CyberAware Podcast

Season Two streaming now - new episodes on wednesdays


Ransomware, the dark web, hacking, and more! Join Nathan, a cybersecurity expert, and Ham, an internet-savvy gamer, as they walk you through the cybersecurity world. Plus, get the latest security news and happenings from expert Mercy.

Listen & Subscribe

spotify_podcast_logo.png  itunes_podcast_image.jpg




Season 2

Download the full transcript

Explore the world of ethical hacking with special guest Brad Ammerman, an industry expert. Nathan sits down with Brad to chat about what it's really like working as a penetration tester. From hacking into computer systems to breaking into physical locations, Brad and his team are hired to help find holes in clients' security, so they can resolve issues and stay safe.

Hear exclusive on-the-job stories from Brad's career and get inside advice on some of the top security pitfalls that everyday people fall victim to.

News Sources:

Story 1:

Claburn, Thomas. "WhatsApp's Got Your Back(ups) with Encryption for Stored Messages." The Register, 14 October 2021,


Story 2:

Abrams, Lawrence. "Acer Hacked Twice in a Week by the Same Threat Actor." Bleeping Computer, 19 October 2021,


Story 3:

Gatlan, Sergiu. "Man Gets 7 Years in Prison for Hacking 65K Health Care Employees." Bleeping Computer, 19 October 2021,

Download full transcript

Tune in to learn about the "internet iceberg," an analogy to help put into perspective the vastness of the internet and its three main parts – the surface web, the deep web, and the dark web. Nathan and Ham define each one and discuss the perils of the dark web. Find out what goes on in some of the most hidden parts of the internet, and hear Ham's personal story about a frightening experience.

The episode concludes with news from Mercy on a recent malware disguised as an Android app, a Verizon phishing scam, and a cyberattack on a Japanese company.

News Sources:

Story 1:

Sharma, Ax. "Photo Editor Android App Still Sitting on Google Play Store is Malware." Bleeping Computer, 12 October 2021,

Story 2:

Riley, Duncan. "Sneaky New Phishing Campaign Uses a Math Symbol in the Verizon Logo." SiliconANGLE, 12 October 2021,

"Verizon Phishing Scam Targets Customers Through a Text Message.", 11 October 2021,

Story 3:

Greig, Jonathan. "Olympus Suffers Second Cyberattack in 2021." ZDNet, 12 October 2021,

Download the full transcript

Tune in to find out what exactly ransomware is, who these attackers are, and why and how they do it. Nathan and Ham discuss recent large attacks by groups such as REvil and WannaCry. Hear about the far-reaching effects these attacks can have and how people and businesses can protect themselves.

The episode concludes with a chat about cybersecurity tactics such as cyber insurance and ransomware negotiators. Both are ways that businesses can protect themselves in the event of a ransomware attack. Lastly, hear the latest on ransomware news and more from Mercy.

News Sources:

Story 1:

Vaas, Lisa. "Crystal Valley Farm Coop Hit with Ransomware." ThreatPost, 22 September 2021,


Story 2:

Gatlan, Sergiu. "Transnational Fraud Ring Stole Millions from Army Members, Veterans." Bleeping Computer, 3 October 2021,


Story 3:

Quach, Katyanna. "Google to Auto-Enroll 150m Users, 2m YouTubers with Two-Factor Authentication." The Register, 6 October 2021,

Download full transcript

Tune in to hear Nathan and Ham discuss how to #BeCyberAware with the basics of cybersecurity. Learn about the Four P’s – phishing, passwords, patching, and protect your devices – to help you stay safe. Plus, Nathan and Ham both share interesting personal stories about their encounters with cybercrime and they give their top tips on how to avoid falling into the traps of hackers. Get an insight into cybersecurity terminology you may have never even heard of, like a “whaling” and “zero-day vulnerability.”

This episode is ended with a segment of current news and events given by Mercy. She covers updates including new malware that hunts gaming accounts, an information leak from a far-right militia, and two more dangerous malware targeting Android and Mac devices.

News Sources:

Story 1:

Bracken, Becky. “Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts.” ThreatPost, 28 September 2021,


Story 2:

Thomson, Iain. “Emails, chat logs, more leaked online from far-right militia linked to US Capitol riot.” The Register, 28 September 2021,


Story 3:

Seals, Tara. “TangleBot Malware Reaches Deep into Android Device Functions.” ThreatPost, 24 September 2021,

Meet Nathan and Mercy, cybersecurity experts, and Ham, an internet-savvy gamer! In this trailer, hear clips from upcoming episodes on fascinating topics like ransomware, the dark web, and hacking.

