Ken Buckler - Cyber Security, Caffeinated.

@vxunderground Part of this is through stuff like Qwoted, which allows media outlets to ask for "experts" to comment on topics. I see lots of requests all the time for cybersecurity topics but rarely have time to respond.

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

In this episode of the #CyberSecurityAwesomeness Podcast, hosts @CloudSecChris @CaffSec examine how #CISO priorities are shifting as orgs move from rapid #AI experimentation to a more disciplined, risk-aware strategy. Tune in now: cybersecurityawesomeness.com/148

Cyber Security: Rules to Live By by Ken Buckler is free with a Leanpub Reader membership! Or you can buy it for $7.99! leanpub.com/cybersecrules @CaffSec #ComputerSecurity

[Tomorrow] Learn how to Bridgthe Gap Between Strategic Intent and Operational Reality in Identity Governance Administration. Learn more and register: info.enterprisemanagement.com/identity-gover…

The Great Device Reset: Mapping the 2025 Management Landscape, the Linux Management Blind Spot, and the 2026 Shift blog.enterprisemanagement.com/the-great-devi…

A scammer accidentally sent me his source code?!?!?! I recently received a common "advance fee" investment scam email, but with a unique twist: the attacker accidentally sent the Python source code instead of the intended message. Listen now! cybersecurityawesomeness.com/143

87% say IGA is critical. 30% have scaled back their programs.   Join EMA's @CaffSec for a research-driven look at why privilege creep is now the top identity risk and how AI-driven automation is reshaping governance.   👉 Register: bit.ly/4rqC9K5 #ZeroTrust #IAM

A Scammer Sent Me His Source Code? A Cautionary Tale of the Dangers of Vibe Coding blog.enterprisemanagement.com/a-scammer-sent…

I have a new hobby and it makes my wife laugh

What do you think is the biggest cybersecurity threat for 2026?

The ‘Triple Threat’ of 2026: Why Your AI Workforce Is Your Biggest Security Blind Spot medium.com/p/the-triple-t…

Rest in peace good sir.

@vxunderground Waffle House is great - come for the food, stay for the free spontaneous MMA fights.

There is a restaurant in the United States called "Waffle House". Waffle House is notorious for it's poor customer service, history of violence breaking out in the restaurant, it being open primarily in dangerous areas, and it also being open during severe weather events. Waffle House is typically open during severe hurricanes and tornadic weather. The restaurants willingness to remain open during potentially life threatening weather has resulted in meteorologists creating a scale which measures weather severity based on whether or not Waffle House is open. Despite the restaurants poor reputation, it has a cult like following in the United States. People go to the restaurant expecting poor service because the restaurant is ridiculously affordable and the food is pretty good. One time I visited Waffle House with a friend. When we were waiting on our food the staff became frustrated with a customer who had locked themselves in the bathroom. Eventually one of the cooks busted down the door. They discovered the customer, a homeless looking person, was overdosing on narcotics on the floor. While eating our food, EMTs and police officers were performing CPR on the customer. Staff were arguing about the door being broken. Nobody eating seemed bothered by the situation unfolding. It was a surreal experience. This situation is not unique to me. If you take a moment of your time to lookup Waffle House footage online you'll see hundreds of videos depicting situations similar to mine. I recommend everyone visit Waffle House.

A trusted news site tried to serve users #malware using a fake “I’m human” verification. @CloudSecChris @CaffSec break down how it works, why it’s spreading, and how to stay safe in this #CyberSecurityAwesomeness podcast. devopsdigest.com/cybersecurity-…

Is your organization truly ready for the Agentic AI revolution? 🤖 Agentic AI promises to redefine operations and hyper-personalize customer experience through autonomous decision-making. But the complexity is real: managing security, data governance, privacy, and ensuring security are critical roadblocks. Join me as I chat with Damon Tepe (Head of Product Marketing, Ory) for a deep-dive webinar: "Agentic AI Identities – Is Your Organization Prepared?" In this session, you'll get: -Insights from recent survey results on organizational agentic preparedness. -A look at common pitfalls and unexpected challenges in adoption. -Actionable strategies for harnessing AI agents responsibly. Don't miss out on securing your organization's future in the age of autonomous digital entities. 👉 Register (or Watch On-Demand) Here: info.enterprisemanagement.com/agentic-ai-ide… #AgenticAI #AI #ArtificialIntelligence #DigitalTransformation #EnterpriseManagement #Webinar #FutureofWork #DataGovernance

@OpenAI Yes, and I used it until GPT5 was forced down our throats. Haven't used it since.

Were you one of the first to try ChatGPT?

The #CloudflareOutage wasn’t a massive attack; it was an availability failure. On the #CyberSecurityAwesomeness podcast, @CloudSecChris @CaffSec explain how an oversized config file caused widespread disruption and what it means for your risk strategy. devopsdigest.com/cybersecurity-…

@robj3d3 You should totally go get a job at @Enron

I was fired by Cloudflare today. Me and my team have spent the last 18 months tirelessly testing different regex patterns and configuration updates. If you are looking for experts in taking down 20% of the internet using a single regex, lmk.

Ken's Top 5 - Here's 5 emerging cybersecurity headlines you should be aware of from the past few days. All of these stories can be found online by searching for the headline. **CISA, Eyeing China, Plans Hiring Spree to Rebuild Its Depleted Ranks** The Cybersecurity and Infrastructure Security Agency (CISA) is preparing for a major hiring initiative aimed at bolstering its workforce as tensions with China escalate. This move is critical as the agency aims to enhance national cybersecurity resilience in light of growing threats. **Five Major Changes to the Regulation of Cybersecurity in the UK Under the Cyber Security and Resilience Bill** The UK government has proposed significant amendments to its cybersecurity laws, encapsulated in the Cyber Security and Resilience Bill. The changes are designed to strengthen regulatory frameworks following a series of high-profile cyber incidents. **Anthropic Flags AI-Driven Cyberattacks, Warns That Cybersecurity Has Reached a Critical Inflection Point** Anthropic has raised alarms regarding the rise of AI-driven cyberattacks, suggesting that the landscape of cybersecurity is at a pivotal moment. The development underlines the need for advanced measures to secure systems against sophisticated threats. Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign A recent report has identified the first known case of an AI-organized cyber espionage campaign, showcasing the escalating sophistication in cyber threats. This incident highlights the urgent need for organizations to evolve their cybersecurity tactics. **FCC to Vote on Reversing Cyber Rules Adopted After Salt Typhoon Hack** The Federal Communications Commission (FCC) is set to review its previous regulations that were implemented following the Salt Typhoon hack. This potential reversal could impact cybersecurity guidelines significantly amid ongoing discussions about privacy and data protection policies.

Cybersecurity Awesomeness Podcast Recap – Episode 134: LLM Prompt Injection Attacks blog.enterprisemanagement.com/cybersecurity-…