Unspoken Security

Hosted by Unspoken Security

Technology Business

Website RSS feed

Episodes

Latest episode

May 2026

Language

EN-US

About the show

Unspoken Security is a raw and gritty podcast for security professionals who are looking to understand the most important issues related to making the world a safer place, including intelligence-driven security, risks and threats in the digital and physical world, and discussions related to corporate culture, leadership, and how world events impact all of us on and off our keyboards. In each episode, host AJ Nash engages with a range of industry experts to dissect current trends, share practical insights, and address the blunt truths surrounding all aspects of the security industry.

Listen to episodes

58 recent

May 28, 2026Episode 591 hr 5 min

Is All Social Engineering Malicious?

Social engineering has a reputation problem. Most people hear the term and think phishing, scams, and threat actors. AJ Nash and guest Ashley Stryker push back on that framing in this episode of Unspoken Security. The conversation opens by defining social engineering on its own terms: the act of understanding how people work and using that knowledge to get them to take a specific action. The technique itself is neutral. What determines whether it crosses a line is motive and outcome.From there, the conversation moves into the mechanics. Urgency is one of the most effective social engineering tools threat actors use because time pressure cuts off critical thinking. Stryker argues that the real defense is not training people to recognize a specific type of phish. It is training them to pause before acting on anything that creates pressure around money or security. She also makes a pointed case against security awareness programs that raise awareness without giving employees something concrete to do. Information alone does not change behavior. Action does.The episode closes with the show's signature "unspoken" segment, where Stryker shares the full story behind why she goes by her last name. It turns out there are several reasons, including a divorce, an ex-husband with the same first name, and a deliberate operational security strategy she has used since entering the cybersecurity field.Send us Fan MailSupport the show

May 14, 2026Episode 5849 min

Stolen Credentials, Fake Hires, and the New Insider Threat

In this episode of Unspoken Security, host AJ Nash sits down with Dan O'Day, Senior Consulting Director at Unit 42 by Palo Alto Networks. Dan shares key findings from the 2026 Global Incident Response Report, built from over 750 real-world cyber incidents, covering four major threat trends reshaping the security landscape.Dan breaks down how AI is compressing attack timelines at a dramatic rate. The fastest incidents now move from access to full impact in just 72 minutes, down from 285 minutes the year prior. Attackers are no longer breaking in. They are logging in, using stolen credentials, tokens, and API keys to move laterally and avoid detection. Identity is now the dominant attack surface, playing a material role in nearly 90% of Unit 42's investigations.The conversation closes on a note of cautious optimism. Dan argues that over 90% of breaches stem from preventable gaps, meaning security is solvable. He outlines three priorities for defenders: empowering the SOC to act at machine speed, treating identity as the new perimeter, and securing the entire software supply chain from the first line of code to cloud runtime.Download the Unit 42 Global Incident Response Report 2026 here: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?utm_source=linkedin&utm_medium=social&utm_campaign=na&utm_content=pa001134 Send us Fan MailSupport the show

May 1, 2026Episode 5738 min

AI, Deepfakes, & the New Ransomware Playbook

In this episode of Unspoken Security, host A.J. Nash sits down with Cynthia Kaiser, SVP at Halcyon’s Ransomware Research Center. They explore how ransomware grew from a niche crime into a business, and why security teams now face faster attacks, extortion, and a threat landscape that blurs crime and state activity.Cynthia traces the shift from early encryption schemes to double and triple extortion, then explains how professional crews use access brokers, deepfakes, and AI-assisted phishing to move in hours, not weeks. She also breaks down how Russian-speaking groups, Iranian actors, and state-linked operations use cybercrime for profit, cover, and pressure.She argues that defenders still need the basics: harden identity, patch fast, assume breach, and build response plans that include PR. Cynthia closes with a blunt point: ransomware and fraud are not side issues. They hit hospitals, businesses, and families every day in ways nation-state threats often do not.Send us Fan MailSupport the show

April 2, 2026Episode 5656 min

The Multi-Billion Dollar Crime Nobody Talks About

In this episode of Unspoken Security, host A.J. Nash sits down with Erin West, Founder at Operation Shamrock. They explore the “scamdemic” and the scams draining wealth at industrial scale. Erin explains why business email compromise, government impersonation, and romance scams work so well: they use fear, trust, urgency, and loneliness.She then breaks down pig butchering, a long con that starts with a stray text and grows into a fake relationship and a fake crypto investment. Victims think they are building love and wealth at the same time. Instead, scammers push them to empty savings, tap retirement accounts, and borrow more.Erin also exposes the system behind the fraud. Many scammers are trafficking victims forced to work inside compounds in Cambodia, Myanmar, and beyond. She argues this is both a financial crime and a human rights crisis, and she calls for stronger reporting, public awareness, and international pressure.Send us Fan MailSupport the show

February 19, 2026Episode 551 hr 6 min

The Dangers of Performative Leadership in Tech

In this episode of Unspoken Security, host AJ Nash sits down with Bob Fabien “BZ” Zinga, a cybersecurity executive and Naval Information Warfare Commander in the U.S. Navy Reserve. They explore how performative leadership shows up in security teams, and why values on a wall fail when pressure hits.BZ argues that optics without accountability kills trust. When leaders bend with politics or budgets, engaged employees go quiet. That silence hides risk. He shares how breaches often trace back to human choices, including a W-2 phishing scam that exposed employees’ data and changed his own life. He also pushes blameless postmortems and clear escalation paths.From there, the conversation moves to AI. BZ warns that teams can automate bias and outsource judgment. He calls for guardrails, regulation, and human oversight, especially in high-stakes decisions. He closes with a simple standard: speak up for fairness, even when silence would feel safer.Send us Fan MailSupport the show

