Shared Security

World Password Day was on May 7th—but are we actually getting better at password security? In this episode, we discuss why compromised credentials are still behind the majority of breaches in 2026. From password reuse and phishing to infostealer malware and MFA bypass techniques, attackers are finding it easier than ever to log in instead of hack in. We also talk about whether passkeys can finally shift the landscape—and what organizations should be doing right now to reduce risk. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. Show notes: https://sharedsecurity.net/2026/05/11/passwords-are-still-failing-us-world-password-day-2026/

Attackers are now impersonating invitation services to trick people into clicking malicious links and sharing sensitive information. These phishing attempts look like legitimate event invites, making them especially effective. In this episode, we discuss how these scams work and what steps you can take to stay protected. Show notes: https://sharedsecurity.net/2026/05/04/fake-party-invites-and-the-rise-of-social-phishing-attacks/

New York's latest budget proposal could fundamentally change how 3D printers work—requiring built-in software that scans and blocks certain designs. Supporters say it's about stopping ghost guns. Critics say it opens the door to surveillance and limits innovation. Show notes: https://sharedsecurity.net/2026/04/27/new-yorks-3d-printing-crackdown-security-or-surveillance/

Anthropic has introduced Project Glasswing, a cybersecurity initiative powered by an unreleased AI model called Claude Mythos. This system can identify zero-day vulnerabilities, generate exploits, and even help fix them—often without human input. But there's a catch: it's considered too powerful for public release. In this episode we discuss what Project Glasswing is, why it matters, and what it means for the future of cybersecurity, red teaming, and AI-driven threats. Is this the beginning of AI defending us—or the start of something much harder to control? Show notes: https://sharedsecurity.net/2026/04/20/project-glasswing-when-ai-becomes-the-ultimate-hacker-and-defender/

The dark web is often misunderstood, but it plays an important role in both privacy technology and cybercrime activity. In this episode, Tom Eston speaks with cybersecurity researcher and educator John Hammond about what the dark web actually is and how it has evolved in recent years. The discussion covers underground marketplaces, ransomware leak sites, threat intelligence collection, and the operational risks involved in dark web investigations. John also shares details about his new training course Dark Web 2, which focuses on using a hacker mindset to gather cyber threat intelligence from dark web sources. Show notes: https://sharedsecurity.net/2026/04/13/the-dark-web-explained-with-john-hammond/

A landmark jury verdict has found Meta and YouTube negligent in a social media addiction case, raising major questions about platform accountability and legal protections under Section 230. This episode covers the details of the case, why the ruling is significant, and what it could mean for the future of social media, privacy, and cybersecurity. Show notes: https://sharedsecurity.net/2026/04/06/meta-youtube-found-negligent-a-turning-point-for-big-tech/

In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference a 10-week study by researchers at IMDEA in Madrid that collected about 6 million signals from over 20,000 cars at roughly 50 meters range, noting the signals can reveal details like tire pressure, car type, weight, and possible driving patterns, and can be captured with about $100 of equipment. The hosts explain TPMS is a safety feature required on 2008+ cars, consider realistic threat models and potential mitigations like rotating identifiers or encryption. Show notes: https://sharedsecurity.net/2026/03/30/the-hidden-tracking-risk-inside-your-tires/

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico's growing cybersecurity and AI ecosystem, driven by talent, community events, and government-university partnerships, and how offensive security has shifted from "one-person army" generalists to more specialized roles. Wilson explains his PhD work modeling expert pen testers' cognitive approaches to shape AI agents, argues AI lowers barriers but requires validation due to hallucinations, and predicts routine, methodology-driven testing will be automated while expert human work persists. He forecasts compliance and audit frameworks will eventually accept more objective, scalable AI-based control validation, reshaping the pen testing market. If you work in cybersecurity, involved in penetration testing and offensive security, or are just trying to figure out what the AI hype actually means for attackers and defenders, this episode is for you! Show notes: https://sharedsecurity.net/2026/03/23/the-real-state-of-offensive-security-ai-penetration-testing-the-road-ahead-with-andrew-wilson/

