Cybersecurity Awesomeness Podcast

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler discuss transformative announcements from the Microsoft Build Conference 2026. The central focus is Microsoft’s shift toward ARM-based architecture in partnership with NVIDIA, exemplified by the new RTX Spark superchip. This development marks a pivotal transition: moving personal AI agents from cloud-reliant models to high-performance, local desktop environments.

The hosts argue that this architectural evolution is a "security-first" milestone, allowing for local AI compute that significantly reduces privacy risks, data leakage, and the need for cloud-based credit systems. Beyond personal privacy, the discussion highlights th...

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler revisit a foundational IT principle: the Single Point of Failure (SPOF). Using the mantra "two is one, and one is none," the hosts explore why modern organizations often overlook critical dependencies that, if compromised, can bring down entire systems.

The discussion traverses the spectrum from analog to digital, using the infamous train failures at Denver International Airport (DIA) as a prime example of a catastrophic physical SPOF that leaves thousands of travelers stranded. On the technical side, the hosts contrast fragile, linear network...

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler shift focus from software to the often-overlooked realm of hardware security. The conversation centers on a recent Government Accountability Office (GAO) report detailing federal efforts to identify and remove telecommunications and surveillance equipment containing intentional backdoors and vulnerabilities linked to foreign actors—specifically from the People's Republic of China.

The hosts emphasize that hardware integrity is a critical national security concern, not just an enterprise compliance hurdle. While they caution listeners against panic-buying new routers, they highlight the inherent risks of using "end-of-life" ha...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler dissect Google’s recent discovery of the first clearly documented AI-assisted zero-day exploit. A threat actor utilized a Large Language Model (LLM) to develop a Python script designed to bypass two-factor authentication (2FA) on a widely used open-source system administration tool.

The hosts highlight the "smoking guns" that betrayed the AI’s involvement: an uncharacteristic abundance of educational docstrings, specific Python formatting typical of LLM training data, and a telltale hallucinated CVSS score. While this signals a productivity boost for adversaries, Chris and Ken offe...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler tackle the controversial intersection of digital privacy and state legislation. The discussion centers on Utah’s recent mandate requiring adult content providers to verify ages even when users are behind a VPN. This creates a technical "catch-22," forcing providers to either implement invasive identity checks or block privacy-enhancing tools entirely—a move the hosts argue is both technically infeasible and a threat to legitimate encryption use cases.

The conversation extends to California’s 2027 law, which aims to push age verification onto operating system providers. Chris...

In this special "Star Wars Day" edition of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler bridge the gap between sci-fi fantasy and modern security awareness. Utilizing the legendary franchise as a backdrop, the hosts deconstruct the glaring cybersecurity failures of the Galactic Empire to provide actionable lessons for today’s information security professionals.

The discussion highlights a total lack of port security and network authentication, famously exploited by R2-D2 to gain administrative control over complex systems through simple physical links.

Chris and Ken move into data integrity and insider threats, citing the de...

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler explore the radical evolution of exploit triage following the RSAC 2026 conference. They highlight Anthropic’s "Mythos," a sophisticated red-teaming AI capable of autonomously discovering and chaining vulnerabilities without human oversight. Unlike traditional hacking methods that rely on static kits, modern AI toolkits can scan massive IP ranges for every vulnerability in history—essentially automating the "needle in a haystack" search for attackers. This shift is particularly dangerous for legacy environments—essentially creating "Terminator" moments for infrastructure—where Windows XP embedded is still found in modern EV charg...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler dive into the FCC’s 2026 ban on foreign-made routers and the growing national security risks lurking in consumer hardware. The hosts break down how Russian intelligence (GRU) is currently weaponizing unpatched home routers to execute DNS hijacking. By silently altering DNS settings, attackers can monitor your traffic or redirect you to spoofed websites to harvest banking and social media credentials.

