The Cyber Resilience Brief: A SafeBreach Podcast

In the finale of our Cybersecurity Awareness Month series, SafeBreach’s Cyber Resilience Brief delivers its most powerful episode yet — The Cyber Resilience Playbook.
Join hosts Tova Dvorin and Adrian Culley as they connect the dots between Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) — revealing how these validation layers work together to create a unified framework for cyber resilience.
Discover how organizations can:
Continuously validate their security controls against real-world threats
Prioritize remediation with threat-driven exposure validation
Operationalize resilience with automated red teaming
Transform cyber awareness into measurable resilience all year long
This episode goes beyond compliance and awareness training — it’s a blueprint for security teams to prove and improve their defenses, optimize spend, and keep their organizations resilient against evolving threats.

How can security teams stay truly proactive in a world where adversaries never stop?In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley explore Continuous Automated Red Teaming (CART) — the next evolution in proactive security validation.
They break down how CART extends beyond traditional red teaming and breach simulation, combining automation and intelligence to deliver 24/7, real-time attack validation. Learn how CART helps organizations:
Continuously test and optimize their security controls
Detect misconfigurations and vulnerabilities before adversaries do
Strengthen overall cyber resilience and operational readiness
Whether you’re a CISO, SOC leader, or security engineer, this conversation offers practical insights into how CART and AEV can work together to create a truly continuous defense strategy.Read more about CART on our blog. 

In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach offensive security expert Adrian Culley unpack BrickStorm — a highly sophisticated espionage operation attributed to China-nexus group UNC5221. With an average dwell time of 393 days, this campaign redefines stealth and persistence in cyber warfare.
Discover how attackers are “living off the blind spot” by exploiting critical infrastructure gaps in VPNs, VMware vCenter servers, and ESXi hosts — areas traditional security tools can’t see. Adrian breaks down their use of Go-based malware, delayed activation, and a genius offline credential theft technique that clones virtual machines to exfiltrate data undetected.
The episode also explores the strategic implications of this new evolution in supply chain attacks, where adversaries steal today to weaponize tomorrow, and how organizations can defend themselves through proactive security testing, Breach and Attack Simulation (BAS), and Continuous Automated Red Teaming (CART).
Key topics:
UNC5221’s long-term espionage and data exfiltration tactics
How attackers evade EDR and traditional defenses
Why BrickStorm represents the “next level” in nation-state cyber operations
How BAS and CART expose and close blind spots before attackers do

In episode 2 of our special 4-part Cybersecurity Awareness Month series, The Cyber Resilience Brief hosts Tova Dvorin and Adrian Culley dive deep into Adversary Exposure Validation (AEV) — the next evolution of Breach and Attack Simulation (BAS) and Continuous Threat Exposure Management (CTEM).
Learn how AEV helps organizations move beyond endless vulnerability lists to validate exposures that real adversaries exploit, prioritize based on active threat intelligence, and shift from reactive defense to continuous cyber readiness.
Featuring insights on SafeBreach’s attack library, MITRE ATT&CK mapping, and why “patch and proceed is dead,” this episode reveals how AEV empowers security teams to focus on risk-driven validation that truly strengthens cyber resilience.

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down the shocking manifesto released by Scattered Spider — also known as Lapsus$ and ShinyHunters — the same threat group now linked to the Jaguar Land Rover cyberattack that’s suspected to have Russian ties.
As geopolitical tensions rise and Russia’s hybrid cyber warfare intensifies, Scattered Spider’s public “declaration of war” marks a chilling shift: from quiet ransomware operations to open intimidation of Western governments and Fortune 500 companies.
Tova and Adrian unpack how this group combines social engineering, identity theft, and psychological warfare to paralyze organizations — and how companies can fight back using Breach and Attack Simulation (BAS) and Continuous Automated Red Teaming (CART). Don't forget to check out our earlier episodes as well on Scattered Spider (Ep. 15) and on Adventures in the Dark Web (Ep. 17) for more context for this red-hot topic. 
We also published blogs on Scattered Spider and on what it's like to talk to hackers on the Dark Web.

October may be Cybersecurity Awareness Month, but as SafeBreach experts Tova Dvorin and Adrian Culley reveal, awareness alone doesn’t stop attackers. In this kickoff episode of our special four-part Cyber Month series, we explore why traditional awareness training and annual penetration tests aren’t enough in today’s rapidly evolving threat landscape.
Adrian and Tova break down:
Why awareness ≠ readiness — and the critical role of validation
How Breach and Attack Simulation (BAS) turns cyber hygiene into measurable resilience
The alarming reality: 30% of security controls fail the first time they’re tested
Why ransomware remains more dangerous than ever
How organizations can continuously test defenses without risking downtime
Whether you’re a CISO, security practitioner, or business leader, this episode uncovers why continuous, automated validation is the only way to prove your defenses work against real-world threats.
Stay tuned for upcoming episodes on Adversary Exposure Validation (AEV), ransomware trends, and the EU Cyber Resilience Act

In this episode of The Cyber Resilience Brief, we expose the tactics of one of today’s most agile and financially motivated threat groups: BianLian. Originally known for double extortion ransomware, BianLian rapidly pivoted to pure data theft and extortion—making them harder to stop and faster to profit.
SafeBreach offensive security engineer Adrian Culley joins host Tova Dvorin to unpack:
How BianLian evolved from ransomware to exfiltration-based extortion.
The TTPs behind their attacks, from compromised RDP credentials to stealthy “living off the land” techniques.
Why traditional defenses struggle to keep pace with their adaptive methods.
How organizations can counter them with Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) to test resilience across the full attack chain.
If you want to understand how adversaries like BianLian stay ahead—and how you can flip the advantage back to defenders—this episode is for you.
💡 Special Note: In honor of Cybersecurity Awareness Month, we’re releasing two episodes each week throughout October 2025—so be sure to subscribe and catch them all!

As the US government shutdown begins, critical questions emerge about how funding instability threatens the nation’s cyber defense. In this urgent episode of The Cyber Resilience Brief, Tova and Adrian unpack the “dual threat” facing CISA: the looming expiration of the Cybersecurity Information Sharing Act of 2015, and deep budget cuts that could decimate its operational capacity.
We explore how these pressures risk crippling CISA’s ability to issue timely, actionable threat alerts—and what that means for CISOs trying to protect their networks today. Beyond CISA, we highlight the domestic agencies and international partners stepping up to fill the gap, from the FBI to the Five Eyes alliance.
This episode is a must-listen for security leaders navigating a moment where US cyber resilience hangs in the balance.Disclaimer: SafeBreach, The Cyber Resilience Brief, and hosts Tova and Adrian do not hold any particular views regarding the US government shutdown. This analysis is provided solely to inform cybersecurity leaders with objective insights.

In this episode of the Cyber Resilience Brief, we dive into detection engineering and one of its most powerful tools: parsers.
SafeBreach experts Jonathan Tillman and Shachaf Raviv share how parsers transform raw logs into actionable insights, enabling organizations to scale detection engineering, customize security validation, and integrate seamlessly across SIEMs and security controls.---
This episode is also a teaser for our upcoming webinar, “Elevate Detection Engineering at Scale”, where we’ll showcase the brand-new Parsers UI, walk through practical use cases, and answer your questions live.
🔗 Register here: safebreach.com/elevate-detection-engineering-at-scale

Step inside the hidden world of the dark web with SafeBreach’s Cyber Resilience Brief. In this episode, Senior Sales Engineer Hudney Piquant shares eye-opening stories from his explorations into hacker forums and ransomware recruitment pipelines.
Discover:
How cybercrime groups like Conti operate more like corporations than chaos-driven collectives.
Why the psychology of hacking—speed, opportunism, and human exploitation—matters as much as technology.
How penetration testing and adversary simulation can help security teams counter evolving tactics.
Why AI is supercharging cybercrime—and how defenders must adapt to keep pace.
Whether you’re a CISO, red team leader, or security practitioner, this episode will reshape how you think about threat intelligence, human risk, and proactive defense.