Interested in being a guest? Email us at [email protected]

Phishing didn’t fade—it evolved. We sit down with Trevor Hilligoss, SVP of SpyCloud Labs and former Army CID/FBI cyber agent, to map how identity has become the criminal world’s most tradable commodity, why phishing-as-a-service keeps gaining ground, and how adversary-in-the-middle kits are turning session cookies into skeleton keys. From ransomware’s favorite entry point to the rise of deepfake-enabled voice scams, we unpack what’s changing, what isn’t, and how to actually close the gaps that matter.
Trevor explains what 64 billion recaptured identity records unlock in the fight: faster detection, targeted revocation, and automation that cuts through alert fatigue. We dig into the uncomfortable truth that attackers aggregate your history—password patterns, reused credentials, scattered profiles—and then pivot opportunistically between initial access brokerage, data theft, and extortion. The conversation moves from economics to execution, showing where short-lived sessions, phishing-resistant MFA, and least privilege can limit blast radius, and why unmanaged and undermanaged devices—especially from contractors and vendors—remain a high-leverage weak point for lateral movement.
We also explore a headline story with day-to-day consequences: North Korean IT worker schemes that blend nation-state goals with criminal monetization. When covert contractors show up in malware logs, remediation demands more than a reset; it requires decisive identity and session controls. Looking ahead, we level with you about the odds: permissive jurisdictions and profitable markets favor attackers. The advantage for defenders comes from speed—detect stolen identity artifacts early, revoke access instantly, and practice a response that works under pressure. Subscribe, share with your security team, and leave a review with the one control you’ll implement this week—what’s your first move?

Support the show

More at https://linktr.ee/EvanKirstel