"If you're behind on updates, you're vulnerable."

Episode Highlights

[00:53] macOS security myths and built-in protection limits
[01:40] How fake installers and malvertising trick users
[02:39] Why trusted searches can still lead to malware
[04:44] Adding proactive security beyond Apple defaults
[06:06] Why personal devices create organizational risk

Security engineer Zak Cowan joins the conversation to break down a malicious macOS campaign using fake installers and search result manipulation. The discussion challenges common assumptions about built-in Apple protections, highlights how users are tricked into installing malware, and explains why updates, monitoring, and personal device security all play a critical role in reducing risk.

Resources

Redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

"Communication is one of the biggest parts of making vulnerability management work."

Episode Highlights

[00:44] Start with understanding your environment and technology stack

[01:21] Prioritizing vulnerabilities based on risk and business impact

[03:16] Tracking vulnerabilities without overwhelming engineering teams

[05:58] Communication and collaboration to ensure vulnerabilities get fixed

[08:40] Mitigating risk when patches or fixes are unavailable

[11:17] Why vulnerability management must continuously evolve

Building a vulnerability management program takes more than installing a scanner. Staff security engineers Trevor Wilson and Ethan Wolkowicz join the conversation to share what it actually takes to build and improve a vulnerability management program. The discussion covers how teams assess risk, prioritize fixes, work with engineering teams, and avoid overwhelming everyone with alerts. Vulnerability management is never finished. As this episode highlights, it must evolve as threats, tools, and compliance requirements change.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

"Security needs to continue to function regardless of that leader being there or not."

Notable Moments

[00:01] Leadership transitions in security are common
[02:17] Preparing documentation and shared access early
[04:53] Systems knowledge must outlive one person
[07:17] New leadership brings fresh perspective
[09:50] Build programs ready for eventual transition

Leadership transitions in security are common. They are also critical moments for any organization. This episode explores how to prepare for CISO changes, why documentation and shared access matter, and how security teams can stay steady through uncertainty. It also highlights the opportunity that comes with fresh perspective and new leadership energy.

Transitions are rarely perfect. But when security is built to function beyond any one individual, change becomes manageable. In some cases, it becomes a chance to reset, refine, and strengthen what is already in place.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Good security tools don't replace people. They help people focus on what actually matters."

Notable Moments

[02:22] AI as a Security Teammate

[03:41] Cutting Through Alert Fatigue

[07:16] Continuous Testing with AI Agents

[11:33] Connecting the Dots Across Systems

[16:51–20:36] Oversight, Governance, and the Human Role

AI is often framed as a threat. This conversation flips that idea and explores how AI can support security teams dealing with constant noise and change. It looks at how AI helps surface real signals, reduce alert fatigue, and enable more continuous testing. It also addresses the need for oversight, access control, and clear boundaries. The focus stays on partnership. AI supports the work. Humans stay in control.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"AI is making attacks faster, more efficient, and more convincing, and that's something everyone needs to be paying attention to."

Notable Moments
[01:27] AI accelerating attacks and phishing
[02:34] Prompt injection and AI misuse
[04:19] Shadow AI and visibility risks
[04:55] Ransomware and extortion trends
[06:35] Infrastructure and virtualization risks
[07:30] Nation-state focus and hiring threats
[08:32] AI-enabled malicious hiring scams

This episode introduces a new rapid-update format focused on current security trends. The discussion covers how AI is influencing both attackers and defenders, why social engineering remains a primary risk, and how financial motivation continues to shape cybercrime. The conversation also explores nation-state threats, with specific attention to North Korean hiring scams and the growing role of AI in deception. The goal is to highlight patterns that organizations should be paying attention to as they plan for 2026.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"The main reason people get into trouble is they don't deal with things when they're small."

Episode Highlights

[00:01:22] Why time management, empathy, and discipline are inseparable
[00:02:04] The "layering effect" and how unresolved issues create anxiety
[00:04:35] Why dealing with problems immediately reduces long-term stress
[00:07:17] Daily planning, reflection, and anticipation as leadership tools
[00:10:33] Understanding urgent, important, and vital work
[00:13:22] Empathy and discipline as the two levers of leadership
[00:16:20] Psychological safety and its role in performance and trust
[00:35:11] The "fly story" and what it reveals about responsibility
[00:43:10] The Morning Magic Planner and building sustainable habits

Unaddressed responsibilities don't disappear. They stack up, creating stress and eroding trust. Lee Cockerell, retired Executive Vice President of Walt Disney World, joins the conversation to share why time management is really about responsibility and leadership. He shares stories and his experience to share how planning, reflection, empathy, and discipline work together to create psychological safety and stronger performance.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Good security habits should reduce stress, not add to it."

Notable Moments

[0:00–2:17] Holiday phishing scams and why "too good to be true" usually is

[2:33–3:53] AI voice cloning and the rise of deepfake phone scams

[4:06–5:20] Personal vs. work data and accidental cloud uploads

[5:35–7:05] Shoulder surfing risks and protecting your screen in public

[7:23–9:26] Public Wi-Fi safety, fake networks and VPN realities

[9:44–10:52] Password managers and eliminating risky password habits

[11:12–12:34] Passphrases, XKCD wisdom and stronger password strategy

[12:52–13:25] Podcast update and what's coming next

This episode brings together members of Redox's security team to share holiday-specific security guidance. Topics include phishing awareness, AI-powered voice scams, separating personal and work data, device safety in public spaces, secure use of public Wi-Fi, password managers, and building stronger passphrases. The focus is on practical habits that reduce risk during a high-distraction season.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com

"Third parties are a common entry point for cyber attacks. This is something you really want to make sure you have under control."

Notable Moments

[00:01:15] Third-party due diligence and security reviews.

[00:03:25] How regulatory requirements like HIPAA, PCI DSS, GDPR shape due diligence.

[00:05:28] Ongoing monitoring and review expectations.

[00:06:19] Physical access risks: background checks for on-site vendor personnel.

[00:07:44] Company's responsibility to vet vendors, especially as AI evolves.

[00:09:42] What documentation to request and how to evaluate red flags.

[00:12:27] Common red flags: incomplete training, high-severity pen-test findings, litigation.

[00:17:07] Dawn-Marie's "core four" steps for starting a third-party review program.

In this episode Dawn-Marie Dalsass, Compliance and Risk Management Director at Redox, discusses the truth behind third-party security. Our conversation exposes the hidden gaps organizations overlook and the simple first steps that make all the difference. Take a listen to hear common red flags, documentation to request, review frequency, financial and operational considerations, and the surprising basics every organization should verify before engaging a vendor.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock mmock@redoxengine.com