Secure AF - A Cybersecurity Podcast

Seriously, do you know where your data is? It’s an often overlooked question in cybersecurity. In the case of an incident, without knowing where your data is, how do you know what’s been accessed? Where else that data might be? What’s needed to remediate? And what’s less crucial to restore?But even before an incident, how do you know what to protect if you don’t know where your critical and privileged information is? How do you best allocate time, manpower, and resources in the absence of knowing what needs most attention?In this episode, we'll discuss how to answer these questions, from what a Data Inventory is to how to conduct one to why one is crucial to your organization’s overall cybersecurity preparation and maturity.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

What good is a Pen Test? There are a host of answers - knowing your environment, identifying dangers, implementing remediations, meeting compliance.  But how should a CISO view a Pen Test given their unique role in the organization? How do they best understand the need, the conduct, the reporting, and the follow through? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt shares his experience and expertise both in his years in the role and as a consultant for other organizations.  Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Alias stays at the cutting edge of the cybersecurity threat frontier. Today on the SecureAF Podcast, Donovan Farrow and Tanner Shinn discuss a 2023 retrospective with a view to how last year helps us understand and prepare for 2024.  Listen, learn, be prepared. We're here to support you, 24/7/365.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Cybersecurity is critical to an organization. But cybersecurity is only part of a robust security posture. It’s equally important, and in fact of first importance, to assess information security. You need to assess what privacy guidelines, compliance, and best practices entail what data you can have so you can determine the security needed to keep it safe.On this episode of the SecureAF Podcast, host Jonathan Kimmitt is joined by Andrew Hernandez, Director of Risk Management at Trapp Technology to discuss why this framework matters and how to position your organization for secure information and cybersecurity.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Scheduling a cybersecurity engagement can be stressful, for client and pentester alike. Both want the same thing - a well conducted, accurate assessment of the client infrastructure to provide the best value add to bolster cybersecurity.  It helps to start from a shared set of standard expectations and practices. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox discuss the 5 Rules of Engagement that every pentester and customer should know and commit to. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

wWhat's the Final Frontier? For Trekkies, it's space. For cybersecurity, it's Critical Infrastructure. Might not sound exciting, but the risks from poor security and the rewards of strong controls might get you to sit up and take notice. Maybe even motivate you to boldly go where no ethical hacker has gone before. On this episode of the SecureAF Podcast, Donovan Farro and Phillip Wylie discuss why Critical Infrastructure matters, where the vulnerabilities are (such as being 20 yrs behind in awareness and implementation), what Alias does to test, and what you can do to secure your environment. Hear stories ranging from the serious to the surprising. Listen to hear our favorite ICS story from the interwebs - the little known but infamous Turbopig.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Wondering what the best path into cybersecurity is? Here's a hint: There's not one answer. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox share very different stories of getting into the field. Even with different paths, they'll share what they have in common and what you should think about and do if you want to become an ethical hacker. Spoiler alert - one of their recommendations is to find internships. Alias is currently accepting applications here: https://bit.ly/3TMDWM0Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

You may have heard of Penetration Tests. You may know you need one. You may have had one or more. But do you know there's more than one type? More than one take? More than one test? On this episode of the SecureAF Podcast, Alias Principal Security Engineer Tanner Shinn and CISO Jonathan Kimmitt discuss the types of Pen Tests, how they're conducted, what they measure, and why they are needed. You'll walk away more informed about this important cybersecurity topic and more ready to know what you need to secure your environment.  We're always here as a resource to educate, empower, and offer the best services to fit your needs.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

There has been a lot of news about the alleged incident experienced by Integris. Some of you may have even received emails from the threat actors revealing personal information to solicit money. This is not the first attack to leverage the threat of leaked data for monetary reward. It is among the first for the threat actors to directly appeal to the individual victims.  Join host Donovan Farrow and guest Chris Yates for a discussion about the cybersecurity backdrop to this assumed incident, what we know about what has happened, and what you can do to protect yourself. Whether you’re a victim in this or not, the podcast will help you better understand what you hear in the news and better protect yourself against attacks.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

You know you need regular penetration tests to ensure your network is secure. You know the steps to remediate the findings and take the recommended actions to continue on a path toward cybersecurity. But what about what you don't know? What about what the penetration test doesn't cover or doesn't reveal?On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Director of Security Phillip Wylie share their insights on what penetration tests should cover, what they often don't, and how to verify you're getting what your organization needs. These two bring a holistic viewpoint, from policy and procedure to on-the-ground network testing.  Find out what you need to know and how to act on it.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

