Cyber Security America

On the front lines of technology and business there is a battle of survival. Behind the scenes, businesses are on a mission to keep a vigilant watch for threats in an ongoing Cyber War. But it’s not just about malware, ransomware, and breaches anymore. The obstacles and barriers companies face today are bigger and badder than ever — and these cyber threats are forcing them to prove they’re secure for the future. So when you need answers to win the battle, tune into Cyber Security America with your host Joshua Nicholson. You’ll learn what it’s like running cyber security operations teams inside some of the world’s largest companies. It’s a cyber backstage pass and real world advice for cyber defenders, CISOs, and security professionals.

Dune Security’s Revolutionary Approach: AI and Cybersecurity 12/30/2025

Spreadsheets to AI Agents The Next Era of Enterprise GRC with Richa Kaul 12/16/2025

Spreadsheets to AI Agents The Next Era of Enterprise GRC with Richa Kaul In episode 47 of Cybersecurity America, host Joshua Nicholson is joined by Richa Kaul, CEO and Founder of Complyance, to explore how agentic AI and intelligent automation are reshaping enterprise Governance, Risk, and Compliance (GRC). Richa breaks down why traditional, spreadsheet-driven GRC programs are failing at scale—and how organizations are moving toward real-time risk monitoring, automated evidence collection, and continuous audit readiness. Drawing from her experience as a GRC executive and privacy advocate, she shares how modern GRC teams can reduce manual effort, improve visibility, and position compliance as a true business enabler. In this conversation, we cover: Why legacy GRC models can’t keep up with today’s threat landscape How AI agents streamline audits and compliance operations Continuous controls monitoring and real-time risk visibility Privacy-first approaches to enterprise AI adoption Third-party risk, regulatory change, and AI governance What CISOs and GRC leaders should expect heading into 2026 Whether you’re a CISO, GRC leader, risk professional, or security executive, this episode offers practical insight into the future of enterprise GRC and AI-driven risk management. About the Show Sponsor: Darkstack7 Darkstack7 is a cybersecurity and IT management firm based in Charlotte, NC, founded by Joshua R. Nicholson, a Marine Corps veteran and seasoned cybersecurity leader with experience at Northrop Grumman, EY, Wells Fargo, and Booz Allen Hamilton. The company delivers Fortune 500–level expertise to mid-sized and growing organizations—specializing in Security Engineering, Incident Response, vCISO advisory, Insider Threat programs, and IT Management consulting. Darkstack7 also provides proactive services such as tabletop exercises, cyber readiness assessments, and strategic security architecture, helping organizations build resilient defenses and align technology investments with business objectives. , #Cybersecurity #GRC #RiskManagement #Compliance #AI #AIinSecurity #EnterpriseSecurity #CISO #CyberRisk #Governance #Privacy #DataProtection #InfoSec#ThirdPartyRisk #DigitalRisk #CyberLeadership #Podcast /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/39422745

Building the Future with Agentic-AI: Deep Dive with Ben Wilcox 12/05/2025

Identity-based Cyber: Jasson Casey on Beyond Identity and the Future of Cybersecurity 10/28/2025

Identity-based Cyber: Jasson Casey on Beyond Identity and the Future of Cybersecurity In episode 45, we sit down with Jasson Casey, CEO and Co-Founder of Beyond Identity, to explore how identity has become the new perimeter in cybersecurity. With over two decades of experience across security, networking, and software-defined infrastructure, Jasson unpacks why traditional defenses are failing and how the next generation of identity security is reshaping cyber resilience. We dive deep into today’s identity-based attack landscape — from Russian threat campaigns and TLS fragility to how endpoint trust, hardware-backed credentials, and zero trust authentication are converging. Jasson also shares fascinating insights on securing AI agents, drones, and machine identities, and what it really means to make credential-based attacks “impossible.” Whether you’re a security leader, technologist, or curious about the intersection of identity, AI, and the future of cyber defense, this episode is packed with forward-thinking insights you won’t want to miss. 🔐 Key Topics: - The evolution of identity as the new cybersecurity perimeter - How attackers are exploiting TLS and credential sprawl - Why AI agents and drones demand new identity frameworks - TPMs, device-bound credentials, and the end of password-based trust The future of identity defense and zero trust authentication 🎧 Guest: Jasson Casey, CEO & Co-Founder, Beyond Identity 🔗 Learn more: 🎙 About the Show Sponsor: Darkstack7 Darkstack7 is a cybersecurity and IT management firm based in Charlotte, NC, founded by Joshua R. Nicholson, a Marine Corps veteran and seasoned cybersecurity leader with experience at Northrop Grumman, EY, Wells Fargo, and Booz Allen Hamilton. The company delivers Fortune 500–level expertise to mid-sized and growing organizations—specializing in Security Engineering, Incident Response, vCISO advisory, Insider Threat programs, and IT Management consulting. Darkstack7 also provides proactive services such as tabletop exercises, cyber readiness assessments, and strategic security architecture, helping organizations build resilient defenses and align technology investments with business objectives. /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/38805040

