The Cyber Threat Perspective
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.
brad@securit360.com
Episodes
214 episodes
Episode 178: Internal Security Controls That Actually Frustrate Attackers
In Episode 178 of the Cyber Threat Perspective podcast, hosts Spencer and Tyler take a practitioner-first look at the internal security controls that genuinely make attackers' lives difficult, drawing directly from their experience conducting h...
Episode 177: Claude Mythos — What It Actually Does, What It Doesn't, and What Your Organization Should Do Now
In Episode 177 of the Cyber Threat Perspective podcast, host Brad Causey and virtual CISO Daniel Perkins take a clear-eyed look at Claude Mythos — Anthropic's AI model that's generating serious buzz in the cybersecurity world for its ability to...
Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice
In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT...
Episode 175: NetTools - The Free Active Directory Swiss Army Knife for IT Admins & Pen Testers
In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that’s become a go-to for their internal penetration testing engagements.They start with the backstory: y...
Episode 174: Web Application Penetration Testing Tools & Techniques with Jordan
In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensions that make up a moder...
Episode 173: How to Find Insecure Active Directory Permissions with ADeleg
How do you find insecure permissions in Active Directory before they turn into attack paths?In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg, a free secu...
Episode 172: The biggest security blind spots in Midsized companies
Hey folks! Greetings from the Offensive Security group at SecurIT360. Brad & Spencer are on this episode of The Cyber Threat Perspective to break down The Biggest Security Blind Spots in Mid-Size Companies.In this episode, we expose...
Episode 171: The future of pentesting with AI
Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they’re seeing in the industry and what the future ...
Episode 170: The Evasive Adversary
In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and bypassing security tool...
Episode 169: Malicious Browser Extensions
In this episode, we’re digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers a...
Episode 168: Do you need a web app pen test?
Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough.
Episode 167: TLS and SSL vulnerabilities - do they matter?
You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure. We’ll cover when t...
Episode 166: Why Your Pentest Didn’t Make You Safer
In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how attackers operate very dif...
Episode 165: What to expect on your API Pentest
In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process.
Episode 164: Offensive Security in the Age of AI: What Has Changed
In this episode, we take a step back from the AI hype and focus on what has actually changed in offensive security. AI isn’t replacing attackers or inventing brand-new techniques, but it is dramatically reducing friction across the att...
Episode 163: The Vendor Security Trap: Are You Losing Control?
In this episode, we dissect the dangerous trend of organizations ceding control of their security strategy to vendors, exploring the pitfalls of vendor lock-in, overspending, and the illusion of comprehensive protection. We'll provide actionabl...
Episode 162: Before the Breach How Attackers Profile Your Organization
In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leak...
Episode 161: The Evolution of Pentesting Going Into 2026
In this episode Brad and Spencer discuss the rapid technology shift that's happening in cybersecurity, hybrid pentesting models and the overall evolution of pen testing as we head into 2026.Need a pentest before the end of the year?
Episode 160: Should You Alert Your SOC Before a Pentest?
In this episode, we're discussing the pros and mostly the cons of notifying your SOC/MSSP before your penetration test. Spencer and Brad delve into the details of why it matters and share their experience from hundreds of penetration tests.&nbs...
Episode 159: How to Break Into Cybersecurity in 2026
In this episode, we’re sharing practical, no-fluff advice for getting into cybersecurity, whether you're switching careers, just starting out, or leveling up your IT skills. We’ll cover what actually matters to employers, what to avoid, and the...
Episode 158: How to get kicked out of AWS by the FBI
In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive.
Episode 157: AppSec Findings in 2025
In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year.
Episode 156: Post-Exploitation Tactics That Still Work in 2025
In this episode Spencer and Tyler discuss post-exploitation tactics that still work in 2025. The guys discuss everything from credential access techniques to defense evasion, lateral movement and even exfiltration.
Episode 155: How We Use AI Offensively
In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways thi...
Episode 154: Pentesting on a Budget for IT Admins
This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect ...