Secure AF - A Cybersecurity Podcast
Think like a hacker. Defend like a pro.
Welcome to the Secure AF Cybersecurity Podcast — your tactical edge in the ever-evolving cyber battlefield. Hosted by industry veterans including Donovan Farrow and Jonathan Kimmitt, this podcast dives deep into real-world infosec challenges, red team tactics, blue team strategies, and the latest tools shaping the cybersecurity landscape.
Whether you're a seasoned pentester, a SOC analyst, or just breaking into the field, you'll find actionable insights, expert interviews, and unfiltered discussions with Alias team members and top-tier guests from across the cybersecurity spectrum.
Stay sharp. Stay informed. Stay Secure AF.
Episodes
135 episodes
Double Trouble: Microsoft Office and Fortinet FortiCloud Flaws Under Attack 💥
This week’s #SOCBrief covers a dangerous double-hit: a Microsoft Office security bypass and a Fortinet FortiCloud authentication flaw, both exploited in the wild. Andrew walks through what the CVEs mean, how attackers are abusing trusted...
•
5:59
Top Ransomware Threats Dominating Early 2026
Ransomware is kicking off 2026 at full speed. We break down the top active groups right now, how they’re getting in, what infrastructure they’re targeting, and the key indicators your SOC should be watching to stay ahead. 🔐⚠️
•
7:37
📂 Inside the Breaches: Real Insider Threat Case Files
Insider threats don’t start with malware ... they start with access. From disgruntled employees to overlooked contractors, this episode breaks down real-world cases, common patterns, and how organizations can better protect what matters most. 🎧...
•
39:54
CISA Retires 10 Emergency Directives – Progress for Feds, Wake-Up for the Rest of Us
CISA has officially retired 10 emergency directives ... marking real progress for federal cybersecurity 🚀 But for the private sector, these “old” vulnerabilities are still very much in play ⚠️ In this #SOCBrief, we break down what was re...
•
6:31
New Year SOC Reset: New Year, New You(r Security Posture) 🔒
Kick off 2026 by hitting reset on your SOC 📊. In this episode of the #SOCBrief, we break down key January priorities, from annual security posture reviews and rule tuning to training refreshers and forward planning, so your team starts t...
•
5:41
Trusted Access, Malicious Intent: Insider Threats Explained
When the threat isn’t external, it’s personal. This episode breaks down insider threats and corporate espionage: how trusted access turns into real risk, what warning signs to watch for, and how organizations can protect themselves. 🔐⚠️
•
46:03
🔐 Holiday Cyber Threats & What’s Coming Next
🎙️ In this episode, CISO Jonathan Kimmitt steps in to break down the latest cybersecurity threats impacting organizations during the holiday season and beyond. From ransomware spikes during understaffed weekends to holiday-themed phishin...
•
10:29
End-of-Year Wrap: 2025 Threat Trends and Bold Predictions for 2026 🎆
In this special end-of-year SOC Brief, Andrew breaks down the biggest threat-actor and ransomware trends that shaped 2025, and what cybersecurity teams should be preparing for in 2026. From AI-powered ransomware and supply-chain attacks t...
•
7:14
🎄 Holiday Season Security: Preparing Your SOC for the Festive Chaos
This week’s SOC Brief dives into why the holidays are prime time for cyberattacks 🎄 from surging phishing attempts to sloppy vendor configs, alert fatigue, staffing gaps, and the seasonal spike in ransomware activity. Andrew and Dylan break dow...
•
11:02
Episode 100: Retrospective AF!
🎉🎙️ EPISODE 100 IS LIVE! We’re celebrating 100 episodes of the Secure AF Podcast!This special edition features CEO Donovan Farrow and CISO Jonathan Kimmitt as they look back on the history of Alias Cybersecurity, the growth of this show...
•
52:24
The Reality of Stalking in a Digital Age 🕵️♂️⚠️
This episode dives into one of the darkest issues cybersecurity intersects with: stalking. Kimmitt and Peters discuss real cases, modern cyberstalking tactics, privacy failures, the challenges of protective orders, and what victims can do to st...
•
56:03
Special Episode: Inside Weekly Threat-Intel Briefings with a vCISO 💼
Get an inside look at how weekly threat-intel briefings really work in a mature security program. 🔍⚡ In this special episode, vCISO Jonathan Kimmitt breaks down how raw intel turns into real risk decisions, what trends are hitting organizations...
•
18:06
⚠️ React2Shell Zero-Day ⚠️: Chinese Hackers Strike Within Hours
A new zero-day is already under active exploitation. This week’s SOC Brief breaks down the React2Shell vulnerability (CVE-2025-55182), how attackers moved within hours of disclosure, and what SOC teams need to do now to reduce e...
•
6:36
Tis the Season for Cybercrime: How Hackers Target Holidays 🎄
In this #SecureAF episode, Tanner and Dylan share real-world IR stories, common attack vectors, SOC fatigue during holiday PTO, and the #1 thing every organization should do before stepping away for the season. If you’ve ever wond...
•
35:41
U.S.-Venezuela Tensions: Cyber Risks for American SOCs
In this episode of the #SOCBrief, we dig into how world events can trigger cyber fallout that lands directly on the desks of security teams. From ransomware crews capitalizing on instability to hacktivists launching DDoS attacks and opportunist...
•
6:32
When People Think They’ve Been Hacked
📱 This #SecureAF episode covers the everyday questions and concerns people have when they think something unusual is happening with their devices or accounts. Hickman and Peters talk through typical scenarios, common misunderstandings, and the ...
•
39:45
FortiWeb Zero-Day: Silent Patch and Firewall Wake-Up Call 🔥
This week’s #SOCBrief dives into the FortiWeb zero-day that’s letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lo...
•
6:36
The Halls: 2025 Hacker Gift Guide 🎁💻
We’re back with the Hacker Holiday Gift Guide, and this year’s lineup is stacked with RF gadgets, Wi-Fi tools, red-team essentials, and quirky cyber gifts Tanner swears by. Whether you’re shopping for a pentester, a tinkerer, or someone ...
•
Episode 96
•
26:17
Patch Tuesday: Zero-Day Alert and Patching Must-Dos ✅
A new zero-day. 63 flaws. Endless patching chaos. This week’s #SOCBrief breaks down Microsoft’s November Patch Tuesday and what it means for your SOC. We’ll cover the top critical CVEs, patching priorities, and how to keep your systems r...
•
7:11
⚠️ Insider Threats ⚠️: Ransomware Negotiators Gone Rogue
This week, we’re digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor ...
•
6:12
The Art Of The Con (Cyber Edition) 🔐
In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence i...
•
Episode 95
•
46:44
Atroposia RAT: The Malware That Scans for Its Own Exploits
🎙️ A new threat is making waves ... Atroposia RAT, a remote access trojan that doesn’t just infiltrate systems but scans them for vulnerabilities to exploit further. In this episode, we break down how this modular malware operat...
•
6:11
CAPTCHA Con: Hackers' Evolving ClickFix Malware Trap
“I’m not a robot.” 🤖Hackers are exploiting fake “I’m not a robot” CAPTCHA pages to deliver malware. Host Andrew Hickman breaks down how this ClickFix attack uses social engineering to steal data and evade detection...
•
7:50
