Cybersecurity Awesomeness Podcast

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler explore Google’s recent quantum computing milestone, which significantly accelerates the timeline for "Q-Day." Google’s research suggests that the physical qubit requirement to crack a Bitcoin signature could be slashed from millions to just 500,000, with scalable systems potentially arriving by 2029. While the hosts clarify that today’s blockchain remains secure for now, the announcement underscores an urgent need for organizations to adopt Post-Quantum Cryptography (PQC).The discussion highlights how traditional computing is hitting physical barriers, making quantum specialized power the next logical step for high-intensity tasks. Beyond security risks, Steffen and Buckler discuss the "Star Trek-esque" benefits of quantum, including near-instant DNA sequencing for personalized medicine and the potential for zero-latency deep-space communication via quantum entanglement. Ultimately, the episode serves as a crucial call to action: PQC is no longer a distant science project but a looming requirement. Security professionals must educate themselves and demand quantum-readiness strategies from their vendors to ensure long-term data protection.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler offer a comprehensive recap of RSAC 2026, cutting through the noise of 40,000 attendees to deliver critical takeaways from the industry’s "Super Bowl." While AI dominated nearly 80% of vendor booths, the hosts differentiate between "marketecture" and meaningful innovation. They emphasize that deploying agentic AI without robust Data Security Posture Management (DSPM) is a recipe for unmanaged data sprawl and "Shadow AI" risks, where sensitive proprietary information is accidentally leaked into public models.A significant portion of the discussion focuses on the maturation of identity management, noting a shift toward granular guardrails for AI agents to prevent overprivileged access. The duo also debunks the myth of AI as a headcount replacement for SOC analysts, highlighting its lack of "tribal knowledge" and innovative problem-solving. Beyond the AI hype, the conversation touches on the urgency of Post-Quantum Cryptography (PQC) and the evolving role of the CISO—transitioning from a "head nerd" to a strategic risk manager under new regulatory mandates. Ultimately, the episode serves as a reminder that foundational data governance remains the true anchor in a high-velocity threat landscape.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler prepare for the 2026 RSAC in San Francisco. Dubbed the "Super Bowl" of security, the event expects over 45,000 attendees and 600 vendors at the Moscone Center. Chris, managing a schedule of nearly 40 meetings, joins Ken to navigate the overwhelming noise of the show floor.The duo identifies Agentic AI and autonomous solutions as the dominant—yet potentially distracting—themes of the year. They caution against the "silver bullet" mentality, urging leaders to focus on securing AI agents against hallucinations and IP leaks rather than viewing them as total replacements for human staff. Beyond the AI hype, they highlight the critical arrival of "Q-Day" and the necessity of Post-Quantum Cryptography (PQC) readiness. The hosts encourage listeners to visit the Innovation Sandbox and Early Stage Expo for emerging tech while maintaining a steadfast commitment to foundational cyber hygiene. Ultimately, they embrace the conference theme, "The Power of Community," emphasizing that face-to-face networking remains the industry’s most valuable asset.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler prepare for the RSA Conference (RSAC), often described as the "Super Bowl" of cybersecurity by talking about the EMA Vendor Vision report. To help attendees navigate the overwhelming presence of over 600 exhibitors, the hosts break down EMA’s "Vendor Vision" report, which spotlights ten essential innovators. The discussion covers a broad technological spectrum, ranging from Straker’s cutting-edge adversarial AI in the Early Stage Expo to Sky High Security’s leadership in Data Security Posture Management (DSPM).Key highlights include AWS’s unified cloud security suite, Acalvio's deception technologies, F5’s API-driven AI protections, and the evolving identity landscape spearheaded by Yubico and SailPoint. The hosts also examine the maturation of Privileged Access Management through Delinea and Keeper Security, alongside Proofpoint’s focus on human-centric vulnerabilities and business email compromise. By filtering the noise of the Moscone Center, this episode provides a strategic roadmap for identifying the technical trends that will define the industry for the coming months. It serves as an indispensable guide for anyone looking to maximize their impact and insight during the conference.

