C-Suite Cyber Podcast

Malware attribution is harder than most teams want to admit.Attackers can copy another group’s TTPs, swap tools, buy access, abuse trusted update paths, and make your EDR’s story look cleaner than reality. In this episode of C-Suite Cyber, Mike Small and AJ sit down with Diyar Saadi to talk through malware analysis, attribution, targeted attacks, social engineering, firmware malware, and why defenders cannot rely on tools alone.Expect to hear:Why the target often matters more than the malware when figuring out who is behind an attackHow attackers copy public TTPs to confuse attributionWhy hashes, IPs, domains, and tool names can be weak evidence on their ownWhat defenders misunderstand about MITRE ATT&CK, IOCs, and the Pyramid of PainWhy social engineering, initial access brokers, and MFA bypasses are still major business risksHow firmware malware and update service hijacking can turn trusted updates into compromise pathsDiyar’s advice for anyone learning malware analysis: OS internals, Windows internals, programming, networking, and curiosityThis one gets into the uncomfortable truth behind a lot of security programs: tools help, but they do not replace fundamentals, manual analysis, or attacker-minded curiosity.___________________________________Connect with Diyar:https://reversethemalware.blogspot.com/https://www.linkedin.com/in/diyarsaadi/___________________________________Links:https://github.com/Adaptix-Framework/AdaptixC2https://github.com/bishopfox/sliverhttps://github.com/HavocFramework/Havochttps://www.ransomware.live/https://github.com/horsicq/detect-it-easyhttps://github.com/mandiant/flare-flosshttps://github.com/mandiant/capahttps://www.virustotal.com/https://github.com/mandiant/flare-fakenet-nghttps://hex-rays.com/ida-prohttps://github.com/KasperskyLab/hrtnghttps://malwareunicorn.org/https://malapi.io/___________________________________Sponsor: Tandem Cyber Solutionshttps://tandemcybersolutions.com/csuitecyber/___________________________________Connect with C-Suite Cyber:⁠⁠LinkedIn⁠⁠⁠⁠⁠⁠X⁠⁠⁠⁠Instagram⁠⁠⁠⁠⁠⁠TikTok

What are most organizations still getting wrong with security?In this episode, we sit down with Spencer (@techspence), a penetration tester who’s tested over 150 organizations, to break down the real-world gaps attackers are still exploiting every day.We start with a surprising truth: some of the most effective attacks today aren’t new. Simple issues like local admin password reuse are still everywhere, and they’re often all an attacker needs to take over an environment.From there, we dig into how the shift to cloud and hybrid environments is changing the game. Moving to Microsoft 365 and Entra doesn’t eliminate risk, it reshapes it. Identity has become the new battleground, and misconfigurations, over-permissioned users, and weak access controls are opening doors most teams don’t even realize exist.We also get into:Why “secure” is a myth and resilience is what actually mattersHow attackers bypass EDR and why detection is still lagging behindThe hidden risks in SaaS, SSO, and vendor trustWhy context matters more than vulnerability severity scoresHow to communicate security findings in a way the business actually understandsPlus, we explore what’s coming next. AI, agent-based workflows, and the rise of supply chain risk are creating entirely new attack surfaces, and most organizations aren’t ready. Spencer shares why AI won’t replace pentesters anytime soon, but will force everyone in the industry to level up.This episode is packed with real-world insights from the front lines of offensive security, along with lessons for defenders, leaders, and anyone responsible for protecting a business.If you want to understand what actually matters in security right now, this is the conversation to listen to.___________________________________Connect with Spencer:https://www.linkedin.com/in/spenceralessi/https://spenceralessi.com/https://x.com/techspencehttps://www.youtube.com/@cyberthreatpov___________________________________Connect with C-Suite Cyber:⁠LinkedIn⁠⁠X⁠⁠Instagram⁠⁠TikTok