This episode discusses Meta Ray-Ban Smart Glasses, which blend a camera, microphone, AI features, and social media integration into sunglasses that look like normal fashion eyewear, raising major privacy concerns. It highlights reports that footage captured by the glasses may be reviewed by human contractors to help train Meta's AI systems, and notes critics' concerns about how easily people can be recorded in public without their knowledge. Although the glasses include a small LED indicator when recording, many people reportedly don't notice it. Show notes: https://sharedsecurity.net/2026/03/16/the-privacy-problem-with-metas-ray-ban-smart-glasses/

In a move that bucks the entire industry trend, TikTok has confirmed it will not implement end-to-end encryption (E2EE) for direct messages on its platform — arguing that E2EE would make users less safe. We break down what's really going on: the child safety argument, the privacy counterargument, the geopolitical questions surrounding ByteDance, and what it all means for TikTok's 1 billion+ users. If you use TikTok, this episode is essential listening. Show notes: https://sharedsecurity.net/2026/03/09/tiktok-says-no-to-end-to-end-encryption-heres-why-thats-a-big-deal/

Anthropic's Claude Code Security research preview promises AI-powered code analysis and vulnerability detection at scale. The announcement triggered strong reactions across the cybersecurity community and sent several vendor stocks lower. In this episode, we break down what the tool actually does, where it fits in modern AppSec, and whether AI automation threatens traditional security products or simply makes teams more efficient. Expect a practical, no-hype conversation about what changes and what doesn't. Show notes: https://sharedsecurity.net/2026/03/02/claude-code-security-and-the-ai-shockwave-hitting-cybersecurity/

TikTok has shifted to a majority-American entity, TikTok USDS Joint Venture, LLC, to comply with U.S. national security requirements and avoid a ban. This week we discuss why a recent privacy policy update went viral—especially language about sensitive data like immigration status and precise location—and argue much of it reflects longstanding practices and required California privacy disclosures. We emphasize reading policies, understanding your threat model, and making your own decision about using TikTok or other social platforms. The episode also briefly mentions Ring ending its partnership with Flock and a rumored internal email about expanding Ring's "search party" feature. Show notes: https://sharedsecurity.net/2026/02/23/tiktoks-new-u-s-deal-and-privacy-policy-what-users-dont-understand/

In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring's new AI-powered 'Search Party' feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about a zero-click remote code execution flaw in the Claude Desktop, highlighting the potential risks of AI. The hosts also reflect on their most popular YouTube episode on why Gen Z is ditching smartphones. Show notes: https://sharedsecurity.net/2026/02/16/rings-search-party-dystopia-debate-claude-zero-click-rce-vulnerability/

Autonomous AI assistants are hitting the mainstream — but at what cost? This week, we discuss the recent OpenClaw phenomenon (formerly Clawdbot/Moltbot), the security fiasco surrounding Moltbook's exposed database, and the quirky yet concerning AI agent dating platform MoltMatch. We explore the privacy and cybersecurity implications of entrusting AI agents with sensitive access and how defenders should think about emerging agentic risks. Show notes: https://sharedsecurity.net/2026/02/09/openclaw-moltbook-ai-agents-and-cybersecurity-risks/

Younger generations are increasingly ditching smartphones in favor of "dumbphones"—simpler devices with fewer apps, fewer distractions, and less tracking. But what happens when you step away from a device that now functions as your wallet, your memory, and your security key? In this episode, Tom and Scott explore the dumbphone movement through a privacy and cybersecurity lens. Drawing from a recent Wired article, the conversation digs into digital burnout, surveillance capitalism, multi-factor authentication dependencies, and whether opting out of smartphones is an act of digital self-defense—or a step toward digital disadvantage. Show notes: https://sharedsecurity.net/2026/02/02/why-gen-z-is-ditching-smartphones-for-dumbphones/

