The Cyber Threat Perspective

Jun 18, 202645m

AI agents can search the web, manipulate files, run commands, make API requests, access cloud platforms, and operate fully autonomously. They are powerful, they are here, and most organizations have no security controls

Jun 11, 202628m#184

Think Active Directory is dead? Think again. According to Microsoft data, 86% of organizational workloads still touch Active Directory, and nearly 20% of organizations don't expect to reach a hybrid state for 10-20+ year

Jun 5, 202628m#183

Security misconfiguration is one of the most frequently found vulnerabilities in web application pen testing — and most of the fixes are just a checkbox. In Part 2 of their OWASP Top 10 series, Brad Causey and Jordan Nat

May 27, 202630m#182

Hosts Brad Causey and Spencer Alessi break down the 2026 Verizon Data Breach Investigations Report, focusing on the findings that actually matter for IT and security teams. The biggest surprise: vulnerability exploitatio

May 20, 202644m

We're re-releasing one of our most practical episodes this week — originally published November 2025, and still one of the best roadmap conversations we've had on the show. Brad and Spencer share no-fluff advice for brea

May 12, 202641m#181

Brad and Spencer break down Google Threat Intelligence Group's latest report on how adversaries are weaponizing AI across the entire attack lifecycle. The big takeaway isn't that AI has magically replaced attackers, but

May 7, 202629m#180

In Episode 180, hosts Brad Causey and Spencer Alessi tackle a critical but often overlooked issue in cybersecurity: the echo chambers that can undermine critical thinking and effective security programs. Inspired by rece

Apr 30, 202628m#179

In Episode 179 of the Cyber Threat Perspective podcast, host Brad Causey and web app pen tester Jordan Natter kick off a multi-part series on the OWASP Top 10, the newly updated list of the most common and critical web a

Apr 22, 202631m#178

In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their

Apr 14, 202641m#177

In Episode 177 of the Cyber Threat Perspective podcast, host Brad Causey and virtual CISO Daniel Perkins take a clear-eyed look at Claude Mythos — Anthropic's AI model that's generating serious buzz in the cybersecurity

Apr 9, 202638m#176

In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistent

Apr 2, 202624m#175

In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that’s become a go-to for their internal penetration testing engagements. They start wit

Mar 26, 202628m#174

In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensi

Mar 19, 202623m#173

How do you find insecure permissions in Active Directory before they turn into attack paths? In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg , a free securi

Mar 12, 202633m#172

Hey folks! Greetings from the Offensive Security group at SecurIT360. Brad & Spencer are on this episode of The Cyber Threat Perspective to break down The Biggest Security Blind Spots in Mid-Size Companies. In this episo

Mar 6, 202633m#171

Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they’re seeing in the indus

Feb 27, 202634m#170

In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and

Feb 20, 202630m#169

In this episode, we’re digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and de

Feb 13, 202623m#168

Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://

Feb 6, 202630m#167

You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure

Jan 30, 202639m#166

In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how at

Jan 23, 202633m#165

In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process. Blog: https://off

Jan 16, 202635m#164

In this episode, we take a step back from the AI hype and focus on what has actually changed in offensive security. AI isn’t replacing attackers or inventing brand-new techniques, but it is dramatically reducing friction

Jan 9, 202634m#163

In this episode, we dissect the dangerous trend of organizations ceding control of their security strategy to vendors, exploring the pitfalls of vendor lock-in, overspending, and the illusion of comprehensive protection.

Dec 19, 202536m#162

In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly har