Bare Metal Cyber

Smart buildings used to be a facilities concern; now they behave like distributed systems that can be probed, abused, or ransomed. In this narrated edition of “Concrete and Code: Smart Buildings as the Quiet New Attack Surface,” we walk through how access control, building management systems, cloud dashboards, and vendor VPNs have converged into a single, often unowned, cyber-physical domain. You’ll hear why leaders need to treat operational technology (OT) and smart building stacks with the same architectural seriousness as cloud and identity, and how long-lived capital decisions quietly shape your risk posture for decades.
 
Across the episode, we unpack the core sections of the Wednesday “Headline” feature from Bare Metal Cyber Magazine: the evolution from static buildings to software-defined environments, the real anatomy of smart building stacks, the ways buildings become ransom assets, and the governance vacuum that often surrounds them. We finish with pragmatic leadership moves: reference architectures for campuses, non-negotiables for vendor access and segmentation, and procurement levers that turn vague “smart” upgrades into defensible, testable systems. If you’re responsible for risk, resilience, or technology strategy, this is a chance to rethink how you see the walls around your data and people.

Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.
 
The episode also explores where secrets management shows up in real workflows, from CI pipelines and microservices to admin tools and support processes. We unpack quick wins like removing hard-coded credentials from source control, as well as deeper patterns such as dynamic credentials and just-in-time access. Along the way, you will get a clear view of the benefits, trade-offs, common failure modes, and healthy signals that show secrets are being treated as real operational assets, not just background details.

This episode walks through CompTIA Project+ (Project+) as a practical first step into project leadership for early-career IT and cybersecurity professionals. You will hear what the certification actually covers, who it is designed for, and how it helps you move from “just doing tasks” to guiding real projects with scope, timelines, risks, and stakeholders. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine and keeps the focus on clear, real-world language instead of heavy jargon or rigid frameworks.
 
You will also get a grounded look at what the exam really tests, how it feels in terms of scenarios and decision-making, and where Project+ fits in a broader career and certification path. That includes how hiring managers tend to view it, why it pairs well with technical certifications, and when it makes sense to pursue more advanced project credentials. If you want to go deeper, there is a full audio course for CompTIA Project+ inside the Bare Metal Cyber Audio Academy that expands on these ideas and supports a more structured study plan.

This narrated episode explores what happens when a “small” tool in your Software as a Service (SaaS) estate becomes the catalyst for everyone’s incident. You will hear a breach story unfold from the war room perspective and then step back into the deeper architecture and governance patterns that made the chain reaction possible. The focus is on how integrations, identity providers, and automation platforms quietly accumulate risk, and why traditional vendor risk approaches that look at each provider in isolation are no longer enough for senior security and technology leaders. The narration is based on my Wednesday “Headline” feature from Bare Metal Cyber Magazine.
 
From there, the episode walks through the key sections of the article in clear, leader-friendly language. It examines how the SaaS mesh forms, how blast radius is effectively “designed in” through common OAuth patterns and tenant-wide permissions, and how procurement and ownership models can leave security holding the bill when a partner is breached. It then turns to pragmatic moves: shaping your SaaS architecture for containment, using SaaS security posture management (SSPM) and identity tools to expose risky integrations, and building playbooks for third-party incidents that cross organizational boundaries. The goal is to leave you with a sharper mental model, better questions, and a concrete way to pressure-test your own environment.

If your Security Information and Event Management (SIEM) platform feels like a wall of noise, this episode is for you. We walk through what SIEM use cases really are, how they differ from generic rules or vendor content packs, and where they sit inside your detection and response workflow. You will hear how a good use case flows from a concrete risk scenario to specific log signals, correlation logic, and an alert that an analyst can actually act on, instead of yet another item to close as “noise.”
 
We also explore everyday SIEM use cases teams lean on, from quick-win detections around authentication and admin activity to deeper, strategic patterns that tie identity, endpoint, and cloud data together. Along the way, we talk through the benefits, trade-offs, and limits of investing in SIEM use case design, plus the red flags and healthy signals that show whether your current content is working. This narration is developed from my Tuesday “Insights” feature in Bare Metal Cyber Magazine.