In this episode, we explore the latest changes to AirDrop in iOS 26.2 and how they enhance privacy and security. Learn about the new 10-minute limitation on the 'Everyone' setting and the introduction of AirDrop codes for safer file sharing with non-contacts. We also discuss best practices for configuring your AirDrop settings to safeguard your privacy, including tips for high-risk individuals and general recommendations for everyday use. Stay informed and keep your device secure by updating to the latest iOS version and regularly reviewing your AirDrop settings. Show notes: https://sharedsecurity.net/2026/01/26/airdrop-security-in-ios-26-2-time-limits-codes-privacy-best-practices/

In this episode, we explore Amazon Ring's newly introduced Familiar Faces feature that utilizes AI for facial recognition. We discuss the convenience of identifying familiar people at your doorstep, the privacy concerns it raises, and the legal implications surrounding biometric data. Learn about how this feature works, potential inaccuracies, and privacy laws in certain U.S. states. We also discuss broader concerns about AI and surveillance, and provide practical advice on using this technology responsibly. Show notes: https://sharedsecurity.net/2026/01/19/rings-facial-recognition-feature-convenience-or-privacy-nightmare/

In this episode of Shared Security, we discuss a significant Pennsylvania Supreme Court ruling that permits police to access unprotected Google search histories without a traditional warrant. The discussion centers around the implications of the Commonwealth vs. Kurtz case and the concept of reverse keyword searches. Kevin Tackett joins the conversation, providing insights and posing critical questions about the balance between law enforcement needs and privacy rights. The episode explores concerns over digital privacy, third-party data, and potential broader impacts on users. Show notes: https://sharedsecurity.net/2026/01/12/your-google-searches-arent-private-pa-courts-surprising-ruling/

Welcome to the first episode of the Shared Security Podcast in 2026! As AI becomes increasingly integrated into technical fields such as software development and cybersecurity, traditional entry-level roles are evolving or disappearing. This episode discusses the implications of AI on entry-level knowledge worker jobs, emphasizing the need for students, recent graduates, and those entering the job market to adapt their strategies. Discover the new skills and approaches needed to stay relevant, explore potential career pivots, and learn why degrees and certifications alone are no longer sufficient. Tune in for practical advice on thriving in an AI-driven job market. Show notes: https://sharedsecurity.net/2026/01/05/ai-and-the-end-of-the-traditional-entry-level-tech-job/

Join us this week as we rewind the tape on our 2025 predictions. In this episode, we revisit last year's forecasts in cybersecurity, geopolitics, and AI, discussing which ones came true, which ones fizzled out, and which ones were a mixed bag. Additionally, we share insights from past guests, celebrate milestones, and make bold new predictions for 2026. Find out what we got right, what surprised us, and what we think is on the horizon for the coming year! Show notes: https://sharedsecurity.net/2025/12/29/2025-predictions-hits-misses-what-we-learned/

In this episode, Tom Eston discusses the unique challenges in the current cybersecurity job market, emphasizing the importance of networking. Tom provides practical tips on how to enhance networking skills, such as attending conferences, volunteering for open source projects, creating a blog, and seeking mentors. He also addresses misconceptions about the job shortage in cybersecurity and encourages listeners to start building their professional networks early. Tune in for valuable insights to help you advance your cybersecurity career. Show notes: https://sharedsecurity.net/2025/12/22/why-networking-is-your-secret-weapon-in-cybersecurity-job-hunting/

Join us in the midst of the holiday shopping season as we discuss a growing privacy problem: tracking pixels embedded in marketing emails. According to Proton's latest Spam Watch 2025 report, nearly 80% of promotional emails now contain trackers that report back your email activity. We discuss how these trackers work, why they become more aggressive during the holidays, the data being collected by marketers, and how you can protect yourself. We are joined by Scott Wright to explore Proton's comprehensive study, identify the worst offenders in email tracking, and share tips on maintaining your online privacy. Tune in and stay informed about the invisible surveillance in your emails this holiday season! Show notes: https://sharedsecurity.net/2025/12/15/the-hidden-threat-in-your-holiday-emails-tracking-pixels-and-privacy-concerns/

