April 16, 2023

TSD #037: Can you chop onions without crying?

3 mins

Presented by CultureAI​

Say hello to CultureAI. They help companies monitor and respond to over 35 human cyber risk behaviours. CultureAI can deliver automated nudges when users fail attack sims via email/Slack/MFA. They can also deliver fully automated, intelligent email phishing and stop users from sharing PII on public platforms. Discover today how easily CultureAI can connect with your workplace apps and change risky user behaviour in your organisation. Learn more.

Hello friend 👋

I hope this week has been kind to you. Last week I mentioned a cool milestone was approaching. This week I can tell you: it's been hit! I ticked all the boxes for turning on monetisation on YouTube: 4000+ watch hours in a 365-day period and over 1,000 subscribers. I achieved it with 38 videos + 1 short. I'll share my thoughts on the journey to monetisation in a video soon because I know a fair few of you are keen to start YouTube channels yourselves. Thank YOU for your support!

I've got an update a little further down about Cyber Threat Intelligence books and courses, but first, this week's cyber news:

Top secret documents leaked online leads to the arrest of a US serviceman.

This is another high-profile leak from the USA. We had Manning, Snowden, and now Teixeira. It's a little unsurprising considering well over a million people in the US have access to secret-and-above information. Read more.

KFC, Pizza Hut, and Taco Bell customer data confirmed as stolen.

Yum! owns these companies and earlier in the year they had a ransomware event - who hasn't at this point!? Initially, they said no data had been stolen. A few months later, they figured out the opposite was true. Read more.

Fun Things

📽️ Upcoming Projects
My First Book: Becoming a Cyber Threat Intelligence Analyst

I put a post on LinkedIn a few weeks ago about creating a CTI course. It had a LOT of 'yes please' responses so I think we're going to go ahead with it. In the lead-up to creating this course, I'm writing my first eBook about 'Becoming a Cyber Threat Intelligence Analyst'. If you'd like to be kept in the loop on the development and launch of the book, course, and all things CTI, I've set up a mailing list. As usual, zero spam, just genuine updates from me with the opportunity for you to reply and feedback on your thoughts! If you'd like to join, just complete this form:


I've been a bit lazy about my podcast consumption lately. I fell behind when Jack from Darknet Diaries took a 3 month holiday! But...he's back! Listen on Spotify or Apple Podcasts.

👾 Cool Tools
Security Onion

When you're trying to get experience before you have your first cyber job under your belt, it's hard. But, there's a tool that can help: Security Onion. It's a free and open-source platform for threat hunting, enterprise security monitoring, and log management. It includes interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek. You can set it up on your home network and be the SOC/IR/Threat Hunter for your household. Publish your findings on a blog/LinkedIn/Twitter etc and link to that blog on your resume and on your LinkedIn. If you do this, and make it look pro, you'll stand out a mile against the competition. Check it out on GitHub.


Made by the team at Vulners and inspired by searchsploit, it combines two features: command line search and download tool. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and others. The most powerful feature is immediate exploit source download right in your working path. Check it out on GitHub.

See you next week,


Say hi 👋 on Twitter or LinkedIn

☎️ Book a 1:1 call with me

👋 Ways I can help you

  1. Sponsor this newsletter - get in front of 1,500+ infosec readers.
  2. Get daily cyber news - LinkedIn, Twitter, or Telegram.
  3. Cyber Career Course - the fastest way to a career in cybersecurity.
  4. Take a workshop - learn essential skills to create content.
  5. Have me speak at your event.