Season 1

(Quick Tips: Media Piracy and Copyright, click above to listen)

In this short Quick Tips episode, hosts Sherwin and Raj give insights into copyright and media piracy, and what not to do regarding them. They discuss the dangers of downloading torrents, which contain details of files that are distributed among a sharing network. You should never download or share torrents because it involves copyright violation, which is a very serious matter and can have strict consequences. Secondly, torrent files contain malware, which can be unknowingly transferred from your device to other users on the same network – especially when using remote access tools like MavLABS. This can pose a very severe threat to the University’s cybersecurity, and your own.

Sherwin also gives an overview of copyright violations, which include media piracy and any other instance in which someone uses copyrighted materials – or any intellectual property – without permission. They warn that copyright violations also include the public sharing of content that is not deemed to be shared or distributed, and advise to never engage in sharing copyrighted materials. Raj and Sherwin end the conversation with a reminder that the University is notified of copyright violations, and they again restate the serious legal repercussions associated.

(Quick Tips: MavLABS and Zoom Security, click above to listen)

In this short Quick Tips episode, Sherwin and Raj give an overview of the University’s MavLABS service as well as how to stay secure on Zoom. MavLABS is a service available to students and faculty that allows remote access to specialized lab computers that offer software like ArcGIS, CAD programs, programming editors, database servers, Microsoft Access, geography labs, and more. Sherwin explains how MavLABS works using remote access technology and how you can securely access this service from your personal device.

One important piece of advice that you should follow when using MavLABS is to avoid shutting down the lab computer that you are remotely accessing, as that will require an employee to manually turn the computer back on in the lab on campus. Instead of shutting down, simply just log out of the accessed system after use. Lastly, take note that MavLABS is offline nightly from 12 am to 5 am for maintenance. If you experience issues with MavLABS or have questions, submit a ticket to IT Solutions.

In the second half of the podcast, Raj and Sherwin provide insight on the security features of Zoom, one of the most important of which is the ability to password-protect your meetings. They also cover the recent overhaul of documentation and policies that Zoom underwent to mitigate “Zoom-bombing” issues. Raj explains his preference for Zoom over other video calling platforms, stating that he enjoys Zoom’s functionality and simplicity.

All faculty, staff, and students have access to a premium Zoom account, which offers more features than the free version and is more secure – so be sure to always log in with your StarID using our secure MinnState portal at

(Quick Tips: Multi-Factor Authentication & How to Enable it on Office 365, click above to listen)

In this short Quick Tips episode, Sherwin and Raj elaborate on multi-factor authentication, how it works, and how to enable it on your University Microsoft Office 365 account for extra security.

Multi-factor authentication is a powerful security tool that creates layered protection by requiring users to sign in using more than one verification method, which helps prevent cybercriminals from gaining access to your personal information. Different ways to authenticate may include an authenticator app, a text message, a code generator, or even a call on your phone. Raj explains his preferences when it comes to multi-factor authentication and also recounts a personal story about a time when multi-factor authentication saved his account from a breach! Sherwin and Raj both highly recommend using multi-factor authentication on all your accounts, especially with the increase in remote working and learning.

Multi-factor authentication is available for your University Office 365 account, including all related apps like Outlook, OneDrive, and more. Extra security is just a click away! Follow our easy set-up instructions, which include helpful images to guide you through the process.

enable Multi-Factor Authentication for Office 365

(Quick Tips: Five Clever Hints to Stay Cybersafe, click above to listen)

In this short, Quick Tips episode, Sherwin and Raj share five simple ways to stay cybersafe. They delve into the Four P’s of Cybersecurity, starting with the topic of phishing emails. They explain how to spot them and what to avoid in order to keep yourself and your information safe. They also touch on passwords, giving important tips such as using the appropriate character length and variety as well as how to maximize security of accounts by keeping usernames and passwords unique for each. Next, the duo discusses patching, which is all about keeping your devices and software up to date. They give suggestions on how to keep up with security patches in order to defend against malware. They also share a combination of important steps that can be implemented to further protect your devices, such as logging out after use, being aware of shoulder surfing, avoiding public Wi-Fi, and more. Lastly, Raj and Sherwin cover a variety of useful resources that are available on the CyberAware website to help you stay safe.