Cybersecurity risk does not stop at due diligence. In this episode of C-Suite Cyber, Ceneé LaTulippe breaks down why post-merger integrations fail, where security programs start to break down after an acquisition, and what leadership teams miss when execution is treated like side work instead of a core business priority.The conversation covers culture fit, governance, security assessments, remediation planning, AI-related risk, and the real challenges that show up in the first 60 to 90 days after a deal closes.Ceneé LaTulippe is the Founder & CEO of 5280 PMO Services, an execution authority firm serving mid-market and private equity-backed organizations when the work cannot fail. She specializes in M&A integrations, enterprise software implementations, AI enablement, operational restructuring, and complex program recoveries.5280 PMO is a senior-led execution authority firm focused on stabilizing, governing, and accelerating high-impact strategic initiatives. Through its Value Realization Model, the firm helps leadership teams turn complex transformation efforts into measurable financial outcomes across M&A, AI enablement, software implementation, and other board-level priorities.Sponsor: Tandem Cyber SolutionsConnect with Ceneé and 5280 PMO:Ceneé LaTulippe on LinkedIn5280 PMO on LinkedIn5280 PMO on YouTubeCeneé on Instagram5280 PMO on InstagramConnect with C-Suite Cyber:LinkedInXInstagramTikTok

In this episode, Jeremy Banon shares insights on how cybersecurity is increasingly akin to healthcare—focused on prevention, routine check-ups, and informed decision-making rather than fear-based reaction. He emphasizes the importance of proactive security practices, personalized risk assessments, and educating clients to treat cyber health like their physical health.___________________________________Connect with Jeremeyhttps://www.linkedin.com/in/jeremybanon/https://cyberhealth.co/___________________________________Sponsor: ⁠⁠⁠Tandem Cyber Solutions⁠⁠⁠___________________________________Let's connect!⁠⁠⁠LinkedIn⁠⁠⁠ ⁠⁠⁠X⁠⁠⁠ ⁠⁠⁠Instagram⁠⁠⁠ ⁠⁠⁠TikTok⁠⁠⁠

In this episode of C-Suite Cyber, AJ and Mike sit down with Matt Hopkins to break down what cyber threat intelligence actually means for business leaders and security teams.Matt shares his path from military service into cybersecurity and explains why most organizations struggle to turn threat intelligence into something actionable. The conversation dives into how CTI teams can prioritize what really matters, communicate effectively with leadership, and avoid drowning in data. They also discuss how organizations with limited budgets can leverage open source intelligence and practical frameworks to build meaningful intelligence capabilities.The episode explores how AI is reshaping CTI, why context matters more than volume, and how improving collaboration between executives and security teams leads to stronger detection and response. Matt also talks about building a Cyber Threat Intelligence MCP server and how modern tools are making advanced capabilities more accessible than ever.Reach out to Matt:LinkedIn Email Open CTI MCP Server RepoSponsor: ⁠⁠Tandem Cyber Solutions⁠⁠___________________________________Let's connect!⁠⁠LinkedIn⁠⁠ ⁠⁠X⁠⁠ ⁠⁠Instagram⁠⁠ ⁠⁠TikTok⁠⁠

In this episode, AJ and Mike discuss the significance of certifications in cybersecurity from a hiring manager's perspective. They explore the reputation of various certification bodies, the importance of hands-on experience, and how certifications can impact career advancement. The conversation also delves into the hiring process, emphasizing the need for progressive knowledge and the role of professional development in team growth.Sponsor: ⁠Tandem Cyber Solutions⁠___________________________________Let's connect!⁠LinkedIn⁠ ⁠X⁠ ⁠Instagram⁠ ⁠TikTok⁠

