Plaintext with Rich

You tap a button and a ride shows up. You check out online and your bank approves it in seconds. It feels automatic. But nothing in software is automatic. Something received a request, decided it was valid, did some work, and sent back a response. That something is an API.
This episode breaks down what APIs actually are, why they exist, when to use them, and why they matter far more than most people realize. It starts with a restaurant analogy that makes the concept click, then walks through how modern software is built from modular pieces that coordinate through structured requests and responses. From there, it covers the four ways APIs quietly fail: weak identity, excessive permissions, blindly trusted input, and missing guardrails for automation abuse. The episode closes with a four-step starter kit for treating every API like the security-critical control point it is, covering authentication, authorization, data minimization, and abuse prevention.
Whether you're a business leader trying to understand what your engineering team means by "API security" or a professional who wants the concept explained without the jargon, Plaintext with Rich makes it clear.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

At 4:47 p.m., someone pastes a customer escalation into an AI assistant and asks it to rewrite the tone. The reply is perfect. It also includes a private note from the internal thread. No breach. No attacker. Just a new workflow that doesn't know what should stay inside.
This episode breaks down how to secure AI tools in the workplace by treating them like any other system that handles sensitive information and influences decisions. It covers the three patterns where AI quietly breaks: sensitive data going in through normal use, assistants being steered by hidden instructions inside documents they read (prompt injection), and over-connected AI with too much autonomy and too little friction. The episode references NIST's AI Risk Management Framework, OWASP's Generative AI Security Project and LLM Top 10, and practitioners like Rob T. Lee and Chris Cochran for ongoing grounded guidance. The starter kit covers four moves in order: creating an approved AI lane with company identity and strong authentication, putting guardrails around sensitive data, limiting connectors and permissions with a human in the loop, and making usage observable through logging and adversarial testing.
Whether you're rolling out AI tools to your team or trying to secure what people are already using, Plaintext with Rich provides the baseline.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

Every company says they're using AI. Some mean chatbots. Some mean automation. Some mean statistics with a new logo. If everything is AI, the word stops meaning anything.
This episode untangles what people actually mean when they say "AI" by breaking the umbrella into its real components. It covers machine learning (systems that learn patterns from data), deep learning (layered neural networks that made modern recognition possible), large language models (text prediction engines driving today's headlines), RAG or retrieval-augmented generation (connecting models to specific documents instead of relying on training alone), and agentic AI (systems that don't just respond but take action). The episode explains why these distinctions matter for risk, why a fraud detection model making probability estimates is fundamentally different from an agent allowed to move money, and how to filter the hype with a simple mental checklist: is this prediction, generation, retrieval, action, or branding?
Whether you're evaluating AI tools for your organization, sitting through vendor demos full of buzzwords, or just trying to have a smarter conversation about what AI can and can't do, Plaintext with Rich sorts the categories.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

The access made sense. The exception was justified. The shortcut saved time. Each decision worked on its own. And somehow, together, they added up to failure.
This episode tackles the uncomfortable truth that most security failures aren't caused by ignorance or carelessness. They're caused by systems quietly accumulating risk while everyone is doing their best. It walks through the patterns that create this drift: temporary decisions that never expire, blurred ownership where risk becomes nobody's problem, trust that's too broad because convenience won repeatedly, and complexity without clarity where tools exist but don't drive action. The episode explains why none of this feels like failure while it's happening and why the sentence "we didn't realize it worked that way" is the fingerprint of systemic breakdown. The starter kit covers making ownership explicit, treating access like inventory, reducing silent permissions, designing for human reality, and favoring fewer tools with clearer purpose.
Whether you're a leader trying to understand why incidents keep happening despite good intentions or a practitioner watching risk accumulate in real time, Plaintext with Rich names the patterns.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

The breach didn't come through a broken firewall. It walked in through a valid login. Nothing exploded. Nothing looked suspicious at first. Someone just signed in and kept going.
This episode clears up what Zero Trust actually is and what it isn't. It's not a product, not a box you install, and not a technology you turn on. It's a design decision: don't automatically believe a request just because it comes from inside your network. The episode explains why the old perimeter model stopped working when work moved to laptops, apps moved to the cloud, and being "inside the network" stopped meaning anything useful about risk. It walks through the four core signals Zero Trust evaluates (identity, device health, access scope, and segmentation), explains how Zero Trust Network Access differs from traditional VPNs, and addresses common misconceptions including the idea that Zero Trust means trusting no one. The starter kit covers strong authentication, separating daily accounts from admin accounts, mapping access paths, setting device requirements, and reducing broad network access.
Whether you keep hearing "Zero Trust" in vendor pitches and want to know what it actually means or you're starting to rethink how your organization handles remote access, Plaintext with Rich cuts through the marketing.
Is there a topic/term you want me to discuss next? Text me!!
YouTube more your speed? → https://links.sith2.com/YouTube  
Apple Podcasts your usual stop? → https://links.sith2.com/Apple  
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify  
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog  
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord  
Follow the human behind the microphone → https://links.sith2.com/linkedin  
Need another way to reach me? That’s here → https://linktr.ee/rich.greene