About this episode
Most security failures don't start with a dramatic breach or a mysterious hacker sitting in a dark room. They usually start quietly. Someone assumes a system is locked down. Someone trusts that a door shouldn't open, or that a machine "just works," or that no one would ever think to look there. Over time, those small assumptions stack up, and that's where things tend to go wrong. Today's guest is FC Barker, a renowned ethical hacker, social engineer, and global keynote speaker with more than three decades of experience legally breaking into organizations to expose their blind spots. Formerly the head of offensive cybersecurity research at Raytheon and now co-founder of cybersecurity firm Cygenta, FC is also the author of How I Robbed Banks, a book packed with true stories from the field. In this conversation, FC shares what he's learned from decades of breaking into places he was hired to protect. The stories range from funny to unsettling, but they all point to the same pattern: technology usually isn't the weakest link. People are. From outdated systems that can't be replaced to everyday workplace habits that quietly invite risk, this episode offers a grounded look at how intrusions really happen and what actually makes environments safer. Show Notes: [03:06] FC grew up before cybersecurity existed and learned computers when manuals were thicker than the machines themselves. [05:27] How early internet culture shifted from curiosity-driven exploration to the rise of malicious actors. [07:15] Why inviting external testers to break into your systems was once an unthinkable idea and how that changed. [09:35] The danger of internal blind spots and why external validation is often more valuable than internal confidence. [10:46] Unexpected discoveries during penetration tests, including systems no one remembered were even running. [12:23] Choosing unusual, esoteric security projects and why unconventional systems often hide the biggest risks. [12:50] A real-world operation that involved reverse-engineering hardware to shut down power infrastructure in seconds. [16:29] One of the easiest break-ins ever happens accidentally, proving how fragile some systems really are. [17:21] The most common technical failure seen across organizations: poor network segmentation. [18:36] How a routine internal scan accidentally knocked an entire country's banking connection offline. [20:04] A bank unknowingly runs its internal network on an IP range owned by the U.S. Department of Defense.
