SecurIT360

The Cyber Threat Perspective

Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics. brad@securit360.com

Author

SecurIT360

Category

Technology

Podcast website

offsec.blog

Latest episode

Jul 10, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Avoid this cyber leadership trap | Ep 187 10.07.2026

Need a pentest or vCISO? Work with us! https://www.securit360.com/ A major leadership failure in Cybersecurity is l buying tools first then figuring out where they fit and how to use them. That’s super backwards. Here’s what I would do instead. Plan first, buy & implement second. I’m going to cover just the planning part this week. Next week we will talk about buying and implementing. Because...

Episode 186: Real Life Active Directory Attack Paths 03.07.2026

In this episode Spencer and Tyler discuss real life Active Directory attack paths, taken from real internal pentest engagements over the last several years. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabil...

[Replay] Episode 172: The Biggest Security Blind Spots in Midsized Companies 25.06.2026

Some of the most dangerous security gaps aren't sophisticated — they're the ones hiding in plain sight. In this replay, Brad and Spencer break down the biggest blind spots they see over and over in mid-size companies: poor asset inventory, flat networks, flat identities, overconfidence in security tools, credential reuse, and the emerging risks with AI. If any of these hit home, go to ou...

Episode 185 | A Toddler with a Bazooka: The Real Risk of AI Agents 18.06.2026

AI agents can search the web, manipulate files, run commands, make API requests, access cloud platforms, and operate fully autonomously. They are powerful, they are here, and most organizations have no security controls around them whatsoever. In this episode, Brad and Spencer break down the five major AI agent risk categories security teams need to understand right now, using Simon Willison'...

Episode 184 | Active Directory Isn't Dead. It's Just Undefended. 11.06.2026

Think Active Directory is dead? Think again. According to Microsoft data, 86% of organizational workloads still touch Active Directory, and nearly 20% of organizations don't expect to reach a hybrid state for 10-20+ years. In this episode, Brad and Spencer break down why AD attack paths remain one of the most critical threats in enterprise environments and what defenders can do about it right...

Episode 183 | OWASP Top 10 Part 2: Security Misconfigurations That Get You Hacked 05.06.2026

Security misconfiguration is one of the most frequently found vulnerabilities in web application pen testing — and most of the fixes are just a checkbox. In Part 2 of their OWASP Top 10 series, Brad Causey and Jordan Natter cover OWASP A05: Security Misconfiguration with real stories from recent engagements and practical takeaways for developers, security teams, and organizations of all sizes. In...

Episode 182: Patching Crisis — Vulns Now #1 Attack Vector (2026 Verizon DBIR) 27.05.2026

Hosts Brad Causey and Spencer Alessi break down the 2026 Verizon Data Breach Investigations Report, focusing on the findings that actually matter for IT and security teams. The biggest surprise: vulnerability exploitation has overtaken stolen credentials as the top initial access vector, accounting for 31% of attacks, while credential abuse dropped to just 13%. This completely flips the script on...

[Replay] Episode 159: How to Break Into Cybersecurity — What Actually Works 20.05.2026

We're re-releasing one of our most practical episodes this week — originally published November 2025, and still one of the best roadmap conversations we've had on the show. Brad and Spencer share no-fluff advice for breaking into cybersecurity, whether you're switching careers, starting from scratch, or leveling up from a general IT role. They cover what employers actually look for,...

Episode 181: AI Zero Days (Google Threat Intelligence Report) 12.05.2026

Brad and Spencer break down Google Threat Intelligence Group's latest report on how adversaries are weaponizing AI across the entire attack lifecycle. The big takeaway isn't that AI has magically replaced attackers, but that it's making certain workflows faster, more scalable, and more repeatable. More importantly, AI platforms, agent skills, integrations, and dependencies are now b...

Episode 180: Cybersecurity Echo Chambers — How to Think Critically in a Hype-Driven Industry 07.05.2026

In Episode 180, hosts Brad Causey and Spencer Alessi tackle a critical but often overlooked issue in cybersecurity: the echo chambers that can undermine critical thinking and effective security programs. Inspired by recent experiences at the ILTA Evolve conference, Spencer and Brad explore how cybersecurity professionals, from practitioners to executives, can fall into bubbles where everyone reinf...

Episode 179: OWASP Top 10 Part 1 - Broken Access Control, IDOR, and CORS Explained 30.04.2026

In Episode 179 of the Cyber Threat Perspective podcast, host Brad Causey and web app pen tester Jordan Natter kick off a multi-part series on the OWASP Top 10, the newly updated list of the most common and critical web application security risks, with a fresh version released in 2025. Before diving in, Brad sets the record straight on something that's been bugging him for 20 years: the OWASP...

Episode 178: Internal Security Controls That Actually Frustrate Attackers 22.04.2026

In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting hundreds of internal penetration tests every year. This isn't a vendor comparison or a theoretical framework. It's an honest account of what w...

Episode 177: Claude Mythos — What It Actually Does, What It Doesn't, and What Your Organization Should Do Now 14.04.2026

In Episode 177 of the Cyber Threat Perspective podcast, host Brad Causey and virtual CISO Daniel Perkins take a clear-eyed look at Claude Mythos — Anthropic's AI model that's generating serious buzz in the cybersecurity world for its ability to analyze source code, identify vulnerabilities at scale, build working exploits, and surface flaws that have sat undetected for decades. The cyber...

Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice 09.04.2026

In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments. This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and...

Episode 175: NetTools - The Free Active Directory Swiss Army Knife for IT Admins & Pen Testers 02.04.2026

In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that’s become a go-to for their internal penetration testing engagements. They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries w...

Episode 174: Web Application Penetration Testing Tools & Techniques with Jordan 26.03.2026

In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensions that make up a modern web app pen testing toolkit. Topics covered include: Burp Suite Pro vs. OWASP ZAP — comparing capabilities, extensions, and use cases CSP Auditor — identi...

Episode 173: How to Find Insecure Active Directory Permissions with ADeleg 19.03.2026

How do you find insecure permissions in Active Directory before they turn into attack paths? In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg , a free security tool trusted by penetration testers. Misconfigured delegation and overly permissive access rights are a common source of risk in Active Directory environments. These gaps can cr...

Episode 172: The biggest security blind spots in Midsized companies 12.03.2026

Hey folks! Greetings from the Offensive Security group at SecurIT360. Brad & Spencer are on this episode of The Cyber Threat Perspective to break down The Biggest Security Blind Spots in Mid-Size Companies. In this episode, we expose the most common (and dangerous) gaps that leave mid-sized organizations wide open: poor asset inventory, flat networks, flat identities, overconfidence in securit...

Episode 171: The future of pentesting with AI 06.03.2026

Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they’re seeing in the industry and what the future may look like. The pivotal changes in AI that have impacted pentesting over the past year The emergence of agents, orchestration, and single-pane-of-glass p...

Episode 170: The Evasive Adversary 27.02.2026

In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and bypassing security tools to exploiting edge infrastructure and leveraging AI to move faster than ever, the modern threat landscape is shifting in ways many organizations aren’t pr...

Episode 169: Malicious Browser Extensions 20.02.2026

In this episode, we’re digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We’ll break down how these extensions work, why they’re so dangerous, and what IT leaders can...

Episode 168: Do you need a web app pen test? 13.02.2026

Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about...

Episode 167: TLS and SSL vulnerabilities - do they matter? 06.02.2026

You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure. We’ll cover when they were released, how modern attacks and cryptographic weaknesses caught up with them, and why today’s internet relies on newer, more secure protocols...

Episode 166: Why Your Pentest Didn’t Make You Safer 30.01.2026

In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how attackers operate very differently from scoped assessments, and why remediation—not the report—is what determines real safety. If you’ve ever wondered why “passing” a pentest didn’t...

Episode 165: What to expect on your API Pentest 23.01.2026

In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process.  Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work wi...

Listen to the The Cyber Threat Perspective podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.