Smart buildings used to be a facilities concern; now they behave like distributed systems that can be probed, abused, or ransomed. In this narrated edition of “Concrete and Code: Smart Buildings as the Quiet New Attack Surface,” we walk through how access control, building management systems, cloud dashboards, and vendor VPNs have converged into a single, often unowned, cyber-physical domain. You’ll hear why leaders need to treat operational technology (OT) and smart building stacks with the same architectural seriousness as cloud and identity, and how long-lived capital decisions quietly shape your risk posture for decades.

Across the episode, we unpack the core sections of the Wednesday “Headline” feature from Bare Metal Cyber Magazine: the evolution from static buildings to software-defined environments, the real anatomy of smart building stacks, the ways buildings become ransom assets, and the governance vacuum that often surrounds them. We finish with pragmatic leadership moves: reference architectures for campuses, non-negotiables for vendor access and segmentation, and procurement levers that turn vague “smart” upgrades into defensible, testable systems. If you’re responsible for risk, resilience, or technology strategy, this is a chance to rethink how you see the walls around your data and people.

Secrets management for API keys, tokens, and passwords is often the quiet difference between a minor configuration mistake and a major breach. In this narrated audio version of my Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through what secrets management really means in day-to-day work. You will hear how vaults, runtime retrieval, rotation, and access policies fit together, and why they matter for developers, operators, and security teams trying to keep up with modern cloud-native environments.

The episode also explores where secrets management shows up in real workflows, from CI pipelines and microservices to admin tools and support processes. We unpack quick wins like removing hard-coded credentials from source control, as well as deeper patterns such as dynamic credentials and just-in-time access. Along the way, you will get a clear view of the benefits, trade-offs, common failure modes, and healthy signals that show secrets are being treated as real operational assets, not just background details.

This episode walks through CompTIA Project+ (Project+) as a practical first step into project leadership for early-career IT and cybersecurity professionals. You will hear what the certification actually covers, who it is designed for, and how it helps you move from “just doing tasks” to guiding real projects with scope, timelines, risks, and stakeholders. The narration is based on my Monday “Certified” feature from Bare Metal Cyber Magazine and keeps the focus on clear, real-world language instead of heavy jargon or rigid frameworks.

You will also get a grounded look at what the exam really tests, how it feels in terms of scenarios and decision-making, and where Project+ fits in a broader career and certification path. That includes how hiring managers tend to view it, why it pairs well with technical certifications, and when it makes sense to pursue more advanced project credentials. If you want to go deeper, there is a full audio course for CompTIA Project+ inside the Bare Metal Cyber Audio Academy that expands on these ideas and supports a more structured study plan.