Search
START TYPING AND PRESS ENTER TO SEARCH

It was a huge year for Tales from the CyberLab podcast – explore the best bits from 2025.

Tales From the CyberLab: Episode 17

Best of 2025: 12 Cyber Lessons From This Year's Experts

with Adam Myers, Sales Director at CyberLab

It was a huge year for Tales from the CyberLab podcast – explore the best bits from 2025 🎅

Celebrate the end of an incredible year with our Christmas Special, featuring the standout moments from Tales from the CyberLab in 2025.

Host Adam Myers revisits highlights from top guests – cyber security leaders, legal experts, and ethical hackers – sharing the most valuable insights and stories from the series.

Whether you’re deep in the industry or just curious, this episode delivers practical advice and festive reflections on AI, ransomware, e-commerce law, and more. Join us for a look back at a year of learning and community, and get a taste of what’s coming in 2026!

Listen on Spotify

Meet Our Host

Adam Myers

With over 14 years of experience in Cyber Security, Adam Myers leads a team at CyberLab dedicated to protecting organisations from emerging cyber threats.

As a senior leader, he guides the team to deliver proactive, layered security strategies and managed detection and response services. Adam has worked across various sectors, including the NHS, education, and enterprise, helping organisations achieve their goals while enhancing cyber resilience.

He’s committed to raising cyber awareness and simplifying complex security topics, offering expert advice on the latest cyber threats and trends.

Episode Transcript

Adam Myers

Hello and welcome to our podcast Tales from the CyberLab. My name’s Adam Myers and I’m the Sales Director here at CyberLab, and I’ll be your host for this Christmas special where we’ll be recapping 2025 and all the best episodes. Enjoy.

Episode six was back in January where we joined by sofa’s, very own Dave Mareels who talks around the evolution of AI in cyber security, specifically around attack and defence and how that is evolving over time. Check out this episode.

Dave Mareels

The attackers have the technology. I think it’s the defenders who have more of a gain. They started here, the attackers were here. Now this is a leveller up and I’m really excited for the applications on both the product side and the services side moving forward.

Adam Myers

Episode seven from February was with Peter Mackenzie, who heads up the Incident Response team at Sophos. This episode is really good if you’re looking at your incident response strategy. And also I think my view is: test your incident response plan. What I see a lot is when I talk to a lot of customers is that they don’t actually test their response, and I think in the heat of their moment, it’s good just to understand what to do and what processes to follow. So check out this episode with Peter.

Peter Mackenzie

The first thing to do is probably going to want to take your critical systems offline because if they haven’t been hit already, which they probably have, you want to protect them. So anything that is critical to your business or even just everything, get them offline. If you’ve got ways to isolate them, so various security products have options to isolate machines, that’s a good way of doing it, because you can then keep investigating those machines while they’re isolated. But if you don’t what to do and you don’t know what tools you’ve got, just turn things off. Shut it down, cut the internet. We put firewall rules into block all traffic, turn machines off, get your backup servers offline.

Adam Myers

We go back to March where we’re joined by David Dixon for episode eight, where we discuss around penetration testing specifically around web application testing, mobile testing, but also large data breaches that were seen in the news where David covers this off in more detail.

David Dixon

Some people might have remembered this in the news from a few years ago. I can’t remember the exact year now, but I think it was one of their customer facing mobile applications, which was compromised and effectively it costs British Airways, something in the vicinity of 70 million, or no, sorry, 20 million in fines as a result for a GDPR breach. And this is just a perfect example of how not taking security seriously enough or not being able to demonstrate to bodies like the ICO who are the ones that basically-

Adam Gleeson

and that was the direct result of a web app?

David Dixon

Yeah, IT web app compromise for sure. And it costs, there was two millions of user records compromised and obviously as a result they suffered a financial penalty.

Adam Myers

Episode nine back in April where we’re joined by Moty Cohen from Vicarius, discussing automated patch management. Fantastic solution. What we see with our customers especially is around the patchless protection that Vicarius can offer. So check out this episode – it’s one you don’t want to miss.

Moty Cohen

These things, they are kind of like weakness or flaws in software and those weakness of flaws, they’re calling those potential exploiters to try to utilise those weaknesses. It’s like gaps in the software.

Adam Gleeson

So yeah, they’re kind of like gaps or oversight in the software, but that allows someone to do something to that software that then exposes a security vulnerability.

Moty Cohen

Yeah, exactly. And by the way, not only security, it can be also bugs or performance issues that those holes can invite but in this case we’ll focus on those security holes.

Adam Gleeson

Absolutely.

Moty Cohen

And definitely when you have this kind of hole, it’s kind of a race. If who will find this hole first, the vendor or maybe the good people, if you can say all those cyber criminals or potential attackers that will try to take it.

Adam Myers

Episode 10 back in May where I actually joined the team and it’s actually my first podcast, what a roller coaster it’s been since then where we’re joined by Stuart Wilson from Forcepoint who discusses data security in more detail. Now, my view on this is that as more businesses are transitioning into AI, adopting Copilot and other technologies, this is one that’s really good for your cyber security strategy. Enjoy.

Stuart Wilson

Yeah, it, it’s a good rationale, right, starting with classification because as you say, people have built up data long period of time that data they want to put into different repositories moving forward. But if you dunno what that data is, that’s kind of a risky business. So using classification, using AI driven classification removes a lot of that kind of mundane user activity. Often people get a bit touchy when you talk about AI and the impact it can have on people’s roles. But when you take something that people aren’t very good at, don’t enjoy doing and can add risk to the business, and when you replace that with AI capability, then actually I think it becomes a really compelling argument to use it.

