In this episode of Security by Default, host Joe Carson sits down with Michael Waite from Dune Security to explore how AI is reshaping cybersecurity and why it’s time to rethink traditional awareness training.

As cyber threats become more sophisticated, personalized, and AI-powered, organizations can no longer rely on outdated, one-size-fits-all learning models. Joe and Michael break down what modern cybersecurity training should look like, how to engage employees more effectively, and why empowering people both inside and outside the office is essential to strong defense.

• How AI is transforming both cyber attacks and defensive strategies
• Why the volume and quality of phishing attempts continue to rise
• The limitations of traditional annual awareness training
• The shift toward personalized, role-based learning
• How real-time intervention improves security habits
• Why cybersecurity awareness must extend beyond the workplace
• Practical ways to engage employees and build a security-first culture
• The importance of collaboration and communication across teams
• How threat intelligence informs more effective training programs

• AI is rewriting the threat landscape.
• Attackers are faster, more convincing, and more scalable than ever.
• Generic awareness training is no longer enough.
• Personalization is essential to reducing real-world risk.
• Engagement drives stronger security culture and better outcomes.
• Cybersecurity begins at home, not just at work.
• Bite-sized, real-time lessons are more effective than long annual videos.
• Employees are part of the detection engine—and must be empowered accordingly.

• “Cybersecurity doesn’t start in the office.”
• “The one size fits all approach is dead.”
• “We need to democratize security.”
• “Let’s give individuals the tools they need.”
• “We need to make cybersecurity more fun.”
• “This is my favorite thing to talk about.”

00:00 – Introduction to the Chaos of Cybersecurity

03:05 – The Impact of AI on Cybersecurity

09:40 – Best Practices for Cybersecurity Awareness

18:51 – Personalizing Cybersecurity Training

27:00 – Engaging Employees in Cybersecurity

29:20 – Resources for Further Learning

Additional Resources:

https://www.linkedin.com/in/mr-michael-waite/

https://www.dune.security/

https://www.dune.security/threat-intelligence-report

In this episode of the Security by Default podcast, Joseph Carson and guest Satu Korhonen a passionate practitioner, researcher and founder of Helheim Labs delve into the intersection of AI and cybersecurity. They discuss the challenges and opportunities in creating trustworthy AI systems, the importance of collaboration between AI and cybersecurity professionals, and the role of regulation in ensuring AI safety. Satu shares her journey from education to AI, highlighting key moments and insights from her career. The conversation also touches on the EU AI Act, the importance of understanding AI's limitations, and the need for a balanced approach to AI development.

Key Takeaways

• AI systems are fundamentally probability-based, not perfect.
• Collaboration between AI and cybersecurity is crucial for safety.
• The EU AI Act focuses on human rights and risk management.
• Understanding AI's limitations is key to using it effectively.
• AI can enhance productivity but requires careful implementation.
• Training AI with both good and bad data improves its robustness.
• AI should serve humans, not the other way around.
• Hacking AI can reveal vulnerabilities and improve security.
• Community events like hacker camps foster innovation and learning.
• AI's role in society should be carefully considered and discussed.

Chapters

00:00:00 Introduction to AI and Cybersecurity

00:03:00 Satu's Journey into AI

00:09:00 Trustworthy AI and the EU AI Act

00:15:00 Challenges in AI and Cybersecurity Collaboration

00:21:00 The Role of Community and Events in AI

Resources:

https://hackai.quest/

https://helheimlabs.ai/

https://helheimlabs.ai/about-satu-korhonen/

https://www.linkedin.com/in/satu-m-korhonen/

https://why2025.org/

https://www.ccc.de/en/home

https://events.ccc.de/en/

https://disobey.fi/2026/

In this episode of the Security by Default podcast, host Joe Carson welcomes back Filipi Pires, Head of Identity Threat Labs & Global Product Advocate at Segura® to discuss the latest trends in identity threats and cybersecurity. They explore the evolution of attacks, particularly focusing on social engineering and the role of AI in both offensive and defensive strategies. Filipi shares insights from recent events, including the significance of BSides conferences in fostering community and knowledge sharing. The conversation emphasizes the importance of a zero trust approach and the need for continuous education in cybersecurity.