In this episode we discuss the rising challenge of AI-generated videos, including deepfakes and synthetic clips that can deceive even a skeptical viewer. Once the gold standard of proof, video content is now increasingly manipulated through advanced AI tools like Sora 2 and Google's Nano Banana, making it harder to separate reality from fiction. Tom and Scott discuss the differences between malicious deepfakes and poorly-made AI-generated content, identify key indicators that reveal a video might be AI-generated, and explain how these videos are used in social engineering attacks. Practical advice is offered on how to protect yourself and your organization from this emerging threat. Join the conversation to learn more about identifying, understanding, and mitigating the risks associated with AI-generated videos. Show notes: https://sharedsecurity.net/2025/12/08/seeing-is-not-believing-how-to-spot-ai-generated-video/

In this special episode of the Shared Security Podcast, host Tom Eston reunites with former co-host and experienced fractional CISO, Chris Clymer. They reminisce about their early podcasting days and discuss the evolving role of a Chief Information Security Officer (CISO). The conversation covers the responsibilities, challenges, and skills required to be a successful CISO, including technical and soft skills, business acumen, and people management. Chris shares his journey, the concept of a fractional CISO, and offers valuable advice for those aspiring to enter the CISO role. Tune in for a mix of nostalgia, real-world advice, and mentorship on navigating the complex landscape of information security leadership. Show notes: https://sharedsecurity.net/2025/12/01/so-you-want-to-be-a-ciso-with-vciso-and-security-justice-alum-chris-clymer/

In this episode, we discuss the first reported AI-driven cyber espionage campaign, as disclosed by Anthropic. In September 2025, a state-sponsored Chinese actor manipulated the Claude Code tool to target 30 global organizations. We explain how the attack was executed, why it matters, and its implications for cybersecurity. Join the conversation as we examine the details, Anthropic's response, and the broader impact on AI in cybersecurity. Show notes: https://sharedsecurity.net/2025/11/24/ai-agent-does-the-hacking-first-documented-ai-orchestrated-cyber-espionage/

In this episode, we discuss the newly released OWASP Top 10 for 2025. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore the changes, the continuity, and the significance of the update for application security. Learn about the importance of getting involved with the release candidate to provide feedback and suggestions. The conversation touches on the history of the OWASP Top 10, its release cycle, the evolution from specific vulnerabilities to broader categories, and the impact on vulnerability assessment and compliance. Show notes:  https://sharedsecurity.net/2025/11/17/owasp-top-10-for-2025-whats-new-and-why-it-matters/

The future of home robotics is here — and it's a little awkward. Meet the NEO 1X humanoid robot, designed to help with chores but raising huge cybersecurity and privacy questions. We discuss what it can actually do, the risks of having an always-connected humanoid in your home, and why it's definitely not the "Robot Rosie" we were promised. Show notes: https://sharedsecurity.net/2025/11/10/meet-neo-1x-the-robot-that-does-chores-and-spies-on-you/

In this episode, we explore OpenAI's groundbreaking release GPT Atlas, the AI-powered browser that remembers your activities and acts on your behalf. Discover its features, implications for enterprise security, and the risks it poses to privacy. Join hosts Tom Eston and Scott Wright as they discuss everything from the browser's memory function to vulnerabilities like indirect prompt injection. Stay informed on how AI browsers could reshape web browsing and cybersecurity. Show notes: https://sharedsecurity.net/2025/11/03/openais-chatgpt-atlas-what-it-means-for-cybersecurity-and-privacy/

In episode 404 (no pun intended!) we discuss the recurring issue of DNS outages, the recent Amazon AWS disruption, and what this reveals about our dependency on cloud services. The conversation touches on the need for tested business continuity plans, the implications of DNS failures, and the misconceptions around cloud infrastructure's automatic failover capabilities.  Show notes: https://sharedsecurity.net/2025/10/27/its-always-dns-lessons-from-the-aws-outage/

OpenAI's Sora 2 is here — and it's not just another AI toy. This episode explores how Sora 2 works, how users can insert almost anything into generated content, and why that's raising alarms about privacy, identity, and copyright. We walk you through the initial opt-out copyright controversy, the backlash from studios and creators, and how OpenAI is scrambling to offer more control. Tune in to understand what rights you might lose — or want to protect — in this new media era. Show notes: https://sharedsecurity.net/2025/10/20/is-sora-2-the-future-of-video-ai-copyright-and-privacy-issues/

In this episode, we discuss the surge of age verification laws spreading across the US, including the recent implementation in Ohio. These laws intend to shield children but come at a significant cost to privacy and cybersecurity. We'll explore how third-party ID verification companies operate, the risks associated with these systems, and the broader definition of adult content beyond pornography. We also question the effectiveness and security of these measures as we share insights into the ease of bypassing verification systems. Are we protecting kids, or building a privacy nightmare? Show notes: https://sharedsecurity.net/2025/10/13/age-verification-laws-a-privacy-disaster-in-the-making/

Phishing simulations have been a cornerstone of security awareness training for years. But do they actually change user behavior, or are they just creating frustration and fatigue? In this episode, Tom Eston and Scott Wright (CEO of ClickArmor) debate whether simulated phishing attacks are still valuable in 2025. We cover the benefits, challenges, and how phishing programs might evolve — or even be replaced — in the future. Show notes: https://sharedsecurity.net/2025/10/06/are-phishing-simulations-still-worth-it-in-2025/

Episode 400! In this special milestone edition of the Shared Security Podcast, we look back at 16 years of conversations on security, privacy, and technology. From our very first episodes in 2009 to today's AI-driven threats, we cover the topics that defined each era, the surprises along the way, and the lessons that still matter. Plus, we share listener favorites, memorable moments, and predictions for the future of security and privacy. Thank you for being part of our journey! Show notes: https://sharedsecurity.net/2025/09/29/milestone-episode-400-reflecting-on-16-years-of-shared-security/

Join the Shared Security Podcast for a critical discussion about situational awareness with special guest, Andy Murphy, host of the Secure Family Podcast. In a world where mass shootings and violence in public places are alarming realities, staying alert to your surroundings has never been more important. Andy shares his expertise on personal and family safety, providing practical tips for recognizing unusual behavior, planning for emergencies, and teaching kids safety skills. The conversation also touches upon digital security and how situational awareness applies online. Learn how to own your safety and protect your loved ones in this essential episode. Show notes: https://sharedsecurity.net/2025/09/22/situational-awareness-family-safety-staying-alert-in-todays-world-with-andy-murphy/  

In this "best of" episode of the Shared Security Podcast, we revisit a discussion from September 2020 that's just as relevant today as it was then. First, we cover how ransomware attacks forced several school districts—including Hartford, CT and Toledo, OH—to delay or shut down classes on the very first day of school. Then we dive into Google Chrome's new (at the time) update designed to block resource-heavy ads, making browsing faster and safer. Finally, we look at Microsoft's warning about foreign interference attempts targeting the 2020 U.S. election. What makes this episode especially powerful to revisit is how little has changed since we first talked about these threats. Schools and universities continue to be prime targets for ransomware attacks, with districts across the U.S. still struggling to protect their students and staff from disruptions. Browser security remains a critical piece of the puzzle as online ads continue to be exploited for tracking, scams, and malware delivery. And concerns about foreign interference in democratic elections are just as pressing in 2025 as they were in 2020. Cybersecurity may evolve, but the challenges we face remain strikingly familiar. Show notes: https://sharedsecurity.net/2025/09/15/best-of-shared-security-2020-history-repeats-itself-cybersecurity-challenges-that-still-haunt-us/

In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. The hosts discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. They also provide insights into Salesforce's security posture, the role of third-party integrations, and the importance of data retention policies in mitigating risks. Show notes: https://sharedsecurity.net/2025/09/08/salesforce-under-fire-the-salesloft-drift-supply-chain-breach/

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity). Show notes: https://sharedsecurity.net/2025/09/01/convenience-vs-privacy-can-we-have-both/

Public Wi-Fi has a bad reputation — but in 2025, the "you'll get hacked instantly" fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We'll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN. Show notes: https://sharedsecurity.net/2025/08/25/public-wi-fi-myths-why-youre-probably-safer-than-you-think/

In this episode we're discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We'll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app's source code, the ensuing legal and privacy repercussions, and the broader implications for app security. Show notes: https://sharedsecurity.net/2025/08/18/the-tea-app-hack-how-a-safe-space-leaked-13000-id-photos-1-1m-messages/

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they're effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device. Show notes: https://sharedsecurity.net/2025/08/11/random-smishing-text-scams-why-do-i-know-you-texts-are-dangerous/

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what's happening at Black Hat and DEF CON in Vegas. Show notes: https://sharedsecurity.net/2025/08/04/leaked-patched-and-still-hacked-the-sharepoint-zero-day-crisis/

In this episode, we examine Amazon's Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation's recent report criticizes Ring's AI-first approach and the rollback of prior privacy reforms, describing it as 'techno authoritarianism.' We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms. Show notes: https://sharedsecurity.net/2025/07/28/doorbells-dystopia-and-digital-rights-the-ring-surveillance-debate/

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group. Show notes: https://sharedsecurity.net/2025/07/21/passwords-and-the-elderly-why-writing-them-down-might-be-ok/

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google's APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization's security. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! Show notes: https://sharedsecurity.net/2025/07/14/the-google-workspace-security-gap-why-traditional-tools-fall-short/

In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW's recent breakthrough. XBOW claims to have topped HackerOne's leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! Show notes: https://sharedsecurity.net/2025/07/07/autonomous-hacking-this-startup-may-have-just-changed-penetration-testing-forever/

Is there really a cybersecurity talent shortage, or are we just looking in all the wrong places? This week on the Shared Security Podcast, we tackle the buzz around the so-called cybersecurity skills gap. Host Tom Eston welcomes Katie Soper, Senior Consultant at Avetix Cyber and co-founder of the CyberVault Podcast, to discuss the challenges and misconceptions in the industry. They explore whether the shortage is a myth, a mismatch, or something else entirely and what companies and professionals can do about it. With insights into hiring practices, skill shortages, and the importance of networking, this episode is a must-listen for anyone in or entering the field of cybersecurity. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! Show notes: https://sharedsecurity.net/2025/06/30/cybersecurity-talent-shortage-myth-mismatch-or-reality/

In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the bill from both political parties and the involvement of social media giants like X. Additionally, we examine the balance between government regulation and parental responsibility in ensuring online safety for children. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! Show notes: https://sharedsecurity.net/2025/06/23/kids-online-safety-act-kosa-protecting-kids-or-censorship/

Join us as we explore the concept of smart cities—municipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how easily these systems can be compromised, the inadequate security measures currently in place, and the broader implications for critical infrastructure. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! Show notes: https://sharedsecurity.net/2025/06/16/cities-of-the-future-or-hackers-paradise-the-cybersecurity-risks-of-smart-cities/

Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA's plans. We also discuss the broader implications for identity surveillance and who truly benefits from these security upgrades. We also discuss the problems faced by individuals with name changes and the challenges they face with REAL IDs. Plus, we explore the political and social ramifications of such security measures and why this might all just be 'security theater.' Show notes: https://sharedsecurity.net/2025/06/09/do-you-really-need-a-real-id-to-fly-in-the-us-breaking-down-the-myths/

Ever worried about hidden cameras in Airbnb rentals? You're not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of voyeurism technology, law enforcement challenges, and personal safety strategies. Show notes: https://sharedsecurity.net/2025/06/02/invasion-of-privacy-the-hidden-camera-dilemma/