The Audit - Cybersecurity Podcast

What does it take to go undercover with international cybercriminals — with no backup, no safe house, and no script? In this episode of The Audit, Richard LaTulip, Field CISO at Recorded Future and former U.S. Secret Service agent, pulls back the curtain on three years of undercover operations spanning Thailand, Dubai, Macau, and China. From buying stolen credit card data in bulk to handing cheap government-issued laptops to disappointed hackers, Richard shares the raw, unfiltered reality Hollywood never shows you. 
Co-hosts Joshua J Schmidt, Eric Brown, Nick Mellem, and Jen Lotze dig into the psychology of social engineering, the stark differences between nation-state and financially motivated threat actors, and why your employees are simultaneously your greatest asset and your biggest vulnerability. Richard breaks down how SolarWinds revealed the patience of nation-state operations, why cultural awareness is a cybersecurity weapon, and how organizations can shift security from a cost center to a value driver. 
🔑 Key Topics Covered: 
Undercover operations against international cybercriminal networks — the reality vs. the Hollywood version 
Nation-state vs. financially motivated threat actors — how their goals fundamentally change defense strategy 
The ClickFix campaign and social engineering attacks targeting human psychology 
How Recorded Future delivers actionable, tailored threat intelligence vs. generic feeds 
Why tabletop exercises need HR, communications, and every department at the table • Cultural dimensions of cybersecurity — from Eastern European honeytraps near nuclear sites to password reuse psychology 
Turning your security team from a "cost center" into a trusted business ally 
Operation Carter Chaos — Richard's new book chronicling the untold human side of undercover cyber operations 
📖 Richard's book Operation Carder Kaos is available now on Amazon.
🔔 Like, share, and subscribe for more in-depth cybersecurity conversations. Don't forget to leave a review — it helps us reach more security professionals like you.

Microsoft dominates 22% of all phishing attacks, a $800 tool tricks 60% of victims into self-hacking, and Apple's planning a surveillance pin that records everything—welcome to 2025's cybersecurity nightmare. In this episode of The Audit, co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellem are joined by Jen Lotze from IT Audit Labs to dissect three headlines that prove the threat landscape isn't just evolving—it's accelerating. From brand impersonation scams that exploit your brain's pattern recognition to ClickFix malware that bypasses antivirus by weaponizing copy-paste commands, this conversation reveals how attackers are shifting from breaking through defenses to manipulating humans into opening the door themselves. 
What You'll Learn:
Why trusted brands like Microsoft, Amazon, and DHL are irresistible phishing targets, especially during high-traffic seasons when vigilance naturally drops
How ClickFix attacks exploit legitimate-looking broken websites to trick users into installing malware through their own command prompts—achieving 60% success rates that evade traditional security
Real-world consequences of sophisticated social engineering, including a $116,000 wire fraud loss that proves even tech-savvy professionals aren't immune
The privacy and consent implications of Apple's rumored 2027 AI wearable with dual cameras and always-on environmental recording
Whether constant surveillance is becoming the unavoidable price of technological convenience—and what that means for building security cultures in organizations today
From training employees to recognize copy-paste scams to navigating the ethics of ambient recording devices, this episode delivers frontline intelligence for security professionals and practical awareness for anyone trying to stay safe online.
#phishing #clickfix #cybersecurity #socialengineering #applewearable #privacy #malware #infosec #brandimpersonation

In this episode of The Audit, co-hosts Eric Brown and Nick Mellem dive deep into organizational psychology and team dynamics with a refreshingly honest look at how IT Audit Labs is using assessments like CliftonStrengths, Kolbe, and PRINT to decode their team. This isn't fluffy HR talk—it's strategic workforce optimization that directly impacts how security teams respond to threats, collaborate under pressure, and execute on complex projects.
Eric and Nick discuss why understanding your team's natural strengths, motivators, and triggers is just as critical as deploying the right tech stack. From reducing meeting bloat to being more intentional with time and resources, they share real-world lessons on building a culture where people operate in their zone of genius. Plus, they tackle the "what tool would you deploy first" scenario—spoiler: it's not what you think.

🔑 KEY TOPICS COVERED:
Why organizational assessments (CliftonStrengths, Kolbe, PRINT) matter for security teams
How to be more intentional with meetings, time, and team collaboration
First tools to deploy in a new security environment (MFA, YubiKeys, Veronus)
The shift from reactive security to proactive team alignment
Using AI tools like Gemini to streamline communication and decision-making
#CliftonStrengths #Cybersecurity #TeamBuilding #ITLeadership #SecurityCulture #CISOLife #InfoSec #OrganizationalPsychology

What if the difference between AI mediocrity and breakthrough isn't the tool—it's how you architect your approach? Carter Jensen from The Uncommon Business joins the crew to reveal why most people are stuck "button pushing" while others are unlocking 3X productivity gains. This isn't theory; it's the frontline reality of businesses transforming workflows with the right AI architecture. 
If you're tired of surface-level AI hype and ready for actionable intelligence on integrating AI into security, compliance, and everyday business operations, this episode delivers. Whether you're Blockbuster or Netflix is up to you.
🎯 What You'll Learn:
AI Architecture vs. Button Pushing – The mindset shift that unlocks 3-4X productivity gains instead of mediocre results
Real Cybersecurity Wins – How IT teams use AI to speed through compliance audits (PCI, CJIS, HIPAA) and tackle complex security workflows
Enterprise Implementation Truth – Why expensive AI tools fail without strategy, and what actually works for business adoption
The AI Bubble Debate – Is this hype or the biggest business transformation since the internet? Carter brings receipts from the frontlines
Don't let your team fall behind while competitors architect their way to 4X output. This episode arms IT leaders, CISOs, and security professionals with the mindset shift needed to deploy AI that actually moves the needle. Like, share, and subscribe for more cutting-edge cybersecurity and AI implementation strategies! 

#ArtificialIntelligence #Cybersecurity #AIforBusiness #ITaudit #ComplianceAutomation

In this special year-end episode, Joshua Schmidt revisits the most mind-bending moments from The Audit's 2025 season. From Justin Marciano and Paul Vann demonstrating live deepfakes in real-time (yes, they actually did it on camera) to Bill Harris explaining how Google's quantum experiments suggest parallel universes, to Alex Bratton's urgent warning about the AI adoption crisis happening right now in boardrooms everywhere. 
What You'll Learn: 
How adversaries are using free tools to create convincing deepfakes for job interviews and social engineering attacks—and why this represents a national security threat  
Why NASA shut down its quantum computer after getting results that "challenge contemporary thinking" (and the wild theories circulating about what they discovered)  
The critical mistake companies are making with AI integration: racing ahead without governance, security frameworks, or responsible use policies  
How the Pi-hole community exemplifies open-source security at its best—enterprise-grade protection at fractions of the cost  
Why IT teams saying "no" to AI isn't realistic, and what responsible AI adoption actually looks like 
This isn't just a recap—it's a wake-up call. These conversations reveal the inflection points where standing still means falling behind. Whether you're a CISO, security analyst, IT auditor, or business leader trying to navigate AI adoption, these clips offer the perspective you need heading into 2026. 
Don't wait until 2026 to realize you missed the critical shift. Subscribe now for cutting-edge cybersecurity insights that keep you ahead of evolving threats. 
#cybersecurity #deepfake #quantumcomputing #AI #infosec #ethicalhacking #cyberdefense #2025yearinreview