Let's Talk
Let's Talk
Josh Shepard

Josh Shepard

Josh has spent his career hunting for and neutralizing nation-state threat actors targeting critical infrastructure. During his time with the USAF, he led a team of threat hunters pursuing advanced persistent threats (APTs) targeting the defense industrial base, energy, transportation, and water/wastewater sectors. From there he transitioned to Ro, a startup in the healthcare sector, where he built and led a threat intelligence and threat hunt program operating on a multi-cloud, multi-operating system environment.

Posts by Josh Shepard
Iranian APT Actors Are Targeting Your PLCs — Here's What to Do
There was a joint advisory this week (AA26-097A) warning of active exploitation of internet-facing Programmable Logic Controllers (PLCs).
Attack Surface and Vulnerability Management

Iranian APT Actors Are Targeting Your PLCs — Here's What to Do

Apr 09, 2026 2 min read
Unmasking the Toy Maker Initial Access Broker
An initial access broker is a type of threat actor specializing in gaining initial persistent access to an environment.
Threat Hunting and Intelligence

Unmasking the Toy Maker Initial Access Broker

May 20, 2025 2 min read
Too Good To Be True
In this campaign, Lazarus Group tricks a user into running a malicious script on their machine by having them apply for a job that is just a little too good to be true.
Threat Hunting and Intelligence

Too Good To Be True

May 01, 2025 3 min read
VIP Keylogger 2.0
We dive into a VIP Keylogger campaign, with two defense evasion techniques (steganography and remote template injection) and how you can look for them.
Threat Hunting and Intelligence

VIP Keylogger 2.0

Mar 06, 2025 2 min read
A Phisher’s Love Affair With AI
We dive into a phishing campaign that uses an AI augmented app developer tool to create a captcha style page to help bypass automated spam filters.
Threat Hunting and Intelligence

A Phisher’s Love Affair With AI

Feb 28, 2025 2 min read
Alternate Data Streams and Extended Attributes
We explain what Alternate Data Streams and Extended Attributes are, why threat actors like them, and some things to look for that could indicate abuse.
Threat Hunting and Intelligence

Alternate Data Streams and Extended Attributes

Feb 05, 2025 2 min read
Load More Stories
 

THE DIB CYBERSECURITY MATURITY REPORT 2025 EDITION

Read Full Report
RADICL_ DIB Report_Part 5

Regulatory Compliance

Read More  
What is SPRS? How Defense Contractors Are Scored on Cybersecurity
Beyond contracting officers and primes, your SPRS score is on file with the federal government. If a cyber incident occurs and DoD investigators are examining your compliance history, your SPRS submission is part of the record.
Regulatory Compliance

What is SPRS? How Defense Contractors Are Scored on Cybersecurity

May 26, 2026 8 min read
What is DFARS 252.204-7012? A Guide for Defense Contractors
Regulatory Compliance

What is DFARS 252.204-7012? A Guide for Defense Contractors

May 14, 2026 8 min read
CMMC Compliance Deadline 2026: Key Dates That Affect Your DoD Contract
Regulatory Compliance

CMMC Compliance Deadline 2026: Key Dates That Affect Your DoD Contract

Apr 13, 2026 6 min read

Threat Hunting & Intelligence

Read More  
Ransomware Gang or IT Admin?
PowerShell script used deliberate attempts to bypass CrowdStrike EDR using native BitLocker encryption and vssadmin shadow copy deletion.
Threat Hunting and Intelligence

Ransomware Gang or IT Admin?

Jun 24, 2026 3 min read
Trojanized ArcGIS Installer Drops Dual-Channel RAT
On May 18, 2026, RADICL observed an intrusion on a Windows endpoint originating from a trojanized ArcGIS Pro installer downloaded from a typosquatted domain.
Threat Hunting and Intelligence

Trojanized ArcGIS Installer Drops Dual-Channel RAT

May 28, 2026 8 min read
Multi‑Stage VBScript Malware Analysis
This is a detailed breakdown of a malicious VBS script discovered on an endpoint within RADICL’s customer base as a result of RADICL’s custom EDR detection logic. The script executes a multi-stage attack designed to achieve persistence, evade detection, and deploy a secondary payload.
Threat Hunting and Intelligence

Multi‑Stage VBScript Malware Analysis

Jul 23, 2025 7 min read

Industry Analysis

Read More  
I Was Stressed, Now I Sleep at Night: DEWM's CMMC Journey with RADICL
Joe Roque sleeps better at night now that RADICL is helping DEWM prepare for their CMMC Level 2 assessment.
Industry Analysis

