Tribe of Hackers Podcast

Dave is a partner at BlackThorne Consulting, where he  leads engagements against strategic assets in many industries across the globe. Dave is also a veteran of the U.S. Navy, where he spent 10 years in the intelligence and special programs communities.

Jeffrey Man is a respected information security expert, advisor, evangelist, and co-host of the security podcast Security Weekly. He has over 35 years of experience in all aspects of computer, network, and information security. Jeffrey has held various information security roles within the DoD as well as private-sector enterprises, is a former PCI QSA, and was part of the first penetration testing “red team” at the NSA. Twitter: @MrJeffMan Website: securityweekly.com/hosts 

This is a special Labor Day Quick Release celebrating the anniversary of Derbycon.Rural Tech Fund: https://ruraltechfund.org/Dave Kennedy has worked on cyberwarfare for the U.S. Marine Corps (USMC) and on forensics for theintelligence community, including two tours in Iraq. He has also served as the chief security officer (CSO) for a Fortune 1000 company with offices in more than 77 countries.  Then one day, he left that job and started his own.  He is the founder of TWO companies, TrustedSec and Binary Defense.  If you are an NBA fan, you might even see a logo from time to time.  He is also the founder of Derbycon, author of  UNICORN, and the Social Engineering Toolkit, has testified before congress several times, has been on TV nearly a hundred times, and is absolutely terrified bye clowns

Angela Marafino is an Evolve Security Academy alumna, a Microsoft project manager, and the co-host of the "Hacker Book Club". With no prior background in IT or computer science, Angela did not take the traditional route to obtain a career in cybersecurity. However, the desire for a more challenging career led her to enroll in a cybersecurity bootcamp, which gave her the skills and mindset necessary to become a cybersecurity professional. She is CompTIA Security+ and Network+ certified and holds two bachelor’s degrees, one in fine arts and another in pre-law. Angela is also the organizer of her local Women of Security (WoSec) chapter. Link to Hacker Book Club:  https://www.goodreads.com/group/show/1076604-the-hacker-book-club

Note: This is a special episode with @KeirstenBrager, the closing keynote speaker for this weekend's Diana Initiative virtual conference.  Keirsten Brager is a Sr. Security Consultant/NERC-CIP SME in critical infrastructure and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author Secure The InfoSec Bag: Six Figure Career Guide for Women in Security. She produced this resource to help women strategically plan their careers, diversify their incomes, and fire bad bosses. Keirsten holds a M.S. in Cybersecurity and several industry certifications, including GICSP & CISSP.  In her free time, she loves sharing career advice, studying Black history, and convincing women not to quit the industry.Diana Initiative Schedule:  https://www.dianainitiative.org/schedule/Diana Initiative Tickets: https://www.eventbrite.com/e/the-diana-initiative-2020-tickets-112263061840Topic/ Chapter List:00:00:03 Introduction00:02:14 Meet Keirsten00:02:30 "Excited and Terrified"00:04:47 Origin Story00:07:13 Do we have a cybersecurity skills shortage?00:08:47 Biggest myth in the industry00:11:06 People, Process, Technology00:12:50 Advice to those who are new00:18:40 Cautiously Optimistic on Progress00:20:32 Give back to the community FIRST00:23:03 Example: Last June Job Change and Linked In00:26:10 Uplift and be uplifted00:26:36 The Diana Initiative     http://dianainitiative.org00:28:22 About Keirsten's keynote: SDLC00:29:00 using SMART goals00:31:36 What are "SMART" goals?00:37:00 Career moves00:39:01 "Circle of Excellence"00:41:25 Money, money, money00:42:20 Negotiating benefits and salary00:44:48 Advice to a younger Keirsten00:49:20 Signing off, wrapping up

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday.  Chapter List: 00:00:20 Opening00:00:47 About @SheHacksPurple00:01:55 Tanya is here!00:02:21 Red Team, Blue Team, Purple Team00:04:20 Purple Trait: Empathy00:05:02 Purple Trait: Advocacy00:06:50 Young Coding00:08:04 Childhood and parents00:08:37 "The Shirt Story"00:09:12 Discovering that Code should be secure00:11:20 Educating Students00:12:15 "Cross Site Scripting" meaning00:13:52 Introducing WeHackPurple.com00:16:52 "DevSecOps" Definition00:19:02 Public Speaking00:19:54 Meet WOSEC00:22:45 Big Shoutout to Chloé Messdaghi00:24:22 Cyber Mentoring Monday00:26:15 Mentee Responsibilities00:28:25 Everyone needs a mentor00:29:56 Salary negotiations00:32:40 Less Traveling is good.00:34:30 Management vs. Leadership00:37:10 Diversity and Inclusion00:37:40 Shout out to Jane Franklin and Tara Wheeler00:42:22 Cookies!!!00:43:20 Advice to a younger Tanya00:46:34 Tribe of Hackers: Security Leaders00:49:00 Signing off, parting wisdom from Tanya