Adam Myers

Episode 11 of Tales from the CyberLab back in June where we’re joined by Stuart Coulson from HiddenText. Now Stuart shone a light a little bit on the role of a CISO within an organisation and also cyber security as a culture, which I think is really interesting and a great take on where the industry is heading. Enjoy.

Stuart Coulson

It’s an interesting tapper and it’s one I really passionate about because I think I’ve long seen from the other side as well. Cyber has lived in an ivory tower, hand grenade out policies: “thou shalt do” or “thou shalt not do”. And it’s always been seen as this almost kind of an angry place in the business where all good ideas go to die, which he’s not allowed to do that because well, “we have to do this on a firewall” and then there’s this and that – there’s a million excuses get thrown out. So cyber’s always been the blocker, whereas where I prefer to see is cyber security as an enabler.

Adam Myers

Episode 12 back in July where we’re joined by Bridget Green from Legal Edge, who discusses e-commerce law and specifically cyber security from an e-commerce perspective. So if you are an organisation that handles credit card, it links quite nicely as well into PCI-DSS, which is a later episode. But also if you’re looking from a cyber security perspective around your e-commerce websites, it’s really one that will shine a light on where the industry is heading and what to watch out for.

Bridget Green

I think I’d say there was four key heads of cyber attacks that e-commerce businesses regularly encounter. One would be payment fraud. So effectively criminals stealing your customer’s payment details at the point of sale on your website or via your app. A second would be phishing. So that is where criminals pose and trick your staff into sharing data, whether it’s bank accounts, et cetera, by posing as say your payroll department or one of your senior leaders. A third is ransomware. So that is where third parties use malicious software to effectively block the functionality of your site. So to effectively stop you being able to trade, to make sales and then hold you to ransom, literally demand a sum of money to be able to release your business back to you. And finally, one that everybody would be pretty afay with is web hacking, which is effectively where hackers will infiltrate the backend of your systems and steal large quantities of your customer data.

Adam Myers

Episode 13 in August where we’re joined by Chess’s very own James Mallalieu, who discusses the role of copilot specifically and the adoption of Microsoft’s new technologies. I think this is a really good one if you are looking to start that journey. I often find when I talk to customers from a cyber security perspective, it’s where do we start our AI journey? And this is one that will really help you with the wider strategy. Sit back, relax, and enjoy the show.

James Mallalieu

And those people who are enthusiasts who want to use AI, they’re just going to go off and use ChatGPT, the Consumer edition. They’re going to use any tool that they want to use. And I get the fact you can lock down desktops and devices, but at the end of the day, I’ve got my own device so I can go away, I can use ChatGPT to do things based on content that I might’ve taken out of the organisation that’s sensitive. So I think whilst you can put efforts in place to stop people using shadow IT, I’m a great believer in encourage them to do the right thing, which is provide a set of tools that you as an organisation govern, you, manage, you audit, give them those tools, right? AI is not going to go away. So if you don’t provide a tool that someone can use as a kind of basic generative AI tool, a proportion of your users will demand that. And over the next few years as new people join your organisation, they will expect it. It’s like all of these technologies. If I joined an organisation tomorrow and they said we’re not using teams or we’re not using Microsoft 365, then there would be a slight raised eyebrow in terms of, well, “what are you providing as an alternative?”

Adam Myers

Episode 14 in September, we were joined by CyberLab’s very own Tom Unsworth, who is an ethical hacker here at Cyber Lab. This episode is really good if you’re looking for a career as an ethical hacker, but also what they do on a day-to-day basis. Tom shines a light a little bit on some techniques that are new and we’re seeing evolve over time. So enjoy this episode is one you don’t want to miss.

Tom Unsworth

The very common ones that we see in pretty much every engagement we do is of vulnerable third party components because these are really hard to keep up to date with if you’ve got a wide range of technologies on your app.

Adam Myers

Episode 15 in October, we’re joined by Jon Hope from Sophos. Now if you are cyber security strategies, a bit like trying to untangle the Christmas lights, this is one you don’t want to miss. We’ll be looking at the State of Ransomware report, which is really good if you’re looking to adopt your cyber security strategy. And especially as we turn the year into 2026, this is a really good episode you don’t want to miss, enjoy.

 

Jon Hope

Work on the assumption that you probably will be hit at some point is probably the one thing, and start from that position, train your users, but don’t assume that you’re going to get it right a hundred percent of the time because humans are all fallible. We’ll make a mistake at some point. So start with user training and then building mechanisms if something does go wrong. And that’s a combination of technology and then the processes that we’ve just talked about. And just don’t ignore the problem. It’s very real. Don’t assume you’re too small. It’s definitely a challenge that faces organisations of all different sizes.

Adam Myers

Episode 16, back in November, what an episode. This was where I was joined by Tharun, who is a Cyber Security Consultant here at CyberLab and we discuss PCI-DSS. So if you are an e-commerce website or anybody that takes card payments, this is one that will really help shine a light on what you should be doing and maybe link in some of the team. I think it’s really good from my perspective that we do help a lot of customers around their PCI-DSS strategy. So enjoy this episode.

Tharun Uduyasankar

It was in the year 2018, there was an attack on Ticketmaster website, so consortium with the attackers who mainly target on payment processing of an organisation called MageCart. So how they worked was they would target a company or a third party vendor’s payment processing webpage. So they would inject it with a JavaScript code and that would sit on that website silently and observing all the transactions that are happening. And that’s how they got hold of millions of cardholder data and it became a huge impact for line of companies who were using that as a service. It was British Airways – that was one of the major company that got affected as well.

Adam Myers

So that concludes this episode of Tales from the CyberLab. I really do hope you’ve enjoyed our Christmas special and recap of 2025. I want to say Merry Christmas to everybody that’s listened to the channel, please like and subscribe – it does really help the channel grow. So until next time, Stay Secure.