The Solar Winds breach is not news. The CISO being personally named in the investigation is. Although not the first CISO to be so identified, this is the most high profile.  This raises questions for the future of CISO role and responsibility and IT more generally. Should an individual be held responsible for an incident? What is their responsibility to monitor and report? Does this responsibility extend from C-Suite to SOC Analyst? What legal precedent might this set? On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Principal Engineer Tanner Shinn discuss these questions. The conversation is far ranging, from the immediate Solar Winds event to the broader questions it poses.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

If you follow our socials, you know Phillip Wylie recently joined the Alias crew! We’re excited to welcome him to help us build our team’s presence supporting organizations’ and individuals’ growth in cybermaturity. Join Alias CISO Jonathan Kimmitt to hear his story of getting into cybersecurity, what’s brought him to Alias, and what's to come. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

It requires technical expertise to respond to a breach. It requires thinking like a hacker to know where to go, what to do, and what level of response is appropriate. It requires the human element. But humans aren't machines. Your staff and any outside experts require basic needs to be met: food, shelter (well, at least sleep), probably a lot of caffeine. In a crisis, it's easy to not attend to those. How much easier is it to not attend to the interpersonal dynamics both during and after an incident, to restore your people and not just your network to safety and stability. On this episode of the SecureAF Podcast, Alias CISO Jonathan Kimmitt and Communications Director Todd Wedel discuss the human side of incident response. They'll discuss principles and best practices from both a general perspective and from lessons learned in the trenches.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Did you know some ransomware groups have customer support better than major businesses? That the negotiations might feel more like a regular corporate transaction than a back-alley holdup?On this episode of the SecureAF Podcast, CEO Donovan Farrow and Security Team Lead Tanner Shinn share their experience working the business side of an Incident Response. You'll hear stories of every size and brand of company, lessons learned, and tips for how to respond. It's a fitting topic to begin Cybersecurity Awareness Month - join us to become more aware and armed to protect yourself, your business, and your community!Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

You know you may be a target. But what about your family? How could a hacker leverage those closest to you to gain advanced access to your work? Recently on the And Security For All podcast, Alias CISO Jonathan Kimmitt and Security Team Lead Tanner Shinn discussed this question. You can listen to their conversation here. On this episode of the SecureAF Podcast, they turn a Blue Team eye to your family. Join us as they discuss steps they currently take or would take with their family to ensure bad actors won’t use them as avenues of attack. Listen for yourself to learn how to keep your family safe. Listen for (or even with!) your organization to learn how to support your employees and coworkers to build a secure company culture, starting at home.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

What were the lessons from Defcon 31? What were the most noteworthy experiences of the conference (Hint: it's not all about the talks and villages). On this episode of the SecureAF Podcast, join Alias Security Team Lead Tanner Shinn and Security Engineer Keelan Knox to hear what they learned and what went down this year at Defcon. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Headed to DEF CON? Want to know what you should know and where you should be? And most importantly, how to survive? On this episode of the SecureAF Podcast, host Donovan Farrow and guest Tanner Shinn talk all thing DEF CON. New to DEF CON? Learn from us how to make the most of the experience. Returning to DEF CON? Remember best talks and best places to go and people to meet (including our team!). Not attending this year? Get a sense of what you’re missing and why you should attend next year.Watch or listen, then hit us up in person. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Digital forensics may be something you don't think about. Or think about only after an incident or breach. But knowing what techniques and tools are used will help equip you to understand your potential vulnerabilities and strengthen your security posture. And you'll gain more insight into the work an Incident Response team does. In this episode of the SecureAF Podcast, Alias CEO and digital forensics expert, consultant, and expert witness will share his experience and expertise. He'll share the technical techniques and tools, including in the video version a demonstration by our digital forensics engineer Andrew Peters, as well as stories of exploits and engagements. Listen to hear this important and interesting topic from our dynamic leader. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

The SecureAF Podcast is 50! Listen this week as our hosts discuss a critical topic in cybersecurity. Your environment may be unique. Your business may feel to small to be noticed. But to a hacker, everyone is a target of opportunity, and every target may yield to the same avenues of attack. On this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss how to view your environment from the perspective of the attacker. And it’s not just your network. It’s your people. Our hosts will cover how to consider not just appropriate security controls but how to approach culture change so that your people become your first line of defense. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Want to become a Pentester rather than a Thintester? Want to find out what a Thintester even means? In this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss one of our often-asked questions: What do I need to do to become a Pentester? They'll talk about what qualities and experiences prepare you for the role (you might be surprised!) and why knowing the why more than just the what of how to use tools and leverage exploits matter. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.