In this episode, AJ and Mike reflect on their achievements in 2025 and discuss the evolving landscape of cybersecurity. They highlight key trends such as the abuse of trust, compromised packages, and the increasing sophistication of social engineering attacks. The conversation emphasizes the importance of understanding human behavior in cybersecurity, the need for robust detection and response strategies, and the role of AI in both offensive and defensive tactics. As they look forward to 2026, they stress the necessity of planning for potential compromises and the importance of continuous education and awareness in the field.Sponsor: Tandem Cyber Solutions___________________________________Let's connect!LinkedIn X Instagram TikTok

In this episode, Mike and AJ discuss the React to Shell vulnerability, its implications for cybersecurity, and the importance of asset management. They delve into the mechanics of unauthenticated remote code execution, detection strategies, and post-exploitation activities. The conversation emphasizes the need for C-suite executives to understand these vulnerabilities and implement effective security measures.Sponsor: ⁠Tandem Cyber Solutions⁠___________________________________Let's connect!LinkedIn: ⁠c-suite-cyber-podcast⁠X: ⁠suite_cybe82537⁠ Instagram: ⁠csuitecyberpodcast⁠TikTok: ⁠@c_suite_cyber_podcast

In this episode of the C-Suite Cyber Podcast, hosts Mike and AJ recap their experience at Simply Cyber Con and expand on their talk, “Adaptive Purple Teaming.”They unpack real-world lessons from ransomware exercises, explore the evolving maturity of security teams, and break down what makes a threat hunting program truly effective. Throughout the conversation, they emphasize education, collaboration, and continuous improvement as the foundation of strong cybersecurity.Mike and AJ discuss how creative problem-solving and a deep understanding of core principles often matter more than any single tool. They highlight the importance of leadership buy-in, clear communication across teams, and storytelling as part of the investigative process.The episode also examines the growing role of AI in cybersecurity, the power of knowledge sharing, and the need to adapt strategies to specific threats. Listeners will come away with practical insights on building repeatable exercises, fostering teamwork, and driving lasting improvement in security programs.Sponsor: Tandem Cyber Solutions___________________________________Let's connect!LinkedIn: c-suite-cyber-podcastX: suite_cybe82537 Instagram: csuitecyberpodcastTikTok: @c_suite_cyber_podcast

In this episode, Jesse Miller, founder of PowerPSA Consulting, discusses the parallels between farming and cybersecurity, the role of a fractional CISO, and the ethical dilemmas faced by cybersecurity leaders. He emphasizes the importance of effective communication, project management, and the growing demand for V-SISO services. The conversation also touches on the impact of AI on cybersecurity practices and the essential skills needed for success in the consulting business.Sponsor: ⁠⁠⁠⁠Tandem Cyber Solutions⁠⁠⁠⁠ Guest DetailsIf you enjoyed our guest please connect with him. Jesse MillerFounder, PowerPSA Consulting and creator of the PowerGRYD vCISO [email protected]://www.linkedin.com/in/secopswarrior/⁠#CyberSecFarmershttps://powerpsa.com/powergryd/Mentioned Linkshttps://www.youtube.com/watch?v=3Fx5Q8xGU8k

In this episode of the C-Suite Cyber Podcast, hosts Anthony Jirouschek and Mike engage with Aaron Mog, head of community at Detections AI. They discuss Aaron's extensive background in cybersecurity, the chaotic yet rewarding nature of startups, and the evolution of the cybersecurity industry. The conversation delves into the role of AI in enhancing detection engineering, the challenges of crowdsourcing in cybersecurity, and the ethical implications of AI in society. Aaron shares insights on navigating the startup landscape, the importance of community in detection engineering, and the future of AI in cybersecurity.Sponsor: ⁠⁠⁠Tandem Cyber Solutions⁠⁠⁠ Guest Detailshttps://www.linkedin.com/in/aaronmog/https://detections.ai/

In this episode of the C-Suite Cyber Podcast, hosts AJ and Mike discuss the recent Shai-Hulud worm attack that compromised NPM packages, highlighting the vulnerabilities associated with open source software. They explore the implications of such attacks, the importance of scanning code for vulnerabilities, and the ethical dilemmas faced by organizations when deciding whether to intervene in potential threats. The episode also covers GitHub's response to the attack and best practices for secure development in the context of open source software.Sponsor: ⁠⁠⁠Tandem Cyber Solutions⁠⁠⁠