David Evenden is the founder of StandardUser Cyber Security, an educational security firm dedicated to bringing work to freelance hackers and bringing top-tier industry-standard information security certification training to the university classroom. David is an experienced offensive security operator with experience working in the U.S. intelligence community (IC). He learned Persian Farsi, worked at NSA Red Team, and was a member of an elite international team operating in conjunction with coalition forces to aid in the ongoing efforts in the Middle East. Topics list: 00:00:03 Introduction00:00:35 Meet @JediMammoth00:01:36 Origin Story00:06:10 Pensacola Cyber Training: Crash Course00:08:50 NSA Red Team00:11:20 Compartmentalization00:13:00 Learning and Teaching00:14:21 Making Decisions00:14:59 Dwight Schrute (not a typo) Philosophy 00:16:02 Fatherhood and its impact00:18:14 Challenges00:19:52 Darknet Diaries: Episode 47 https://darknetdiaries.com/episode/4700:22:12 Advice to a younger David00:24:10 Blue Team Challenges00:25:53 Mental Health Strategies00:27:20 Social Media and Toxicity00:29:05 Advice to Newbies00:29:40 The Innocent Lives Foundation  https://www.innocentlivesfoundation.org/00:32:18 Admiration00:34:00 Diversity00:36:01 Increasing Participation00:37:02 Shoutout: Lesley Carhart @Hacks4Pancakes00:37:13 Shoutout: Katie Nickels @ILikeTheCoins00:38:58 Virtual Conferences00:39:50 Advice to the Burnt Out00:41:38 Wrap up, Thanks

sn0ww  is a social engineering professional. At DEF CON 22 she won a black badge for the Social Engineering Capture the Flag (SECTF). sn0ww was also on the winning team for SAINTCON'S Vault Physical Security challenge, which won the team a black badge. Over the last five years she has presented and taught trainings at multiple InfoSec conferences. sn0ww has performed a variety of Social Engineering assessments for clients ranging from start-ups, Fortune 100 companies, to government agencies as well as assisted consultancies build out their Social Engineering services.Topics include:00:00 Introduction00:53 Professional Liar sn0ww01:40 Origin Story: DEFCON04:05 Social Engineering Capture the Flag04:40 Chris Hadnagy @HumanHacker gives books and advice07:20 Choosing Pretexts08:50 Social Media and OSINT10:55 Contest to Career!12:10 Twitter incident discussion13:00 Types of Insider threats17:45 Human Beings are the weak link18:30 Women and Social Engineering20:50 Typical Engagement Description26:46 COVID19 and Red Teaming29:00 Red Team Community30:25 Discussing BSides35:00 Mental Health and COVID1936:20 Advice to a younger sn0ww36:58 "Darknet Diaries" episode 2238:20 "Get out of Jail Free" card and social engineering39:50 sn0ww gets caught44:50 Personal advice for listeners

Twitter: @PhillipWyliePhillip Wylie is a penetration tester with more than 21 years of experience in information technology and information security. He is an adjunct professor teaching ethical hacking and web app pentesting at Richland College in Dallas, Texas. Phillip is the founder and director of the Pwn School Project, an educational meetup group teaching pentesting and ethical hacking skills. He holds the following certifications: OSCP, GWAPT, and CISSP.In this episode, we will discuss:0:00 intro0:30 about Phillip Wylie:01:15 Origin Story  3:03 What About Samson the Bear? About Professional Wrestling4:29 CAD draftsman to Novell Engineer5:45 Aer certifications important? 6:36 Blueprint to PenTesting8:07 Advice to pentesting students8:55 Writing and Communication Skills10:38 The PwnSchool Project12:15 PwnSchool starts out discussing OffSec, but expands to many more topics14:06 ITSP Podcast on Origins15 :30 BADASS army @KatelynBowden17:00 Non Consensual Image Abuse and BADASS Army18:34 COVID19 and Conference Appearances- the good and bad20:32 Phillip finds Tribeof Hackers21:36 Mentorship and the awesomeness of @DHAhole22:35 Giving back23:50 Mental Health and helping others——25:26 Everyone has something to share27:34 What does “Hacker” mean28:30 People Phillip admires 29:45 DeWayne Johnson chit chat—30:40 community31:30 Advice to a younger Phillip Wylie32:15 Phillip on twitter: @PhillipWylie Youtube:  PLWylie.  Personal website TheHackerMaker.com And PwnSchool.com

Emily Crose is a security researcher and professional with over 10 years of experience including a total of 7 between being an officer for the Central Intelligence Agency and the National Security Agency.Time Stamps/ Topic List00:00:00 Introduction to Episode 11, Emily Crose00:01:17 History of Hacking00:02:49 MELISSA.vir00:05:50 Career Start at NSA00:07:38 Hunt Methodology and OSINT00:14:02 Comic Sans is evil and must be destroyed00:16:05 Muckrock   http://Muckrock.com00:18:20 Conspiracy Theories00:26:41 Privacy Questions00:31:49 Are we safer?00:35:20 Optimistic Words from Emily, Wrap up

In this episode, industry pioneer Chris Hadnagy explains the role of psychology, empathy, and personal growth in the Social Engineering field.   Here are some of the topics covered:0:00 Content Warning:  Child Abuse, Child Sexual Trauma00:30 Introduction to Episode 10 featuring Chris Hadnagy01:30 Chris in retrospect: teenage years, 20s, computers, and then “Social Engineering”03:30 What is social Engineering?05:00 Psychology’s Role in the Framework10:22 Social Engineering: Is there anything that is “off limits”?  12:00 "Find another Way" 14:20 The Origin Story of The Innocent Lives Foundation, @InnocentOrg18:50 The Infosec industry and CST (Childhood Sexual Trauma)20:00 Innocent Lives Foundation Non-Vigilantism, Mental Health and Safety22:30 Chris's Advice to anyone who finds CP23:50 A Shocking Statistic about Child Predators25:00 Capture the Flags and the Establishment of the SECTF at DEFCON17 (shoutout to @DarkTangent)28:00 What is the SECTF?  29:40 SE Village as an "Oasis"30:45 OSINT's role33:00 Alethe and Rachel have changed the entire game of social engineering34:00 Chris's philosophy on being a boss37:08 Unconditional praise for Ryan McDougall 38:20 Entrepreneurship and Risk44:40 "Cooking Through" COVID19 Isolation46:30 Virtual Workers, Virtual Teams50:30 Advice to a younger Chris52:00 Wrap up: How you can help Innocent Lives FoundationAbout Chris: Christopher Hadnagy is the founder and CEO of Social-Engineer, LLC, and the CEO of the nonprofit Innocent Lives Foundation. Chris possesses more than 17 years of experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. Chris established the world’s first social engineering penetration testing framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource, including a podcast and a newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private-sector professionals. In 2017, he started an InfoSec community initiative nonprofit called The Innocent Lives Foundation. He gathered experts from the field in OSINT, investigation, and other areas to help assist law enforcement in tracing, tracking, and unmasking child predators who try to hide online. More information can be found at www.innocentlivesfoundation.org. Follow Chris Hadnagy: @HumanHackerFollow Tribe of Hackers podcast: @ToHpodcastFollow RayRedacted: @RayRedacted

Cheryl Biswas loves being a Threat Intel Analyst with TD Bank in Canada and assessing threat actors, vulnerabilities, and exploits. She is a Political Science graduate, ITIL certified, and took the long way to InfoSec. She actively shares her passion for security online as a speaker, volunteers at conferences, and champions diversity as a founding member of The Diana Initiative.Twitter: @3ncr1pt3dWebsites: whitehatcheryl.wordpress.com and www.linkedin.com/in/cherylbiswasCHAPTERS (use the chapter feature on your podcast player!)00:00:00 Intro00:01:02 Cheryl's Origin Story00:03:20 Twitter and the Kardashians of InfoSec00:04:20 Welcoming newbies, how awesome is @sn0ww00:05:20 Seriously... everyone loves @sn0ww00:07:45 Alice in Security Wonderland. https://www.linkedin.com/pulse/my-first-con-alice-security-wonderland-cheryl-biswas/)00:10:45 Diana Initiative Mission https://www.dianainitiative.org00:11:50 Cheryl's First talks, shoutout to @mainframed76700:18:05 DEFCON and Diana00:25:40Advice to a younger Cheryl00:27:00 Cheryl's COVID 19 observations00:32:30 Cheryl's favorite books: Countdown to Zero Day by @KimZetter00:34:55 Andy Greenburg's book "Sandworm”00:37:20"The Shadow War" by Jim Sciutto00:38:55 "Women in Tech" by Tarah Wheeler00:39:42 Life Hacks00:43:10 Toxic Behavior and Twitter00:47:50 Closing thoughts

