Inclusive Cyber: Unlocking Innovation in Cybersecurity

There are legitimately interesting points buried in here — adversaries using LLMs to accelerate zero-day exploitation, the Void Link malware case, and the OT hallucination risk — but they are deeply diluted by casual throat-clearing, incomplete thoughts, and repetitive 'AI is a tool not a solution' platitudes that consume most of the runtime.

“There was a report by...Cisco, actually Talos, about...Void Link, which they're cat calling. It's a malware framework targeting Linux cloud systems that an individual. They believe right now they assess that an individual created it on their own with generative AI.”

“China is accelerating with zero day exploitation almost like three months in advance.”

The CTI-reporting-to-CISO-not-SOC argument and the insider threat growth thesis are mildly contrarian, but the vast majority of the episode recycles standard industry talking points: AI augments rather than replaces, don't buy more tools train your people, humans are still needed. Nothing challenges received wisdom in a sustained way.

“CTI...I think people doing cti, they're doing it all wrong...it's underneath the sock...Get out of the closet of the SOC in the corner. And it's got to be its own entity that reports directly to the ciso.”

“I think there will be an increase in jobs when it comes to insider threats, because insider threat roles, because I think that's going to become a thing”

Max Margolis is a genuine practitioner with hands-on CTI, threat hunting, and incident response experience, and he demonstrates real familiarity with technical tooling (KQL, WAZUH, Bedrock temperature settings). However, his seniority level is unclear, he repeatedly can't recall names of reports or technologies mid-sentence, and there is no identifiable scale or organisational impact attached to his work.

“I asked it, can you write up a step by step guide on how to integrate...AWS, CloudWatch into WAZA? Because I have no idea”

“I started reading up on it. What is it? Claw, flow and molt. I forgot what it's called.”

Several named references add credibility — Cisco Talos Void Link report, Deloitte Australia hallucination incident, Mandiant/Google threat intel on PRC LLM use, Notepad++ compromise — but the guest routinely can't recall figures or names precisely, hedging with 'I think,' 'I forgot what it's called,' and giving a figure of '$300 billion or billion. I don't' for the Deloitte case.

“the Deloitte thing with Australia. They. Somebody basically didn't. I essentially hallucinated a bunch of facts that didn't exist...they owe Australia a lot of money. Like it's $300 billion or billion. I don't.”

“I think they mentioned that China had essentially...done it in less than, like less than four months or something before. Some of them were like a year before the thing was published.”

The host gets credit for a couple of useful redirects — 'When you say rely, what do you mean?' and 'What would you tell the executive?' — but the conversation is largely unstructured, the host frequently just affirms ('Yeah, yeah,' 'Right, right'), and the opening several minutes are pure logistical chit-chat with zero substance. There is no pushback or productive disagreement anywhere in the episode.

“When you say rely, what do you mean?”

“What would you tell the executive?”