I Was Stressed, Now I Sleep at Night: DEWM's CMMC Journey with RADICL

Jun 15, 2026 5 min read
Inside DVI Training Systems' Cybersecurity Transformation with RADICL
DVI Training Systems found a reliable cybersecurity and compliance partner in RADICL.
Industry Analysis

Inside DVI Training Systems' Cybersecurity Transformation with RADICL

Jun 12, 2026 5 min read
Custom Case Pros: How a 2-Person Defense Company Is Getting CMMC Certified
Amber Provaznik, CEO of Custom Case Pros, shares why RADICL is the ideal compliance partner.
Industry Analysis

Custom Case Pros: How a 2-Person Defense Company Is Getting CMMC Certified

Jun 10, 2026 6 min read

Incident Response

Read More  
What Are Incident Response Solutions?
Incident Response

What Are Incident Response Solutions?

Apr 13, 2026 7 min read
A Day in the Life: Our vSOC Responds to the CrowdStrike Incident
On the evening of 7/25/24, CrowdStrike pushed a content update which caused Windows systems to crash and/or enter a reboot loop, rendering the systems unusable.
Incident Response

A Day in the Life: Our vSOC Responds to the CrowdStrike Incident

Jul 24, 2024 2 min read
I Spy a Ransomware Attack
Ransoming an espionage victim carries several advantages that can make it an ideal move for nation-state threat actors.
Incident Response

I Spy a Ransomware Attack

Jul 16, 2024 2 min read

Attack Surface & Vulnerability Management

Read More  
Iranian APT Actors Are Targeting Your PLCs — Here's What to Do
There was a joint advisory this week (AA26-097A) warning of active exploitation of internet-facing Programmable Logic Controllers (PLCs).
Attack Surface and Vulnerability Management

Iranian APT Actors Are Targeting Your PLCs — Here's What to Do

Apr 09, 2026 2 min read
CMMC Enclave: What It Is, When It Works, and How to Build the Right Compliance Boundary
Attack Surface and Vulnerability Management

CMMC Enclave: What It Is, When It Works, and How to Build the Right Compliance Boundary

Mar 26, 2026 11 min read
EP 9 - Palo Alto Networks' Daryan Dehghanpisheh on Vulnerability Management
Attack Surface and Vulnerability Management

EP 9 - Palo Alto Networks' Daryan Dehghanpisheh on Vulnerability Management

Jan 23, 2026 1 min read

Security Operations & vSOC

Read More  
Top SOC Service Providers (SOCaaS) for 2026
Security Operations & vSOC

Top SOC Service Providers (SOCaaS) for 2026

Mar 26, 2026 11 min read
Best MDR Providers for Regulated Industry & DIB Contractors (2026)
Security Operations & vSOC

Best MDR Providers for Regulated Industry & DIB Contractors (2026)

Mar 12, 2026 16 min read

Operational Resilience

Read More  
EP 57 - Cyber Resilience at the Crossroads
DIB Innovators

EP 57 - Cyber Resilience at the Crossroads

Apr 10, 2025 2 min read
EP 1 - Micro-Ant's Charles McCarrick on Innovation and Opportunity in the DIB
Micro-Ant's Charles McCarrick on Innovation and Opportunity in the DIB
DIB Innovators

EP 1 - Micro-Ant's Charles McCarrick on Innovation and Opportunity in the DIB

Dec 08, 2023 2 min read

The DIB Innovators

Celebrating the brilliant minds driving innovation in the Defense Industrial Base. Join host David Graff as he speaks with DIB leaders championing our nation’s security and shaping the future of defense technology.

Start Listening  
EP 105 — Delta.g's Tony Lowe on Taking Quantum Gravity Sensing From Lab to Field
DIB Innovators

EP 105 — Delta.g's Tony Lowe on Taking Quantum Gravity Sensing From Lab to Field

Jun 25, 2026 1 min read
EP 104 — Impac Systems Engineering's Justin Smart On Cutting The Weight From An Aerospace Part Without Losing Structural Performance
DIB Innovators

EP 104 — Impac Systems Engineering's Justin Smart On Cutting The Weight From An Aerospace Part Without Losing Structural Performance

Jun 23, 2026 1 min read
EP 103 — OpenC3's Greg Bonn On How A 20-Year-Old Defense Prime Spin-Out Turned Profitable In Year One
DIB Innovators

EP 103 — OpenC3's Greg Bonn On How A 20-Year-Old Defense Prime Spin-Out Turned Profitable In Year One

Jun 18, 2026 1 min read
RADICL_The Future of Cybersecurity_Logo
RADICL's Facebook RADICL's LinkedIn RADICL's X (Twitter) RADICL's Instagram RADICL's YouTube