🔥 Nobody Got Fired for Hiring IBM... But Maybe They Should Have

In this episode of Dirty South Security, we're pulling back the curtain on the security industrial complex. Tony UV sits down with Dan Tentler to discuss why small boutique security firms are running circles around the big consulting giants, and why that matters more than ever in the age of AI.

Host: Tony UV
Guest: Dan Tentler

What We Cover:

The Boutique Advantage We break down why procurement processes favor mediocrity, the difference between checkbox security and actual security, and why small firms' "unfair advantages" (speed, skin in the game, and actually giving a damn) are reshaping the industry.

Real Offensive Security Most pentests are security theater. We discuss what adversary emulation actually looks like, the attack techniques keeping security professionals up at night (supply chain attacks, LOLBins, modern C2 frameworks), and the massive gap between what vendors sell and what attackers actually do.

AI: The Offensive Security Inflection Point When everyone has AI, attack surface becomes intelligence surface. We explore how LLMs are being weaponized for polymorphic malware, why prompt injection is the new SQL injection, and why companies building AI without offensive security expertise are sitting ducks.

The Business of Staying Small and Deadly Why we don't want to be a 500-person firm, the scaling trap that kills quality, and how to build sustainable boutique practices through high-value, low-volume models.

Hot Takes & Hard Truths We tackle controversial topics: Are most cybersecurity certifications worthless? Is MITRE ATT&CK just intimidating wallpaper? Zero trust products vs. real zero trust. Bug bounties: innovation or race to the bottom? The ethics of red teaming and where we draw the line.

Key Takeaway:

If your security team can't think like attackers, you're already compromised.

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

Episode 12 - AI in Offensive Security: Cutting Through the Hype 

Host: Tony UV - https://www.linkedin.com/in/tonyuv/

Guest: Andrew Wilson - https://www.linkedin.com/in/awilsonaz/

Is AI revolutionizing offensive security, or simply accelerating what humans already do? In this episode, we cut through the hype and get real about how AI is reshaping vulnerability discovery, exploit development, and red team operations.

🔍 Topics Covered:

1. AI-Powered Vulnerability Discovery

- Static analysis vs LLMs
- AI-guided fuzzing performance
- Signal-to-noise improvements
- Case study: AI vs human researcher
- Scaling AI across enterprise vs startup teams

2. Exploit Development Automation

- Can AI reliably build working exploits?
- Adaptability to target environments
- Evasion techniques vs modern defenses
- What red teams are actually using

3. Large-Scale Offensive Operations

- AI orchestration across thousands of assets
- Prioritization and continuous assessment
- Managing AI-generated data
- Measuring ROI of AI-enhanced testing

4. The AI Arms Race

- Offensive vs defensive AI
- Behavioral mimicry and detection evasion
- Speed, scale, and resource asymmetry
- Autonomous threat modeling

5. Implementation Reality Check

- Where to start with AI in OffSec
- Tool integration and team training
- Budgeting and vendor evaluation
- Compliance and regulatory concerns

💡 Whether you're a security leader, red teamer, or just trying to separate signal from noise, this episode delivers practical insights and strategic foresight.

📺 Watch, subscribe, and join the conversation. 

#AIinSecurity #OffensiveSecurity #RedTeamOps #ThreatModeling #CybersecurityPodcast #DirtySouthSecurity #VerSprite #TonyUV #AndrewWilson

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

In this episode, we’re flipping the script on traditional security thinking. As security champions, we know that resiliency isn’t just a buzzword—it’s the backbone of modern cybersecurity strategy.

Join us as we unpack:

🔐 From Security to Resiliency – Were we too confident in the early days of CISO-ship? We reflect on the evolution of security leadership and what it means to lead with resilience today.

🛡️ Is Product Resiliency Subjective? – What really defines a “resilient” product? We challenge assumptions and explore how context, threat models, and business goals shape the answer.

⚙️ Top 3 Fundamentals for CISOs – We break down the core pillars every CISO should build from to create sustainable, secure, and resilient programs or products.

🔥 CISO Hot Takes – No fluff, just real talk. We share bold opinions on what’s working, what’s not, and where the industry needs to level up.

Whether you're a CISO, security engineer, or just passionate about building better defenses, this episode is packed with insights to help you lead with clarity and confidence.

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

Welcome to Episode 10 of our Dirty South Security podcast series, where we dive deep into the world of marketing within the cybersecurity industry, especially in the context of RSA 2025. In this episode, we tackle some of the most pressing and controversial topics in the field:

Topics Covered:

AI Misrepresentations at RSA and Beyond
Explore the practice of misrepresenting AI solutions in today's industry. We discuss how these misrepresentations impact trust and the overall landscape of cybersecurity.

Marketing Investments: What Works, What Doesn't
Get insights into foundational marketing strategies. We share hot takes on what marketing investments yield the best returns and which ones fall flat.

Pay-to-Play Models
Uncover the dubious paid models that taint the integrity and authenticity of products, people, or services in cybersecurity. We examine how these models affect the industry's credibility.

Join us for an honest and insightful discussion that aims to shed light on the truths and myths of marketing in cybersecurity. 

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

In this episode, Tony UV and Q0PHI are joined by Rafal Lo, a seasoned InfoSec professional, to discuss the intersection of business and information security. 

Tune in as they explore:

1. Aligning InfoSec programs with business objectives
2. Key metrics for measuring InfoSec success
3. The benefits and challenges of leveraging managed services

Don't miss this insightful conversation packed with practical advice and expert insights!

Subscribe to our channel for more episodes and follow us on social media for the latest updates.

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

Welcome to another episode of The Dirty South Security Podcast! In this episode, we are joined by Billy Hoffman as we dive deep into the chaotic world of vulnerability management and explore ways to future-proof your organization's resiliency. Here's what we cover:

I. Vuln Mgt Sucks

•  - We break down the stereotypical vulnerability management process and its pitfalls.
•  - Can CVSS 4.0 (link) save the day?
• Exploring EPSS & KEV and their roles in vulnerability management.

II. End of Life Software: The Story of Our Lives

•  - Discussing the decade-old Cisco ASA vulnerability (CVE-2014-2120) that's  - still being actively exploited.
•  - The mentality around patching, acceptable vulnerability levels, and the ongoing struggle with EOL assets.

III. 1980 - Is it the Complacent Vulnerability Scoring System?

•  - Examining the medium severity CVEs and how most organizations handle them.
•  - Why do many security teams overlook medium-severity vulnerabilities and their impact on overall security?

IV. Autopatching - Did it Ever Arrive? Why Not?

•  - Understanding the complexities of 1:many relationships in patching.
•  - The implications of downtime and why auto patching hasn't become the norm.

V. AI to the Rescue?

•  - Debunking the marketing hype around AI in vulnerability management (link).
•  - Discussing the rise of AI-generated compliance solutions and their effectiveness.

VI. Final Thoughts

• How can we move beyond the outdated 2005 enterprise vulnerability management practices?

Join us as we navigate these critical topics and share insights to help you stay ahead in the ever-evolving cybersecurity landscape. Don't forget to like, comment, and subscribe for more episodes

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

Welcome back to another exciting episode of the Dirty South Cybersecurity Podcast! 🎙️ Your hosts Tony and Q0PHI are joined by an extraordinary guest, Ira Wrinkler, the CISO for CYE Security. Together, they dive into some of the hottest and most controversial topics in the cybersecurity industry today.

In this episode, we discuss:

1. Settling the Talent Supply Debate: Are we under or over-supplied with cybersecurity talent?
2. Certificates: Scam or Gateway?: Are certifications just a learning scam, or are they truly a conduit to getting started in the industry?
3. Globalization Hot Takes: What's working and what's not as companies continue to grow globally?
4. Realistic AI Changes: How are AI advancements realistically affecting tomorrow's cybersecurity landscape?

Don't miss out on this insightful discussion packed with expert opinions and practical advice. Whether you're a seasoned professional or just starting out in cybersecurity, this episode has something for everyone!

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

Welcome to another episode of The Dirty South Cybersecurity Podcast! 🎙️ In this episode, your hosts Tony and Q0PHI dive deep into the world of Application Security (AppSec). They tackle the burning question: Is AppSec dead? 🤔

Join the discussion as they explore the rise of Application Security Posture Management (ASPM) and debate whether ASPM is the new AppSec. Discover the latest trends, insights, and expert opinions on how organizations can stay ahead in the ever-evolving cybersecurity landscape.

🔒 Topics Covered:

The current state of AppSec
Introduction to ASPM
Comparing AppSec and ASPM
Future predictions for application security

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

Join Tony UV and Q0PHI80 at Black Hat 2024 as they discuss these 5 key topics:

1) Crowdstrike Incident - Security Issue, Incident or Neither?
2) QA Testing Today - For Better or for Worse?
3)Geopolitics in the Role of Cybercrime- Forgotten X-Factor or Integrated Background Influence?
4)Automated Pen Testing- Fact or Fiction for the Future?
5) Role of AI in Adversarial Simulations 

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.

In this eye-opening podcast, Join Tony UV and Stephen Asamoah as they dissect the top 10 pressing issues and shed light on the path toward better enterprise security practices. Don’t miss out—hit that subscribe button and stay informed! 

Top 10 Issues
#1. No One Wants Real Security
#2. Corporate Politics
#3. Compliance Still in Driver's Seat
#4. Security is Overpriced & Your Program is Broke
#5. Most "CISOs" Know Very Little About Security. 
#6. Endless Remediation Queues
#7. Poor Habits in Risk Treatment
#8. The Skills Gap is Real
#9. Everyone is Burnt Out
#10. Security Islands - Isolated Security Process across a Security Program Ecosystem

// FIND VERSPRITE’S CYBERSECURITY TEAM ONLINE //

• VerSprite: https://versprite.com/
• LinkedIn: https://www.linkedin.com/versprite-llc/
• Twitter: https://twitter.com/versprite/
• YouTube: https://www.youtube.com/c/VerSprite

// ABOUT VERSPRITE //
VerSprite is a leader in risk-based cybersecurity services and PASTA threat modeling, enabling businesses to improve the protection of critical assets, ensure compliance, and manage risk. Our mission is to help you understand and improve your organization’s cybersecurity posture. With cyberattacks increasing in number and sophistication daily, it is crucial to protect your organization’s assets, protect your clients, and maintain the same, excellent reputation and trust you have worked hard to build. We believe that an integrated approach will result in better and more cost-effective security practices and business outcomes.