What if your “credit score” wasn’t the full story?Frank and Dr. Dustin uncover LexisNexis, the massive data broker quietly collecting everything about you — from your social posts and insurance claims to your driving habits (even roller coasters count).💥 In this episode:The hidden company that knows more about you than Equifax or ExperianWhy you can’t easily see, freeze, or delete your LexisNexis fileThe outrageous “roller coaster incident” that broke a man’s insurance ratingHow U.S. privacy laws fail to protect your data — and why you’re still the productPlus: Taco Bell’s failed AI experiment & what it reveals about the limits of artificial intelligence📺 Watch to the end for a hilarious (and slightly terrifying) discussion on AI gone wrong — from 100,000 tacos to SOCs that might order them next.Subscribe for more Legitimate Cybersecurity deep dives — where we mix real-world cyber truths with humor, clarity, and brutal honesty.👉 Listen anywhere you get podcasts💬 Join the community: r/LegitimateCyber🎙️ Hosted by Frank Downs & Dr. Dustin BrewerChapter Breaks00:00 – Cold Open: The roller coaster that broke his insurance00:20 – “There’s a company tracking your life — and it’s not Equifax”01:25 – The Big Three vs. the unseen fourth: LexisNexis03:44 – How LexisNexis profiles you: social, insurance, driving, and debt05:34 – The invisible rules: Not a credit bureau, not regulated07:36 – Frank’s nightmare: trying to request your LexisNexis file09:29 – “It knows your driving habits — and it’s probably wrong”11:51 – Where’s the line for privacy, jobs, and mortgages?13:18 – Data pollution: Can you flood your profile with fake info?14:11 – OPM breach, lost privacy, and why we’ve already been exposed15:34 – Privacy vs. necessity: the cost of living in a connected world17:22 – Capitalism, democracy, and the right to your own data19:44 – “It just hasn’t made you upset yet”: why no one fights back20:48 – Data ownership: should we get paid for our data?23:10 – The last bipartisan law (and why it was about dogs, not data)27:22 – Hard left turn: Taco Bell’s AI disaster29:44 – The limits of AI — and why you’ll always need humans31:17 – Machine learning déjà vu in cybersecurity32:13 – Cloud, costs, and the AI uncanny valley33:37 – Wrap-up: The real threat behind the “shadow credit bureau”#cybersecurity #dataprivacy #lexisnexis #databrokers #ShadowCredit #ai #consumerprotection #privacyrights #infosec #legitimatecybersecurity

Dr. Dustin Brewer just passed his dissertation defense (👑 incoming), so we celebrated the only way we know how: by tackling Reddit’s most controversial cybersecurity questions—no fluff, real talk.In this episode, Frank Downs and (now) Dr. Dustin break down:How to brief a non-technical board so they actually fund security (tie risk to $$, ops impact, and avoid doom-mongering).What should already be automated (network topology & asset management… why isn’t this solved yet?).Should you take a pay cut to break into cyber? The honest “it depends” with finance, family, and sanity in mind.Unpopular opinions: degrees vs certs, do you need to code, and why humility beats fake expertise.“Cybersecurity sucks”—when it does, why it does, and how to know if it’s time to pivot.Where the next gen of cyber talent will come from (CS, bootcamps, liberal arts, law… and maybe alien overlords 👽).👉 New episodes every week.💬 Press or communications inquiries:👇 Chapters below for quick jumping.If you found this helpful, smash Like, drop your spiciest hot take in the comments, and Subscribe for weekly episodes.Chapter Breaks00:00 – Frank crowns Dr. Dustin Brewer (graduation, hoods, and coronation jokes)01:42 – How do you explain risk to a non-technical board?03:16 – From vuln counts to business dollars ($500k vs $23M losses)05:26 – Avoiding “boy who cried wolf” cyber doom-scenarios09:37 – What should already be automated in cybersecurity?10:25 – Network topology & asset management: the automation failures15:25 – Frank’s asset management horror story (Vista laptop box fail)15:51 – Should you take a pay cut to get into cybersecurity?19:20 – Frank’s unsolicited marriage advice for career-changers22:19 – You are not your job: cyber ≠ your identity23:22 – Unpopular opinions: degrees vs certs, no coding required29:30 – Why you still need a risk register29:51 – “There are no experts in cybersecurity”… or are there?35:33 – Does cybersecurity suck? When it does, and why37:37 – Frank’s dentist “tongue suction” horror story → career clarity42:26 – Where the next generation of cyber talent will come from47:48 – Final thoughts & wrap-up#cybersecurity #ciso #riskmanagement #cybercareers #automation #infosec #cyberjobs #reddit #legitimatecybersecurity

Why should you listen to us? Honestly—you shouldn’t. But if you do, know this: we’re not just two jokers talking theory.In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer open up about their real beginnings—from accidental entry into US Intelligence after 9/11, to packet-hunting puzzles, Wi-Fi tinkering, and Linux dependency hell, to Dustin’s Coast Guard days that led him into DoD cyber operations and battlefield coding.What you’ll hear:Frank’s unexpected pivot from English major → Arabic → US Intelligence → Packet Hunters → ISACA → vCISODustin’s childhood obsession with modems, Prodigy, and “Hackers” → DoD cyber ops → Iraq deployment software award → BlueVoyant leadershipWhy Wireshark still matters more than ever in an encrypted worldThe three inflection points that changed Frank’s career foreverWhy frameworks (NIST, ISO, HITRUST) keep failing—and Dustin’s PhD research into the human factor of securityWhat we focus on today: AI, vCISO work, penetration testing, and the balance of family + cyber🎯 If you’re looking for career inspiration, real stories, and unfiltered lessons from two practitioners who’ve done the work—this episode is for you.Timestamps below.📩 Questions? admin@legitimatecybersecurity.com💬 Drop a comment—we reply fast.🔔 Subscribe for more real-world cybersecurity with humor and honesty.Chapter Breaks00:00 Cold Open – “Why should you listen to us? You shouldn’t.”00:19 Meet your hosts: Dustin & Frank00:36 Why this episode: career steps & credibility check01:23 Setting the stage: our backgrounds in cyber02:06 Frank’s accidental entry into cybersecurity (post-9/11, US Intelligence)03:26 The language grind: Arabic immersion & Spanish surprises05:24 From Nordstrom suits to DoD analyst (wrong master’s degree first!)07:15 Building real skills, Packet Hunters, and ISACA transition07:40 Discovering Wireshark: packets as puzzles with real-world impact09:02 Wi-Fi experiments, streaming flex, and home internet humility09:48 Frank’s advice: explore cyber early—or you’ll be miserable10:19 Dustin’s story begins: Palm Bay, Florida + engineering neighbors11:14 Simpsons saxophone teacher → first coding mentor12:32 AOL for DOS, Prodigy, CompuServe → modem obsession13:26 Networking excitement & “Hackers” movie inspiration14:23 Linux from scratch & dependency hell at age 1515:17 School vs passion: community college frustrations → military track16:25 Coast Guard IT school → voluntold to Fort Meade (DoD cyber ops)18:03 Ground-up learning → teaching others by doing19:13 Linux from scratch = trial by fire learning19:51 Wireshark packet analysis as the foundation skill21:02 Policy + frameworks: the cowboy days before NIST awareness22:43 Frank’s 3 inflection points: contracting leap, Packet Hunters, discovering NIST25:50 Dustin’s inflection points: first root login, Project Phalanx, Iraq software success27:54 Building impactful systems → Army Achievement Medal for battlefield code29:27 Perspective: cyber ops under fire → calm in the private sector30:22 Frank now: family focus, vCISO variety, and AI’s cultural impacts34:14 Tech culture & identity: from iPods to Meta glasses34:53 Dustin now: pen testing, vuln mgmt, and a PhD on framework adoption37:42 Why frameworks keep failing: the human layer39:31 Rethinking cybersecurity like medicine, not just militaristic defense40:15 How to reach us & engage with the show41:04 Sign-off#cybersecurity #careerstories #packets #wireshark #linux #dod #usintelligence #techcareers #careeradvice #pentesting #vCISO #humanfactors #ai #frameworks