Key Takeaways

• The BSides community is essential for cybersecurity education.
• Attackers are increasingly using social engineering techniques.
• AI is being leveraged by both attackers and defenders.
• Zero trust is a critical framework for modern security.
• Organizations must implement multiple layers of protection.
• Credential theft is a major concern in identity threats.
• B-Sides events provide networking opportunities for newcomers.
• Cybersecurity Awareness Month is a time for reflection and improvement.
• The rise of AI in social engineering poses new challenges.
• Community-driven events like B-Sides foster collaboration and learning.

Chapters

• 00:00 Introduction to Security by Default Podcast
• 01:59 Understanding BSides Events
• 05:57 Current Trends in Identity Threats
• 11:50 The Evolution of Authentication Methods
• 14:57 The Rise of InfoStealer Malware
• 18:52 AI's Role in Cybersecurity Threats
• 21:13 AI in Cybersecurity: Defensive and Offensive Perspectives
• 24:36 The Role of APIs and Observers in Cybersecurity
• 26:06 Best Practices for Securing AI in Organizations
• 31:04 BSides Porto: Community and Event Insights
• 39:06 Future BSides: Expanding to Porto Alegre

Resources:

https://www.linkedin.com/in/filipipires/

https://segura.security/

https://www.instagram.com/filipipires.sec/

https://segura.security/events/filipi-pires

https://www.linkedin.com/showcase/identity-threat-labs/about/

https://labs.segura.blog/

About Segura®

Segura® is an Identity Security Platform built to help organizations secure privileged access, detect identity threats, and respond rapidly to attacks targeting human and machine identities.

Designed for hybrid and high-risk environments, Segura delivers identity threat detection and response (ITDR), secure remote access, and privileged session protection — ensuring that only verified users, devices, and applications can access critical systems.

From infrastructure and servers to cloud platforms and the supply chain, Segura provides unified visibility and control across every identity interaction. By combining advanced analytics, behavioural detection, and Zero Trust access principles, Segura empowers companies to prevent credential misuse, lateral movement, and privilege escalation before damage occurs.

In this episode of the Security by Default podcast, host Joe Carson engages with Pamela Victor Ibitamuno, a lawyer with a unique background in penetration testing. They discuss the critical intersection of cyber law and cybersecurity, exploring the challenges faced in prosecuting cyber crimes, the importance of understanding intent, and the need for adaptive legal frameworks in the face of rapid technological advancements. The conversation also delves into the role of AI in the legal field and how professionals can stay updated in this ever-evolving landscape.

Takeaways

• Pamela's journey from penetration testing to cyber law highlights the importance of understanding both fields.
• Legal professionals often struggle to grasp the technicalities of cybersecurity.
• Regulations may not effectively address the problems they aim to solve.
• Cyber crime often transcends borders, complicating prosecution efforts.
• Partnerships between tech companies and governments can enhance cyber crime prevention.
• Misconceptions about hacking can hinder legal processes.
• Intent is a crucial factor in determining the legality of cyber actions.
• The law is lagging behind technological innovations, necessitating updates.
• AI can streamline legal processes but cannot replace human empathy.
• Staying informed through conferences and subscriptions is vital for legal professionals.

