Certifications play a central role in cybersecurity career development.
Yet many experienced engineers find themselves failing exams they should easily pass.

The problem isn’t a lack of knowledge or skills.

It’s the disconnect between real-world security work, and certifications built around memorization, UI trivia, and version-specific details that will be obsolete in two months.

In this episode of Threat Talks, Rob Maas (Field CTO, ON2IT) and Nicholai Piagentini(Technical Enablement Engineer, ON2IT) break down why this happens, how certification exams are designed, and how to pass any cybersecurity certification without memorization or falling for trick questions. 

They explore how well-written exams validate real job tasks, while poorly designed ones drift into reading comprehension, UI trivia, and version-specific details that lose value the moment the product changes.

From blueprint-driven preparation to smart elimination tactics and knowing when not to overthink an answer, this is a grounded look at how to pass any certification for meaningful cybersecurity qualifications.

Timestamps

Key Topics Covered

·         Why many certification exams fail at measuring real-world cybersecurity skills

·         How to pass cybersecurity certification exams by focusing on concepts, not memorization

·         What makes a good vs bad exam (and how vendors design them)

·         Practical tactics for exam day, preparation strategies, and dealing with nerves

Resources

·         Threat Talks: https://threat-talks.com/ 

·         ON2IT (Zero Trust as a Service): https://on2it.net/ 

·         AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

When it comes to running an airport, there’s no room for error.

Any casualty is one too much.

That’s the reality of all airports, including DFW Airport. It’s a 28-square-mile operation, bigger than the island of Manhattan, functioning as a city with its own police, fire services, OT environments, and always-on digital infrastructure.

In this Threat Talks episode, Lieuwe-Jan Koning (Co-Founder and CTO, ON2IT) sits down with Eric Bowerman (CISO of DFW Airport), to unpack how cybersecurity actually works when IT, OT, and physical safety collide. 

From digital transformation security to real-world OT security and IT/OT convergence, this is a rare, grounded look at defending critical infrastructure where failure isn’t theoretical - it’s operational.

Timestamps

Key Topics Covered

• How a major airport functions as a digital city with IT, OT, and cyber-physical risk
• Practical OT security strategies when patching and downtime aren’t options
• Why IT/OT convergence changes threat modeling, segmentation, and detection

Resilience-first security: keeping passengers, planes, and operations moving

Click here to view the episode transcript.

Threat Talks website: https://threat-talks.com/
ON2IT website: https://on2it.net/

If you’re responsible for critical infrastructure, OT environments, or large-scale digital transformation, this episode is essential viewing.

🔔 Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

===
► YOUTUBE: / @threattalks
 ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E

► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

Detection fails without identity. 
When activity isn’t tied to a person, anomalies stop telling a story - they’re just signals without context. And when your logs only show IP addresses, your security team is left responding to shadows, not real risk. 

In this Threat Talks Deep Dive, Rob Maas (Field CTO, ON2IT) and Nicholai Piagentini (Technical Enablement Engineer, ON2IT) show how identity-based firewalling fixes that-by enforcing policy based on who the user is, not where they connect from.The result: stronger network access control, cleaner zero trust firewall enforcement, and better enterprise security decisions. 

• (00:56) - Intro - Detection fails without identity

Related ON2IT content & explicitly referenced resources
https://threat-talks.com/
https://on2it.net/
https://www.ams-ix.net/ams

Threat Talks connects cyber threats to operational reality-so CISOs and architects can make decisions faster.

Subscribe, follow, and turn on notifications to stay ahead of what changes enterprise security next.

Click here to view the episode transcript.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Most organizations ask one question:
 “Are we compliant?”

The question that actually matters is:
 “Will we still be operating when things go wrong?”

In this Threat Talks episode, Lieuwe Jan Koning speaks with Jasper Nagtegaal about what NIS2 is really trying to change - and why cyber resilience fails when organizations treat it as a policy exercise instead of a business risk.

