In this episode of the Cyber Threat Perspective podcast, Brad and Spencer call out the cybersecurity advice that gives organizations false confidence — and break down what to do instead.
From MFA gaps to a surprising CrowdStrike blind spot to the compliance-equals-security myth, this episode is a straight-talk look at why common best practices keep failing and attackers keep winning.
🚨 Advice That Falls Short: MFA on RDP only | EDR as a silver bullet | Patch everything immediately | Least privilege without alternatives | Framework compliance as the finish line
đź’ˇ Key Insight: CrowdStrike self-disables on domain controllers at 90% resource utilization — and most teams have no idea it’s happening.
âś… What Actually Works: Context-driven security decisions | Trust but verify | Internal pen testing to validate controls | Prioritizing high-risk vulnerabilities | Focusing on attack paths, not checklists
🎙️ Hosts: Brad Causey & Spencer Alessi
đź“Ť Upcoming: Spencer and Brad’s Tools of the Trade workshop at ILTA Evolve — Denver, end of April
đź”” Subscribe for weekly episodes on cybersecurity, penetration testing, and threat intelligence.