210: IBM was hacked 56,000 times(and nobody knew)

IBM was hacked 56,000 times(and nobody knew)
===

[00:00:00] One thing that happens is the more money you make early on, the easier it is for you to ask for more money for new jobs that you wanna get. For example, if you making 165 now, it's gonna be easy for you to say, "All right, for me to lead this role, I need $200,000." Whereas if you're at 125, you may be scared to ask for that.

Welcome back to the Tech Forethought Podcast. I'm your host, HD, and if you're in the video right now, you like what you hear, go ahead and hit that subscribe button, and also just share it out. We got some good topics for you today, guys. Former IBM cyber exec is blowing a whistle on some stuff that we didn't know happened.

Ransomware groups are targeting law firms. We're talking about AI hiring biases, how to get jobs, and much, much more. But let's get into, I think, what I would call one of the more interesting topics that I saw. And we're gonna do this the old school way. I haven't did this in a while. We are gonna go back into the way where I just share the article and we just look at it and, [00:01:00] you know, let's go from there.

A former IBM cybersecurity executive accused the company of getting hacked three times in the previous decade by foreign governments and then covering up the breaches. In a lawsuit unsealed this week but filed in twenty twenty, William Barlow, who was IBM's vice president of Threat Intel until August twenty nineteen, said IBM concluded Chinese hackers breached its core network between twenty thirteen and twenty sixteen, but that the company then covered up the breaches and never disclosed them.

Barlow also said at least two IBM subsidiaries were also breached, and that IBM covered up those breaches as well. Now, that's interesting because they are supposed to disclose all those things and who got hacked, what information got access to, because they have all these different partners that they work with.

So, interesting. Barlow alleged in his complaint that IBM's core network was routinely hacked by foreign state actors and others, adding that the data was frequently stolen and government agencies were never notified. While the alleged breaches date back more than a decade, the news shows that cyber attacks, even those affecting large public [00:02:00] tech companies such as IBM, sometimes never get disclosed either to the public or to relevant government authorities.

IBM is a major cybersecurity vendor to the US federal government, which makes the alleged concealment especially significant. In the last few years, several data breach notification laws have been passed to counter this problem. Yeah, uh, that's a big one. And two, this is correct. Most of the time there are breaches people don't know about that as long as they can manage the damage and it's not too widespread, they will not report on.

Third, these things, if they were this massive, it's kinda tough. He was in a rock and a hard place. Some people probably wanted to say something, other p- people probably told him, "No, we're gonna keep the money coming in. If you wanna keep your job, keep your mouth shut." So I'm interested to know, I guess, why they talking now.

Maybe they f- well, it says former, so maybe they got fired or they got laid off or they quit. So IBM spokesperson Micky Carver declined to answer specific questions about the lawsuit and the underlying activities. Instead, [00:03:00] Carver told TechCrunch this complaint was filed six years ago and the US Department of Justice declined to intervene.

IBM is confident that our actions follow the letter of the law. Let's... Know what? Let's have some fun real quick. I'm gonna Google that

All right. So the term letter of the law refers to the literal word for word interpretations of a legal statute or rule. It means adhering strictly to exact wording and explicit provisions, regardless of the context, fairness, or the original intent behind its creation. Now, based on what we just read, it doesn't look like that they followed the letter of the law And so you can go, uh, further and I can do this.

So publicly traded companies in the US must disclose material cybersecurity incidents to the Securities and Exchange Commission, AKA the SEC, on a Form 8-K within four business days of determining that the breach is material. So it looks like they did not follow the law. In [00:04:00] particular, Barlow said IBM was among several victims of a hacking campaign carried out, carried out by APT10, a Chinese government group that then FBI Director Christopher Wray said had targeted a who's who of the global economy when its members were indicted in twenty eighteen.

The hackers broke into both the company's network and the data it maintained there in partnership with AT&T. Barlow alleged that in March twenty seventeen, the intelligence officials from Australia, Canada, New Zealand, United States, and the United Kingdom, the so-called Five Eyes Alliance, warned IBM of the breach, which prompted an internal investigation.

According to the complaint, the investigation concluded that APT10 potentially breached IBM's network more than fifty-six thousand times between twenty thirteen and twenty sixteen. Crucially, the company said it could not investigate further because it had not kept logs of who accessed its network and when, a basic security practice

That's crazy. Let's read that again. I feel like I [00:05:00] read it so fast that I missed what's happening. According to the complaint, the investigation concluded that APT10 potentially breached IBM's network more than 56,000 times. That's a lot. Between 2013 and 2016. So you do 56 divided by what, three? What is that?

Uh, shh, I ain't no math whiz and I'm not finna do it. But that's a lot. So crucially, the company said it could not investigate further because it had not kept logs of who accessed its network and when, a basic security practice. IBM then allegedly failed to alert any authorities or the US government, one of its main customers.

As IBM and AT&T's core networks infrastructure is archaic, hackers have been able to gain access to the system on numerous occasions and can roam almost anywhere undetected. Read the complaint, which explained that IBM's internal investigation had concluded four servers were compromised in the APT10 hacking campaign.

I wonder if they got a link to the complaint in here. [00:06:00] No, they do not. So I find that to be very, very inter- interesting 'cause if we go back, AT&T had a hack, what was that, two years ago? You know, everybody, uh, get these spam calls and everything else that's going on, that's happening when you are, um, using the phone if you're AT&T or anybody else, like e- everything is interconnected.

And what is it? So Tafoon, I think that was in, um, the, the phone carriers now too. It's, everything's just a mess. It- it's just a mess and people prioritize profits over privacy, and that's why we are in the predicament that we are in now

Let's see. The attackers had compromised and are accessing nearly 400 compromised accounts and almost 200 total systems and servers across every IBM business unit, 18 countries and multiple IBM products, said an internal IBM report about the investigation into the breach. Jason Brown, a lawyer representing Barlow, told TechCrunch that his [00:07:00] firm is looking forward to aggressively litigating the matter.

You can't sell cybersecurity to the federal government while allegedly having these security problems within your own company. According to Barlow, other breaches he was aware of affected Trusteer, a cybersecurity startup acquired by IBM in 2013, which he says was breached in 2018, and Truven, a healthcare data startup IBM acquired in 2016, which he says was breached multiple times after acquisition.

In both cases, Barlow accused IBM of failing to properly investigate and disclose these breaches. I'm on Barlow's side. Uh, I think that they should have notified people of the breaches. I think that's just crazy, right? You, you do all these crazy interviews, and anybody who knows how this game goes, you're interviewing here, you're interviewing there, and they ask you about all these different things.

But when it comes to them doing what they're supposed to do with your data, they never do it. So if you still are with me right now, let me know how you feel about the IBM whistleblower and just them allegedly [00:08:00] having all these different, um, data breaches and APT10 access system, their network and AT&Ts.

Like that's pretty interesting. I would love to e- talk to either like a former IBM or AT&T security professional about this. Matter of fact, while we're here, a little commercial, I am planning to do another show separate from this one where it'll be specifically more blue team related, uh, whether you work in the SOC, incident response.

