Sign up to save your podcasts
Or
Share Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice
In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.
This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.
Topics covered include:
- "Just enable MFA everywhere" — why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open
- "EDR will catch it" — the danger of over-relying on a single control, including a little-known CrowdStrike behavior where it self-disables on domain controllers at 90% resource utilization — often completely unnoticed
- "Patch everything immediately" — why blind speed creates its own operational risk, and how to build a prioritized, high-risk patching process that actually works
- "Least privilege everywhere" — why removing permissions without providing alternatives drives workarounds, shared accounts, and exceptions that undo the whole point
- "Follow the framework and you're secure" — why compliance is a starting point, not a finish line, and what most standards actually require vs. what actually reduces risk
- Focusing on attack paths over checklists — why thinking like an attacker leads to better security decisions than ticking boxes
Brad and Spencer close with what actually works: context-driven decisions, management buy-in, clear communication when making sweeping changes, and validating every control through internal penetration testing. As Spencer notes, most clients don't have full confidence in their EDR and SOC after a pentest — and that's exactly why trust but verify matters.
Also mentioned: Spencer and Brad's upcoming Tools of the Trade workshop at the ILTA Evolve conference in Denver.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
View all episodes
By SecurIT360
5
1515 ratings
In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.
This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.
Topics covered include:
- "Just enable MFA everywhere" — why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open
- "EDR will catch it" — the danger of over-relying on a single control, including a little-known CrowdStrike behavior where it self-disables on domain controllers at 90% resource utilization — often completely unnoticed
- "Patch everything immediately" — why blind speed creates its own operational risk, and how to build a prioritized, high-risk patching process that actually works
- "Least privilege everywhere" — why removing permissions without providing alternatives drives workarounds, shared accounts, and exceptions that undo the whole point
- "Follow the framework and you're secure" — why compliance is a starting point, not a finish line, and what most standards actually require vs. what actually reduces risk
- Focusing on attack paths over checklists — why thinking like an attacker leads to better security decisions than ticking boxes
Brad and Spencer close with what actually works: context-driven decisions, management buy-in, clear communication when making sweeping changes, and validating every control through internal penetration testing. As Spencer notes, most clients don't have full confidence in their EDR and SOC after a pentest — and that's exactly why trust but verify matters.
Also mentioned: Spencer and Brad's upcoming Tools of the Trade workshop at the ILTA Evolve conference in Denver.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
More shows like The Cyber Threat Perspective
View all
CyberWire Daily
1,028 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Headlines
139 Listeners