deepfakes and Phishing With Process, Not Tools(43:51) AI Agents Are the New Phishing Target(47:37) Building a Kill Switch for Rogue AI Agents(51:51) Introducing the OWASP Threat and Safeguard Matrix(58:50) One Thing Every CISO Should Fix This Week(59:48) Ross's New Venture: Clear CapabilitiesConnect with Ross Young on LinkedIn: https://www.linkedin.com/in/mrrossyoung/Hosts ⬇️Yegor Sak: https://www.linkedin.com/in/yegor-sak-725330b2/Alex Paguis: https://www.linkedin.com/in/alex-paguis-53a21815/Powered by Control D

NOW PLAYING

The Capital One Breach and the 1% Security Gap Nobody Fixed

0:00 1:00:27

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Raw Force

Apr 29, 2026 ·111m

Dixie Cups

Apr 18, 2026 ·89m

Wyatt Vurp

Apr 9, 2026 ·82m

Full Metal RPG The Full Metal RPG Crew Tabletop RPG Podcast that talks about Tough subjects and probably has some fun. Explicit Shut Up I Love It Sasha Feiler and Joe Cabello Many years ago, Sasha Feiler and Joe Cabello met in line for an improv show. They were young, dumb, and full of it. What followed were comedy shows so explicit, “genitalia” was practically a term of endearment.Fast forward 5 dogs, 6 cats, and way too many weird inside jokes later, Sasha and Joe are no longer young or dumb—but they’re still brimming with you-know-what. Here, they’ve teamed up to bring you a podcast where they interview a guest who passionately defends something universally hated, misunderstood, forgotten, overlooked, Mandela-effected, canceled—you name it. The key? They LOVE it. From toupees... to B-movies... to aliens, psychedelics, and the occasional surprise character, Sasha and Joe are here to spread love to the world that birthed them (but maybe should’ve used protection).So come and get that love because no one else will give it to you like we do.Also, don’t forget to check out the Patreon Bonus version of the show:https://www.patreon.com/c/ShutUpILoveItP Explicit Unauthorized Disclosure Kevin Gosztola Become a Paid Subscriber: https://anchor.fm/unauthorized-disclosure/subscribe"Unauthorized Disclosure" is a weekly podcast hosted by Rania Khalek and Kevin Gosztola. It focuses on issues and topics that are overlooked or pushed aside by the more mainstream media.The hosts champion adversarial journalism. Guests featured are often rarely heard or unheard voices. Or they are voices who we think can benefit from a space to have conversations, which allow for dissent and the unpacking of unpopular ideas.SUBSCRIBE on Spotify for $4.99/month and gain access to full episodes instead of clips or highlights from each week's show. Explicit Needless to Say... NTS Podcast In a world full of social divide, does anyone really need another comedy podcast starring four guys in a garage? According to Craig, Brad, Matt and Dave, yes ... yes they do.So, if you were into Opie and Anthony when they got along, Howard Stern when he wasn’t star-humping, or Ron Bennington when he still had a Fez, Needless to Say might be exactly what you’re looking for. Explicit

Frequently Asked Questions

How long is this episode of Full Metal Packet?

This episode is 1 hour and 0 minutes long.

When was this Full Metal Packet episode published?

This episode was published on June 30, 2026.

What is this episode about?

Ross Young was inside Capital One when the 2019 breach happened and he's breaking down what the headlines got wrong.From WAF misconfigurations to AI-powered attacks moving at machine speed, this episode is a tactical masterclass for security leaders...

Can I download this Full Metal Packet episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!