Chapters

• 00:00 Introduction to Cyber Law and Its Importance
• 02:57 Pamela's Journey: From Penetration Testing to Cyber Law
• 06:08 The Intersection of Law and Cybersecurity
• 08:50 Challenges in Cyber Crime Prosecution
• 12:04 The Role of Intent in Cyber Crime
• 14:58 The Need for Adaptive Legal Frameworks
• 17:50 AI's Impact on Cyber Law
• 20:53 Staying Updated in Cyber Law
• 23:59 Conclusion and Future Outlook

In this episode of the Security by Default podcast, host Joe Carson engages with game designer Peadar, Gamification Lecturer at Tallinn University to explore the intersection of game design and cybersecurity training. Peadar shares his journey from teaching to game design, emphasizing the importance of using games to facilitate learning in complex subjects like cybersecurity. The conversation delves into the fundamental elements of games, the challenges of creating effective training games, and the need for conceptual transfer games that bridge the gap between technical and non-technical audiences. Peadar also discusses the future of cybersecurity training, the significance of soft skills, and the different player types in game design. The episode concludes with recommended resources for those interested in game design and cybersecurity.

Peadar Callaghan, Gamification Lecturer at Tallinn University, Digital Learning Games Lab, Digital Technologies Institute, Tallinn University.

Lecturer in Gamification, Learning Game Design, and Fundamentals of Game Design in the Digital Learning Games Master's program.

Key Takeaways

• Games can help people understand complex subjects.
• Cybersecurity is a business problem, not just an IT problem.
• Effective training requires engaging and simple game mechanics.
• Checkbox training is ineffective for real learning.
• Conceptual transfer games are essential for non-technical audiences.
• The average age of gamers is increasing, indicating a shift in demographics.
• Soft skills are crucial for effective communication in cybersecurity.
• Games can create a safe space for learning from failure.
• Understanding player types can enhance game design for training.
• The future of cybersecurity training lies in small-scale, experiential games.

Chapters

• 00:00 Introduction to Cybersecurity and Game Design
• 02:45 The Role of Games in Learning and Cybersecurity
• 05:52 Fundamental Elements of Game Design
• 09:00 Applying Game Mechanics to Cybersecurity Training
• 11:46 Challenges in Cybersecurity Training Games
• 14:38 Conceptual Transfer Games for Non-Technical Audiences
• 17:44 The Future of Cybersecurity Training
• 20:52 Understanding Player Types in Game Design
• 23:47 The Importance of Soft Skills in Cybersecurity
• 26:28 Recommended Resources for Game Design and Cybersecurity
• 29:24 Conclusion and Future Directions

Resources:

https://www.linkedin.com/in/peadar-callaghan-a218721a/

https://www.linkedin.com/school/tallinn-university/

https://www.tlu.ee/

Book - Reality Is Broken: Why Games Make Us Better and How They Can Change the World - https://a.co/d/hzvwYtf

Book - Game Design Workshop: A Playcentric Approach to Creating Innovative Games by Tracey Fullerton- https://a.co/d/5jnbDg6

In this episode of the Security by Default podcast, host Joe Carson interviews Christian Herrmann, also known as Iceman, who shares his journey into the world of RFID hacking. The conversation covers Christian's origin story, his passion for technology, and the challenges he faced while learning and developing his skills. They discuss the importance of community engagement, open-source contributions, and the evolution of hacking tools like Proxmark. The episode also touches on risk management in cybersecurity, the ethical implications of hacking tools, and the significance of finding balance in personal and professional life. Christian emphasizes the value of asking for help and surrounding oneself with supportive individuals in the tech community.

Takeaways

• Christian Herrmann, known as Iceman, shares his journey into RFID hacking.
• He emphasizes the importance of community engagement and open-source contributions.
• The evolution of Proxmark has significantly impacted the RFID hacking community.
• Tools used in hacking can have ethical implications that need to be considered.
• Risk management is a crucial aspect of cybersecurity and hacking.
• Finding balance between personal life and professional commitments is essential.
• Asking for help and engaging with the community can accelerate learning.
• Surrounding oneself with supportive individuals enhances personal growth.
• The importance of continuous learning and adapting in the tech field.
• Gamification can be an effective way to improve hacking skills.

