Redefining CyberSecurity

⬥EPISODE NOTES⬥

What if the device quietly recording your daily commute could be turned against you in the time it takes to order a burger? That is not a hypothetical -- it is a demonstrated reality. Alina Tan, Security Architect and Co-Founder of HE&T Security Labs, and George Chen, Security Architect for a large global company, have spent years dissecting the attack surface of connected vehicle peripherals. Their research -- presented at SecTor and Black Hat Asia 2025 -- introduces a novel attack technique they call "DriveThru Hacking": an automated method for compromising dashcams through Wi-Fi within a standard drive-through window.

The attack is unsettling in its simplicity. Most dashcams ship with default or easily guessable credentials, and many manufacturers do not even allow users to change them. Within a six-minute exposure window, Alina and George's tool -- DriveThru Hacker -- can discover, connect to, and exfiltrate video, audio, and GPS data from a target dashcam, then use an LLM to stitch together a timeline of the owner's home, workplace, daily routes, and private conversations. The result is a shockingly detailed picture of someone's life, assembled entirely from a device most people never think to secure.

The research goes further than individual privacy. George walks through how 4G/5G-connected dashcams dramatically expand the attack surface beyond physical proximity -- opening doors to remote credential stuffing, API privilege escalation, and web-based attacks on cloud-connected accounts. More alarming still, Alina and George demonstrate how compromised dashcams can be converted into a mobile botnet -- a network of roaming, internet-connected nodes whose reach is not bounded by geography. Unlike static IoT devices, these infected cameras move through cities, near sensitive installations, and into places that are deliberately obscured from public maps.

The conversation also digs into the broader ecosystem: the infotainment network and CAN bus segmentation (or lack thereof), over-the-air firmware update security, the challenge of detection and response when dashcams have no audit logs whatsoever, and what responsible disclosure looked like when contacting over a dozen manufacturers -- most of whom had no dedicated security inbox and some of whom had no contact information at all. Alina and George close with practical hardening recommendations for both consumers and manufacturers, and a look at what intrusion prevention for embedded devices might look like as this research continues.

The connected car conversation has long focused on the vehicle itself. This episode makes the case that the accessories attached to it deserve equal scrutiny -- and that the window to act, like the drive-through line, is shorter than most realize.

⬥GUESTS⬥

Alina Tan, Security Architect and Co-Founder at HE&T Security Labs | Website: https://www.heatsecuritylabs.com/

George Chen, Security Architect for a large global company | On LinkedIn: https://www.linkedin.com/in/geoc/

⬥HOST⬥

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

⬥RESOURCES⬥

HE&T Security Labs | https://www.heatsecuritylabs.com/

DriveThru Hacking Session (Black Hat Asia 2025) | https://blackhat.com/asia-25/sponsored-sessions/schedule/index.html#drivethru-hacking-45214

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/

More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

⬥ADDITIONAL INFORMATION⬥

Redefining CyberSecurity Podcast | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

The Future of Cybersecurity Newsletter | https://itspm.ag/future-of-cybersecurity

Connect with Sean Martin | https://www.seanmartin.com/

⬥KEYWORDS⬥

alina tan, george chen, he&t security labs, sean martin, dashcam security, connected vehicle cybersecurity, iot security, vehicle privacy, drivethru hacking, wi-fi hacking, mobile botnet, automotive cybersecurity, firmware security, over-the-air updates, credential stuffing, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When Anthropic announced Project Glasswing, the headline was the capability: an AI model that found a 27-year-old flaw in OpenBSD and a 17-year-old remote code execution vulnerability in FreeBSD — fully autonomously, no human in the loop after the initial prompt. But the story underneath the capability is a structural one about who gets early intelligence, who sets the disclosure timeline, and what happens to every organization that wasn't in the room.

In this edition of Lens Four, Sean Martin examines Project Glasswing through three lenses: the intelligence asymmetry it creates for security programs, what it reveals about the broken assumptions underneath CVE, CVSS, and NIST, and why the equity framing in Glasswing's messaging doesn't survive contact with the data.