Um, threat intel is kind of blue team. It's like reactive, but it could be also like insider threat, uh, data loss prevention, all that type of stuff. If you got interesting cases that you did on there, uh, please reach out to me. Uh, I'm working up something special and, uh, if you wanna be a part of it, uh, let me know.

So looking to do like 10 episodes, maybe the first season. It could be more depending on how many people, uh, reach out and, and want to get on. But nonetheless, I thought that was pretty interesting. Now, [00:09:00] I think I want to talk about, um, while we are here and we're already talking about federal governments and everything else, um, I don't know if you guys are aware of this, but OpenAI is trying, I mean, no, the government's trying to buy a stake in OpenAI.

So let's see what this video says, and then if it doesn't give me what I need, I'm going to put an article up. So give me a second. We are hearing that the US government is considering taking a stake in OpenAI, possibly other AI giants as well. A source tells me CEO Sam Altman and the Trump administration have been talking about this idea for more than a year now.

Altman first floated this, from what I'm hearing, back in twenty twenty-five when Trump initially took office. A source says that OpenAI would actually donate a portion of its equity to a possible AI fund as part of this. Altman was on Capitol Hill just this week. He was meeting with lawmakers from what we're hearing, including Senator Bernie Sanders, who has pitched a fifty percent government stake in some of these AI companies.

[00:10:00] He confirmed to CNBC that he and Altman talked about the concept of a sovereign wealth fund in terms of investing in AI. Much of this does mirror what OpenAI has said publicly already. Back in April, it did pitch a handful of solutions to try to spread the economic benefits of this technology and let Americans participate in AI's financial upside at a time when there is real anxiety around widespread job loss.

Again- I'm gonna jump in right here. I honestly do not believe-- I don't know. I don't really, rarely believe what I hear and what I read. To me, OpenAI already really ain't making money like that. If you use any of the other products, they're much better. OpenAI's claim to fame with ChatGPT was that they were first.

So of course, they would do this because this is how you build those relationships to keep your business afloat, even if it's not doing the best. And OpenAI is also the people that are helping with weapons and everything else, so can't trust them. That's on me. The government, though, has a recent track record when you look at recent direct equity stakes in other tech [00:11:00] companies.

You have Intel, IBM, GlobalFoundries, other critical mineral companies, plus some quantum companies as well. Worth noting, though, a handful of other governments around the world are actually already invested in OpenAI and Anthropic through their own sovereign wealth funds. You have MGX out of Abu Dhabi and then, uh, the UAE fund.

There are also some state funds that own blocks through venture capital firms, so there's sort of a precedent for this on a global scale. That's pretty interesting. Pretty interesting. Um, let me see if the article, uh, tells me more about that. Give me one second. All right. So let's see. Um, so she already kind of said this.

Trump does not seem to have mentioned specific companies in his comments, but OpenAI is a likely candidate, especially after CNBC reported. Okay, that's, that's fine. But let's see if there's anything else. Um

Bloomberg also [00:12:00] reports that CEO Sam Altman has been discussing the idea of government staking major AI companies since early 2025, and this aligns with Trump's broader interest in government ownership of for-profit companies, most notably with the government taking a 10% stake in struggling chipmaker Intel last year.

I'm not an economist, and I'm not as well-versed enough in order to kind of go in deeper about these type of things. These are definitely some things I wanna learn more about. Um, is this typical in other countries or what's happening with them getting 10% stakes? Is this helping pay the government back with all the stuff we owe money to other places and stuff like that?

So I don't know. Um, like I said, I don't know much about that part of it, so I kinda stick to what I know and don't talk out my butt. Um, yeah, so she mentioned this about, um, some traction on the left when Bernie Sanders proposed a one-time 50% tax that companies like OpenAI, Anthropic, and [00:13:00] xAI, part of SpaceX, would pay into the form of stock.

Um, with all these business potentially going public this year, Sanders argued this tax would give the public a direct role determining the future of this technology and guarantee that trillions of dollars potentially generated by AI are used to improve the lives of all of us. I mean, uh, we can see about that, but we know that's not always true.

Um, so yeah, I thought that was pretty cool then. Uh, well, not cool, but more so interesting. But, uh, now I think I wanna talk about, um There's a couple things. It was like, so it was one of them we had like over 900 US gas station tank gauge system exposed to attacks. Actually, let's talk about that briefly because of CISA already warned about that.

And then so now that we see that 900 US gas station tank gauge systems exposed to attacks, I think that's pretty interesting. Uh, so let's go [00:14:00] ahead and talk about it. All right So over 900 automatic tank gauges or gauges across the United States used to monitor fuel and chemical storage tanks across various critical infrastructure sectors have been found exposed online and are vulnerable to ongoing attacks.

ATG systems are electronic monitoring devices used to remotely track fuel, chemicals, or other liquids in storage tanks, automate inventory control, environmental leak detections, and regulatory compliance. While they're commonly used as gas stations to monitor fuel tank levels, they can also be found in industrial settings to track chemical storage tanks.

On Tuesday, CISA, the FBI, the NSA, the Department of Energy, and other US government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks. The federal agencies warned that threat actors target such devices to alter system settings and command execution attacks after exploiting various security flaws, including [00:15:00] hard-coded credentials, authentication bypasses, SQL injection vulnerabilities, OS command execution flaws, and privilege escalation weaknesses.

So, um, this is right here is... I want to say this should be into OT, so I believe that's operational technology. I believe this kind of goes on that. This would have been great to ask Gabe about. So I'm gonna send this part to Gabe and see what Gabe have to say about this. But the federal agencies warn that threat actors target the...

No, no, no, no. I'm sorry. The recent malicious cyber activity observed by authoring organizations, which the US government has not yet attributed to a nation state or threat actor group, involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution.

As CISA cautioned, following the successful compromises, the attackers could disable system alerts, increasing the risk of leaks or equipment failures, and even causing permanent damage to the targeted tank systems. In light of CISA's [00:16:00] advisory, internet security watchdog Shadowserver warned today that over a thousand ATG systems were exposed online.

So yeah, we got nine-on-nine here in the US, so I wonder how many they got in China and Brazil and everywhere else that they got highlighted. That's crazy. Yet the most of them are here. We add a scanning of ATG systems to our accessible ICS reporting with ten sixty-one IPs seen on twenty twenty-six, June fifth.

This is, uh, after weeding out vast majority which appear to be honeypots. Critical infrastructure organizations are advised to restrict mote- remote access to AT- ATG systems from the internet as soon as possible Implement control access through firewalls, VPNs, or access control lists. They should also replace default passwords on vulnerable devices with strong credentials, apply security updates, monitor systems for unauthorized changes, and implement multi-factor authentication where possible.

CISA's warning comes after May that Iran- [00:17:00] Iranian hackers had breached ATG systems connected to the internet and multiple gas stations across the United States. All right, let's see

All right. Yeah, so we're almost at the end. After hacking the devices with weak or non-existent passwords, the attackers reportedly manipulated the display readings but did not alter the actual fuel levels. Although these incidents didn't cause any physical damage, they raised concerns that such attacks could hinder automated fuel leak detections and similar safety related functions.

