In this episode of Security by Default, host Joe Carson sits down with Michael Waite from Dune Security to explore how AI is reshaping cybersecurity and why it’s time to rethink traditional awareness training.

As cyber threats become more sophisticated, personalized, and AI-powered, organizations can no longer rely on outdated, one-size-fits-all learning models. Joe and Michael break down what modern cybersecurity training should look like, how to engage employees more effectively, and why empowering people both inside and outside the office is essential to strong defense.

• How AI is transforming both cyber attacks and defensive strategies
• Why the volume and quality of phishing attempts continue to rise
• The limitations of traditional annual awareness training
• The shift toward personalized, role-based learning
• How real-time intervention improves security habits
• Why cybersecurity awareness must extend beyond the workplace
• Practical ways to engage employees and build a security-first culture
• The importance of collaboration and communication across teams
• How threat intelligence informs more effective training programs

• AI is rewriting the threat landscape.
• Attackers are faster, more convincing, and more scalable than ever.
• Generic awareness training is no longer enough.
• Personalization is essential to reducing real-world risk.
• Engagement drives stronger security culture and better outcomes.
• Cybersecurity begins at home, not just at work.
• Bite-sized, real-time lessons are more effective than long annual videos.
• Employees are part of the detection engine—and must be empowered accordingly.

• “Cybersecurity doesn’t start in the office.”
• “The one size fits all approach is dead.”
• “We need to democratize security.”
• “Let’s give individuals the tools they need.”
• “We need to make cybersecurity more fun.”
• “This is my favorite thing to talk about.”

00:00 – Introduction to the Chaos of Cybersecurity

03:05 – The Impact of AI on Cybersecurity

09:40 – Best Practices for Cybersecurity Awareness

18:51 – Personalizing Cybersecurity Training

27:00 – Engaging Employees in Cybersecurity

29:20 – Resources for Further Learning

Additional Resources:

https://www.linkedin.com/in/mr-michael-waite/

https://www.dune.security/

https://www.dune.security/threat-intelligence-report

In this episode of the Security by Default podcast, Joseph Carson and guest Satu Korhonen a passionate practitioner, researcher and founder of Helheim Labs delve into the intersection of AI and cybersecurity. They discuss the challenges and opportunities in creating trustworthy AI systems, the importance of collaboration between AI and cybersecurity professionals, and the role of regulation in ensuring AI safety. Satu shares her journey from education to AI, highlighting key moments and insights from her career. The conversation also touches on the EU AI Act, the importance of understanding AI's limitations, and the need for a balanced approach to AI development.

Key Takeaways

• AI systems are fundamentally probability-based, not perfect.
• Collaboration between AI and cybersecurity is crucial for safety.
• The EU AI Act focuses on human rights and risk management.
• Understanding AI's limitations is key to using it effectively.
• AI can enhance productivity but requires careful implementation.
• Training AI with both good and bad data improves its robustness.
• AI should serve humans, not the other way around.
• Hacking AI can reveal vulnerabilities and improve security.
• Community events like hacker camps foster innovation and learning.
• AI's role in society should be carefully considered and discussed.

Chapters

00:00:00 Introduction to AI and Cybersecurity

00:03:00 Satu's Journey into AI

00:09:00 Trustworthy AI and the EU AI Act

00:15:00 Challenges in AI and Cybersecurity Collaboration

00:21:00 The Role of Community and Events in AI

Resources:

https://hackai.quest/

https://helheimlabs.ai/

https://helheimlabs.ai/about-satu-korhonen/

https://www.linkedin.com/in/satu-m-korhonen/

https://why2025.org/

https://www.ccc.de/en/home

https://events.ccc.de/en/

https://disobey.fi/2026/

In this episode of the Security by Default podcast, host Joe Carson welcomes back Filipi Pires, Head of Identity Threat Labs & Global Product Advocate at Segura® to discuss the latest trends in identity threats and cybersecurity. They explore the evolution of attacks, particularly focusing on social engineering and the role of AI in both offensive and defensive strategies. Filipi shares insights from recent events, including the significance of BSides conferences in fostering community and knowledge sharing. The conversation emphasizes the importance of a zero trust approach and the need for continuous education in cybersecurity.

Key Takeaways

• The BSides community is essential for cybersecurity education.
• Attackers are increasingly using social engineering techniques.
• AI is being leveraged by both attackers and defenders.
• Zero trust is a critical framework for modern security.
• Organizations must implement multiple layers of protection.
• Credential theft is a major concern in identity threats.
• B-Sides events provide networking opportunities for newcomers.
• Cybersecurity Awareness Month is a time for reflection and improvement.
• The rise of AI in social engineering poses new challenges.
• Community-driven events like B-Sides foster collaboration and learning.

Chapters

• 00:00 Introduction to Security by Default Podcast
• 01:59 Understanding BSides Events
• 05:57 Current Trends in Identity Threats
• 11:50 The Evolution of Authentication Methods
• 14:57 The Rise of InfoStealer Malware
• 18:52 AI's Role in Cybersecurity Threats
• 21:13 AI in Cybersecurity: Defensive and Offensive Perspectives
• 24:36 The Role of APIs and Observers in Cybersecurity
• 26:06 Best Practices for Securing AI in Organizations
• 31:04 BSides Porto: Community and Event Insights
• 39:06 Future BSides: Expanding to Porto Alegre

Resources:

https://www.linkedin.com/in/filipipires/

https://segura.security/

https://www.instagram.com/filipipires.sec/

https://segura.security/events/filipi-pires

https://www.linkedin.com/showcase/identity-threat-labs/about/

https://labs.segura.blog/

About Segura®

Segura® is an Identity Security Platform built to help organizations secure privileged access, detect identity threats, and respond rapidly to attacks targeting human and machine identities.

Designed for hybrid and high-risk environments, Segura delivers identity threat detection and response (ITDR), secure remote access, and privileged session protection — ensuring that only verified users, devices, and applications can access critical systems.

From infrastructure and servers to cloud platforms and the supply chain, Segura provides unified visibility and control across every identity interaction. By combining advanced analytics, behavioural detection, and Zero Trust access principles, Segura empowers companies to prevent credential misuse, lateral movement, and privilege escalation before damage occurs.