Surviving Ransomware: Strategies and Stories with Cybersecurity Expert Matthew Waddell 10/16/2025

Surviving Ransomware: Strategies and Stories with Cybersecurity Expert Matthew Waddell In episode 44 of Cyber Security America, host Joshua Nicholson sits down with Matthew Waddell, a battle-tested cybersecurity leader with over 25 years of experience in digital forensics, incident response, and ransomware defense. From conducting “just-in-time forensics” under combat conditions in Iraq and Afghanistan to leading global ransomware investigations for Fortune 100 companies, Waddell shares unmatched real-world insight into how cyber threats have evolved—and what it takes to defend against them. Topics Covered: The evolution of ransomware and why it remains a billion-dollar business Real-world stories from digital forensics on the battlefield Practical strategies for preventing lateral movement and improving network segmentation How AI and large language models (LLMs) are changing cybersecurity and cybercrime Why advanced tools like EDR and XDR can fail if humans disable alerts or skip training The promise and peril of AI in security operations, hiring, and incident response Matthew also discusses his upcoming book, Survive Ransomware, a practical playbook for small and medium-sized businesses navigating today’s threat landscape. If you’re serious about defending your organization—or just curious about how cybersecurity, AI, and human error collide—this episode is packed with lessons, stories, and expert insights. If you are in need of cybersecurity services please visit our sponsor Darkstack7 Cyber Defense at 🎧 Listen, learn, Subscribe, like, and stay secure: Video podcast on Youtube: Host Info: Guest Info: Website: LinkedIn: Book: Hashtags: #cybersecurity #ransomware #ai #incidentresponse #digitalforensics #securityoperationscenter #cyberthreats #cyberdefense #infosec #networksecurity #MatthewWaddell #cybersecurityamerica #JoshuaNicholson #dataprotection #techpodcast #cyberawareness #aiinsecurity #SurviveRansomware #edraid #xdr #PowerShellSecurity #TacticallySecure #cyberpodcast #podcast /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/38601755

Penetration Testing and Social Engineering: Insights from Steve Stasiukoni 09/22/2025

Defense Contractors: CMMC Is Here — And the Clock Is Ticking 09/09/2025

From Combat Boots to Cybersecurity - Nia Luckey on her journey 08/21/2025

Cybersecurity’s Golden Rule: The Legal Blueprint No One Shares 08/15/2025

Cybersecurity’s Golden Rule: The Legal Blueprint No One Shares In this episode, sponsored by Darkstack7, Joshua sits down with Chris Cronin, partner at Halock Security Labs and founding partner of Reasonable Risk, to explore the intersection of cybersecurity, risk management, and the legal principles behind “reasonable” safeguards. Chris unpacks the DoCRA Standard and CIS RAM, sharing how historical and legal frameworks can guide today’s cybersecurity strategies. From his journey in academia to his leadership in cyber risk, Chris offers practical insights on balancing risk, ensuring compliance, and applying reasonable security measures that stand up to regulatory and legal scrutiny. The discussion covers real-world risk assessments, notable legal cases, and emerging tools that automate and enhance risk management. Key Topics: - How the DoCRA Standard and CIS RAM shape practical risk analysis Applying “reasonableness” from legal precedent to cybersecurity Balancing regulatory specificity with operational flexibility The role of community and professional standards in defining reasonable safeguards Historical analogies, insurance considerations, and executive decision-making in risk management Timestamps: 00:00 Introduction to Cybersecurity Challenges 00:26 Meet Chris: A Cybersecurity Expert 01:25 Chris’s Journey into Cybersecurity 02:50 Where Law Meets Cybersecurity 04:37 Defining Reasonable Security Measures 06:37 Regulations and Compliance in Practice 08:24 The Legal Concept of Reasonableness 10:22 Translating Legal Standards into Cyber Practices 14:53 Practical Risk Analysis Steps 21:20 Balancing Flexibility and Specificity in Regulations 24:54 Professional Standards That Shape Reasonableness 25:49 Certifications and Industry Benchmarks 26:17 How Community Shapes Standards 26:34 Lessons from Aviation for Cybersecurity 28:29 The CIS RAM and Risk Assessment Methods 30:51 Legal Implications of Adopting Reasonableness 32:16 Insurance and Risk Management 34:38 Challenges in Incident Response Reporting 39:40 Risk Assessments for Executive Decision-Making 46:02 Closing Thoughts and Call to Action www.darkstack7.com /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/37832100

Memory-Only Malware: The Threat You’re Probably Missing 07/16/2025

Digital Forensics & Incident Response (DFIR) with Surefire Cyber. 06/24/2025

Data Intelligence: Breaking Chaos with Kyle DuPont | Ohalo's Innovation in Unstructured Data 06/02/2025

Data Intelligence: Breaking Chaos with Kyle DuPont | Ohalo's Innovation in Unstructured Data In this powerful episode, we sit down with Kyle DuPont, CEO and Co-Founder of Ohalo, the trailblazing company reshaping the way organizations understand and manage unstructured data. With deep experience in both finance and technology, including a background at Morgan Stanley, Kyle shares the origin story of Ohalo and how their flagship product, Data X-ray, is revolutionizing data governance through advanced machine learning and natural language processing (NLP). We explore how Ohalo empowers major banks, governments, and enterprises to discover, classify, and protect sensitive data in a world of increasing complexity, compliance pressure, and security risks. From the rise of generative AI to the ethical implications of automation, this episode is packed with practical insights and future-facing perspectives. Whether you're a tech leader, data scientist, or simply curious about the future of AI and data, this conversation is a must-watch. 🕒 Chapter Timestamps 00:00 – Introduction to Kyle DuPont and Ohalo 01:44 – Kyle's Journey to Founding Ohalo 03:35 – Understanding Data X-ray and Its Applications 05:21 – Challenges in Data Security and AI Solutions 07:04 – The Role of AI in Data Management 13:31 – Cultural Insights and Personal Anecdotes 15:27 – Ideal Customers and Use Cases for Ohalo 17:56 – Future of AI and Data Management 20:56 – The Future of AI: Predictions and Implications 21:10 – Automation and Productivity: Embracing AI Tools 21:55 – The Evolution of Coding and Business Processes 24:36 – AI in Business: Real-World Applications 26:46 – Emerging AI Protocols and Security Concerns 29:53 – Ethical and Legal Implications of AI 36:22 – Advice for Aspiring AI Professionals 38:32 – Conclusion and Final Thoughts 📢 Don’t forget to like, comment, and subscribe for more expert-led conversations on data, AI, and the future of technology. For the show video versions and the Cyber Battlefield training series are available. #AI #ArtificialIntelligence #MachineLearning #DataScience #DataSecurity #CyberSecurity #NaturalLanguageProcessing #FinTech #BigData #DataGovernance #GenerativeAI #TechPodcast #StartupStories #Innovation #Automation #FutureOfWork #DigitalTransformation #UnstructuredData #Ohalo #KyleDuPont #DataPrivacy #AIethics #TechLeadership /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/36809730

Telegram Exposed: The Super App Enabling Cyber Crime 04/24/2025

Cyber Battlefield Insights: Lessons in Incident Response and Dark Web Tour 04/02/2025

Job Hunting in 2025: Top 10 Tips to Land Your Next Cybersecurity Role 02/18/2025

Top 10 GRC Program Tooling for Success - (Build vs. Buy) 02/03/2025

Zero Trust in the Middle East: Navigating Cybersecurity Challenges & Opportunities 12/31/2024

Zero Trust in the Middle East: Navigating Cybersecurity Challenges & Opportunities Welcome to Episode 32 of our podcast, where we explore the evolving landscape of cybersecurity in the Middle East. In this installment, we delve into the complexities of implementing Zero Trust in the region, focusing on the challenges and opportunities foreign companies face while adopting this vital framework. Zero Trust is more than a buzzword—it's a multi-faceted journey that requires a deep dive into the five core pillars: identity, network, application, device, and data. These pillars form the foundation of the Zero Trust maturity model, and every organization looking to implement this framework must evaluate its maturity across these domains. Our guest, Kamel Tamimi, a visionary cybersecurity professional with over two decades of experience, joins us to discuss how the Middle East is embracing Zero Trust as a strategic defense against growing threats. Kamel explains that achieving Zero Trust maturity isn’t a single-department project or a one-time task—it’s a continuous improvement process that involves both technology and practices. As technologies like multi-factor authentication (MFA) become more accessible and affordable, organizations can integrate them into their Zero Trust models to better protect their data and assets. Kamel also highlights how AI and machine learning are revolutionizing Zero Trust, enabling dynamic, risk-based decisions based on a wealth of real-time data. AI’s role in Zero Trust is pivotal—processing vast amounts of data quickly to assess the risk of every request. With machine learning, Zero Trust systems can not only verify identities but also detect anomalies such as unusual login times or unfamiliar devices. This dynamic, data-driven approach helps companies better secure their networks, with the flexibility to take actions beyond simply allowing or blocking access. For instance, AI can divert suspicious traffic to deception systems or apply more rigorous security controls based on the risk profile of a user or device. Kamel also touches on the practical side of implementing Zero Trust in the Middle East. It’s not about ripping and replacing your infrastructure; it’s about re-architecting your security framework to align with the Zero Trust principles. The journey begins with evaluating your identity management system and ensuring it can support advanced features like MFA and single sign-on. The other pillars—network, application, device, and data—must also be addressed in a comprehensive strategy that evolves over time. As we explore these themes, we also discuss broader regional trends, such as the expansion of hyperscale data centers by global tech giants like Google, Oracle, Azure, and Alibaba in Saudi Arabia, UAE, and Qatar. The drive for data sovereignty, regulatory compliance, and job creation is reshaping the cybersecurity landscape in the region, making Zero Trust even more relevant. Join us for an insightful conversation with Kamel Tamimi as we unpack the complexities of adopting Zero Trust in the Middle East and explore the intersection of technology, strategy, and cybersecurity. Stay updated with the latest episodes of Cyber Security America by visiting our YouTube Channel and subscribing on . Connect with Joshua Nicholson on LinkedIn . #Cybersecurity #MiddleEast #ZeroTrust #AI #MachineLearning #ThreatIntelligence #DataSovereignty #TechAdvancements #DigitalTransformation #Podcast #CybersecurityChallenges #ForeignOperations /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/34666835

Cyber Battlefield Insights: Identifying Critical Shifts & Errors Leading to Intrusions 06/10/2024

Cyber Battlefield Insights: Identifying Critical Shifts & Errors Leading to Intrusions Episode 31, Welcome to season two of the Cyber Security America podcast. In this episode, we explore the evolving landscape of cloud security, focusing on critical considerations for organizations migrating to Office 365 and Azure AD. Stay tuned as we unravel essential strategies and insights to bolster your security posture in the cloud. In traditional on-prem environments, users authenticate to domain controllers within a network. However, replicating this infrastructure to Azure Cloud introduces significant changes. Now, users can authenticate from anywhere globally, leading to numerous failed authentications and increased MFA prompts. This new setup can cause account lockouts that do not synchronize back to the on-prem domain controller. Therefore, when moving to Office 365, it's crucial to consider Microsoft's Defender for Identity for enhanced security posture, compliance, threat detection, and vulnerability assessments. One of the most significant security concerns is PowerShell. It's frequently used in legitimate administrative actions and by malicious actors. Hardening PowerShell is essential, and this includes enabling transcription, which captures input and output of commands, and script block logging, which ensures Base64 encoded commands are logged and can be decoded for analysis. This helps to detect and respond to malicious activities without relying on external tools like CyberChef. Furthermore, enforcing script execution policies (restricted, bypass, remote signed, all signed) helps manage which scripts can run, though these policies are not foolproof security controls. The key is to use them as intended to prevent unintended script execution. Constrained language mode is another vital hardening measure, restricting access to commands that can invoke Windows APIs, which are often exploited to download malware. For example, commands like `Add-Type` can load arbitrary C# code and are frequently used in attacks. Additionally, integrating the Anti-Malware Scanning Interface (AMSI) into applications can help detect and prevent script-based threats by scanning unobfuscated scripts before execution. This is particularly useful in environments where PowerShell is heavily used, as it adds an extra layer of security. Effective cybersecurity requires technical depth and business alignment. Start by understanding your industry's regulations and standards. Align your cybersecurity strategy with business risks and integrate threat intelligence, incident response management, and continuous attack surface management. This strategic approach ensures a comprehensive security posture. Finally, as organizations migrate to Azure AD and other cloud services, several key security considerations must be addressed. This includes understanding architecture changes, monitoring data flow, and ensuring tool rationalization. Critical components often overlooked include proper deployment of MFA and firewall management. PowerShell security remains a top priority, requiring logging configurations that decode Base64 and using digital signatures to verify scripts. Emerging technology threats, such as AI model poisoning and DNS over HTTPS, also need attention. Monitoring DNS logs for threat hunting is crucial, but the shift to DNS over HTTPS complicates this. Additionally, remote access solutions like RDP should be used in just-in-time mode to prevent continuous exposure. In summary, moving to the cloud and adopting new technologies necessitates a robust cybersecurity framework that integrates traditional security measures with advanced threat detection and response capabilities. #Cybersecurity #PowerShell #AzureAD #CloudSecurity #Office365 #DefenderForIdentity #MFA #ThreatDetection #ITSecurity #CyberThreats #CloudMigration #PowerShellSecurity #DNSOverHTTPS #AIThreats #RemoteAccess #ITCompliance #SecurityBestPractices #IncidentResponse #ThreatIntelligence /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/31688942

Governor Pat McCory: Cyber Challenges in Government 04/23/2024

Governor Pat McCory: Cyber Challenges in Government Join us for an illuminating journey into the world of cybersecurity and governance as we sit down with former Governor Pat McCrory, the 74th Governor of North Carolina. In this captivating episode, Governor McCrory offers his invaluable leadership insights on the pressing issue of cybersecurity, particularly within the context of state and local government. Discover how the decentralized nature of government at various levels is adapting to the ever-evolving digital landscape. Governor McCrory's extensive experience in public service provides a unique perspective on the challenges and opportunities in safeguarding our digital assets. Explore the real-world implications of cyber threats, with a particular focus on potential threats to the Department of Transportation (DOT). Gain a deeper understanding of how government agencies like DOT are addressing and mitigating these emerging challenges. We'll also delve into the recent Government Accountability Office (GAO) Report on Cyber, analyzing its key findings and recommendations. This report is a must-read for policymakers and cybersecurity professionals, and our discussion will provide valuable insights into our nation's cybersecurity readiness. But that's not all! Governor McCrory has an exciting announcement to share. He will provide insights into a potential Presidential candidacy from the No-Labels political group, offering a unique perspective on the evolving political landscape and the role of cybersecurity in national politics. Tune in to this exclusive episode and engage with Governor Pat McCrory's insights, questions, and the dynamic discussion surrounding critical issues at the intersection of cybersecurity, governance, and national politics. Don't miss this opportunity to gain a deeper understanding of the challenges and opportunities facing our digital world. Patrick Lloyd McCrory (born October 17, 1956) is an American politician, businessman, and radio host who served as the 74th governor of North Carolina from 2013 to 2017. A member of the Republican Party, he previously served as the 53rd Mayor of Charlotte from 1995 to 2009. While serving as mayor of Charlotte, McCrory served on the U.S. Homeland Security Advisory Council from 2002 to 2006 under President George W. Bush. He was the Republican nominee for governor of North Carolina in the 2008 general election. McCrory was again the Republican nominee in the 2012 gubernatorial election and won with 55 percent of the vote. McCrory became the first Mayor of Charlotte to win the state's highest office, as well as the first Republican to win the governorship of North Carolina since 1988. /episode/index/show/40dd79c0-9f4f-4e25-89de-80a6711c1b0f/id/30946208