All right. Cool. Well, not cool, but if you're in those industries, you're probably gonna be busy, and you're definitely gonna be making sure that you're not vulnerable or susceptible to any of those attacks. Now, to switch gears and have fun, we talked about this a while back, but I came across some fun TikToks, and so I'm gonna mix them and match them between when we were talking about articles to kind of just keep the conversation going and keep it alive.

But if we go right here, I thought this was a cool one. [00:18:00] Let's see. We had to stop before- Hundred and twenty-five thousand remote job, a hundred and sixty-five thousand five days a week in-office job, I'm taking the one hundred and sixty-five K in the office. Depending on how far the commute is, it might not even matter because I can probably move a little closer because I'm bringing home an extra two bands after taxes a month.

We're going into office. If the job is paying twenty-five thousand or more, I'm going into office. If it's ten grand or fifteen grand more, I'm staying remote. That's just me personally. Now, that was, that was cool. So that's pretty much a forty K difference. And he made the video in twenty twenty-five, so it wasn't even, uh, twenty twenty-six.

Now let, let's, let's do the science behind this, right? Let me find a salary calculator real quick. All right. So guys, let me share the screen real quick. Let's have some fun. Now, personally, I'm with him. I'm taking the one [00:19:00] sixty-five K in that situation. Um, and I'm doing it based on me not having any other stuff I got going on.

Like now it's a little bit different. I say no because of, um, I don't have the biggest support system out here. It's just me and my immediate family and the kids and everything like this. It's much easier for me to be remote. It's more flexible. But I have, you know, worked in office in the past three, four days.

You know, it just depends on if the price is right and I definitely was, uh, making around that amount when I was going into office. Now, if I didn't have nothing going on, it's a, it's a no-brainer, right? Uh, and I'm gonna make this simple. So let me share the screen. We're gonna say you're just a... Uh, oops, let me remove this.

We're gonna say that you are a, a single person And

That you, um... What you got? So the first one, we're gonna say you get paid, we're gonna say semi-monthly, right? Salary per [00:20:00] year. We're gonna say you make 125,000. And let's see, what state are we gonna say you in? Um

Let's see, state. All right, let's choose a state. So we're gonna say it's... I, I'm in Texas, so let's deal with Texas. Earnings, uh, federal taxes. We're gonna say single, uh, no dependents, and there. Okay. So keeping it, uh, straight up like this, this is not including, uh, what your, um... anything would be for, like, benefits and stuff like that.

So, if you got paid semi-monthly, that's two times a month, making $125,000 a year, you would have a gross, uh, $5,000, $5,208 and [00:21:00] 33 cent. Now, out of taxes, you would get $780 taken out in taxes, 75 Medicare, 30... $322 Social Security, which before benefits, you don't have any benefits taken out, will leave you with $4,000 and 29...

uh, $4,029 and 31 cent. So that's not bad. Now, let's do the same thing, but let's see what it'd be for 165.

Now, for 165, you are getting taxed much, much more. Your earnings is, uh, $6,875. Taxes 1,100 in Fed, 400 Social Security, 99 in that, so your take-home is $5,168.48. Now, that's-- it's crazy that you are making 40K [00:22:00] more, but you know, you're only really taking home probably like 1,000 or more per check. So I can see how some people would say that.

But then, so now if we do the 1,000 times, what, 24? That's 24,000 that you netted more than the other role. So of course, if you look at it per check, you would think that, you know, it's not that much. But if you do it through the year, that's $24,000 that you may not even... Some people may not have the ability to work an extra job or do something else remotely to make up the $24,000 that they're missing.

Now, there are also people that say, "Well, um, you know, the commute time where you got to pay in gas and all the other stuff," which is a legitimate concern. But if you are single in Texas making $165,000 working office, you can pretty much stay where you want to. So you could probably stay closer to the office, right?

And [00:23:00] this is a hypothetical, so we don't know exactly where you're gonna stay. We don't know, like, you know, if we wanna do average apartment rent, we'll say it's like, we'll say 1,200 to 1,500 bucks, all right? So now you take from that 5,000, now you go to $3,500, but that's just off one check. And so that's just some fun math.

I thought it was a fun question. Let me know in the comments what you would do. Would you work remotely, uh, without the extra 40K, or would you get the extra 40K to make the 165? 'Cause I'm gonna let you in on another secret too. One thing that happens is the more money you make early on, the easier it is for you to ask for more money for new jobs that you wanna get.

For example, if you making 165 now, it's gonna be easy for you to say, "All right, for me to lead this role, I need $200,000." Whereas if you're at 125, you may be scared to ask for-

And you may stick to only one to get 150, [00:24:00] 165. So it's kind of one of those things too. I've seen it happen. People are scared of it because they hadn't seen the money. Uh, so that's where it at. And I'll tell you this too, it's 2026, a lot of people who are remote, and granted a lot of people who are working remote don't care to be promoted, right?

Unless like your company is one of those remote first companies where everybody's remote. If you're in office, that 165K person has a better chance of promoting and making more money, getting better bonuses, extending that network. Not only work, but outside of work, depending on, you know, they may grab some food somewhere in office.

It's like a whole bunch of intricacies that count when you work in the office that we don't talk about. But like I said, there are benefits to working from home. I agree. But, f- uh, passing up on 40K extra net and then... No, net would be 24,000 net. It's just hard to pass up on. So like I said, let me know, uh, in the chat what you would do.[00:25:00]

Uh, let's see where we at. So now I thought we had some cool... I, I came across an article saying hackers spotted on a stock exchange executive's Outlook mailbox for five months. So five months that they did that, and that's interesting to me. So I want to see how did they do that and how did their detections not pick that up.

So let's do this journey. All right, yeah, I changed my stuff. Perfect. So unknown attackers spent at least five months inside the Outlook mailbox of a senior exec at a major global stock exchange, copying the inbox out in small repeated batches and routing it through Dropbox and OneDrive so the traffic blend, blended into normal cloud activity.

Now, this is interesting, uh, because these are the type of scenarios you come across like in interviews or whatever when they start asking you questions. But like, think about it. Right now, if you are still listening, what type of detection would you write for this? Because smart attackers like these people, they did not want to trip any sensors off, so they [00:26:00] made it look legitimate.

But here is the thing Why data privacy and protection is critical because what all cloud access does that stock exchange use, and is there a DLP monitoring, uh, towards this? And that is probably where I would start. I would start with DLP and then other, um, risk-based type of things. Also looking for suspicious IPs, external IPs, uh, connecting to things that they technically shouldn't be connecting to.

So let's keep on reading. "Symantec and Carbon Black's threat hunter team reported this campaign this week. This points to espionage, not a money grab. Symantec said the commands indicate intelligence collection, not theft for profit. Neither the executive nor the exchange was named. The value is plain enough.

An exchange executive's inbox can hold public listing details, enforcement matters, deal terms, market moving plans, plus the [00:27:00] executive's calendar and contacts." Yeah, I mean, think about it. If you want to get ahead and you have a boatload of money and you want to hire some people that could figure out, "Hey, getting this thing and I want to know what I should like actually spend my money on stock-wise," it's a smart play if you don't get caught.

"Five months of acquired access handled-- handed the attacker a detailed read on the executive's dealings and where the organization was heading without needing broad access to other business systems. The first malicious activity showed up on October 10th, 2025. By then, the attacker was already running two binaries as System, the highest Windows privilege level, one faking Adobe Updater and the other faking OneDrive.