🔍 In this episode:

Why the 12 Glasswing partners are operating with fundamentally different intelligence than everyone else — not eventually, but today

The precise claim: patches flow downstream to everyone, but self-scanning access, pre-public intelligence, and disclosure timeline influence stay inside the coalition

How Mythos chains five CVEs into a novel exploit in under 24 hours — and why CVSS has no score for that

Why NIST's draft Cyber AI Profile was built before anyone outside Anthropic knew what Mythos could do

Casey Ellis of Bugcrowd on the terrain Glasswing can't reach: forgotten firmware, end-of-life routers, the places the industry stopped looking

Ed Skoudis of SANS on what it means that AI will surpass all human vulnerability researchers combined within months

The Anthropic-DoD standoff and the geopolitical dimension of a Western-only coalition

The CSA, SANS, and OWASP joint briefing: 250 CISOs saying the frameworks are already inadequate

Fourth Lens: The CVE system was built on human-speed assumptions. CVSS was built on single-flaw assumptions. NIST frameworks were built on governance-speed assumptions. Every one of them was already under pressure. Now they're under pressure from a model that broke them at machine speed. The question worth asking: when the next model crosses this threshold, will the answer to "who gets the defense first" still be determined by who was already at the table?

🔗 Full article and references

🎙 Redefining CyberSecurity Podcast

📧 Subscribe to Lens Four

Sean Martin is a cybersecurity market analyst, content strategist, and go-to-market advisor with more than 30 years of experience. He is co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and Music Evolves Podcast, and co-host of On Location and Random and Unscripted.

🎙 Keywords: Project Glasswing, Claude Mythos, Anthropic, AI vulnerability discovery, zero-day vulnerabilities, intelligence asymmetry, CVE, CVSS, NIST IR 8596, responsible disclosure, cyber inequity, CrowdStrike 2026 Global Threat Report, WEF Global Cybersecurity Outlook 2026, open-source security, critical infrastructure, autonomous exploit chaining, breakout time, nation-state cyber threats, AI safety, AI governance, CISO, patch management, Casey Ellis, Bugcrowd, Ed Skoudis, SANS Technology Institute, Cloud Security Alliance, OWASP, Sean Martin, ITSPmagazine, Lens Four

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The marketing problem in cybersecurity isn't a character problem. It's a system problem. In this edition of Lens Four, Sean Martin examines how the credibility debt accumulates, what it costs the security leaders trying to make good decisions, and what vendors, buyers, and the market need to do differently.

🔍 In this episode:

A Forrester analyst — on location at a major industry conference — looked around at six hundred booths and wondered whether every vendor had used the same AI model to produce their marketing. That's not a style critique. That's a signal failure

Security leaders confirm the same frustration independently: the less a vendor's message connects to the job, the less likely it connects to the business — and the CISO can't translate what the vendor never gave them

Two security leaders describe their organizations viewing security as a compliance function — stay compliant, stay out of the news, keep the infrastructure running — not as part of how the business grows

Marco Ciappelli on the observation that hasn't changed since 2012: they're still selling the box — this year the box has an AI badge on it

How lead generation metrics create a systematic incentive to overclaim — not because the people doing it don't know better, but because the system doesn't reward them for knowing better

One vendor instructed their booth team that AI had to be part of every conversation — regardless of whether the person in front of them had asked about AI, needed AI, or would ever use AI

Theresa Lanowitz on the binary the market created: full throttle AI or full stop — and why neither is the correct approach

Joe Carson on the differentiation collapse: everybody says they can help you secure your AI agents, but there's not a whole lot of differentiation

The arrow and the bow: why releasing both at once means you can't shoot again — the next real message has nothing to travel on

The boy who cried wolf didn't fail on the first cry — he failed on the last one

The Task by Task parallel: credibility comes back the same way it left — one honest message at a time, one proof point instead of a promise, one use case that actually sounds like the buyer's environment

Fourth Lens: The industry is spending down the credibility budget that the next real innovation will need. Every overclaim today is a withdrawal from the account that tomorrow's legitimate warning depends on. The path back works the same way the debt accumulated — not through a grand repositioning, but incrementally: one honest message at a time, one specific outcome instead of a superlative, one proof point instead of a promise. Start small. Aim toward an outcome. Build from there.