The discussion highlights that cybersecurity hygiene isn't just for "high-value targets." Even if you aren't guarding state secrets, opportunistic threat actors use these vulnerabilities fo...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler explore Google’s recent quantum computing milestone, which significantly accelerates the timeline for "Q-Day." Google’s research suggests that the physical qubit requirement to crack a Bitcoin signature could be slashed from millions to just 500,000, with scalable systems potentially arriving by 2029. While the hosts clarify that today’s blockchain remains secure for now, the announcement underscores an urgent need for organizations to adopt Post-Quantum Cryptography (PQC).

The discussion highlights how traditional computing is hitting physical barriers, making quantum specialized power the next logical step for hi...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler offer a comprehensive recap of RSAC 2026, cutting  through the noise of 40,000 attendees to deliver critical takeaways from the industry’s "Super Bowl." While AI dominated nearly 80% of vendor booths, the hosts differentiate between "marketecture" and meaningful innovation. They emphasize that deploying agentic AI without robust Data Security Posture Management (DSPM) is a recipe for unmanaged data sprawl and "Shadow AI" risks, where sensitive proprietary information is accidentally leaked into public models.

A significant portion of the discussion focuses on the maturation of identity management, not...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler prepare for the 2026 RSAC in San Francisco. Dubbed the "Super Bowl" of security, the event expects over 45,000 attendees and 600 vendors at the Moscone Center. Chris, managing a schedule of nearly 40 meetings, joins Ken to navigate the overwhelming noise of the show floor.

The duo identifies Agentic AI and autonomous solutions as the dominant—yet potentially distracting—themes of the year. They caution against the "silver bullet" mentality, urging leaders to focus on securing AI agents against hallucinations and IP leaks rather than viewing them as t...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler prepare for the RSA Conference (RSAC), often described as the "Super Bowl" of cybersecurity by talking about the EMA Vendor Vision report. To help attendees navigate the overwhelming presence of over 600 exhibitors, the hosts break down EMA’s "Vendor Vision" report, which spotlights ten essential innovators. The discussion covers a broad technological spectrum, ranging from Straker’s cutting-edge adversarial AI in the Early Stage Expo to Sky High Security’s leadership in Data Security Posture Management (DSPM).

Key highlights include AWS’s unified cloud security...

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler explore the shifting priorities of Chief Information Security Officers (CISOs) as they navigate the transition from rapid AI adoption to a more disciplined, risk-aware strategy. As of 2026, the "deploy first, secure later" mentality is facing a reckoning, particularly regarding autonomous or agentic AI. The discussion highlights alarming real-world incidents—such as an AI agent deleting a production database during a code freeze and another wiping a Meta executive's inbox despite repeated "stop" commands—to illustrate the volatility of unmanaged AI.

The conversation characterizes AI a...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler explore the looming reality of quantum computing and its inevitable collision with modern encryption standards. The discussion centers on Q-Day—the theoretical point at which quantum processors reach approximately 100,000 qubits, making current AES-256 encryption vulnerable to near-instantaneous decryption. The hosts emphasize the Harvest Now, Decrypt Later strategy, where adversaries stockpile encrypted sensitive data today in anticipation of tomorrow’s quantum capabilities.

While acknowledging the Quantum Dividend—the massive potential for breakthroughs in medicine and engineering—the conversation serves as an urgent call to action for secu...

In this "Cybersecurity 101" episode, Chris Steffen and Ken Buckler demystify quantum computing and its looming implications for modern encryption. Ken contrasts traditional binary bits—static ones and zeros—with qubits, using the analogy of a spinning coin to represent the multiple simultaneous states quantum computers can process. This immense power allows quantum systems to solve complex problems in milliseconds that would take traditional computers lifetimes. However, significant physical hurdles remain, such as the requirement for near-absolute zero cooling environments.

The most pressing security concern discussed is "Q-Day" and the "Harvest Now, Decrypt Later" strategy. Malicious actors are curr...

In this episode, Chris Steffen and Ken Buckler dissect the federal government’s evolving—and somewhat strained—approach to cybersecurity. A major catalyst for the discussion is the recent withdrawal of agencies like CISA, the FBI, and the NSA from the RSAC conference following former CISA head Jen Easterly’s appointment there. While potentially a move toward fiscal responsibility—given the $5,000 per-person total cost of the event—the hosts warn this retreat could stifle vital public-private partnerships and recruitment efforts.