Chapters

• 00:00 Introduction and Guest Background
• 01:23 The Journey into Hacking and RFID
• 09:23 The Thrill of Hacking and Career Development
• 20:03 Open Source Contributions and Community Engagement
• 30:54 Navigating Tools and Legal Considerations in Hacking
• 36:03 Conference Experiences and Community Engagement
• 42:00 Tools and Their Misinterpretations
• 44:25 Risk Management in Technology
• 46:06 Current Projects and Future Plans
• 49:40 The Importance of Hobbies and Balance
• 55:33 Learning from Failures and Community Support
• 01:02:22 The Value of Networking and Collaboration

In this episode, Joe Carson speaks with George Kamide about the evolving landscape of cybersecurity, emphasizing the importance of community building, branding, and effective communication. They discuss how cybersecurity is no longer just an IT issue but a societal one, and how understanding user experience is crucial for success. The conversation also highlights the role of podcasts in educating the cybersecurity community and the challenges of building meaningful connections in a digital world.

Takeaways

• Cybersecurity is a societal problem, not just an IT issue.
• Branding is essential for standing out in a crowded market.
• Understanding user experience is critical for product success.
• Podcasts can provide valuable education and insights in cybersecurity.
• Building communities takes time and effort without immediate ROI.
• Effective communication is key to conveying value propositions.
• Listening to customers is more important than broadcasting solutions.
• Time is the most valuable resource we have.
• Engagement on social media should be curated and positive.
• Building relationships requires giving before asking.

Chapters

00:00 Introduction to Cybersecurity and Community Building

02:25 The Importance of Branding in Cybersecurity

08:54 User Experience and Customer Understanding

19:36 The Role of Podcasts in Cybersecurity Education

22:42 Building Communities and Navigating Social Media

The Power of OSINT, Data, and Differentiation in Cybersecurity with Zaira Pirzada

Learning, Listening, and Leading in Cybersecurity

In this episode of the Security by Default podcast, host Joe Carson speaks with Zaira Pirzada, managing partner of Infinitus Management Consulting. They discuss Zaira's journey into cybersecurity, the importance of open source intelligence, and the lessons learned from her time at Gartner. Together, they delve into the intricate world of cybersecurity marketing, exploring the unique challenges faced by CMOs in this dynamic industry. From the perception of marketing as a cost center to the complexities of standing out in a crowded market, Zaira shares her insights on navigating these hurdles. Tune in to discover how effective storytelling, data-driven strategies, and a deep understanding of market dynamics can transform cybersecurity marketing efforts. The conversation also covers the significance of unique value propositions, and the evolving landscape of cybersecurity vendors. Zaira emphasizes the role of data in decision-making and the need for continuous learning in a rapidly changing field.

#Cybersecurity #MarketingChallenges #Podcast

Takeaways

• Zaira Pirzada's journey into cybersecurity was unintentional but evolved into a passion.
• Open source intelligence (OSINT) played a crucial role in Zaira's early career.
• Listening and learning from others is vital in the cybersecurity industry.
• The transition from analyst to CMO involves understanding market dynamics and customer needs.
• Unique value propositions are essential for startups to stand out in a crowded market.
• Data is a key asset in cybersecurity, influencing decision-making and strategy.
• Building trust and reliability is crucial in cybersecurity communications.
• Negotiation in cybersecurity is evolving with the introduction of AI and data valuation.
• Education and knowledge sharing are fundamental to success in the cybersecurity community.
• Continuous learning is necessary to keep up with the fast-paced changes in the industry.

Chapters

• 00:00 Introduction to Cybersecurity Journeys
• 02:58 The Path to Cybersecurity: Education and Early Experiences
• 06:04 The Role of Open Source Intelligence in Cybersecurity
• 09:09 The Evolution of Cybersecurity Careers
• 11:59 Lessons from Gartner: Listening and Learning
• 14:44 The Transition to CMO: Marketing in Cybersecurity
• 17:48 The Importance of Unique Value Propositions
• 20:51 Navigating the Cybersecurity Vendor Landscape
• 23:59 The Role of Data in Cybersecurity
• 26:50 Staying Updated in a Rapidly Changing Field
• 29:41 Conclusion and Future Directions