February 5, 2026Episode 541 hr 6 min

The Future is Human

In this episode of Unspoken Security, host AJ Nash sits down with Galya Westler, Co-Founder and CEO at HumanBeam. They explore how advances in AI, digital identity, and holographic technology are reshaping the way organizations interact with people—while raising tough questions about privacy, ownership, and trust.Galya shares how her work began in health technology, connecting patients to care during pandemics, and evolved into building secure, lifelike AI avatars for real-world use. She explains why protecting personal likeness and voice matters more than ever, especially as AI tools become more convincing and accessible. Galya stresses the need for consent, encryption, and clear boundaries to keep digital identities safe and organizations accountable.Together, AJ and Galya dig into the risks and rewards of merging human presence with AI. They discuss how thoughtful design and strong security practices can support experts instead of replacing them, and why education and authenticity are key as we build a future where technology and humanity work side by side.Send us Fan MailSupport the show

January 22, 2026Episode 5355 min

Evolution of the Security Integration Landscape

In this episode of Unspoken Security, host AJ Nash sits down with Eric Yunag, EVP of Product and Services at Convergint. They explore how security integration is changing as organizations face a fast-moving threat landscape and rising expectations from leaders and regulators. Eric explains why today’s environment demands a new approach—one that connects hardware, software, and services in a more dynamic, real-time ecosystem.Eric shares how integrators help companies navigate not just the technical, but also the legal and operational complexity of modern security. He describes how shifting to cloud platforms, unifying physical and digital identities, and balancing privacy with business outcomes all add new layers of challenge. The conversation highlights the growing use of AI and “visual intelligence”—using camera data for both security and business insight—as organizations look to do more with their investments.Throughout the discussion, Eric makes the case for trusted, neutral advisors who help organizations build smarter, more connected security systems. He shows how today’s integrators are positioned to guide clients through tough choices, benchmark best practices, and unlock value that goes far beyond traditional security.Send us Fan MailSupport the show

January 8, 2026Episode 521 hr 11 min

Do We Even Need Operational Technology-Specific Threat Intelligence?

In this episode of Unspoken Security, host AJ Nash sits down with Danielle Jablanski from STV to break down the hard truths of operational technology (OT) security. Danielle explains why critical infrastructure - from water and transportation to manufacturing - remains vulnerable, tracing the challenge back to legacy systems, vendor complexity, and the lack of clear, industry-wide standards. She argues that many organizations have poor visibility into their assets and often rely on outdated assumptions about risk and business impact.Danielle calls out the pitfalls of flashy security solutions and emphasizes the need for basic, proven practices like network segmentation and clear asset management. She highlights the disconnect between IT and OT, showing how real-world safety and business operations depend on bridging this gap with honest communication and practical controls. Rather than chasing after hype, Danielle urges leaders to focus on building resilience: knowing what matters, assessing real risks, and strengthening what you can control.Throughout the conversation, Danielle offers a grounded perspective on why OT security demands more than checklists and compliance. She points to the need for shared data, better early warning systems, and a broader base of professionals willing to dig into the complexities - before an incident forces everyone’s hand.Send us Fan MailSupport the show

December 25, 2025Episode 511 hr 6 min

Can We Social Engineer the Bad Guys to Shut Them Down? (Encore of Ep 32)

In this encore presentation of Unspoken Security Episode 32 (originally published on 3 April 2025), host AJ Nash sits down with Chris Birch, an intelligence practitioner with nearly 30 years of experience, to discuss the ever-evolving landscape of social engineering. Chris's unique perspective comes from leading teams that actively engage with threat actors, turning the tables on those who typically exploit vulnerabilities.Chris details how social engineering is simply human manipulation, a skill honed from birth. He explains how attackers leverage fear and greed, the fastest and cheapest ways to manipulate individuals. He also dives into how attacks have evolved, highlighting the dangers of increasingly sophisticated tactics like deepfakes and the blurring lines between legal and illegal applications of social engineering.The conversation also explores the crucial role of organizational culture in cybersecurity. Chris emphasizes that awareness, not just education, is key to defense. He advocates for sharing threat intelligence widely within organizations and across industries, empowering everyone to become a sensor against social engineering attempts. Chris also shares a surprising personal fear, offering a lighthearted end to a serious discussion.Send us Fan MailSupport the show

December 11, 2025Episode 501 hr 6 min

Why Incident Response Keeps Failing

In this episode of Unspoken Security, host AJ Nash sits down with Zoë Rose, SecOps Manager at Canon EMEA. They explore the real-world barriers to building effective incident response programs and discuss why so many organizations struggle to move beyond reactive firefighting.Zoë shares her perspective from both consulting and in-house roles, pointing out that most incident response teams are overwhelmed, under-resourced, and stuck dealing with basics that never get fixed. She explains why expensive tools and new technology often miss the mark when organizations skip foundational work—like asset inventories, clear policies, and tuned alerts. Zoë urges listeners to focus on practical steps, such as documenting processes, improving communication, and building trust between technical teams and business leaders.Throughout the conversation, Zoë breaks down how real change happens: by investing in people, closing skills gaps, and fostering a culture where mistakes drive learning instead of blame. The episode ends with a reminder that effective security is not about quick fixes or flashy tools, but about honest assessment, teamwork, and steady improvement.Send us Fan MailSupport the show

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Technology podcasts

SowGrow Marketing Council

sgmc

BusinessMarketing

Toldjya Finance Podcast

Zac Huish, Cameron Cooke, and Paul Lamb

BusinessInvesting