Easy Prey Podcast Por Chris Parker arte de portada

Easy Prey

Easy Prey

De: Chris Parker
Escúchala gratis

Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim. Biografías y Memorias Crímenes Reales Política y Gobierno
Episodios
  • Past, Present, and Future of AI agents

    Past, Present, and Future of AI agents
    Dec 24 2025
    The intersection of AI and cybersecurity is changing faster than anyone expected, and that pace is creating both incredible innovation and brand-new risks we're only beginning to understand. From deepfake ads that fool even seasoned security professionals to autonomous agents capable of acting on our behalf, the threat landscape looks very different than it did even a year ago. To explore what this evolution means for everyday people and for enterprises trying to keep up, I'm joined by Chris Kirschke, Field CISO at Tuskira and a security leader with more than two decades of experience navigating complex cyber environments. Chris talks about his unconventional path into the industry, how much harder it is for new professionals to enter cybersecurity today, and the surprising story of how he recently fell for a fake Facebook ad that showcased just how convincing AI-powered scams have become. He breaks down the four major waves of InfoSec from the rise of the web, through mobile and cloud, to the sudden, uncontrollable arrival of generative AI. He then explains why this fourth wave caught companies completely off guard. GenAI wasn't something organizations adopted thoughtfully; it appeared overnight, with thousands of employees using it long before security teams understood its impact. That forced long-ignored issues like data classification, permissions cleanup, and internal hygiene to the forefront. We also dive into the world of agentic AI which is AI that doesn't just analyze but actually acts and the incredible opportunities and dangers that come with it. Chris shares how low-code orchestration, continuous penetration testing, context engineering, and security "mesh" architectures are reshaping modern InfoSec. Chris spends a lot of time talking about the human side of all this and why guardrails matter, how easy it is to over-automate, and the simple truth that AI still struggles with the soft skills security teams rely on every day. He also shares what companies should think about before diving into AI, starting with understanding their data, looping in legal and privacy teams early, and giving themselves room to experiment without turning everything over to an agent on day one. Show Notes: [00:00] Chris Kirschke, Field CISO at Tuskira, is here to explore how AI is reshaping cybersecurity and why modern threats look so different today.[03:05] Chris shares his unexpected path from bartending into IT in the late '90s, reflecting on how difficult it has become for newcomers to enter cybersecurity today.[06:18] A convincing Facebook scam slips past his defenses, illustrating how AI-enhanced fraud makes traditional red flags far harder to spot.[09:32] GenAI's sudden arrival in the workplace creates chaos as employees adopt tools faster than security teams can assess risk.[12:08] The conversation shifts to AI-driven penetration testing and how continuous, automated testing is replacing traditional annual reports.[15:23] Agentic AI enters the picture as Chris explains how low-code orchestration and autonomous agents are transforming security workflows.[18:24] He discusses when consumers can safely rely on AI agents and why human-in-the-loop oversight remains essential for anything involving transactions or access.[21:48] AI's dependence on context becomes clear as organizations move toward context lakes to support more intelligent, adaptive security models.[25:46] He highlights early experiments where AI agents automatically fix vulnerabilities in code, along with the dangers of developers becoming over-reliant on automation.[29:50] AI emerges as a support tool rather than a replacement, with Chris emphasizing that communication, trust, and human judgment remain central to the security profession.[33:35] A mock deposition experience reveals how AI might help individuals prepare for high-stress legal or compliance scenarios.[37:13] Chris outlines practical guardrails for adopting AI—starting with data understanding, legal partnerships, and clear architectural patterns.[40:21] Chatbot failures remind everyone that AI can invent policies or explanations when it lacks guidance, underscoring the need for strong oversight.[41:32] Closing thoughts include where to find more of Chris's work and continue learning about Tuskira's approach to AI security. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedInEasy Prey on YouTubeEasy Prey on PinterestTuskiraChris Kirschke -LinkedIn
    Más Menos
    43 m
  • You Are Traceable with OSINT

    You Are Traceable with OSINT
    Dec 17 2025
    Publicly available data can paint a much clearer picture of our lives than most of us realize, and this episode takes a deeper look at how those tiny digital breadcrumbs like photos, records, searches, even the background of a Zoom call can be pieced together to reveal far more than we ever intended. To help break this down, I'm joined by Cynthia Hetherington, Founder and CEO of The Hetherington Group, a longtime leader in open-source intelligence. She also founded Osmosis, the global association and conference for OSINT professionals, and she oversees OSINT Academy, where her team trains investigators, analysts, and practitioners from all experience levels. Cynthia shares how she started her career as a librarian who loved solving information puzzles and eventually became one of the earliest people applying internet research to real investigative work. She talks about the first wave of cybercrime in the 1990s, how she supported law enforcement before the web was even mainstream, and why publicly accessible data today is more powerful and more revealing than ever. We get into how OSINT actually works in practice, from identifying a location based on a sweatshirt logo to examining background objects in video calls. She also explains why the U.S. has fewer privacy protections than many assume, and how property records, social media posts, and online datasets combine to expose surprising amounts of personal information. We also explore the growing role of AI in intelligence work. Cynthia breaks down how tools like ChatGPT can accelerate analysis but also produce hallucinations that investigators must rigorously verify, especially when the stakes are legal or security-related. She walks through common vulnerabilities people overlook, the low-hanging fruit you can remove online, and why your online exposure often comes from the people living in your home. Cynthia closes by offering practical advice to protect your digital footprint and resources for anyone curious about learning OSINT themselves. This is a fascinating look at how much of your life is already visible, and what you can do to safeguard the parts you'd rather keep private. Show Notes: [01:17] Cynthia Hetherington, Founder & CEO of The Hetherington Group is here to discuss OSINT or Open-Source Intelligence.[02:40] Early cyber investigators began turning to her for help long before online research tools became mainstream.[03:39] Founding The Hetherington Group marks her transition from librarian to private investigator.[04:22] Digital vulnerability takes center stage as online data becomes widely accessible and increasingly revealing.[05:22] We get a clear breakdown of what OSINT actually is and what counts as "publicly available information."[06:40] A simple trash bin in a photo becomes a lesson in how quickly locations can be narrowed down.[08:03] Cynthia shares the sweatshirt example to show how a tiny image detail can identify a school and possibly a city.[09:32] Background clues seen during COVID video calls demonstrate how unintentional information leaks became routine.[11:12] A news segment with visible passwords highlights how everyday desk clutter can expose sensitive data.[12:14] She describes old threat-assessment techniques that relied on family photos and subtle personal cues.[13:32] Cynthia analyzes the balance and lighting of a Zoom backdrop, pointing out what investigators look for.[15:12] Virtual and real backgrounds each reveal different signals about a person's environment.[16:02] Reflections on screens become unexpected sources of intelligence as she notices objects outside the camera frame.[16:37] Concerns grow around how easily someone can be profiled using only public information.[17:13] Google emerges as the fastest tool for building a quick, surface-level profile of almost anyone.[18:32] Social media takes priority in search results and becomes a major driver of self-exposed data.[19:40] Cynthia compares AI tools to the early internet, describing how transformative they feel for investigators.[20:58] A poisoning case from the early '90s demonstrates how online expert communities solved problems before search engines existed.[22:40] She recalls using early listservs to reach forensic experts long before modern digital research tools were available.[23:44] Smarter prompts become essential as AI changes how OSINT professionals gather reliable information.[24:55] Cynthia introduces her C.R.A.W.L. method and explains how it mirrors the traditional intelligence lifecycle.[26:12] Hallucinations from AI responses reinforce the need for human review and verification.[27:48] We learn why repeatable processes are crucial for building trustworthy intelligence outputs.[29:05] Elegant-sounding AI answers illustrate the danger of unverified assumptions.[30:40] An outdated email-header technique becomes a reminder of how quickly OSINT methods evolve.[32:12] Managed attribution—hiding your digital identity—is explained along with when...
    Más Menos
    56 m
  • Anyone Could Walk In

    Anyone Could Walk In
    Dec 10 2025

    Sometimes we forget how much trust we place in the little things around us like a lock on a door or a badge on someone's shirt. We see those symbols and assume everything behind them is safe, but it doesn't always work that way. A person with enough confidence, or the right story, can slip through places we think are locked down tight, and most of us never notice it's happening.

    My guest today is Deviant Ollam, and he's one of the rare people who gets invited to break into buildings on purpose. He talks about how he fell into this unusual line of work, the odd moments that shaped his career, and why understanding human behavior matters just as much as understanding locks or alarms. Listening to him describe these situations, where he's walking through offices, popping doors, or blending in with repair crews, makes you realize how blind we can be to our own surroundings.

    We also get into the practical side of things: the mistakes companies make, the small fixes that go a long way, and why teaching employees to slow down and ask a few extra questions can make all the difference. It's an eye-opening conversation, especially if you've ever assumed your workplace is more secure than it really is.

    Show Notes:
    • [03:24] Deviant shares how early adventures, abandoned buildings, and curiosity about locks pulled him toward physical security.
    • [06:20] A story about a law firm reveals how an office "secure" door was bypassed instantly, exposing major hardware flaws.
    • [09:16] Discussion shifts to how the locksmith and safe technician community reacted to his public teaching and how that's changed over time.
    • [13:28] The topic turns to security theater and the gap between feeling safe and actually being protected.
    • [16:18] An explanation of symbolic locks versus real security products highlights how easily people mix up the two.
    • [19:11] Conversation moves into the lack of clear U.S. lock standards and why European systems make things easier for consumers.
    • [21:51] Layered security comes into focus, emphasizing that the goal is to delay and deter rather than stop every possible attack.
    • [24:35] Monitoring tools, overlooked windows, and forgotten blind spots show how attackers often choose the easiest entry point.
    • [27:38] We look at the politics of penetration tests and why coordinating with building management is essential.
    • [31:28] Escalation testing illustrates how long suspicious behavior can go unnoticed inside an organization.
    • [34:34] The need for simple, obvious reporting channels becomes clear when employees aren't sure who to alert.
    • [37:00] A breakdown of common cover stories shows why attackers lean on confidence and industry jargon.
    • [39:50] Urgency and pressure tactics surface as key components of social engineering and why "polite paranoia" helps.
    • [41:14] A viral prank underscores how easily an unverified person can be escorted into restricted areas.

    Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

    Links and Resources:
    • Podcast Web Page
    • Facebook Page
    • whatismyipaddress.com
    • Easy Prey on Instagram
    • Easy Prey on Twitter
    • Easy Prey on LinkedIn
    • Easy Prey on YouTube
    • Easy Prey on Pinterest
    • Deviant Ollam
    • Deviant Ollam - You Tube
    • Deviant Ollam - Instagram
    • Practical Lock Picking: A Physical Penetration Tester's Training Guide
    Más Menos
    43 m
Todavía no hay opiniones