By the time defenders noticed anything, the intruder had full control of the machine, and how they first got in is still unknown. However, Symantec confirmed that the first signs likely came from lateral movement off a previously compromised device. The operation kicked into gear on November 12th. The attacker pulled a Dropbox [00:28:00] API token, started uploading data with Curl, and deployed the main tool, a mailbox stealer built on Espose, a legitimate .NET library that reads Outlook OST and PST files.

Wrapped in an executable, it converted the mailbox to PST and wrote it to disk, run each time with the password and a date range flag." Man, this is cool stuff. "The first run grabbed everything from August 2025 on. After, the attacker came back every two to four weeks, each run taking only the days since the last one.

Eight more pulls through February 17th, 2026. The result is a near continuous copy of the mailbox sliced thin enough not to draw attention from security software. The staff came from making the work..." Let me see, what is this? This is cool. Let's see if we can, um

[00:29:00] Okay

This is a picture, but I was trying to see like initial... Let me see. Oops. We got initial access, then the foothold, persistence, command and control, collection, exfiltration. Okay Um, the stuff came from making the work look ordinary. Scheduled tasks posed as Adobe, Lenovo, and OneDrive system services for exfiltration.

The attacker used Dropbox and OneDrive personal, and for OneDrive, they connected to hard-coded Microsoft IP addresses instead of the onedrive.live.com hostname. So there were no DNS lookups for perimeter tools to catch or block. Let me see. So hard-coded. So I'm assuming, 'cause I've seen this before in command lines, it's probably obfuscated where the IP was inside of the, uh, command that they were running.

The attacker also tested the public file host temp.sh once in November, then dropped it. The last observed activity on March 19th, twenty twenty-six was a [00:30:00] new backdoor that was staged but never run, which Elias or Elias said may mean the attacker lost access soon after. Semantics published indicated a wider intrusion kit, not just a mailbox scrubber.

FRPC for tunneling traffic out, SecretsDumps for pulling Windows credentials, SharpDecryptPassword for recovering saved app passwords, and a tool to bypass Window user account control. The report does not say which was used here, and none of them point to a specific group. There's no CVE in this story. It was an intrusion against a person's mailbox, not the exploitation of a freshly disclosed flaw, which is part of why it's worth reading.

No pla- patch closes this, and the burden shifts to the monitoring and response. Attribution is unresolved too. The mix of public tooling and consumer cloud services left little to tie the activity to a known actor, and that stays open until a stronger source says otherwise. Routing exfiltration through Dropbox and OneDrive to blend in is well-worn play, and one Microsoft has flagged as a deliberate way [00:31:00] to slip past perimeter defenses and muddy attribution.

If you defend an exchange, a regulator or any firm sitting on market-moving information, feed the hashes in now and watch for behavior behind them. Unusual mailbox export activity, odd Outlook access uploads to personal Dropbox and OneDrive accounts, unexpected tunneling, credential dumping on systems tied to privileged users.

Man, this is a good one. Um, one because typically, like a lot of times I've been in interviews and we talk about incident response, I say, "Well, honestly, you like to assume that you already been hacked or somebody's already in your environment." Which is that if you work off that assumption, you can always kind of think backwards, right?

Um, this is what good for threat intel. Hopefully, threat intel teams are telling other stock exchange companies about this and other investment firms, banks, because like they said, this was not a critical flaw or vulnerability that happened. This was just them probably compromised something else, and they got in through some lateral [00:32:00] movement, and they were stealthy.

And the biggest thing is that attackers always have time. Time is with the benefit that they have on us. We don't have that benefit. So I thought that was pretty cool, pretty interesting, uh, to read. What you think about that? And also if you go back through there, just read it slow, write down some of the attack methods, study the actual document where they talk about like, uh, where they got the foothold, initial access, and all the different stuff, and research it.

Learn about it. You may not been through a real incident, but when they ask you, "Hey, how would you handle something like this?" Or it could be similar, recollect this thing that I just read and go through that or what you would look for, right? The s- okay, put it like this, the stuff that happened, that's is, that is what you would look for.

So like for example, if you like the thing said they hard-coded, um... Where was it?[00:33:00]

Um, hard coded. So let me see some how-- We can just type it in for people who want to learn, and so I'll say, all right. So I typed in how do you hard code IP addresses to avoid DNS lookups? And so to hard code an IP address and bypass DNS lookups for specific domain names, you must manually define the mapping in your computer's local host file.

When you type the domain, your operating system will check the file first and use the assigned address directly to avoid remote DNS queries. So yeah

So that's pretty cool. Now, I mean, just, just look for something like that. So if you wanna say, "Hey, I told him in an interview, I would look for some hard-coded, um, IPs," like say, say you got it from me. Not from me, but you heard the information on the show. But, nah, I thought that was pretty cool. Uh, we read this one.

And since we already on attacks, let's get on this thing with this, uh, this law firm, Silent Ransom group, uh, is attacking a [00:34:00] law firm with, let's do a drum roll please Fake IT support calls. If it ain't broke, don't break it. The Silent Ransom group extortion gang is actively targeting US law firms and professional service organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant.

The report follows an FBI flash advisory published last week warning that the Silent Ransom group was targeting US law firms in social engineering and even in-person data theft attacks. With Mandiant now providing additional technical details about how the intrusions are conducted, Mandiant says the threat group tracked as UNC3753, Luna Moth, and Chatty Spider targeted dozens of organizations across the legal, financial, and professional service sectors between January and May 2026.

Mandiant warned the legal firms remain especially attractive to [00:35:00] targets because they store large volumes of highly sensitive client information and may feel pressure to resolve extortion incidents to avoid reputational and regulatory damage. Yeah. That's a big one. I've been seeing law firms hiring more, uh, blue team personnel as well because all that data.

If you're a law firm, if we go back to what we were talking about at the beginning of the show about IBM not reporting things, if you're some high, um, law firm, and now you gotta say, "Yeah, we just got breached," think about what your client's gonna think. "Hey, I want you to support me, but you can't keep my information safe.

I'ma go elsewhere." And this could be a $100,000 client or more. So it always goes back into when people don't want to hire for headcount and all this and that, you could pay your payroll, the $3 million in payroll to avoid having to pay 50 million in ransom I mean, the math kind of just lines up. Uh, now let's see.

Legal service firms represent high-value targets for extortion [00:36:00] actors. They maintain concentrated repositories of extremely sensitive client transaction files, merger and acquisition plans, client trade secrets, and corporate regulatory reports. Threat groups recognize that legal entities are subject to heavy reputational and regulatory exposure, and may be highly motivated to resolve these to, uh, protect their professional standing.

Now, let's go back. Attempting attacks via voice calls has been an ongoing tactic by these threat actors for years, which they previously used in bizarre call social engineering campaigns tied to Ryuk and Conti ransomware attacks. A callback phishing attack is when threat actors send benign-looking phishing emails containing alarming or IT-related lures that prompt the recipient to call them back at an enclosed phone number.

Now, just keep in mind, if this happens to you, call your actual IT, not the number that messaged you, not the email. Like, follow your process to actually contact IT, because what IT will do is probably contact the security team and tell them about [00:37:00] these phishing emails, and they'll remove them, so people aren't susceptible to them.

In the current campaign, the silent ransom group impersonates IT helpdesk and convinces employees to join support sessions via Team, Zoom, Quick Assist, or Microsoft Terminal Services. During these sessions, the threat actors trick the target into installing remote monitoring and management tools such as AnyDesk, Zoho Assist, Bomgar, or Superops, thereby granting them initial access to the corporate network.

And if they need you to download anything, that's a no. Nine times out of ten, whenever I've interacted with corporate IT, they have reached out to me via Teams, and it's been tied to a ticket, and I have to use a specialized link where I'm not downloading anything. It just gives them access to do something, uh, with one of their privileged accounts So this is how the attack chain goes.

Fake invoice, uh, pretext email. Benign email sent to lawyers in the firm. Then here comes the IT test, IT help desk vishing [00:38:00] call. The attacker impersonates the actual IT employees to address email. Remote screen share session. Target is directed to host session on Zooms. Legitimate software exploitation.

Attacker convinces target to install AnyDesk or Bomgar or SuperOps. Directory and manage harvest. Attacker maps network shares and queries sensitive legal records. Then they do data staging. Files are organized, structured in local directories. Exfiltration. Files are uploaded to target branding, active cus- consumer file sharing folders on...

Let me read that over. Files are up- uploaded to target branded actor consumer file sharing folders or via WinSCP or sent to threat actor controlled email address. And then extortion phase. Attacker delivers threatening ransom email demanding action in three days. So Mandiant also discovered phishing domains tied to campaigns to impersonate internal IT portal.

So if you are-- This has happened June 7th, so threat intel teams, they're probably gonna be [00:39:00] using this and gonna put it in your detections. If you-- You could do this. Actually, a automation that I would think of, because a lot of times I'm interviewing, they're saying, "What type of automations did you work on?"

If I'm doing something like this to be proactive, I would make a rule that would automatically block these, um- IPs. So I can already add them to the block list so, uh, their emails can't come in or whatever, and they probably can work around that too. But one, I could do that, or two, I can make them come in and so I can already get a count of how many that we've got or emails that contain these and see how big that, uh, this target is.

'Cause a lot of times they will just shoot mass, uh, text out. But that's not a game you wanna play a lot with your end users, 'cause you never know. Some people, everybody don't function on the same, um, computer awareness or security awareness level, and so they might get scared and, and call these people or whatever.

Granted, you should have tools in place that don't let people download stuff that's not approved through your, uh, IT policy, [00:40:00] but everybody don't have that either, especially for law firms. Uh, everybody's not just like a, a global enterprise environment where their goa- main goal is making money and defending clients.

It's, IT is on the back burner. It's a call center for them. So, uh, definitely you can monitor to these for sure. Now, researchers say that the threat actors also use privnotedotcom, a self-destructing messaging service to share installation links and commands with targets during remote support sessions.

According to Mande- Mandiant, this tactic helps reduce forensic artifacts left in the browser histories or corporate chat logs. Once inside a network, the group searches for sensitive legal and financial documents including contracts, tax records, Social Security numbers, and merger or acquisition files.

The attackers commonly target and document management platforms and cloud storage repositories before exfiltrating the data using tools such as WinSCP or Rclone And let's see. Okay, we're kinda almost done. [00:41:00] These highly aggressive extortion letters give organizations a three-day deadline to respond and initiate ransomware negotiations.

If the victim organization is unresponsive, the threat actors declare they will call or email targeted employees and external clients directly to alert them of the data breach. Hmm, blackmail. The extortion letters explicitly emphasize that they will leak compromised client trust, invite substantial regulatory fines, and suggest that external clients sue the victim organizations for data mishandling.

I mean, as they should though. The report also references the FBI's recent advisory in which law enforcement warned that Silent Ransomware group was targeting US law firms with in-person data theft attacks. According to the FBI, attackers impersonate internal IT staff over phone calls and emails, then attempt to gain remote access or physically visit offices to image computers or create backups while secretly stealing files.

While Mandiant said there was a limited forensic evidence, the researchers believe the E's in-person attacks are likely linked to UNC 3753 based on similarities in targeting timelines and [00:42:00] operational behavior. So this group has been active since 2022. As previously reported by Bleeping Computer, the threat actors were previously linked to BazaarCall, and this was providing initial access in Conti and Ryuk ransomware attacks.

After Conti shut down in 2022, the group shifted to standalone data theft and extortions under Silent Ransomware branding Then a separate report released this week by Resecurity found that the gang is also operating fast flux infrastructure to hide and protect its data leak platforms. DNS fast flux is a method where attackers constantly rotate a domain's IP address through a large pool of compromised devices to hide the infrastructure and make takedowns or blocking.

That's pretty smart. Okay, uh, so let's get to the end. To defend against these attacks, we recommend implementing strict verification procedures for IT support interactions, limiting remote access tools, enforcing multi-factor authentication, restricting USB storage devices, and training employees to recognize voice phishing [00:43:00] attacks.

Yeah, uh, I agree with all those, and the biggest thing is operationally, like understanding how IT contacts you and when they contact you. So I think that's a big one. Now, to shift the gears, let's have some fun into reacting to some stuff. We got job search stuff, AI hiring biases, uh, you name it. So let's see.

I think the first one I wanted to get on was this, uh, AI hiring biases. So we got a couple videos. I don't know if we're gonna get to all of them, but let's, let's get to it. That you don't have to. So imagine applying for a job only to be rejected before a human is-- being has even looked at your CV.

Basically, recruitment said, "Let's take unconscious bias and automate it." As you can see, this headline says, "AI tools lead to clear racial disparities in job hiring." So just take one second to take in my completely shocked face. Okay, now come in and let me tell you what's happening. So big companies are basically drowning in these applications.

So instead of hiring [00:44:00] humans and having them review everyone properly, many are now using automated hiring platforms like pymetrics and HireVue. That sounds great, doesn't it? Yes, because it's also gamified. So what they do is these tools make applicants play these online games or complete behavioral tests, and the algorithm then assesses things like risk-taking, response speed, trust, empathy, and other personality traits.

Now, the idea is that this- Now I'm gonna pause it right here because I agree with everything she's saying, and this is why I told someone the other day why your LinkedIn should be priority in your job search because of it can force recruiters to reach out to you directly, skipping ATS and AI biases altogether.

So just focus on that too. While a lot of people cry, and I, it's another word I wanna say, but I'm not gonna say it. They moan, complain about LinkedIn, but it is the equalizer in this situation that you can look forward to to help you with your job This makes hiring more efficient [00:45:00] and supposedly more objective, but in reality, these systems can become the first gatekeepers before a recruiter sees you, before a hiring manager sees you, and before anyone checks whether you can actually do the job.

So a Stanford-led study looked at applications submitted through pymetrics between 2018 and 2022 across 156 employers, and researchers found evidence of what they called systemic rejection. That means some applicants were being repeatedly screened out across different jobs because the same algorithmic system was being used by multiple employers, and that's a problem.

Because if one company has a biased process, that's bad. But lots of companies use the same flawed tool, that bias can spread across the entire job market Yes, that is true. And if you do not know, one of the biggest lawsuits that's kind of currently going on is, I talked about it last time, but, uh, Workday with, uh, how the tool, uh, scans resumes, [00:46:00] how it denies people quickly, and the b- AI biases that exist, especially far as discriminating for people possibly on gender and color and everything else.

So, uh, she's right on the money. Study found clear racial disparities. For individual roles, one in 10 jobs showed adverse impact against Black applicants, and one in 20 roles showed adverse impact against Asian applicants. Now, the researchers did say that they may not apply to every AI hiring tool, but this is still one of the biggest studies of its kind.

And so it still raises a very serious question. Are these tools actually removing bias, or are they just hiding it behind a dashboard? And this is the thing about AI, because it's often sold as being neutral, efficient, objective, and data-driven. But algorithms are built by humans, and they are trained on historical data, and they reflect assumptions about what makes someone hireable, professional, or a good fit.

So guess what? If the old job market already had discrimination baked into it, AI [00:47:00] can simply scale that discrimination faster. And for job seekers, that means you may never even know why you were rejected. You'll get the classic email, unfortunately, on this occasion, which apparently now means the robot said no.

And so when they say that AI is making recruitment more efficient for companies, more efficient for who? Because if you are screening out perfectly qualified people before a human ever sees them, that's not necessarily innovation. That's just discrimination with some better branding. Hey, she dropped the bar at the end, for real.

Um- Yeah, uh, that's a lot. And then I go back into too, not only for your LinkedIn, if it's a job you're interested in, you can use LinkedIn to find a hiring manager, find a recruiter, find somebody on the team, find somebody in the cross-functional team that you can reach out to, to get more information on the role or get interviewed.

And if you do not believe me, check out some of my LinkedIn's. Um, no, sorry, not my LinkedIn. Check out some of my videos. I have a couple videos I did on LinkedIn and how, uh, I think I actually showcase how [00:48:00] I got one of my interviews at Microsoft about four years ago. It works. Now, I do not know if people that do not have Premium are unable to do some of the stuff I'm able to do on LinkedIn now.

That's something I'm trying to figure out. But for the most case, there's a lot of stuff you can do from like sending notes where it's like 300 characters and, and, and look, a lot of times y'all are over talking to yourselves in the inbox with recruiters, and they're not reading all that. They're getting like 100 messages a day.

It's best to try to get their email. But if you don't have their email, in the note, say who you are, and you apply to whatever role, and why you'd be a good fit based on whatever your experience. Keep it short and sweet. Every recruiter is not gonna respond. Every hiring manager is not gonna respond. Every person that works on that team is not gonna respond.

But some will, and you miss 1,000 other shots that you don't take. Or you miss-- Or I could just say what? You just miss every shot you don't take. That's what I'll just say. Uh, so having said all that, I definitely thought that was interesting. Now, here's another one where, um, let's [00:49:00] see. We're, we're gonna stay on the, uh, job search and who's getting hired type of stuff real quick.

So let's get into this right here. Well, this one. This is-- I've been having these talks about people, elevator pitches, and how to do well in interviews and sell yourself. But let's react to this guy. Um, this was a great video that I saw this link, I mean, his TikTok, and let's just react to it That you cannot effectively articulate the value that you bring to the work is a problem, and it is a problem that could be keeping you from getting promoted, or it's a problem that's keeping you from getting hired at that new job.

Like if I ask somebody, "What do you do?" And they say, "I manage a team." Okay, so managing a team is an activity. It's not really a concept. Like what are you actually doing? Were you building talent? Were you driving performance? Were you coaching? Were you leading change? Were you creating accountability? Were you improving engagement?

Because [00:50:00] those, those are concepts. And the reason that matters is because companies don't hire activities, they hire capabilities. Nobody wakes up and says, "You know, we're gonna hire somebody that can manage a team." But they do say, "We need somebody who can build a high-performing team, and we need somebody who can scale operations, and we need somebody who can improve customer satisfaction, and we need somebody who can lead transformation."

Like that's a different conversation. The same thing goes with SOPs. Like somebody can say- He's being very specific, and that's what you need to do when you are talking about what you do at work. Be as specific as you can so you can answer something. It was actually good enough for what he's talking about.

I saw Career Colin say something on his, uh, Instagram, and he was talking about your philosophy behind Your an- interview answers. And it was saying if you go straight into the answer, it doesn't have a good of a foundation. Actually, let me see if I can [00:51:00] find that for y'all because I thought that was good.

I don't have it downloaded, but I feel like it goes straight into what we're talking about right now. Um, I could play it on here real quick. Understand that your philosophy when it comes to the answer you're about to give is so much more important than the actual details of your experience. For example, if you're in an interview and someone says, "Tell me about a time you've worked on a team," do not start by telling me the exact details of the last project or the last team you were on.

Give me a philosophy. Tell me, you know, from the outset, every single time I get on a team, it's really important for me that roles are clearly aligned, and we know what our stakeholders want. For example, da, da, da, da, da. Then you get into the details. It is so important to create that foundational backing of what you actually believe about teamwork, about, uh, change management, about whatever skill set you may be being interviewed about for whatever roles you're going for.

I cannot tell you how important that is and how often people [00:52:00] fail to do it. Yeah. So I thought that was a phenomenal, uh, way to, to kinda answer some questions, right? And I'm gonna let him cook, and we'll talk some more. I created SOPs. Great. But what were you really doing? You were creating process standardization.

You were improving operational efficiencies. You were reducing risk. You were driving consistencies. You were improving quality control. Like, those are executive concepts. See the difference? Like, one sounds very tactical. The other sounds more strategic. Because they're so close to the work, all they can see is the task.

Like, they can't see the business value underneath the task. And what I spend a lot of time doing is helping people to translate their experience from the language of effort to the language of impact. Why? Because promotions happen in the language of impact. Hiring happens in the language of impact.

Executive conversations happen in the language of impact. And if all you're doing is describing the task, people never fully understand the value that you bring. So the work [00:53:00] is not the work The work is what the work accomplished. That is what organizations pay for. That is why they promote, and ultimately, that is why they hire people.

And so listen, if you are a leader and you know that you need help in translating the language of Okay, he finna do his pitch probably to, to coach people, and I ain't mad at it. But no, he w- he was spot on. He was spot on. Like I know, uh, I adopt s-some of that too, uh, to reframe how I come off in certain interviews depending on who I'm talking to, right?

So for example, I could talk about, um, I've been doing security for a decade and, uh, right now I help certain companies, uh, reduce their risk by enforcing... And I'm really just doing some jargon right here, but, um, making sure, uh, controls are enforced and, uh, policies are yada, yada, yada. If I-- But most of this stuff I kinda, I kinda write down to talk about it, right?

But now I'm talking about what am I actually doing? Like, 'cause I can say, "Hey, I, I work in the SIEM, I do this and that and that." But if I say, [00:54:00] um, I have experience in, uh, protecting, uh, Fortune 500 enterprise environments that are a hybrid with on-prem and the cloud, and I specialize in doing XYZ, I'm very specific to the point and I may have already answered a lot of stuff that they had questions about that they may not have even asked me about.

So I definitely agree with him about, uh, your impact and like you said, reducing risk or do you help reduce risk. You'd be surprised at what making SOPs and documents can do for reducing risk. A lot of companies are immature in that, that they don't have it and you have to come in and do it. So I'm, I'm definitely with him on that one.

Uh, let's see. Where else are we? Uh, let's go. Um, like everything else is really gonna be structured mostly around, uh, that. Let's see. Who is getting hired? Let's go what [00:55:00] she says A lot of the times it's not the most qualified person that gets the job offer. In more than twenty-plus years of talent acquisition, I have interviewed tens of thousands of people, and I've made double or triple that amount of recommendations to executive leadership on who ought to get hired.

And the one thing that I wanna share with you is it is typically not the most qualified person with the longest resid- resume and all of the credentials. It's the person who the hiring team can see solving their problems. It's the person who shows up to an interview and really uses it as an opportunity to have a conversationable-- conversation about what value they bring to the organization and what their skill set really looks like.

It's the person who can read between the lines on a job description at a senior level and bring clarity in their answers to exactly how they help solve [00:56:00] those initiatives for an organization. Companies right now are not taking risks in this job market, and the way that you present yourself as an interview is the differentiator.

And what is on paper at the end of the day doesn't make a darn bit of difference if you can't clearly give that back to us in an interview. So if this is something that you're struggling with, I'd certainly love to work with you one-to-one. I will be back every week posting content about how to help you get across the finish line.

Good luck out there. Hey, no, she ate, she ate for real. Because she's right, companies are not taking risks. As you start climbing and making pa-- like doing roles that have, um... What's the word I'm looking for? Roles that kinda have much more responsibility, right? There are all these questions that they have about it.

And I was talking with a client, and I'm gonna read one of the last things that she sent me because she's been in [00:57:00] process for this role, and I believe she's gonna get it. Um, she's pretty much been the person that they want to have the role for the longest, and she's been killing it. So She was, this is one of the questions that she asked at the end, right?

'Cause she wanted, she needed to bring clarity to this interviewer who at the time didn't have full clarity on their thing. So she was like, "One of the interviewers seemed not to be sold on me. So I ended the interview with, 'When it comes to your recommendation on who should be hired for this position, if you were to say I like her but, what would your but be?'"

And she said, "It took him a minute to think about it, and he ended up saying he wasn't completely convinced that I could create a program from scratch and then maintain it. So I explained from A to Z how I build it, then A to Z for my plans on maintenance, and they were impressed." So she just reinforced the thing, like, and it's one of the things too where we're interviewing, and I honestly, I think I have the answer for this, is that sometimes [00:58:00] a lot of interviews can leave us feeling indifferent.

Like if, if it's straight questions that they're asking us, you know if I'm knocking the questions out of the park or if I'm not. But then there are some where it's kind of like, I think the conversation's going great, but I do not know how to feel about the conversation. And so sometimes you can ask them things about like, "Hey, um, do you have any," uh, what's the word?

I used to ask this question a lot. I used to ask, um Are there any things that question, that you have to question my ability to do the role? Right? Some people say don't ask that, but a lot of people who say that, don't ask that, a lot of them had a question for protection. I'm just gonna be honest.

Sometimes you need to ask that because either say yes or no, and just trying to figure out, okay, um, what did not answer you? Like, I wanna make sure 'cause sometimes you feel like you answered everything, but then sometimes not. Or you can ask them while you're interviewing, "Hey, am I, um, answering everything?

Like, are my answers sufficient? Like, is this what you're looking for? Or do I need to explain more on some of my answers that I've given so [00:59:00] you can know that I know I'm doing?" 'Cause sometimes maybe you just didn't go deep enough. I've had that happen to me. I, I'll just ask some questions I haven't gone deep enough.

I went back and listened to my interviews and like, yeah, I could've did much better there, right? I always talk about your preparation. How-- and she said one thing clear about looking in between the job description. So the job description will say one thing, but then when you get in the interview, it's another thing.

How do you read in between the lines and make clarity about that, right? I've had these couple of interviews I've documented, I prepared. I pretty much told them, "Hey, I prepared for y'all, like y'all's gonna ask me this question because if, you know, if I can do this, but I went out and researched XYZ," or I'll bring in something to make sense of what they're dealing with.

Or like, a guy asked me a question once. I gave him one question and then I s- followed it up with the next question, say, "Hey, I just wanna actually say this from the last one, but this is something I also wanna add on to that question." And they was like, "Great." Or I was showing how I was solving problems because I was taking notes, and I let them [01:00:00] know I was taking notes.

I showed them what I was talking about. I had great questions that I prepared for them to ask them about different things. So you can know what you're walking into, right? In every interview too, it's also a way that you can prepare for the next one, hopefully, if you're going in that round. And you do want to base your answers and questions based on who you'll be interviewing with.

Different interviewers care about different answers, different questions. So if you're talking to a C-level person, they're less concerned about the day-to-day stuff and more, uh, high overview strategy, implementation, money, cost, risk, et cetera, et cetera. Make callbacks of what you've heard in the previous interviews.

"Hey, during this interview process, I've heard XYZ, and that you guys are looking for this, this." I've dealt with environments like this, and let me show you how I could actually help or what my plan would be to do this to appreciate myself with everyone. Doing things like that, [01:01:00] taking notes, coming prepared, dictating the pace, having a great conversation.

You gotta think about it. Once you're like to them final rounds, you-- they know that they'll be talking to you a lot. And people like to work with people they like to work with. And are you pleasant? Do you talk well? Will you speak up in interviews? I mean, in calls. It's a lot. It's a lot. Your presence. Are you too sure of yourself?

Are you smart enough to know to say, "I don't know something"? Like, one of the things I think I said was, "Hey, uh, building out a team or whatever, I would love to help out everybody else. And I'll say also I'm not above being a real pro to know that I can't learn something from somebody new in the field, that, uh, it's not the same as what it used to be when I first started off, so I'm always down to learn as well, and that way people will feel better about working with me versus if I feel like I'm a know-it-all and I know everything."

They love that answer. They love that answer. But nah, nah, hats off on her. And, um, let's see. Where, uh, no, that's not what we wanna do [01:02:00] This is another one that I thought about. Um, and it was about staying at a job where it's mundane and you don't feel like you're growing and how it can hurt your career.

And I've talked about this plenty of times. You can have a job making $200,000 and it's easy. But if your goal is to make 300, 400, $500,000, you are not getting the skills to learn them in that role and why you should leave. So I'm prefacing that with my own commentary, but let's what she w- let's see what she has to say.

Emma Grede said remote work is career suicide. I think career suicide is staying in a job that is not fully utilizing your skills and potential. If you are staying in a job where you are not learning any real skills and you are being tasked with just a bunch of busy work, then that is a lot more dangerous than you think and it doesn't seem that way from the beginning.

The problem [01:03:00] is, those types of jobs don't equip you with any real skills that the market will pay for. So if you decide to get another job or if you decide that you wanna go freelance or you wanna start a consulting company or you want to be independent, well, now you're in a bit of a pickle because you have no real skills to offer the market.