In this episode of the C-suite Cyber Podcast, hosts AJ and Mike welcome John Sharpe, who shares his journey from military service to a successful career in cybersecurity. The conversation explores the importance of IT experience, networking, and the concept of engineered luck in career advancement. John emphasizes the need for leaders to create safe environments that foster innovation and discusses the technological innovations reshaping Security Operations Centers (SOCs). The episode provides valuable insights for C-suite executives and aspiring cybersecurity professionals alike. In this conversation, John Sharpe discusses the evolution of SOAR platforms, emerging threats in cybersecurity, and the importance of deception technology. He emphasizes the need for collaboration in security operations and shares valuable leadership lessons. Additionally, he highlights the significance of networking and advisory roles in the cybersecurity field, providing insights for new leaders in security operations.Sponsor: ⁠⁠⁠Tandem Cyber Solutions⁠⁠⁠ Guest Details:https://www.linkedin.com/in/jfsharpe42

Sponsor: ⁠Tandem Cyber Solutions⁠ Join AJ and Mike as they delve into the intricate world of investment scams. From the infamous Wolf of Wall Street to modern-day deep fakes and crypto scams, this episode uncovers the tactics used by fraudsters and how to protect yourself. Discover the psychology behind scams, the role of AI, and the impact on victims.FBI Internet Crime Report 2024 - https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdfAustralia Deep Fake Scams - https://www.scamwatch.gov.au/about-us/news-and-alerts/scam-alert-fake-celebrity-online-investment-scamsCrypto Pig Butchering - https://www.timesunion.com/news/article/warren-county-man-loses-nearly-200k-pig-20265216.phpYouTube Video Shown - https://www.youtube.com/watch?v=pZdGALXaw0Y&t=19sCrypto Scam Tracker - https://dfpi.ca.gov/consumers/crypto/crypto-scam-tracker/

In this episode of the C-suite cyber podcast, hosts Anthony and Mike discuss the evolving landscape of cybersecurity certifications, the impact of AI, and the importance of hands-on experience versus theoretical knowledge. They explore the significance of coachability in candidates, the relevance of various certifications, and the balance between preferred and required qualifications for leadership roles in cybersecurity. The conversation also touches on the value of degrees and the future of certifications in the industry.Sponsor: Tandem Cyber Solutions

* We are not lawyers or finance people. Go see a professional for specific advice on your situation.Sponsor: Tandem Cyber SolutionsYour go to penetration testing partnerhttps://tandemcybersolutions.com/csuitecyber/In this episode of the C-suite Cyber Podcast, hosts Anthony Jirouschek and Mike discuss the critical aspects of choosing vendors for cybersecurity solutions. They emphasize the importance of having clear requirements, understanding vendor maturity, and the necessity of thorough testing and comparison of products. The conversation also delves into contract negotiation, highlighting the need for clarity on responsibilities and security implications. Finally, they explore best practices for implementation to ensure successful integration of security solutions. Chapters00:00 Introduction to C-Suite Cyber Podcast01:28 Choosing the Right Vendors09:46 Testing and Comparing Security Products21:46 Understanding Contracts and SLAs34:15 Implementation Strategies for Security Solutions56:10 Implementation and Testing of Security Tools01:02:44 Understanding Adversaries and Security Measures01:06:00 Vendor Risks and Dangers01:14:23 Ethics in Security Research and Reporting01:24:59 Privacy and Trust in Technology01:37:08 Final Thoughts on Security PracticesOther LinksThe Gili Ra'anan modelPetya Ransomware Outbreak Originated in Ukraine via Tainted Accounting SoftwareWargames: Analyzing the Act of War Exclusion in Insurance Coverage and Its Implications for Cybersecurity PolicyDarknet Diaries EP77: Olympic DestroyerHacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List