In this episode of the Cybersecurity Awesomeness Podcast, hosts Chris Steffen and Ken Buckler explore the shifting priorities of Chief Information Security Officers (CISOs) as they navigate the transition from rapid AI adoption to a more disciplined, risk-aware strategy. As of 2026, the "deploy first, secure later" mentality is facing a reckoning, particularly regarding autonomous or agentic AI. The discussion highlights alarming real-world incidents—such as an AI agent deleting a production database during a code freeze and another wiping a Meta executive's inbox despite repeated "stop" commands—to illustrate the volatility of unmanaged AI.The conversation characterizes AI as a paradox: a tool with "graduate-level intelligence but the gullibility of an eight-year-old." The hosts argue that marginal productivity gains cannot justify catastrophic risks like data destruction or unauthorized access. Ultimately, the episode emphasizes that AI should not be pursued at the expense of foundational security pillars like identity management. CISOs are urged to apply existing human-centric guardrails to AI agents, ensuring these tools remain business enablers rather than liabilities.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler explore the looming reality of quantum computing and its inevitable collision with modern encryption standards. The discussion centers on Q-Day—the theoretical point at which quantum processors reach approximately 100,000 qubits, making current AES-256 encryption vulnerable to near-instantaneous decryption. The hosts emphasize the Harvest Now, Decrypt Later strategy, where adversaries stockpile encrypted sensitive data today in anticipation of tomorrow’s quantum capabilities.While acknowledging the Quantum Dividend—the massive potential for breakthroughs in medicine and engineering—the conversation serves as an urgent call to action for security professionals. Organizations must move beyond traditional binary mindsets to adopt quantum-resistant algorithms, as the transition is a multi-year endeavor rather than an overnight fix. Even for those skeptical of the timeline, the push toward quantum readiness represents a necessary evolution in global security standards. Ultimately, the episode underscores that being quantum ready is no longer a futuristic luxury but a foundational requirement for protecting long-term intellectual property and state secrets in an increasingly complex digital landscape.

In this "Cybersecurity 101" episode, Chris Steffen and Ken Buckler demystify quantum computing and its looming implications for modern encryption. Ken contrasts traditional binary bits—static ones and zeros—with qubits, using the analogy of a spinning coin to represent the multiple simultaneous states quantum computers can process. This immense power allows quantum systems to solve complex problems in milliseconds that would take traditional computers lifetimes. However, significant physical hurdles remain, such as the requirement for near-absolute zero cooling environments.The most pressing security concern discussed is "Q-Day" and the "Harvest Now, Decrypt Later" strategy. Malicious actors are currently stockpiling encrypted government secrets, financial records, and intellectual property, waiting for quantum technology to become viable enough to shatter current encryption standards. The hosts emphasize the urgent necessity of Post-Quantum Cryptography (PQC) to protect long-term sensitive data. Chris concludes by noting his upcoming research report on PQC, highlighting how organizations must prepare for a universe where current digital safeguards may soon become obsolete.

In this episode, Chris Steffen and Ken Buckler dissect the federal government’s evolving—and somewhat strained—approach to cybersecurity. A major catalyst for the discussion is the recent withdrawal of agencies like CISA, the FBI, and the NSA from the RSAC conference following former CISA head Jen Easterly’s appointment there. While potentially a move toward fiscal responsibility—given the $5,000 per-person total cost of the event—the hosts warn this retreat could stifle vital public-private partnerships and recruitment efforts.The discussion also tackles systemic talent issues within the military. Experts often face a "promotion trap," being moved into management just as they peak technically, while private-sector salaries can reach 10x their military pay. To counter this, units like the Maryland Air National Guard are pivoting from traditional aircraft to dedicated cyber missions. Ultimately, the hosts argue that the government risks falling behind on emerging technology adoption by absenting itself from the industry's largest collaborative forums. This "cyber-isolationism" could leave federal agencies ill-equipped to handle rapidly evolving threats.