(Episode 7, click above to listen)

In this episode of the CyberAware Podcast, host Sherwin discusses with guest speaker Joey Kleinow the topic of cybersecurity tools and operating systems. Joey is an upcoming graduate majoring in computer information technology at Minnesota State University, Mankato and is currently employed as a cybersecurity analyst. 

They discuss some of the top cybersecurity tools used in the industry, including firewalls, which are the first layer of protection and help to prevent invasion early on. They discuss related classes available at Minnesota State Mankato for those interested in the field. Joey moves on to elaborate more on tools and projects that are critical to land you a job in the cybersecurity field, like Linux and Wireshark.  

Joey also describes his college experience and shares how his early interest in consoles and games were the first steps towards picking cybersecurity as a career. He moves on to discuss misconceptions about cybersecurity, emphasizing that cybersecurity concepts should not be used for illegal activities like pirating copyrighted content. Instead of money, a career in cybersecurity should be motivated by passion for the field. 

Lastly, they take a more in depth look at Linux and Joey illustrates his favorite features, like how smooth and efficient it is, how downloading and installing applications is easy, and more. They end with a discussion about user interfaces, system bloatware, and other features that differentiate operating systems from each other. 


(Episode 6, click above to listen)

In this episode of the CyberAware Podcast, host Sherwin discusses with guest speaker Nate Johnson the topic of research and cybersecurity vulnerabilities.  Nate is a penetration tester and is a co-host for another podcast series on YouTube called the Irongeek Cast.

Nate delves into his undergraduate research topic, which was proximity radio frequency identification (RFID) in card reader lock systems. For example, the technology that is used with Mav Cards. He also researched the security flaws and the encryption within card reader lock systems using open source coding. Nate then lays out a comparison between RFID and NFC (Near Field Communication) and how variable band frequencies play a major role in these systems. Nate also shares with Sherwin his study abroad experience in the Netherlands and how NFC is very common there, ranging from identification to payments at almost every location. Nate moves on to talk more about his current research, giving insight on security tactics used to prevent physical bypass on RFID and NFC card reader lock systems. Nate illustrates his experience as a penetration tester and he sheds more light on faculty and student research on cybersecurity.

Interestingly, Nate and Sherwin then pivot the conversation to discuss the latest Pentagon speculated UFO sightings and go on to imagine the security methods that could have been used to evade radar spotters. Nate then shares his public presentation experience in front of industry professionals, explaining how having expertise in recent advancements can even sometimes give you an edge over someone who has decades of experience in the industry. Finally, he suggests to incoming students some important coursework for pursuing cybersecurity from a Minnesota State University, Mankato alumni’s point of view.

(Episode 5, click above to listen)

In this episode of the CyberAware Podcast, our hosts, Raj and Sherwin, discuss the topic of cyberpunks with special guest Mubasser Kamal. Mubasser graduated from Minnesota State University, Mankato in 2018 with a master’s degree in information technology. He currently works for a penetration testing company based in Minneapolis, Minnesota as a security consultant. This podcast is all about cyberpunks, which are individuals that engage in cybertheft and other malicious criminal activities in the cyberworld.  

The first major example the group discusses is phishing, including the upsurge in text message phishing and the number of victims during the COVID-19 pandemic. They provide insights into common infrastructure vulnerabilities that allow attackers to compromise accounts and systems. The group also elaborates on “penetration testing,” also known as ethical hacking, which is an authorized simulated cyberattack on a computer system. This is performed to evaluate the security of systems and infrastructure, like mobile and web applications. Another topic discussed is the existence of hackers implemented and sponsored by governments and corporations around the world to conduct cyberattacks. These hackers have high-end targets and may bait and use innocent people as passive cyberpunks. Raj, Sherwin, and Mubasser also give some easy tips to stay cybersecure, including double-checking links, checking the validity of emails, texts, or calls, and securing home Wi-Fi networks by performing regular firmware updates on devices like routers. Finally, the group talks through a typical day in the life of an information security analyst and the tasks they perform. 

(Episode 4, click to listen above)

In this episode of the CyberAware Podcast, Raj and Sherwin speak with special guest Michael Menne, the Chief Information Security Officer (CISO) at Minnesota State University, Mankato. With 28 years of experience in IT, Michael shares his thoughts on cybersecurity and how things have changed throughout the years. Michael gives insight into what his job as a CISO entails, how organizations assess security risks, and how students can pursue a career as a CISO. The group also discusses other frequently asked questions, including how IT Solutions and the security team reacted to the COVID-19 pandemic.