You have no real skills that companies and businesses will actually pay for. And I wanna be very clear on what a skill actually is. Updating slide decks, entering data into Excel sheets, that's not a skill. And if that is what you spend most of your time doing at your job right now, then I would urge you to rethink your career strategy as soon as possible because your work will very likely get automated very soon, if not already.

The kind of skills I'm talking about are things that solve real business problems, things that help businesses make more money, things that help businesses get [01:04:00] more attention, things that help businesses drive more sales, things that translate to more business growth. Updating slide decks and entering data into spreadsheets doesn't solve real business problems.

You are just being given a bunch of little tasks that can very easily be automated. And when you do get automated, now you have no real skills to offer the market. So if you feel like you are being underutilized in your current job or you are being given too much execution work when you know you're a thinker, you're a strategist, and a problem solver, get out of that job immediately.

Find a new opportunity immediately. Find a way to fully utilize the skills and the value that you have to offer because if you continue to stay underutilized, then that skill or that potential that you know you have in you is going to atrophy, right? It's just like a muscle on your body. If you're not using it, if you're not training it, it gets weaker and weaker and weaker.

[01:05:00] And I think this is especially important for young people as well, people like I'm going to pause it right there because she is spot on. That is one of the primary reasons that I left JPMC. I felt the role was diminishing what I had already built up working on the blue team. And though the money was good, I did not like what I was doing.

And I knew that it was not going to take me to where I want to get into my career. So a lot of people, when they came to that video and I said I quit and all this and that, they said I was stupid and yada, yada, yada. But they didn't get it because I was like, yeah, but this stuff is not helping me get to where I want to get to.

I'm essentially I was doing like a lot of paper pushing GRC type stuff, a lot of reports, SQL, but I wasn't really solving any real issues, in my opinion, at least at that time. So that is the reason why. And I wasn't dealing with the threats. I want to deal with the threats. I wanted to do the investigations.

I like looking at all that kind of stuff. That type of stuff interests me. When I'm not doing that type of stuff, I don't like it. So [01:06:00] she's right. She's right. I'm going to let her finish and let her keep on cooking. in their 20s, people in their early career, people at, you know, the entry level in corporate.

Typically, a lot of the work that you're given at that level is very execution-based work, doing a lot of the work that the senior folks just don't have time to do or the work that people just don't want to do, so they hand it off to you so that you can do it. You're not learning any real valuable skills.

There's a reason why entry-level work has been the first to go in this whole AI boom. There's a reason why it's been so easily automated, yet they told you that this was the work that you were supposed to find value in. This is how you were going to launch your career. This is how you were going to pay your dues and climb up the ranks.

But now a lot of the entry-level work is gone. So how are young people supposed to even launch their careers in the first place? Think really critically about the jobs that you're landing and the skills that you're acquiring and making sure that it's [01:07:00] something that the market actually needs and values.

That is how you're going to put yourself in a position where you are qualified for opportunities Yeah, I mean, I don't disagree with anything she said. I will say, like, all those entry-level jobs are not being automated. Companies have just found a way to be greedy and take away from the youngsters who are trying to make it in the world.

So I disagree with that for the most part. Now, let's see, we had an hour 17. It's probably be a shorter. Do I have anything that's, like, fun that could break down? We kind of talked about I think we're gonna talk-- This last one I'm probably gonna talk about these high performers. I think I'm gonna talk about these high performers in corporate, and then we're gonna call it a day, right?

I'm not gonna keep you all here. Performers are a dying breed in corporate because insecure bosses are growing in popularity, and companies will be like, "Well, we [01:08:00] want people that wanna be here." I did wanna be there. I, like, I, I did wanna work here, but I can't focus on doing great work while also stroking the ego of an insecure boss all day while they are deliberately trying to make my life a living hell.

And then when you start to raise concerns, now you're not a team player. You're not a culture fit. You have a bad attitude. It's like you can't win, and then you try to tell people, um, outside of work, like, what's happening. Nobody understands. Like, people, people just don't understand, or they treat it like it's not that serious.

Like you, you're, you have... You're more than just your job. I've even said that 'cause I now believe that to be true, but while you're in it, you're like, "Well, I'm just used to doing a great job. I, I love what I do. I care about my career. I've built this career off of working hard," and someone is literally trying to tear it down.

And the way that they're tearing y- it down, it's, like, mental. It's, it's mentally-- They've mentally gotten into your head. So, like, now you can't show up [01:09:00] physically. And i-in my case, I literally quit corporate because I could not endure it anymore because I can't circle back from a hospital bed Okay, let me take it to the beginning 'cause I'm kind of...

I think I'm either zoned out or missed something that she said that kind of led to the end part. Let's see Insecure bosses are growing in popularity, and companies will be like, "Well, we want people that wanna be here." I did wanna be there. Like I, I did wanna work here , but I can't focus on doing great work while also stroking the ego of an insecure boss all day while they are deliberately trying to make my life a living hell.

And then when you start- Okay, so I, I got that. I, I've never dealt with that. I, I don't know about that. I do know the, the corporate game of, um, if you got a boss, don't outshine the master, and kind of just in [01:10:00] the most part just y- you're gonna have to do it. But sometimes hopefully they're not too overbearing where it makes it bad.

Now, I always tell people too, like, don't let that job make you crazy. Like it's a job at the end of the day. Leave it there. Once you close your laptop, do something else. Like don't let it get you down like that. I, I don't think... I would love... A matter of fact, I am connected with her on LinkedIn, so I definitely wanna reach out to her.

I think we could have a great conversation about everything she's talking about, and see what I can add and what she can add, and have a great conversation. So I definitely, uh, wanna talk to her about that because that's, that's pretty interesting, right? I don't think I've had too many episodes about who quit corporate in general, like quit it and start doing like their own stuff.

I know she makes content, uh, for like millennials and, and things of that nature. So I think that'll definitely be a interesting talk for us to have. But no, I mean, when you, when you got a manager, like as long as it's not super toxic, like, like you said, if it is [01:11:00] making it physically impossible to come to work and do your job, I would definitely say like, don't come.

Try to find something else. Don't let them get you down. Everybody is built different. I think one thing managers don't know is you can't treat everybody the same. Um, but you also don't wanna make them look bad. You, you're gonna have to figure out other ways or like get your other sponsors in there so you can kind of either get on a different team or get from under them, because it's kind of stuff that'll happen if they are intimidated by you.

So it's one of those things. I've always pretty much had, for the most part, good leadership outside like maybe my first security job, and they've always empowered me. I've never made them look bad. I've always enforced things that they said, and that's my goal. My goal is always to make them look good, make th- their management look good, and et cetera.

So a lot of times I used to always love asking them, "Hey, how do I make your job easier?" People love it. Uh, people love the ego stroking, like, right? It's, it's a, it's a game. Um- But, uh, we have reached the end of the show. If you enjoyed [01:12:00] this, please let me know. Uh, also, like I said, you can join the Patreon.

Two dollars a month, that's really $24 a year. You will be a lot in, like, supporting, uh, the brand and supporting the struggle, everything. If we could stay as independent as possible, we can do what we want and the world is ours. So I'm definitely trying to run that up this year. I appreciate everybody that's been tuning in.

Until next time, let's stay textual, and we out. Peace