In this episode of the Cybersecurity Awesomeness Podcast, host Chris Steffen and Simon Wijckmans, CEO of C-side, discuss the critical visibility gap in client-side security. While organizations invest heavily in infrastructure and server-side protection, the user's browser remains a largely unmonitored attack vector. Historically, solutions like Content Security Policies and JavaScript agents have proven brittle or easily bypassed by sophisticated scripts that can hide from crawlers or override security hooks.The conversation highlights a major shift driven by PCI DSS 4.0, which now mandates the monitoring and authorization of client-side scripts. Simon explains that modern browser changes regarding third-party cookies finally support more effective proxy-based approaches. This allows security teams to inspect and block malicious third-party scripts before they reach the end user, preventing data exfiltration like credit card skimming. The hosts urge security professionals to move beyond "head in the sand" tactics, emphasizing that robust browser security is now a regulatory and operational necessity for total asset protection.

In this episode of the Cybersecurity Awesomeness Podcast, Chris Steffen and Ken Buckler discuss a humorous yet sobering encounter with a failed AI-driven scam. Ken recently received a common "advance fee" investment scam email, but with a unique twist: the attacker accidentally sent the Python source code instead of the intended message. The code contained telltale signs of AI generation, including placeholder instructions like "replace this with the actual import" for the Gemini SDK.The hosts explain that while this specific attacker failed "successfully," the incident provides concrete proof that scammers are using generative AI to replace the broken English of past scams with highly literate, convincing phishing lures. This shift makes it increasingly difficult for users to spot fraud through traditional "tells." Chris emphasizes that manual defense is no longer sufficient against automated bot armies. To stay protected, organizations must integrate AI-driven security tools to match the speed and sophistication of these evolving threats. As Ken notes, the future of these attacks will likely escalate into deepfakes and multimodal social engineering.

In this episode, Chris Steffen and Ken Buckler are joined by Jim LaRoe, CEO of Symphion, to discuss the often-ignored threat of printer and IoT security. Jim reveals a startling set of "winning lottery numbers": printers account for 20% of network endpoints, yet 99% remain unprotected. With 67% of organizations reporting a printer-related security incident last year, these devices serve as a critical yet vulnerable vector for lateral movement and credential harvesting.Jim explains this widespread neglect through his "Five O's," citing the lack of a formal Owner and their Origin as business equipment rather than IT endpoints. Because printers process highly sensitive data and frequently lack unified management platforms, they offer a 360-degree risk landscape for cybercriminals. The conversation emphasizes that "locking the front door" by declaring a dedicated security owner and integrating print fleets into a unified security strategy is essential. Symphion provides a turnkey solution to bridge this visibility gap, ensuring these "graveyard endpoints" are hardened, monitored, and securely managed.

In this episode, Chris Steffen and Ken Buckler discuss the alarming security and privacy implications of the "Internet of All Things." The hosts highlight how manufacturers are connecting everything—from AI-powered treadmills to smart toothbrushes—often without considering the associated risks.A primary concern is the shift toward recurring revenue models, where companies gate-keep hardware features behind monthly subscriptions. Beyond the cost, Ken warns of the physical security threats posed by Bluetooth-enabled appliances. He explains how broadcasting devices can inadvertently signal a resident's presence or daily habits to malicious actors in close proximity.The discussion also addresses the myth of data anonymization, noting that aggregated consumer data is easily de-anonymized and sold to third parties. The hosts conclude that when a device offers "value-add" connectivity, the consumer’s personal data is often the actual product. They urge listeners to adopt a critical mindset regarding the risk-to-benefit ratio of every connected device they bring into their homes.

Chris Steffen and Ken Buckler from EMA discuss privacy concerns around generative AI.

Chris Steffen and Ken Buckler from EMA present their 2026 Cybersecurity Predictions.

Chris Steffen and Ken Buckler from EMA discuss API security.

Chris Steffen and Ken Buckler from EMA discuss attacks via SEO outreach on news sites.