Home Podcasts The Cyber Threat Perspective
The Cyber Threat Perspective

The Cyber Threat Perspective

SecurIT360 220 Episodes Jul 3, 2026

Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. The podcast brings fresh content from their journeys into penetration testing, threat research, and various other interesting topics. It is hosted by Brad, who can be reached at brad@securit360.com.

Episodes

Episode 186: Real Life Active Directory Attack Paths Jul 3, 2026 2138 In this episode Spencer and Tyler discuss real life Active Directory attack paths, taken from real internal pentest engagements over the last several years.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities
[Replay] Episode 172: The Biggest Security Blind Spots in Midsized Companies Jun 25, 2026 2028 Some of the most dangerous security gaps aren't sophisticated — they're the ones hiding in plain sight.In this replay, Brad and Spencer break down the biggest blind spots they see over and over in mid-size companies: poor asset inventory, flat networks, flat identities, overconfidence in security tools, credential reuse, and the emerging risks with AI.If any of these hit home, go to our
Episode 185 | A Toddler with a Bazooka: The Real Risk of AI Agents Jun 18, 2026 2756 AI agents can search the web, manipulate files, run commands, make API requests, access cloud platforms, and operate fully autonomously. They are powerful, they are here, and most organizations have no security controls around them whatsoever.In this episode, Brad and Spencer break down the five major AI agent risk categories security teams need to understand right now, using Simon Willison's
Episode 184 | Active Directory Isn't Dead. It's Just Undefended. Jun 11, 2026 1732 Think Active Directory is dead? Think again. According to Microsoft data, 86% of organizational workloads still touch Active Directory, and nearly 20% of organizations don't expect to reach a hybrid state for 10-20+ years. In this episode, Brad and Spencer break down why AD attack paths remain one of the most critical threats in enterprise environments and what defenders can do about it right
Episode 183 | OWASP Top 10 Part 2: Security Misconfigurations That Get You Hacked Jun 5, 2026 1728 Security misconfiguration is one of the most frequently found vulnerabilities in web application pen testing — and most of the fixes are just a checkbox. In Part 2 of their OWASP Top 10 series, Brad Causey and Jordan Natter cover OWASP A05: Security Misconfiguration with real stories from recent engagements and practical takeaways for developers, security teams, and organizations of all sizes.In t
Episode 182: Patching Crisis — Vulns Now #1 Attack Vector (2026 Verizon DBIR) May 27, 2026 1854 Hosts Brad Causey and Spencer Alessi break down the 2026 Verizon Data Breach Investigations Report, focusing on the findings that actually matter for IT and security teams.The biggest surprise: vulnerability exploitation has overtaken stolen credentials as the top initial access vector, accounting for 31% of attacks, while credential abuse dropped to just 13%. This completely flips the script on y
[Replay] Episode 159: How to Break Into Cybersecurity — What Actually Works May 20, 2026 2696 We're re-releasing one of our most practical episodes this week — originally published November 2025, and still one of the best roadmap conversations we've had on the show.Brad and Spencer share no-fluff advice for breaking into cybersecurity, whether you're switching careers, starting from scratch, or leveling up from a general IT role. They cover what employers actually look for,
Episode 181: AI Zero Days (Google Threat Intelligence Report) May 12, 2026 2469 Brad and Spencer break down Google Threat Intelligence Group's latest report on how adversaries are weaponizing AI across the entire attack lifecycle.The big takeaway isn't that AI has magically replaced attackers, but that it's making certain workflows faster, more scalable, and more repeatable. More importantly, AI platforms, agent skills, integrations, and dependencies are now be
Episode 180: Cybersecurity Echo Chambers — How to Think Critically in a Hype-Driven Industry May 7, 2026 1753 In Episode 180, hosts Brad Causey and Spencer Alessi tackle a critical but often overlooked issue in cybersecurity: the echo chambers that can undermine critical thinking and effective security programs.Inspired by recent experiences at the ILTA Evolve conference, Spencer and Brad explore how cybersecurity professionals, from practitioners to executives, can fall into bubbles where everyone reinfo
Episode 179: OWASP Top 10 Part 1 - Broken Access Control, IDOR, and CORS Explained Apr 30, 2026 1728 In Episode 179 of the Cyber Threat Perspective podcast, host Brad Causey and web app pen tester Jordan Natter kick off a multi-part series on the OWASP Top 10, the newly updated list of the most common and critical web application security risks, with a fresh version released in 2025.Before diving in, Brad sets the record straight on something that's been bugging him for 20 years: the OWASP T
Episode 178: Internal Security Controls That Actually Frustrate Attackers Apr 22, 2026 1862 In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year.This isn't a vendor comparison or a theoretical framework. It's an honest account of what wo
Episode 177: Claude Mythos — What It Actually Does, What It Doesn't, and What Your Organization Should Do Now Apr 14, 2026 2493 In Episode 177 of the Cyber Threat Perspective podcast, host Brad Causey and virtual CISO Daniel Perkins take a clear-eyed look at Claude Mythos — Anthropic's AI model that's generating serious buzz in the cybersecurity world for its ability to analyze source code, identify vulnerabilities at scale, build working exploits, and surface flaws that have sat undetected for decades.The cybers

Recommended