This isn’t about regulators.
It’s about how digital risk is explained, understood, and acted on - from technical teams to the boardroom - and why organizations that meet NIS2 in practice think very differently from those that end up explaining them.

• (00:15) - Fine or resilience: the question that changes everything

Click here to view the episode transcript.

You’re Port Control. A vessel requests entry.
No captain. No crew. Just autonomy.

In maritime cybersecurity, the risk isn’t that the ship is autonomous.
It’s that you no longer know who’s steering.

Lieuwe Jan Koning (Co-Founder & CTO, ON2IT) joins Stephen McCombie (Professor of Maritime IT Security, NHL Stenden) and Hans Quivooij (CISO, Damen Shipyards) to expose the illusion of control in autonomous shipping - where technology moves fast, responsibility blurs, and regulation lags behind.

• (00:05) - No captain, just code: the Port Control dilemma

Related ON2IT content & explicitly referenced resources
Before the Mayday: Cyber Attacks at Sea: https://www.youtube.com/watch?v=4rxWUmjbYOo 
Hack the Boat episode: https://www.youtube.com/watch?v=Xa0TJ3eRTCw 
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Threat Talks connects cyber threats to operational reality - every week.
Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

Click here to view the episode transcript.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Could Stuxnet happen again - this time at sea?

In this Threat Talks episode, host Lieuwe Jan Koning sits down with Professor Stephen McCombie, global expert in maritime cybersecurity, to unpack real-world cyber attacks on critical infrastructure and why the maritime sector is dangerously exposed.

From GPS spoofing and insider threats to aging ship systems and state-sponsored attacks, this conversation reveals how maritime cyber risk is no longer theoretical - it’s already disrupting global trade, safety, and geopolitics.

If your organization depends on shipping, ports, or industrial OT environments, this is an episode you really shouldn’t ignore.

• (00:00) - – 01:15 Why Cyber Attacks at Sea Matter

Related ON2IT Content & Referenced Resources
Threat Talk episode - Hack the Boat: https://youtu.be/Xa0TJ3eRTCw?si=oQPhu4iyfVJEh0CQ 
Threat Talk episode - Maritime Cyber Attack Database: https://maritimecybersecurity.nl/ 
Threat Talk website: https://threat-talks.com/
ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams
https://www.mcatdatabase.org/
https://www.nhlstenden.com/
https://www.marinetraffic.com/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

2025 was the year detection stopped being enough.
Because attacks stopped behaving the way detection was built to handle.

OT systems were hit with real-world consequences. AI stopped being just a productivity tool and became an attacker. And SOCs discovered - often painfully - that speed alone still means reacting too late.
In this special end-of-year Threat Talks episode, Lieuwe Jan Koning is joined by Luca Cipriano, Yuri Wit, and Rob Maas, all in ugly Christmas sweaters, to unpack why the cybersecurity trends of 2025 represent a structural break, not a gradual evolution.
They trace how attackers scaled faster than defenders, why SOC automation became unavoidable, and how preemptive security and Zero Trust execution are emerging as the only way to regain control.
This isn’t a recap for curiosity.
It’s a map of how we got here - and what must change in 2026 to stay ahead.

• (00:00) - Introduction: why 2025 felt fundamentally different

Related ON2IT Content & Referenced Resources
I-Soon episode
https://www.youtube.com/watch?v=Rkp4OWOcCeU&t=1s

Salesloft supply chain attack episode
https://www.youtube.com/watch?v=_asJ2AN7cbA

PromptLock malware episode
https://www.youtube.com/watch?v=lKcUwLPBC8k

MCP security episode
https://www.youtube.com/watch?v=IkV6jkuYz5g

Zero Trust episodes playlist
https://www.youtube.com/playlist?list=PLF5mXtEG4t5wigSRB3fpyFfMYp3l1Ux2g

Zero Trust infographic (PDF)
https://on2it.s3.us-east-1.amazonaws.com/250429_Infographic_ZT.pdf

Threat Talks is built for CISOs and security leaders navigating real trade-offs—not vendor promises.
Subscribe for grounded insight on Zero Trust execution, AI-driven threats, SOC automation, and preemptive security from practitioners in the field.