🎙️ Conversations referenced in this article:

Madelein van der Hout, Senior Analyst, Forrester — On Location RSAC Conference 2026

Theresa Lanowitz, Cybersecurity Evangelist and Thought Leader — On Location RSAC Conference 2026

Joe Carson, Chief Security Evangelist and Advisory CISO — On Location RSAC Conference 2026

🔗 Full article and references: seanmartin.com/lens-four/you-shot-the-arrow-the-bow-went-with-it

🌐 RSAC 2026 coverage: itspmagazine.com/rsac26

Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com.

Subscribe to Lens Four — Where business, innovation, and messaging come into focus.

🎯 Keywords: cybersecurity marketing, vendor messaging, credibility debt, agentic AI hype, go-to-market strategy, CISO communication, security program investment, technology overclaiming, lead generation metrics, security outcomes vs. features, cybersecurity industry narrative, signal vs. noise, buyer trust erosion, Zero Trust messaging, SIEM evolution, SOAR overpromise, XDR consolidation, agentic AI claims, security vendor differentiation, cybersecurity branding, Madelein van der Hout, Forrester, Theresa Lanowitz, Joe Carson, Marco Ciappelli, ITSPmagazine, Studio C60, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, TAPE9

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Healthcare's AI ambition and its data infrastructure are moving at different speeds. In this edition of Lens Four, Sean Martin examines what happens when those speeds collide — and who is accountable when the sequence is wrong.

🔍 In this episode:

82% of health systems have limited or no AI governance in place, while deployments proceed — Digital Medicine Society

58% of frontline clinical staff are using unsanctioned AI tools — not out of recklessness, but because approved alternatives don't exist — Wolters Kluwer

The vendor trust gap: trusted vendors are shipping AI capabilities into integrated products after contracts are signed, after integrations are built, after due diligence has closed — and most health systems have no mechanism to detect it

Jason Kor of HITRUST on what procurement processes aren't built to catch — recorded for the Redefining CyberSecurity Podcast

The Stryker attack: a nation-state operation that disrupted hospitals through their supplier — not their own systems

Ryan Patrick of HITRUST on why availability of services now sits in the same risk tier as confidentiality of data

Who actually owns the patient's data — the provider, the insurer, the vendor, the device manufacturer, the government program, or the patient?

TEFCA — the Trusted Exchange Framework and Common Agreement — moves data nationally across eleven Qualified Health Information Networks. It does not move the ownership rights with it

The CMS agenda: $1.7 trillion, 160 million Americans, and a policy clock that does not wait for the identity infrastructure to catch up

The vocabulary of transformation — what "pilot to production" and "scale" are selecting for, and what they are leaving out

Zero Trust reframed as the infrastructure condition that makes trustworthy AI deployment possible — not just a ransomware defense

Fourth Lens: Healthcare's AI ambition and its data infrastructure are moving at different speeds — and the patient is where those speeds collide. The program layer is making sequence choices. The market layer is accelerating pressure. The messaging layer is optimizing for ambition. None of it is an argument against innovation. All of it is an argument for discipline — A-to-Z, every dependency, ambiguity, and fragility along the way.

🎙️ Podcast conversations referenced in this article:

Jason Kor, HITRUST — Brand Spotlight

Ryan Patrick, HITRUST — HIMSS Recap

🔗 Full article and references: seanmartin.com/lens-four

🌐 HIMSS26 coverage: itspmagazine.com

Sean Martin is a cybersecurity market analyst, content strategist, and advisor with 30+ years across engineering, product development, marketing, and media. Co-founder of ITSPmagazine and Studio C60, host of the Redefining CyberSecurity Podcast and the Music Evolves Podcast. Connect at seanmartin.com.

Subscribe to Lens Four — Where business, innovation, and messaging come into focus.

🎯 Keywords: healthcare AI governance, order of operations AI, data foundation healthcare, vendor trust gap, patient data ownership, TEFCA, health information exchange, QHINs, Shadow AI healthcare, third-party risk management, supply chain resilience healthcare, Zero Trust healthcare, CMS interoperability framework, CIA triad healthcare, data integrity AI, identity management healthcare, HITRUST, Jason Kor, Ryan Patrick, Wolters Kluwer, Digital Medicine Society, DiMe, Google for Health, Jon McNeill, John Halamka, Mayo Clinic Platform, Sumbul Ahmad Desai, Apple Health, Daymond John, Dr. Mehmet Oz, Amy Gleason, Kim Brandt, DOGE healthcare, Stryker cyberattack, nation-state healthcare attack, HIMSS26, Redefining CyberSecurity Podcast, Lens Four, Sean Martin, ITSPmagazine

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Show Notes

For ten years, Ed Skoudis has curated one of the most anticipated sessions at RSA Conference: SANS' "Five Most Dangerous New Attack Techniques: Crucial Tips for Defenders." The session has always been a hit -- standing room only on the main stage -- but this year, Ed says something has changed. Not one or two topics with an AI component. All five.

Ed is deliberate about how the session comes together. He starts with people, not topics. He builds the panel around SANS instructors who bring front-line insight, and he starts the process six months out. This year's panel features returning panelist Heather Mahalik, Rob Teeley back for his second year, Joshua Wright in his second year -- this time carrying two topics and eight minutes instead of six -- and, making his first appearance on this stage, Robert M. Lee of Dragos, one of the world's foremost voices on ICS and OT security.

The addition of "Crucial Tips for Defenders" to the title this year was intentional. Ed pushed every panelist to move beyond naming threats and toward prescribing action -- practical, implementable steps that a CISO can hand down and a practitioner can execute the next morning. For topics where prevention is impossible, the mandate shifted to detection and response. SANS publishes session notes to their website within minutes of the talk ending.

The backdrop this year is a warning Ed calls unlike anything in his 30 years of attending RSA and DEF CON. At a recent AI cybersecurity conference in San Francisco, presenters from Google and Anthropic outlined what Google termed the "vuln apocalypse" -- an imminent surge in AI-discovered zero-day vulnerabilities at a scale and pace that patching pipelines are not designed to handle. Ed's own team at Counter Hack has already experienced this firsthand: a frontier AI model identified a critical zero-day in a widely used open source project in a matter of hours. The Anthropic presenter's claim was blunt: within months, AI will surpass all human vulnerability researchers combined.

All of this lands at the center of what the RSAC session is designed to address -- not as a theoretical exercise, but as a set of actions defenders can take right now. The session runs Tuesday, March 24th at 3:55 PM on the main stage, with an interactive follow-on session Wednesday morning where attendees can go deeper with individual panelists. For anyone who wants to understand where the threat landscape is actually heading and what to do about it, Ed says this is the year you cannot afford to miss it.

Guest

Ed Skoudis, President, SANS Technology Institute; Founder & CEO, Counter Hack | On LinkedIn: https://www.linkedin.com/in/edskoudis

Host

Sean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/

Resources

SANS Institute | https://www.sans.org

RSA Conference 2026 is taking place April 28 - May 1, 2026 | Moscone Center, San Francisco -- Follow our coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/

More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcast

Redefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

Keywords

ed skoudis, sean martin, sans institute, sans technology institute, counter hack, rsac 2026, rsa conference, five most dangerous attack techniques, ai in cybersecurity, vulnerability research, zero-day vulnerabilities, patch management, penetration testing, defender tips, ics security, ai-powered attacks, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.