Are algorithms helping—or handling—you? Frank and Dustin dive into how recommender systems, data brokers, and AI-powered platforms shape your news, drives, purchases, health, and even relationships. From TikTok fear-mongering to Cambridge Analytica, OPM’s breach fallout, Google Maps routing incentives, Amazon “sponsored” defaults, and Facebook’s engagement shift—this episode asks the hard question: are you in control, or are you being steered?We also hit the nuance: when AI spots tumors earlier and flags outbreaks faster, do the ends justify the data means? Echo chambers, algorithm “poisoning,” privacy laws (or lack thereof in the U.S.), and the real-world line between convenience and manipulation—plus the wild story of a nurse who could smell disease before doctors could test for it.🎧 Subscribe for sharp, funny, no-fluff cyber talk every week.💬 Drop your take: are you comfortable trading agency for convenience?—👥 Hosts: T. Frank Downs & Dustin Brewer🎙️ Podcast + clips: @LegitimateCybersecurity🧠 Subreddit: r/LegitimateCyber🔔 Like, subscribe, and share to beat the algorithm at its own game.Chapter Breaks00:00 – Cold Open: “If you’re not paying, you’re the product.”01:20 – TikTok: personalization vs. geopolitics02:37 – OPM breach & SF-86: the most intimate data spill04:08 – Data brokers & geolocation: finding anyone (even Congress)05:22 – The U.S. privacy gap (hello CCPA, goodbye federal law)06:11 – Shadow credit files: LexisNexis, GM telemetry & your insurance07:45 – Maps that nudge: are routes sold to brands?08:23 – Amazon’s “sponsored” defaults & subtle purchase steering09:39 – “Emergent behaviors” & divisive feed design10:53 – Can we trust any filter—and do we have options?11:30 – AI is code (and code is messy): hallucinations & ad-stuffed search12:27 – Living private vs. living miserable: the balance problem15:16 – Biased training data: we met the trainer and it’s us17:47 – Medicine wins: diagnostics vs. the data tradeoff19:30 – Joy Milne & “the smell of disease”: human pattern-finding#cybersecurity #algorithms #privacy #ai #databrokers #tiktok #opm #EchoChambers #RecommenderSystems #DigitalEthics #Nudging #LegitimateCybersecurity22:44 – AI for signals, humans for meaning23:34 – Robots, laundry… and the rental future24:57 – Do people want out of echo chambers?26:57 – Comfort vs. being “right”: why rage sells27:24 – Algorithm poisoning ethics: self-defense or sabotage?28:11 – The kindness trap: loneliness, AI compliments & harms30:16 – What practitioners should do: policy, guardrails, education32:25 – The inevitable? Choosing agency in a steered world33:16 – Outro: “If this was recommended to you…”

What do submarines, Linux servers, Apple X Servers, and SOC analysts all have in common? They were all part of Chris Adkins’ path into cybersecurity. In this episode of Legitimate Cybersecurity, Frank and Dustin dive deep with Chris as he shares his unique journey from being a sonar technician in the U.S. Navy to breaking into cyber through a SOC—and eventually advising top companies through breaches and building cyber programs.We cover:How non-traditional paths (like the Navy) can launch cyber careersThe evolution of SOC life and tools (FireEye, ArcSight, Palo Alto, CrowdStrike, etc.)The AI security paradox: why AI will cause more breaches, not fewerWhy leadership culture determines breach resilienceThe controversial new “Letters of Marque” bill that could legalize U.S. cyber privateersThis episode is packed with career lessons, insider war stories, and the kind of weird/funny hypotheticals that only Legitimate Cybersecurity delivers.⏱️ Chapter Breaks00:00 – Intro & Chris’ non-traditional entry into cyber01:20 – Life on submarines & discovering IT underwater04:20 – From BackTrack to BP: finding cybersecurity as a career07:00 – SOC life at BP: Panama shifts, POCs, and new tools10:40 – FireEye, EDR, and the evolution of detection tech13:50 – Why AI may actually increase breaches16:30 – Career changers & why it’s hard to “get into cyber”20:00 – The problem with cybersecurity education & perception27:30 – The “Letter of Marque” bill: cyber privateers?!38:40 – Post-breach consulting: calming chaos & fixing culture44:20 – Bias, assumptions, and the hidden root of breaches50:00 – If SOCs ran on ChatGPT: complaints & HR problems52:40 – Funniest phishing excuses & cyber training fails59:40 – Leadership, culture, and why CEOs define cyber success1:03:30 – Wrap up & Chris’ future return#Cybersecurity #Hacking #AI #SOC #CyberCareers #LegitimateCybersecurity #NavyToCyber #Infosec

Former FBI agent and attorney Vincent “Vinnie” D’Agostino (now Head of Digital Forensics & Incident Response at BlueVoyant) joins us to unpack dark web takedowns, real DFIR process, and how a “range” of skills (law, tech, stand-up, curiosity) compounds into cyber success.We cover:How a team helped take down the dark web—twiceDFIR reality vs myth: scoping, persistence hunts, EDR triage, due diligence in M&AThe RDP ≈ drunk driving analogy you’ll never forgetFBI - Private sector: what translates (and what doesn’t)Career advice for students & pros in the age of AI: become “rangeful,” seize moments👥 Guest: Vincent D’Agostino — Head of DFIR @ BlueVoyant; former FBI agent & attorney🎙 Hosts: Frank Downs & Dustin Brewer📌 Subscribe for deep, funny, legit cyber every week.Chapter List0:00 Cold Open — “Dark Web x2”0:22 Intro & Who is Vincent D’Agostino1:05 8086, 5MB HDD & falling in love with computers5:30 From law to FBI: timing, tech, and reality checks10:45 Cyber squads, TOR, Bitcoin & dark web context16:30 DFIR in practice: scoping, EDR, persistence hunts24:30 The RDP ≈ drunk driving analogy every CISO needs29:30 Competence over politics (how to show up in calls)34:30 Career “Range”: why hobbies compound into expertise45:30 M&A due diligence: IR skills without the sirens51:00 Humor as a tool: rapport in dark situations57:00 3 Takeaways + Subscribe/Next Episode#DarkWeb #DFIR #DigitalForensics #IncidentResponse #FBI #BlueVoyant #Cybersecurity #CyberPodcast #ThreatHunting #EDR #Velociraptor #SentinelOne #Ransomware #CISO #Bitcoin #TOR #BlueTeam #CareerAdvice #AI #LegitimateCybersecurity #MandA #DueDiligence

ChatGPT-5 is here — but is it really the leap forward everyone’s claiming? In this episode of Legitimate Cybersecurity, Frank and Dustin break down the hype vs. reality. From coding disasters that “look pretty but don’t work,” to AI being more like “that coworker who makes everything harder,” we explore what this means for hackers, defenders, and the future of cybersecurity.👉 Is ChatGPT-5 truly artificial intelligence, or just machine learning with a better paint job?👉 Can AI pass cybersecurity exams like the CISSP?👉 Will AI babysit your kids one day — and should that terrify you?Stay tuned for the myths, the laughs, and the real risks.Watch to the end for a wild take on Star Trek, civil wars, and whether AI could really replace humans.#AI #CyberSecurity #ChatGPT5 #Hacking #TechNewsChapter List:0:00 – Cold Open (funny/hooky clip)0:10 – Welcome + Episode Setup1:00 – What’s Actually New in ChatGPT-5?3:00 – Pretty Code That Doesn’t Work5:00 – AI as the Annoying Coworker7:00 – Is This Really AI or Just ML?10:00 – Hackers Don’t Care If It’s Wrong13:00 – Cognitive Offloading + Laziness Debate15:30 – Weird Time: Frank’s Coding Fail Story18:30 – The Rise of Prompt Engineers21:00 – AI Gone Wrong (Teen Suicide Example)23:30 – Postmodern Truth & Poisoned Data Sources27:00 – Can AI Pass the CISSP? Cheating & Proctors33:00 – The Real Definition of AI (John McCarthy 1956)36:00 – AI Slop in Writing and Coding38:30 – Certification Exams & The Drunk Security Practitioner40:30 – Wrap Up: ChatGPT-5 = Faster, Not Smarter#ChatGPT5 #CyberSecurity #ArtificialIntelligence #TechNews #Hacking #MachineLearning #AIHype

What if you could break down every cyberattack into just 7 steps?In this episode of Legitimate Cybersecurity, Frank and Dustin dive deep into the Cyber Kill Chain — Lockheed Martin’s 7-stage framework for understanding and stopping attacks — and compare it to the MITRE ATT&CK framework, hacker methodology, and even… honeypots, magicians, and Christopher Nolan films.We cover:The 7 stages: Recon, Weaponization, Delivery, Exploitation, Installation, C2, and Actions on ObjectivesWhy insurance companies make cyber defense harderWhy honeypots are the “magician’s trick” of cybersecurityHow to explain attacks to executives so they actually careTangents about Comic-Con, The Simpsons, Star Trek, and South Park (because of course we did)Whether you’re a seasoned pro or just cyber-curious, this episode makes frameworks fun. And dangerous. And maybe slightly nerdy.💬 Drop your favorite Kill Chain phase in the comments!#CyberKillChain #CyberSecurity #EthicalHacking #MITREATTACK #PenTesting #InfoSec #Honeypots #CyberInsurance #CyberDefense #NIST #LockheedMartin #LegitimateCybersecurityPodcastChapter List00:00 – Welcome & accidental name change to “The Cyber Kill Chain Podcast”00:37 – Comic-Con chaos & nerd solidarity01:40 – What is the Cyber Kill Chain? (And why Lockheed Martin made it)03:18 – Cyber Kill Chain vs. MITRE ATT&CK: Different perspectives05:22 – Insurance nightmares & cyber policy loopholes08:03 – The 7 stages explained (Recon → Actions on Objectives)14:42 – Framework overload & mapping standards18:59 – Real-world pen test insights & APT patience21:19 – Teaching grad students & professor naming quirks23:03 – AI politeness, South Park, and AI “relationships”25:01 – Cybersecurity fatigue & losing the funding edge28:22 – Where defenders can actually break the Kill Chain29:41 – Honeypots: magician’s trick or wizard’s weapon?34:42 – Christopher Nolan, The Prestige, and Wireshark wizardry38:13 – Why conveying frameworks simply wins the boardroom40:26 – Wrapping up: Vote for us & leave your questions