Sponsor:Tandem Cyber SolutionsIn this episode, the hosts delve into the critical topics of vulnerabilities and exploits in cybersecurity. They discuss the definitions and differences between vulnerabilities and exploits, the importance of identifying vulnerabilities within organizations, and the essential role of patch management. Real-world examples, including the SolarWinds attack and SQL injection vulnerabilities, are explored to illustrate the impact of these issues. The conversation also highlights the significance of threat intelligence in understanding and mitigating risks in cybersecurity.Chapters00:00 Introduction to Vulnerabilities and Exploits01:32 Understanding Vulnerabilities: Definitions and Examples09:13 Identifying Vulnerabilities: Tools and Techniques14:29 Patch Management: Importance and Best Practices17:29 Real-World Examples of Vulnerabilities and Exploits28:23 Understanding the SolarWinds Attack32:06 Exploring the MoveIt Vulnerability37:29 The Role of Threat Intelligence40:04 The Pyramid of Pain in Cybersecurity43:23 Threat Intel50:27 Utilizing Shodan for Vulnerability Discovery57:36 Understanding Vulnerability Scans and Exploits01:04:40 The Impact of Eternal Blue and Vulnerability Management01:14:57 Navigating Privilege Escalation Techniques01:21:59 Exploiting LLMNR Poisoning for Network Access01:27:51 Exploit Techniques and Real-World Applications01:31:21 Understanding Log4Shell Vulnerability01:36:12 The Impact of Dependencies on Vulnerability Management01:41:42 ProxyShell and Microsoft Vulnerabilities01:52:09 The Importance of Patch Management

Sponsor:Tandem Cyber SolutionsFree Vendor Check List from TandemSummaryIn this episode of the C-suite cyber podcast, Anthony Jirouschek and Mike discuss the intricacies of penetration testing, including its definition, methodologies, and the importance of understanding the risks involved. They delve into the scoping of penetration tests, the frameworks that guide them, and how organizations can determine their readiness for such assessments. The conversation also covers how to find a reputable penetration testing company and the potential pitfalls of outsourcing these services.Keywordspenetration testing, cybersecurity, vulnerability assessment, red teaming, security compliance, risk management, security frameworks, pen test readiness, security maturity, penetration testing companies, penetration testing, cybersecurity, service providers, compliance, auto dealerships, hacker mindset, team collaboration, Tandem Cyber SolutionsChapters00:00 Introduction to Penetration Testing01:59 Understanding Penetration Testing vs. Vulnerability Scanning04:36 Exploitation and Vulnerabilities Explained06:32 Scoping a Pen Test: Assumed Breach vs. External Testing17:27 Frameworks and Methodologies in Pen Testing26:06 When to Consider a Penetration Test32:27 Maturity Levels and Readiness for Pen Testing41:38 The Importance of Patch Management44:24 Finding a Good Penetration Testing Company52:22 Trusting Your Penetration Testing Consultant59:34 Understanding Service Providers vs. Penetration Tests01:06:48 Hiring a Hacker's Mindset01:13:42 The Challenges of Leadership and Communication01:19:31 Understanding Compliance Regulations01:30:13 The Unique Value of Tandem Cyber Solutions

In this episode of the C-suite cyber podcast, hosts AJ and Mike delve into the complexities of hiring in the cybersecurity field. They share personal experiences of both good and bad hires, emphasizing the importance of technical knowledge, cultural fit, and leadership in building effective teams. The conversation also touches on the challenges of rotational programs, employee retention strategies, and the significance of understanding employee motivations. Through anecdotes and insights, the hosts aim to equip executives with the knowledge to make informed hiring decisions that positively impact their organizations.Chapters00:00 Introduction to C-Suite Cyber Podcast01:12 The Importance of Hiring in Cybersecurity02:20 Nightmares of Bad Hires10:41 Case Studies of Hiring Mistakes15:09 The Role of Intelligence in Cybersecurity19:16 Effective Communication in Cybersecurity28:53 Building a Supportive Team Culture31:40 The Value of Rotational Programs31:58 Training and Productivity in Early Career Roles34:14 The Challenges of Hiring and Retaining Talent38:02 The Importance of Culture and Motivation in Retention40:48 Employee Motivations43:45 Certification and Qualification in Cybersecurity Roles51:00 Leadership and Talent Development Strategies01:01:32 Navigating Politics and Team Dynamics01:04:23 The Importance of Leadership in Team Success01:05:42 Hiring Practices: Quality Over Quantity01:07:17 The Role of AI in Cybersecurity01:11:30 Building Effective Security Operations Centers (SOCs)01:16:30 The Challenges of Breaking into Cybersecurity01:20:38 Leveraging Technology for Efficiency01:24:08 The Consequences of Poor Hiring Decisions01:28:09 The Value of Trust and Communication in Leadership01:31:02 Strategizing for Cybersecurity Success

In this episode ofC-suite Cyber, we dive into the critical role of quality assurance in cybersecurity. From distinguishing QA vs. QC to overcoming challenges in training, standards, and playbook development, we explore how organizations can foster a culture of learning and continuous improvement. Topics include AI's potential, the talent shortage, critical thinking, and balancing chaos with productivity in high-stress environments.

Sponsor: Tandem Cyber Solutionshttps://tandemcybersolutions.com/csuitecyber/___________________________________DescriptionIn this episode of the C-Suite Cyber Podcast, hosts AJ and Mike discuss emerging cybersecurity threats, the role of managed service providers (MSPs), and the challenges faced by businesses in maintaining compliance. They introduce guest Tyler York, owner of WYRE Technology, who shares insights on the services provided by MSPs, the importance of understanding client needs, and the dynamics of different industries. The conversation also touches on the impact of regulation on cybersecurity practices and the difficulties of scaling operations within an MSP.WYRE Technologyhttps://wyretechnology.com/Tyler Yorkhttps://www.linkedin.com/in/tyleratwyre/___________________________________Let's connect!LinkedIn https://www.linkedin.com/company/c-suite-cyber-podcastX https://x.com/suite_cybe82537Instagram https://www.instagram.com/csuitecyberpodcast/TikTok www.tiktok.com/@c_suite_cyber_podcastDiscord https://discord.gg/ftZcs5h2___________________________________Keywordscybersecurity, managed service provider, compliance, IT services, cybersecurity threats, industry insights, MSP challenges, cybersecurity trends, C-suite executives, technology solutions, sales, hiring, training, reputation, cybersecurity, trust, vulnerabilities, character, legacy code, power generation, MFA, penetration testing, cybersecurity, vulnerability assessment, ethical hacking, physical security, MSP security, risk management, user training, cyber insurance, MFA, cybersecurity, risk assessment, cyber insurance, MSP regulations, AI in cybersecurity, client priorities, education security, endpoint protection, security controls

In the inaugural episode of the C-suite Cyber Podcast, hosts Anthony Jirouschek and Mike discuss the critical importance of cybersecurity for C-suite executives, focusing on ransomware attacks, their implications, and strategies for mitigation. They explore the nature of ransomware, how attackers gain access, and the significance of user awareness training. The conversation emphasizes the need for small businesses to adopt best practices, the role of third-party security, and the utilization of free security tools to enhance defenses. Sponsor: https://tandemcybersolutions.com/csuitecyber/

Sponsor: Tandem Cyber SolutionsFor all your pen testing needs, check them out at https://tandemcybersolutions.com/csuitecyber/SummaryIn this episode of the C-Suite Cyber Podcast, hosts AJ and Mike discuss the transformative impact of automation and AI on cybersecurity. They explore various AI tools, their applications in coding, and how these technologies can enhance personal projects and daily life. The conversation highlights the importance of integrating AI into workflows and the potential challenges that come with it. In this conversation, Mike and AJ delve into the evolving landscape of artificial intelligence (AI) and its implications for cybersecurity, automation, and daily life. They discuss the concept of Retrieval-Augmented Generation (RAG), the dangers of exposing sensitive data to AI models, and the potential for social engineering to manipulate AI systems. The conversation also touches on the future of self-driving cars, the importance of automation in cybersecurity, and how creative automation can enhance productivity.Chapters00:00 Introduction to C-Suite Cyber Podcast09:05 Exploring AI in Cybersecurity18:21 Automation and Its Impact on Cybersecurity26:47 Generative AI Tools and Their Applications31:41 Using AI for Travel Planning34:38 AI and Smart Home Devices38:05 Understanding AI's Perception of Users39:35 AI in Nutrition and Personal Life41:41 Retrieval-Augmented Generation (RAG) in AI45:25 Data Privacy Risks with AI Models49:28 Manipulating AI for Security Testing53:33 The Implications of AI in Real-World Scenarios58:30 The Evolution of Communication Technology01:02:48 The Future of Self-Driving Cars01:07:27 The Ethics of Hacking and Cybersecurity01:12:03 Automation in Everyday Life01:26:26 Building a Community and Engaging with Listeners

Sponsor: Tandem Cyber SolutionsFor all your pen testing needs, check them out at https://tandemcybersolutions.com/csuitecyber/SummaryIn this episode of the C-suite cyber podcast, hosts AJ and Mike engage with Keith, a seasoned cybersecurity professional with a rich background in law enforcement and military service. The conversation explores Keith's journey from a police officer to a cybersecurity expert, discussing the skills and mindset required for success in the field. They delve into the differences between traditional forensics and cybersecurity, the importance of continuous learning, and the dynamics of teaching and learning in the cybersecurity space. The episode also highlights key recommendations for executives regarding cybersecurity practices, the significance of regular penetration testing, and the collaborative nature of effective cybersecurity solutions. In this conversation, the hosts discuss various aspects of cybersecurity, emphasizing the importance of teamwork, user education, and the challenges of maintaining security in a cost-effective manner. They explore the risks associated with passwords, the significance of live interactions for community engagement, and the adventures in nature that highlight risk assessment. The conversation also touches on the vulnerabilities in government cybersecurity, the concerns surrounding SaaS and API security, and the critical role of maintenance personnel in safeguarding systems.Chapters00:00 Introduction to the C-Suite Cyber Podcast02:25 Keith's Background: From Military to Cybersecurity06:08 The Differences Between Police Work and Cyber Forensics07:31 Learning and Teaching Cybersecurity13:35 The Journey into Offensive Security15:05 First Success in Hacking: A Memorable Experience16:45 The Importance of Persistence in Cybersecurity19:48 Personal Introductions and Career Paths25:29 Pen Testing Insights: Recommendations for Executives27:43 The Importance of Regular Vulnerability Scanning28:36 Cost-Effectiveness of Proactive Security Measures32:04 Team Effort in Cybersecurity39:49 Future Plans: Community Engagement42:24 Travel Recommendations47:29 Exploring Croatia: A Romantic Adventure48:36 Bitcoin ATMs: A New Trend?49:43 In The Comments Section52:05 Treasury Security Breach: Understanding the Risks58:23 API Security: The Overlooked Vulnerability01:04:16 SaaS Security: Trusting Third-Party Vendors01:09:20 The Human Element: Risks in Cybersecurity01:10:05 SummaryKeywordscybersecurity, penetration testing, law enforcement, hacking, compliance, executive recommendations, cybersecurity education, problem solving, offensive security, defensive security, cybersecurity, password security, team effort, SaaS security, API security, risk assessment, outdoor adventures, live interactions, government cybersecurity, vendor risks