In this extremely wide ranging interview, we discuss:00:00 Intro01:25 Software Defined Radios, Promiscuous Pagers, Oh My05:38 "Responsible Encryption" isn't.  09:16 Clipper Chip Zombie (Shoutout: @mattblaze)13:55 Intentional Flaws (Shoutout: @RGB_Lights)15:36 Eternal Blue? Forever Yellow.30:04 Attribution and Distraction36:14 Electronic Frontier Foundation  https://eff.org41:45 Right to Repair, shoutout to @Tarah43:07 Election Security Concerns , another shoutout to @mattblaze49:26 Advice to a younger Jake54:05 Resume Review Advice56:56 Conferences, Summits, Sign Off. (Shoutouts: @hacks4pancakes, @DianaInitiative, @dakacki )About Jake Willliams:InfoSec professional. Breaker of poorly written software. Incident responder. Digital defender. Business bilingual. Jake Williams treats InfoSec like the Hippocratic Oath: First do no harm. By addressing realistic risks, Jake helps businesses create secure environments that actually function. He penetration tests organizations so they can find the weak spots before an attacker does. When an attacker does find a weak spot first, Jake works with the organization to remove the attacker, assess the damage, and remediate the vulnerabilities that allowed the attacker access in the first place. Jake is also a prolific conference speaker, an instructor, and an InfoSec mentor.

Ian Anderson is a security manager focusing on the relationships between information technology and operational technology and how those relationships work to defend industrial control systems. He is also interested in risk and governance and identity management within enterprise environments. Ian is a graduate of the University of Oklahoma and maintains GSLC, GCIH, and CISSP certifications.

Lesley Carhart  is a principal threat analyst for the Threat Operations Center at the industrial cybersecurity company Dragos, Inc. She is recognized as a subject-matter expert in cybersecurity incident response and digital forensics, regularly speaking on the topic at conferences and universities.She has spent the last 11 years of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. Prior to joining Dragos, she was the incident response team lead at Motorola Solutions, performing digital forensics and incident handling services for both enterprise and public safety customers. In 2017, Lesley was named a “Top Woman in Cybersecurity”by CyberScoop news and received the “Women in Technology” award at Guidance Software’s Enfuse Conference.In her free time, Lesley co-organizes résumé and interview clinics at several cybersecurity conferences, blogs and tweets prolifically about InfoSec, and is a youth martial arts instructor.

Dan Tentler is the executive founder of Phobos Group. He has a long history of both attack and defense roles, as well as public speaking engagements and press interviews. Dan has made a name for himself and Phobos Group by approaching security from an entirely new direction, resulting in routine discoveries that have had a major impact on customers as well as the greater security landscape. 

On this episode, we talk to Kim Crawley, who is a regular contributor to the corporate blogs for Tripwire, Cylance, Venafi, AlienVault, and Comodo. She has previously written for Sophos’ Naked Security and CSO, and has also appeared in 2600 Magazine. She loves JRPGs, black clothing, Swedish Fish candy, her weird boyfriend, and her equally weird platonic friends. In this episode, we discuss the following:- Hacking "AUTOEXEC.BAT" and "Archie"- Kim's "origin story"- @hacks4pancakes and #PancakesCon- @TheManyHatsClub and @TheBeerFarmers- Diversity and Inclusion and @DianaIntitiative- Autism and Autism Activism- The meaning of #ActuallyAutistic- Greta Thunberg @GretaThunberg- A big announcement about @shehackspurple!- Upcoming Disinfosec.tech conference 6/13

This week on the Tribe of Hackers podcast, we talk with wirefall.   Follow us on twitter: https://twitter.com/ToHpodcastFollow Ray on twitter: https://twitter.com/RayRedactedFollow wirefall on Twitter: https://twitter.com/DHAhole 

For Season 1, Episode 2, the Tribe of Hackers podcast is pleased to welcome Tracy Maleeff, a.k.a. the "InfosecSherpa"Tracy Z. Maleeff is an information security analyst for the New York Times Company. She earned a master of library and information science degree from the University of Pittsburgh, as well as undergraduate degrees from Temple University (BA, magna cum laude) and Pennsylvania State University (AA). Tracy holds a SANS GIAC GSEC certification. As an "InfoSecSherpa", Tracy is an active member of the InfoSec community and frequently shares her expert knowledge through her OSINT blog and InfoSec newsletter, in addition to Twitter. Tracy has given talks at DEF CON’s Recon Village, DerbyCon, and several BSides events. In her past career as a librarian, Tracy earned the honor of being named a Fellow of the Special Libraries Association and has won the Dow Jones Innovate Award and the Wolters Kluwer Innovations in Law Librarianship Award.You can subscribe to Tracy's Nuzzel newsletter here:  https://nuzzel.com/InfoSecSherpaFollow us on twitter: https://twitter.com/ToHpodcastFollow Ray on twitter: https://twitter.com/RayRedactedFollow Tracy on Twitter:  https://twitter.com/InfoSecSherpa

Welcome to the Tribe of Hackers Podcast.  In this premier episode, ToH Podcast host Ray [REDACTED] interviews Marcus J Carey, the author of the Tribe of Hackers series of books.