In part 2 of our discussion, John Strand tells us how the cybersecurity industry has turned stagnant, with a lack of innovation and an investment model that isn't going to turn that around any time soon. We explore why venture capital funding hasn't led to the breakthrough products the industry needs, and what's holding back real innovation. John also highlights the leaders in the security industry who are actively giving back to the community, and he and Adam try to one-up each other over who's stayed in the most disgusting hotel room.

00:00 Intro

00:12 Security is Ripe for Disruption

06:19 Better Investors = Better Security Products

10:22 Security is Awesome

12:43 Scaling Conference Talks

15:54 John's Advice on Guests

17:30 A Great Set of People

23:18 Bad Hotels, Good People

29:10 Wrapup

29:54 Outro

This is Part 2 of our conversation with John Strand.

Website: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHour

Enjoyed this episode? Subscribe and share with colleagues who'll enjoy honest discussions among security professionals.

John Strand isn't interested in fixing the broken security education system—he's tearing it down and rebuilding it. In Part 1 of this two-part conversation, the founder of Black Hills Information Security explains why scholarships don't solve the real problem, how American universities are losing ground to European programs, and the unexpected places where he's finding the next generation of security talent.

What We Cover:

Why scholarships preserve a broken system instead of fixing it

The barriers that actually matters: Not what you expect

American universities vs. European programs: who's winning and why

Career changers bringing new perspectives to the industry.

AI's "fallow period" in hiring and what comes next

The standardization of mediocrity: how AI is making everything "blah"

00:00 Introduction

00:50 Rethinking Cyber Education

07:01 Diversity Brings Amazing People into Security

09:53 Changing Lives

11:42 Giving Back to the Community

14:33 The Strand Family of Companies

17:02 Security's AI Mistake

Part 2 coming soon

Website: https://securitycocktailhour.com

Newsletter: https://securitycocktailhour.com/newsletter

LinkedIn: https://www.linkedin.com/company/security-cocktail-hour

Twitter/X: @SecCocktailHour

Enjoyed this episode? Subscribe and share with colleagues who need to hear this perspective on the future of security education.

Keeping your Flipper Zero's firmware updated is critical for security and performance—but the update process isn't always smooth. In this episode, we'll walk you through every step of updating your Flipper Zero firmware, including how to work through a snag you might encounter.

Whether you're a security professional, pentester, or hardware enthusiast, regular firmware maintenance is essential for keeping your tools secure and functional. This guide shows you what it takes for the popular Flipper Zero.

00:00 Introduction to Flipper Zero

02:30 Laptop connection and app

06:20 Begin Update

07:23 This doesn't look right

09:40 Definitely not right

10:27 Success

12:57 Next steps

Catch up with the previous episode in this series when we unboxed the Flipper Zero:

https://open.spotify.com/episode/1rU2o8B5cd9MYZ4uQSB3VG?si=cce55d68cdc048b6

And our episode on the ethics of 'hacking' devices:

https://open.spotify.com/episode/0olsN2LKLn09wOLpnxqeIH?si=adf4b00394714209

📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox.

👉 https://securitycocktailhour.com/newsletter/

🔗 Connect With Us:

Website: https://securitycocktailhour.com

LinkedIn: https://www.linkedin.com/company/security-cocktail-hour/

Twitter: @SecCocktailHour

Curious about the Flipper Zero, one of the most talked-about `gadgets` out there? We give you a quick look as we unbox a new one.

This is a companion to one of our earliest episodes, where we talked about the ethics and proper use of hacking tools. https://youtu.be/BVca3X8wE_c

📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox.

👉 https://securitycocktailhour.com/newsletter/

🔗 Connect With Us:

Website: https://securitycocktailhour.com

LinkedIn: https://www.linkedin.com/company/security-cocktail-hour/

Twitter: @SecCocktailHour

Job scams are getting scary good. We're talking AI deepfakes, fake recruiters, and cryptocurrency traps that are fooling even tech-savvy professionals. In this Security Cocktail Hour holiday special, Joe and Adam break down four of the most dangerous job scams hitting people right now—because nothing says "Happy Holidays" quite like protecting yourself from scammers, right?

If you're job hunting (or know someone who is), grab a drink and settle in. We're covering everything from deepfake video interviews to the bizarre world of "lucky order" scams that'll drain your crypto wallet faster than you can say "I got the job!"

What You'll Learn:

✅ How scammers use real-time deepfake technology to impersonate legitimate recruiters

✅ The malware delivery tactics hidden in "competency tests" and coding exercises

✅ How to spot fake job postings before sharing personal information

✅ The "lucky order" scam that tricks workers into depleting their own accounts

00:00 Intro: Job Scams for the Holidays

01:08 AI Enhanced Interview Fraud

11:26 Packaging and Processing Scams

17:23 Mystery Shopper Scam

24:30 Gamify/Task Scams

28:48 Help Spread Awareness

29:40 Wrapup and Happy Holidays

30:58 Bonus Bloopers!

Key Takeaways:

🚩 Red Flag #1: Any job asking for money upfront (deposits, equipment fees, background check fees)

🚩 Red Flag #2: Payment exclusively in cryptocurrency for employment

🚩 Red Flag #3: Requests for excessive personal information before an interview

🚩 Red Flag #4: Downloading special software for interviews or tests

🚩 Red Flag #5: "Too good to be true" easy money for simple tasks

Protect Yourself:

✓ Always verify recruiters through official company websites (not LinkedIn alone)

✓ Never give MFA/2FA codes to anyone—even for "deposits"

✓ Be wary of video interviews that seem glitchy (could be deepfakes)

✓ Research the company independently before sharing personal data

✓ Use multi-factor authentication on all financial accounts

📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox every week.

👉 https://securitycocktailhour.com/newsletter/

🔗 Connect With Us:

Website: securitycocktailhour.com

LinkedIn: https://www.linkedin.com/company/security-cocktail-hour/

Twitter: @SecCocktailHour

Share This Episode: Know someone job hunting? Share this video to help protect them from these evolving scams.

Scammers stay busy during the holidays. From recognizing fake gift card requests to safe phone payments for teens, we're bringing back the best cyber security tips from last year's holiday episode, as a warmup for a new episode focusing on the latest job scams coming next week.

00:00 Introduction to the Holiday Episode

00:31 Phone malware and app privacy

06:41 EZPass Alerts and Package Delivery

08:56 Sexploitation

12:07 The Importance of Zero Trust

14:07 Gift Cards

20:54 Tap to Pay

24:52 The Debate: Debit vs. Credit Cards

29:56 Subscriptions and Hidden Costs

31:41 Wrapup

Whether you’re buying gifts, traveling, or just enjoying the holidays with family, these practical tips will help you protect yourself and your loved ones.

👉 Help us fight back against the scammers:

• Share this episode with friends and family to keep them safe too!
• Leave a comment with your experiences or questions about scams.

Stay safe, stay smart, and have a happy holiday season! 🎁

In this episode of the Security Cocktail Hour, guest Jatin Mannepalli introduces co-hosts Joe Patti and Adam Roth the high-speed, high stakes world of high frequency trading (HFT) and its many security challenges. The conversation delves into the intricacies of high frequency trading, the stress of incident response, and the importance of redundancy in connectivity. They discuss the evolution of data transmission methods, the challenges of security in trading environments, and the role of custom hardware. The episode also touches on the current job market in cyber security and the necessity of collaboration among firms to enhance security measures.

Have you worked in cyber security for trading environments, or HFT's? Tell us about your experience in the comments.

The views and opinions expressed in this podcast are solely those of the speaker, Jatin Mannepalli, and do not necessarily reflect the views, positions, or policies of IMC Trading or its affiliates.

Join Security Cocktail Hour hosts Joe Patti and Adam Roth for an in-depth conversation with Myke Lyons, Chief Information Security Officer at Cribl, about AI in cybersecurity operations. Discover how modern CISOs are actually using LLMs and AI tools in their daily work, handling the data explosion (28% CAGR growth in logs), and transforming security operations with smarter telemetry management. Myke shares practical AI adoption strategies, prompt engineering techniques, and his unique perspective on threat hunting with modern data architectures. From his non-traditional background (Culinary Institute of America graduate) to leading security at companies like Snyk, Collibra, and ServiceNow, Myke offers real-world insights on the future of AI in security.