During the second half of the podcast, Raj, Sherwin, and Michael discuss what it means to outsource security services and how outsourcing can impact higher education organizations specifically. The group also chats about the process of implementing new technology to enhance cybersecurity, and the pros and cons of spending University resources on these projects. Lastly, Michael shares his thoughts on security regarding the Internet of things and smart devices, like smart speakers. The group ends with a few quick tips on how to stay up to date with current cybersecurity issues, including following the newsfeed on our CyberAware website or contacting Michael Menne.

(Episode 3, click to listen above)

In this episode of the CyberAware Podcast, our hosts, Raj and Sherwin, discuss cybersecurity awareness during COVID-19. Mike Hedlund, the President of the Information Security Student Organization (ISSO) at Minnesota State University, Mankato, joins Sherwin and Raj to share his thoughts on vulnerabilities that have heightened due to COVID-19. Together, they delve into the topics of browser extensions, phishing and scams related to COVID-19, and the recent transition to online working, teaching, and learning. Mike shares his personal experiences and gives advice on how to keep up with work and school online.

In the second half of the podcast, the group shares their thoughts on certifications in the information security industry. They also chat about ISSO’s experience at the 2020 Collegiate Cyber Defense Competition in Alexandria, Minnesota. Mike shares his team’s experience in competing in the hypothetical scenario to correct vulnerabilities in systems at risk of being breached. The group wraps up the podcast with a quick discussion on ISSO’s future ideas for hosting information security events, like hackathons, and how COVID-19 has affected their plans.

(Episode 2, click to listen above)

In this episode of the CyberAware Podcast, our hosts, Raj and Sherwin, explore the topics of passwords and device protection – two more of the Four P’s of cybersecurity. Brad Ammerman, an adjunct professor in Computer Information Science at Minnesota State University, Mankato, joins Sherwin and Raj to talk about best password tips and how to keep your devices safe. The group discusses common password mistakes, how to create strong passwords, how data breaches happen, and how to manage your passwords. Brad touches on important security techniques, like two factor authentication and password managers.

In the second half of the podcast, Raj and Sherwin transition into the topic of device protection with a discussion on how IT Solutions manages devices in order to keep the University safe. Brad lists several options for work and personal device privacy and protection, such as privacy screens and webcam covers. The group discusses common security vulnerabilities, the pros and cons of antivirus software, and how to securely transfer data. Lastly, Brad discusses his experience working remotely and how the transition to online has affected society.

(Episode 1, click to listen above)

In this first episode of the CyberAware Podcast, our hosts, Raj and Sherwin, delve into the world of cybersecurity to uncover the basics of phishing and patching – two of the Four P’s of cybersecurity. Dr. Veltsos, a professor in Computer Information Science at Minnesota State University, Mankato, joins Sherwin and Raj to discuss phishing attacks in the current COVID-19 climate. They share helpful tips on how to spot phishing messages, how to avoid falling victim to them, and how to report them. Dr. Veltsos also answers cybersecurity questions frequently asked by students and staff and shares his best advice on how to get involved with cybersecurity in everyday life.

During the second half of the podcast, the group discusses the importance of patching your devices, or keeping software and firmware up to date. Sherwin, Raj, and Dr. Veltsos address how updating devices on a regular basis can help increase security and reduce the risk of a cyberattack. Lastly, helpful tips on staying safe while working and learning from home, including how to be secure while using remote desktop capabilities and how to avoid Zoom-bombing, are shared. The group wraps up the podcast with a final discussion on how the transition to online learning has affected students and professors.

 Report Phishing


Resources From Dr. Veltsos

Domain Name Service (DNS) is like a phone book for the internet, linking millions of website names to their corresponding address.  Your internet service provider usually will provide a default DNS for you, Open DNS differs by providing the same fundamental service with some special features to promote security and privacy. 

DNS configuration for Windows    DNS configuration for Mac

Free and Low Cost Online Cybersecurity Learning Content
Stay secure, avoid covid-19 cyberattacks

Apple and Apple Podcasts are trademarks of Apple Inc., registered in the U.S. and other countries. Google PODCASTS and the Google PODCASTS logo are trademarks of Google LLC.