Show Notes
When your firewall forgets to buckle up, the crash doesn’t happen in the network first, it happens in your blindspots.
In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder of Aquia and host of the Resilient Cyber podcast. Chris helps reframe vulnerability work as exposure management, connect technical risk to human resilience, and break down the scoring and runtime tools security teams actually need today. Expect clear takeaways on EPSS, reachability analysis, ADR, AI’s double-edged role, and the one habit Chris swears by as a CEO. This episode fuses attack-surface reality with mental-attack-surface strategy so you walk away with both tactical moves and daily practices that protect systems and people.
Impactful Moments: 00:00 - Intro 02:00 - Breaking: Fortinet WAF zero-day & visibility lesson 05:00 - Meet Chris Hughes: CEO, author, Resilient Cyber host 08:00 - Mental attack surface explained and why it matters 18:00 - From CVSS to EPSS, reachability, and ADR realities 21:00 - AI as force-multiplier for attackers and defenders 24:30 - Exposure vs vulnerability naming, market trends 26:00 - Chris’s book & how to follow his work 30:00 - Ron’s solo: 3 pillars to patch your mindset 34:00 - Closing takeaways and subscribe reminder
Links: Connect with our guest, Chris Hughes, on LinkedIn: https://www.linkedin.com/in/resilientcyber/
Check out the article on the Fortinet exploit here: https://www.helpnetsecurity.com/2025/11/14/fortinet-fortiweb-zero-day-exploited/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Recent Episodes
When Automation Outruns Control with Joshua Bregler
AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and ...
The Day AI Stopped Asking for Permission with Marcus J. Carey
AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and ...
When AI Ships the Code, Who Owns the Risk with Varun Badhwar and ...
AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t ...
Think Like a Hacker Before the Hack Happens with John Hammond
What if the most dangerous hackers are the ones who never touch a keyboard? The real threat isn't just about stolen credentials or ransomware; it's about understanding how attackers think before ...
Breaking Into Banks and Bypassing Modern Security with Greg ...
Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled ...
Defending Your Cyber Systems and Your Mental Attack Surface with ...
When your firewall forgets to buckle up, the crash doesn’t happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder ...
Thriving Beyond Human Labor with Context-Powered AI with Daniel ...
The real disruption isn’t AI replacing humans, it’s the shocking possibility that human labor was the economic bubble all along. In this episode, Ron Eddings sits down with Daniel Miessler, ...
Building EDR for AI: Controlling Autonomous Agents Before They Go ...
AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be ...
Can AI Run Your SOC Better Than You? with Ahmed Achchak
What if your security team never missed a single alert and actually had time to think strategically? In this episode, Ahmed Achchak, CEO and Co-Founder of Qevlar AI, reveals how autonomous SOCs ...
Making Cybersecurity Marketing Creative (and a Little Sexy) with ...
Who said cybersecurity had to be serious? The future of cyber is creative, human, and even a little sexy.In this special 400th episode, Ron Eddings celebrates six incredible years of Hacker ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at