The authentic professional services agency with a raw & gritty podcast for intelligence & security pros

In this episode of Unspoken Security, host AJ Nash sits down with Dan O'Day, Senior Consulting Director at Unit 42 by Palo Alto Networks. Dan shares key findings from the 2026 Global Incident Response Report, built from over 750 real-world cyber incidents, covering four major threat trends reshaping the security landscape.

Dan breaks down how AI is compressing attack timelines at a dramatic rate. The fastest incidents now move from access to full impact in just 72 minutes, down from 285 minutes the year prior. Attackers are no longer breaking in. They are logging in, using stolen credentials, tokens, and API keys to move laterally and avoid detection. Identity is now the dominant attack surface, playing a material role in nearly 90% of Unit 42's investigations.

The conversation closes on a note of cautious optimism. Dan argues that over 90% of breaches stem from preventable gaps, meaning security is solvable. He outlines three priorities for defenders: empowering the SOC to act at machine speed, treating identity as the new perimeter, and securing the entire software supply chain from the first line of code to cloud runtime.

Download the Unit 42 Global Incident Response Report 2026 here: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?utm_source=linkedin&utm_medium=social&utm_campaign=na&utm_content=pa001134

In this episode of Unspoken Security, host A.J. Nash sits down with Cynthia Kaiser, SVP at Halcyon’s Ransomware Research Center. They explore how ransomware grew from a niche crime into a business, and why security teams now face faster attacks, extortion, and a threat landscape that blurs crime and state activity.

Cynthia traces the shift from early encryption schemes to double and triple extortion, then explains how professional crews use access brokers, deepfakes, and AI-assisted phishing to move in hours, not weeks. She also breaks down how Russian-speaking groups, Iranian actors, and state-linked operations use cybercrime for profit, cover, and pressure.

She argues that defenders still need the basics: harden identity, patch fast, assume breach, and build response plans that include PR. Cynthia closes with a blunt point: ransomware and fraud are not side issues. They hit hospitals, businesses, and families every day in ways nation-state threats often do not.

In this episode of Unspoken Security, host A.J. Nash sits down with Erin West, Founder at Operation Shamrock. They explore the “scamdemic” and the scams draining wealth at industrial scale. Erin explains why business email compromise, government impersonation, and romance scams work so well: they use fear, trust, urgency, and loneliness.

She then breaks down pig butchering, a long con that starts with a stray text and grows into a fake relationship and a fake crypto investment. Victims think they are building love and wealth at the same time. Instead, scammers push them to empty savings, tap retirement accounts, and borrow more.

Erin also exposes the system behind the fraud. Many scammers are trafficking victims forced to work inside compounds in Cambodia, Myanmar, and beyond. She argues this is both a financial crime and a human rights crisis, and she calls for stronger reporting, public awareness, and international pressure.

In this episode of Unspoken Security, host AJ Nash sits down with Bob Fabien “BZ” Zinga, a cybersecurity executive and Naval Information Warfare Commander in the U.S. Navy Reserve. They explore how performative leadership shows up in security teams, and why values on a wall fail when pressure hits.

Bob argues that optics without accountability kills trust. When leaders bend with politics or budgets, engaged employees go quiet. That silence hides risk. He shares how breaches often trace back to human choices, including a W-2 phishing scam that exposed employees’ data and changed his own life. He also pushes blameless postmortems and clear escalation paths.

From there, the conversation moves to AI. Bob warns that teams can automate bias and outsource judgment. He calls for guardrails, regulation, and human oversight, especially in high-stakes decisions. He closes with a simple standard: speak up for fairness, even when silence would feel safer.