Bare Metal Cyber

In this episode, you’ll learn how to transform a traditional, forgettable tabletop exercise into something unforgettable: a telenovela. We explore how to recast roles as characters with motives, build dramatic arcs with twists and cliffhangers, and use realistic props to make your IR plan come alive. Instead of walking through checklists, you’ll hear how to stage a story your team will actually remember when a real breach occurs.You’ll also discover the skills that improve when training shifts from paperwork to drama. From sharper communication under pressure, to quicker decision-making, to cross-functional empathy, the tabletop telenovela strengthens instincts that no binder can teach. It turns compliance drills into lived experiences, building resilience through memory and story.Produced by BareMetalCyber.com.

Patch and update management rarely makes headlines, but it quietly determines how exposed your environment really is. In this audio Insight, we walk through the foundations of a solid patch and update management practice, from intake of vendor advisories and scan results through testing, change windows, rollout, and verification. You will hear how this discipline sits between security, operations, and the business, and why predictable patch rhythms do more for real-world risk reduction than one-off fire drills or heroic weekend upgrades.You will also explore everyday patterns that teams use to keep systems current, from quick-win cycles in smaller environments to more risk-driven, strategic approaches in larger estates. Along the way, we unpack the trade-offs around downtime, tooling, skills, legacy systems, and culture, and highlight the warning signs of shallow adoption versus the healthy signals of a mature practice. This narration is developed by Bare Metal Cyber and based on the Tuesday “Insights” feature from Bare Metal Cyber Magazine.

This episode takes you inside the world of the Certified Information Security Manager (CISM), a certification that helps professionals grow from hands-on security work into roles that shape programs, policies, and risk decisions. In clear, beginner-friendly language, the narration explains what CISM is, who it is really for, and how it changes the way you think about governance, risk management, and incident response. The story is developed from my Monday “Certified” feature in Bare Metal Cyber Magazine, so you get a structured walkthrough rather than a loose collection of tips. You will hear how the CISM exam actually tests your judgment through real-world style scenarios, what kinds of responsibilities it supports in the workplace, and where it fits in a long-term security career path. The episode also helps you understand whether a management-focused certification is the right move for your current stage, or a goal to aim for later. If you want to go deeper and turn this overview into a full study plan, you can pair the episode with the dedicated CISM audio course inside the Bare Metal Cyber Audio Academy.

In my Cyber Talks conversation with Craig Taylor the co-founder and CEO of CyberHoot, we dive into a problem that is evolving faster than most organizations can keep up: phishing in the age of agentic AI. Cyber Talks, developed by BareMetalCyber.com, is all about learning from practitioners who are pushing the field forward, and Craig has spent three decades on the front lines of security, risk, and cyber literacy. If you lead security, IT, or risk, the video above is worth a careful watch—because the phishing problem you think you have is not the one you’re actually facing today.

In this episode, we explore why email is both the oldest and most dangerous application in your enterprise. You’ll learn how protocols built in the 1970s still carry modern business logic, why attackers thrive on its openness, and how Business Email Compromise has evolved into one of the most profitable cybercrimes in history. The discussion traces the history of email’s insecure DNA, the patchwork of fixes that never quite solve it, and the cultural and regulatory anchors that make it impossible to abandon.Listeners will come away with sharper skills in evaluating email risk, recognizing the tactics adversaries use to exploit trust, and applying pragmatic controls that actually reduce exposure. You’ll understand how to treat email like a critical application, design workflows that resist fraud, and build governance that prevents small compromises from becoming catastrophic losses. This is not just theory—it’s a roadmap for defending the unpatchable app every organization depends on.Produced by BareMetalCyber.com.