The Cyber Threat Perspective
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.
brad@securit360.com
The Cyber Threat Perspective
Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.
This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.
Topics covered include:
- "Just enable MFA everywhere" — why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open
- "EDR will catch it" — the danger of over-relying on a single control, including a little-known CrowdStrike behavior where it self-disables on domain controllers at 90% resource utilization — often completely unnoticed
- "Patch everything immediately" — why blind speed creates its own operational risk, and how to build a prioritized, high-risk patching process that actually works
- "Least privilege everywhere" — why removing permissions without providing alternatives drives workarounds, shared accounts, and exceptions that undo the whole point
- "Follow the framework and you're secure" — why compliance is a starting point, not a finish line, and what most standards actually require vs. what actually reduces risk
- Focusing on attack paths over checklists — why thinking like an attacker leads to better security decisions than ticking boxes
Brad and Spencer close with what actually works: context-driven decisions, management buy-in, clear communication when making sweeping changes, and validating every control through internal penetration testing. As Spencer notes, most clients don't have full confidence in their EDR and SOC after a pentest — and that's exactly why trust but verify matters.
Also mentioned: Spencer and Brad's upcoming Tools of the Trade workshop at the ILTA Evolve conference in Denver.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
