The Cyber Threat Perspective

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/bb/b1/d1/bbb1d198-b57b-b9d3-8b1b-c6d0b7aa9356/mza_6262877414617383753.jpg/600x600bb.jpg

The Cyber Threat Perspective

SecurIT360

198 episodes

1 week ago

In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leaks, how attackers chain them together to build a profile of your organization, and common misconceptions about what data is truly "sensitive" from an external attacker's perspective. Learn how organizations can realistically assess their external attack surface b...

Show more...

All content for The Cyber Threat Perspective is the property of SecurIT360 and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leaks, how attackers chain them together to build a profile of your organization, and common misconceptions about what data is truly "sensitive" from an external attacker's perspective. Learn how organizations can realistically assess their external attack surface b...

Show more...

Episodes (20/198)

The Cyber Threat Perspective

Episode 162: Before the Breach How Attackers Profile Your Organization

In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leaks, how attackers chain them together to build a profile of your organization, and common misconceptions about what data is truly "sensitive" from an external attacker's perspective. Learn how organizations can realistically assess their external attack surface b...

2 weeks ago

36 minutes

The Cyber Threat Perspective

Episode 161: The Evolution of Pentesting Going Into 2026

In this episode Brad and Spencer discuss the rapid technology shift that's happening in cybersecurity, hybrid pentesting models and the overall evolution of pen testing as we head into 2026. Need a pentest before the end of the year? Learn how here... Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulner...

3 weeks ago

38 minutes

The Cyber Threat Perspective

Episode 160: Should You Alert Your SOC Before a Pentest?

In this episode, we're discussing the pros and mostly the cons of notifying your SOC/MSSP before your penetration test. Spencer and Brad delve into the details of why it matters and share their experience from hundreds of penetration tests. Get your 2025 External Pentest done before time runs out! https://www.securit360.com/external-penetration-testing-services-sa/ Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow S...

1 month ago

32 minutes

The Cyber Threat Perspective

Episode 159: How to Break Into Cybersecurity in 2026

In this episode, we’re sharing practical, no-fluff advice for getting into cybersecurity, whether you're switching careers, just starting out, or leveling up your IT skills. We’ll cover what actually matters to employers, what to avoid, and the fastest paths into the industry. If you’re looking for a clear roadmap into cybersecurity, this episode is for you. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on soc...

1 month ago

44 minutes

The Cyber Threat Perspective

Episode 158: How to get kicked out of AWS by the FBI

In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

1 month ago

21 minutes

The Cyber Threat Perspective

Episode 157: AppSec Findings in 2025

In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

1 month ago

24 minutes

The Cyber Threat Perspective

Episode 156: Post-Exploitation Tactics That Still Work in 2025

In this episode Spencer and Tyler discuss post-exploitation tactics that still work in 2025. The guys discuss everything from credential access techniques to defense evasion, lateral movement and even exfiltration. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about ho...

2 months ago

28 minutes

The Cyber Threat Perspective

Episode 155: How We Use AI Offensively

In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht...

2 months ago

37 minutes

The Cyber Threat Perspective

Episode 154: Pentesting on a Budget for IT Admins

This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect their environments. All tools, checklists, guides and resources can be found here: https://go.spenceralessi.com/budget Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on s...

2 months ago

25 minutes

The Cyber Threat Perspective

Episode 153: How to Prove Your Security Works Before Attackers Do

In this episode, we dig into how to move from “we think we’re secure” to “we can prove it.” We’ll lay out a practical loop for validating controls, gathering evidence, and tracking results that leadership understands. If you’ve ever wondered how to demonstrate security value beyond dashboards and audits, this is your playbook. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://g...

2 months ago

33 minutes

The Cyber Threat Perspective

(replay) Common Pentest Findings That Shouldn't Exist in 2025

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday. Blog: https://offsec.blog/ You...

2 months ago

27 minutes

The Cyber Threat Perspective

Episode 152: What is Offensive Security?

In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it’s not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. We’ll break down what each of these means, how they’re different, and how we do things at SecurIT360. By the end, you’ll have a clearer picture of how offensive security fits into a bigger securi...

3 months ago

43 minutes

The Cyber Threat Perspective

Episode 151: Tool Time - PingCastle for Defenders

In this episode, we’re digging into a super awesome Active Directory security tool called PingCastle. We’ll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why. 👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here. Blog: https://offsec.blog/ Youtube: https://www....

3 months ago

42 minutes

The Cyber Threat Perspective

Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend

https://offsec.blog/budget In this episode, we’re tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentest, file the report away, and move on without leveraging it for strategic value. We’ll break down how to translate findings into business language, influence leadership, and turn vulnerabilities into funding for better defenses. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreat...

3 months ago

30 minutes

The Cyber Threat Perspective

Episode 149: Building a Security Stack That Works A Practitioner’s Perspective

In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into the balance between technical defenses and business-driven risk management, from budgeting and vendor selection to measuring success and preparing for emerging threats. Whether you’re a hands-on practitioner or a security leader, you’ll walk away with p...

3 months ago

36 minutes

The Cyber Threat Perspective

Episode 148: Securing Windows: Common Misconfigurations That Give Attackers The Advantage

This is the webinar I gave in August 2025 on the topic of common Windows misconfigurations I see during internal pentests. Make sure you grab your free gifts! https://securit360.com/free-gifts https://links.spenceralessi.com/creds https://go.spenceralessi.com/windows-slides Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://secur...

4 months ago

54 minutes

The Cyber Threat Perspective

Episode 147: When to Accept the Risk

In this episode, we’re digging into one of the most overlooked parts of a penetration test, when it actually makes sense to not fix a finding. Not every vulnerability deserves equal treatment, and sometimes accepting the risk is the most mature decision a business can make. We’ll cover how to recognize those situations, avoid common pitfalls, and document your choices so they stand up to scrutiny. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter:...

4 months ago

39 minutes

The Cyber Threat Perspective

Episode 146: What Are the Security Implications of AI?

In this episode of The Cyber Threat Perspective, we’re exploring the broader security implications of artificial intelligence. AI is transforming everything—from how we defend our networks to how attackers exploit them. We’ll break down the risks, the opportunities, and what security teams need to be thinking about right now as AI becomes embedded in both our tools and becomes a part of our daily life. Spencer's next webinar 8/28 12pm Eastern Topic: Securing Windows, Common Misconfigurations ...

4 months ago

45 minutes

The Cyber Threat Perspective

Episode 145: What To Do Minute 1 When Incident Response Arrives

In this episode, we're diving into what to do the minute incident response arrives. That first moment matters—a lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help or hinder the investigation. We’ll cover the do’s, don’ts, and common mistakes we see, so you’re ready when the heat is on. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on soci...

4 months ago

33 minutes

The Cyber Threat Perspective

Episode 144: How Cyber Threat Actors Are Using AI

In this episode of The Cyber Threat Perspective, we're diving into one of the most pressing trends in cybersecurity: how threat actors are using AI. From deepfake scams and AI-generated phishing emails to automated malware and voice cloning, attackers are leveraging artificial intelligence to scale their operations and sharpen their tactics. We’ll break down real-world examples, tools like WormGPT, and what this means for defenders going forward. Blog: https://offsec.blog/ Youtube: https://ww...

5 months ago

31 minutes