• Insight: How User and Entity Behavior Analytics Spots Trouble Early
    Jun 30 2026

    This narrated Insight walks through User and Entity Behavior Analytics (UEBA) as a practical tool for spotting the weird stuff early. You will hear how UEBA builds a picture of “normal” behavior for users, service accounts, and systems, then uses that context to highlight the logins, data access, and admin activity that really deserve your attention. We explore where it sits alongside your SIEM, XDR, and identity tools, and why it works best as a behavioral lens on top of the data you already collect. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine.

    In the episode, we move from fundamentals to real-world application. You will hear everyday use cases, from compromised credentials and privileged account monitoring to insider risk and cloud-heavy environments. We talk through the benefits UEBA can bring to a busy security operations center, as well as the trade-offs around data quality, tuning, and cost. Finally, we cover the most common failure patterns and the healthy signals that show UEBA is actually driving better decisions, not just adding another dashboard.

    Show More Show Less
    13 mins
  • Certified: CIPT and the Technical Side of Privacy
    Jun 29 2026

    This episode walks through Certified Information Privacy Technologist (CIPT), a privacy credential for professionals who want to understand how data protection works inside real technology systems. Based on my Monday “Certified” feature from Bare Metal Cyber Magazine, it explains who the certification is for, why it matters, and how it connects privacy, security, product design, engineering, cloud systems, and data governance. The focus is practical: how privacy becomes part of collection, use, retention, sharing, deletion, user control, and technical risk reduction.
    We also look at what the CIPT exam really tests, including privacy by design, privacy engineering, responsible data use, and scenario-based decision-making. This episode is designed for early-career cyber, IT, cloud, GRC, and privacy professionals who want a clearer path into privacy technology. The Bare Metal Cyber Academy is also introduced as the broader home for the connected certification resources, including the free audio course and companion books for structured, flexible preparation.

    Show More Show Less
    15 mins
  • Insight: Understanding the Ransomware Attack Lifecycle
    Jun 23 2026

    Ransomware attacks do not begin with the ransom note – they unfold through a quiet sequence of steps that often look like routine activity. In this Tuesday “Insights” episode, developed by Bare Metal Cyber, we walk through the modern ransomware attack lifecycle from initial access and foothold to lateral movement, privilege abuse, data theft, backup tampering, and finally encryption. You will hear how real attacks typically progress over days or weeks, which signals show up in identity, endpoints, networks, and backups, and why so many organizations only notice the threat at the worst possible moment. We then translate that lifecycle into practical interruption points, so security and IT teams can see where to focus, how to use the tools they already have, and how to make recovery less dependent on paying an attacker.

    Show More Show Less
    12 mins
  • Certified: GCTI and the Rise of Cyber Threat Intelligence
    Jun 22 2026

    GIAC Cyber Threat Intelligence (GCTI) is built for people who want to understand what attackers are doing, how campaigns connect, and how raw security data becomes useful intelligence. In this narrated episode, based on my Monday “Certified” feature from Bare Metal Cyber Magazine, we walk through what GCTI is, who it is really for, and why it matters for analysts who want to move beyond basic alert handling into deeper investigation, threat hunting, incident response, and intelligence-informed defense.
    We also look at what the exam really tests, including intelligence models, evidence handling, attribution caution, open-source research, malware-informed analysis, pivoting, reporting, and the difference between memorizing facts and making sound analytical judgments. The episode closes by placing GCTI into a larger career path and explaining how the Bare Metal Cyber Academy can support a flexible study plan through its connected audio course, Study Guide, and Flash Cards ebook.

    Show More Show Less
    14 mins
  • Insight: Securing Operational Technology and Industrial Control Systems
    Jun 16 2026

    This audio edition takes you into the world of Operational Technology (OT) and Industrial Control Systems (ICS) security, where digital access and configuration changes can directly affect pumps, valves, and production lines. In clear, practical language, we walk through what OT and ICS actually are, how they differ from traditional IT, and where they sit in real environments like plants, utilities, and large facilities. The narration is based on a Tuesday “Insights” feature from Bare Metal Cyber Magazine, designed to help you connect the dots between familiar cyber concepts and the physical processes that keep organizations running.

    From there, the episode follows the flow of everyday work. You will hear how OT and ICS networks are typically segmented, how remote access and monitoring are set up in practice, and where change control really matters when safety and reliability are on the line. We explore concrete use cases, from quick visibility wins to deeper, long-term improvements, and spend time on the real benefits, trade-offs, and limits of applying security controls in these environments. Along the way, we highlight common failure modes and healthy signals so you can better recognize where your own organization is today.

    Show More Show Less
    15 mins
  • Certified: CompTIA SecOT+ and the Future of OT Cybersecurity
    Jun 15 2026

    CompTIA SecOT+ (SecOT+) focuses on the cybersecurity skills needed to protect operational technology environments, including the industrial systems behind manufacturing, utilities, transportation, energy, water, and other critical infrastructure. This episode walks through what the certification is, who it is for, what the exam is designed to test, and why OT security is different from traditional enterprise IT security. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine and is written for learners who want a clear, practical explanation without exam jargon getting in the way.
    You will hear how SecOT+ fits into a larger cybersecurity career path, especially for professionals who want to work where networks, control systems, safety, uptime, and physical operations all meet. The episode also explains how to think about preparation, including OT foundations, risk management, architecture, operations, monitoring, and incident response. The Bare Metal Cyber Academy serves as the broader home for the connected resources, including flexible study support for busy professionals.

    Show More Show Less
    15 mins
  • Insight: Browser Security Basics for Real-World Teams
    Jun 9 2026

    Browser security can feel like a small detail compared to network diagrams and cloud architectures, but for most people in your organization, the browser is where the real work happens. In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through the essentials of browser security with a practical focus on extensions, cookies, and everyday web risks. You will hear how browser protections fit alongside endpoint, identity, and application security, and why a few small choices in the browser can change the outcome of a bad click.

    Across this episode, we explore how modern browsers try to protect users, where extensions can either help or hurt, and how session cookies shape what attackers can do if they get a foothold. We look at everyday use cases you will recognize from your own environment, from managed work profiles to extension allowlists and browser isolation for risky tasks. You will also get an honest view of the benefits, trade-offs, and common failure modes, along with practical signals that show when browser security is actually working instead of just being written into a policy.

    Show More Show Less
    13 mins
  • Certified: ITIL Foundation Version 5 and the Modern Service Mindset
    Jun 8 2026

    ITIL Foundation (Version 5), or ITIL 5 Foundation, is a practical starting point for understanding how modern technology work becomes organized, reliable, and valuable to the business. In this narrated version of my Monday “Certified” feature from Bare Metal Cyber Magazine, we walk through what the certification is, who it is for, what kind of thinking the exam rewards, and why service management fluency matters for early-career IT, cybersecurity, cloud, support, and governance professionals.
    This episode also explains where ITIL 5 fits in a broader career path, especially for people moving from technical task work into service delivery, operations, coordination, or management. We also touch on how the Bare Metal Cyber Academy can support structured preparation through flexible certification resources, including audio-based review, guided study, and focused recall practice for busy professionals.

    Show More Show Less
    15 mins