The discussion also tackles systemic talent issues within the military. Experts often face a "promotion trap," being moved into m...

In this episode of the Cybersecurity Awesomeness Podcast, host Chris Steffen and Simon Wijckmans, CEO of C-side, discuss the critical visibility gap in client-side security. While organizations invest heavily in infrastructure and server-side protection, the user's browser remains a largely unmonitored attack vector. Historically, solutions like Content Security Policies and JavaScript agents have proven brittle or easily bypassed by sophisticated scripts that can hide from crawlers or override security hooks.

The conversation highlights a major shift driven by PCI DSS 4.0, which now mandates the monitoring and authorization of client-side scripts. Simon explains that modern browser changes regarding...

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler discuss a humorous yet sobering encounter with a failed AI-driven scam. Ken recently received a common "advance fee" investment scam email, but with a unique twist: the attacker accidentally sent the Python source code instead of the intended message. The code contained telltale signs of AI generation, including placeholder instructions like "replace this with the actual import" for the Gemini SDK.

The hosts explain that while this specific attacker failed "successfully," the incident provides concrete proof that scammers are using generative AI to replace...

In this episode, Chris Steffen and Ken Buckler are joined by Jim LaRoe, CEO of Symphion, to discuss the often-ignored threat of printer and IoT security. Jim reveals a startling set of "winning lottery numbers": printers account for 20% of network endpoints, yet 99% remain unprotected. With 67% of organizations reporting a printer-related security incident last year, these devices serve as a critical yet vulnerable vector for lateral movement and credential harvesting.

Jim explains this widespread neglect through his "Five O's," citing the lack of a formal Owner and their Origin as business equipment rather than IT endpoints. Because printers...

In this episode, Chris Steffen and Ken Buckler discuss the alarming security and privacy implications of the "Internet of All Things." The hosts highlight how manufacturers are connecting everything—from AI-powered treadmills to smart toothbrushes—often without considering the associated risks.

A primary concern is the shift toward recurring revenue models, where companies gate-keep hardware features behind monthly subscriptions. Beyond the cost, Ken warns of the physical security threats posed by Bluetooth-enabled appliances. He explains how broadcasting devices can inadvertently signal a resident's presence or daily habits to malicious actors in close proximity.

The discussion also...

Chris Steffen and Ken Buckler from EMA discuss privacy concerns around generative AI.

Chris Steffen and Ken Buckler from EMA present their 2026 Cybersecurity Predictions.

Chris Steffen and Ken Buckler from EMA discuss API security.

Chris Steffen and Ken Buckler from EMA discuss attacks via SEO outreach on news sites.

Chris Steffen and Ken Buckler from EMA discuss what they are thankful for in cybersecurity.

Chris Steffen and Ken Buckler from EMA discuss the Cloudflare outage and what availability means in the technology space.

Chris Steffen and Ken Buckler from EMA discuss securing AI LLMs.

Chris Steffen and Ken Buckler from EMA discuss trends in network security.

Chris Steffen and Ken Buckler from EMA discuss phishing and deep fakes for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss insider threats for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss mobile device protection and public Wi-Fi concerns for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss data security and software updates for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss MFA and password managers for Cybersecurity Awareness Month.

Chris Steffen and Ken Buckler from EMA discuss the government's investment in developing the cybersecurity workforce.

Chris Steffen and Ken Buckler from EMA discuss the increase in nation state attacks on small and medium sized businesses.

Chris Steffen and Ken Buckler from EMA present Cybersecurity 101: Ransomware.

Chris Steffen and Ken Buckler from EMA discuss  the largest ever recorded DDoS attack, and the efforts used to stop it.

Chris Steffen and Ken Buckler from EMA discuss cybersecurity's role at the start the new school year.

Chris Steffen and Ken Buckler from EMA discuss proactive vs. reactive cybersecurity. 

Chris Steffen and Ken Buckler from EMA present a Black Hat 2025 Wrap-Up and discuss AI security.