Click here to view the episode transcript.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Could a single BGP trick really break the internet?

A new “BGP Vortex” claim says yes  - by abusing route oscillation and BGP communities to trigger endless update loops and exhaust router CPU. So we check what actually holds up in the real world.
In this Threat Talks Deep Dive, Rob Maas, Field CTO at ON2IT, sits down with Eric Nghia Nguyen Duy, Network Engineer at AMS-IX, to understand what BGP (short for Border Gateway Protocol) actually does, how the proposed Vortex mechanism works (route oscillation + community behavior), and why real-world internet operators are far more resilient than the headline suggests.
Yes, it’s an attention-grabbing claim.

No, it’s not a “break the whole internet tomorrow” button.

• (00:00) - – 02:29 Introduction: The BGP Vortex Claim

Resources
• BGP Vortex research paper: https://www.usenix.org/system/files/usenixsecurity25-stoeger.pdf 
• BGP Vortex presentation video: https://www.youtube.com/watch?v=dd6L1mdQLmk
• Threat Talks: https://threat-talks.com/
• ON2IT (Zero Trust as a Service): https://on2it.net/
• AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

Click here to view the episode transcript.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Attackers are abusing a WSUS flaw - Microsoft’s Windows Server Update Services - to detonate PowerCat, spawn reverse shells, and plant ShadowPad. All from the update server your entire Windows estate trusts by default.

One weak crypto key and a broken deserialization function let attackers hit your WSUS server with unauthenticated SYSTEM-level code execution. Chinese APT groups are already exploiting it to drop malware in memory, blend into legitimate WSUS traffic, and pivot deeper into the network.

Yes WSUS patch exists, but even if you patch it today, the real problem remains:
Your WSUS server is a high-value target with high-trust pathways - and most environments expose it far more than they think.

Watch host Lieuwe Jan Koning - with Blue Team expert Rob Maas and Red Team lead Luca Cipriano - break down how the exploit works, how attackers chain it into real-world intrusions, and the Zero Trust fixes that actually matter.

• (00:00) - Intro

Episodes Mentioned
• China Nexus Barracuda Hack: https://www.youtube.com/watch?v=4X9AmBhOmSA
• APT Sand Eagle: https://youtu.be/U5qdERmvEwg?si=kdsCJDNkGjs6Lklz
• APT 44 / Seashell Blizzard: https://youtu.be/JqA0Irspxrc?si=nnJpz7VnLtz38LN4
• APT Handala: https://youtu.be/XYf-SMhQdDc?si=WpIE0h9Q-pokz0MD

Guest & Host Links
Rob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/
Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/

Additional Resources
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

Click here to view the episode transcript.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

It was built to secure service accounts.
Instead, it became the cleanest privilege-escalation vector of 2025.

They called it Bad Successor (A.K.A. CVE-2025-53779).

A new “secure by design” feature in Windows Server 2025 -DMSA -was supposed to fix service account hygiene. Instead, it introduced a loophole where attackers could claim successor status, skip password requirements, and silently inherit elevated rights from any target account.

Including domain admin.

Even after Microsoft patched the issue, the deeper risk remains:
Service accounts are over-privileged, under-monitored, and dangerously trusted -and adversaries know it.

This isn’t a niche AD misconfiguration.

It’s a privilege-escalation design flaw hiding inside a security feature, and a warning shot for every environment leaning on default trust in the identity layer.

Watch host Rob Maas, Field CTO at ON2IT, and Luca Cipriano, CTI & Red Team Lead at ON2IT break down how Bad Successor works, how attackers exploited it, and what a Zero Trust AD strategy actually looks like in 2025.

• (00:00) - Intro & why service accounts still matter

Got your attention?
Subscribe to Threat Talks and turn on notifications for deep dives into the world’s leading cyber threats and trends.

Guest and Host Links:
Rob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/
Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/

Additional Resources
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Click here to view the episode transcript.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX