CyberSpeaksLIVE

All things AppSec and Purple Teaming with Tanya Janca, founder of the We Hack Purple community platform.

In this lively episode we speak with several contributing authors of the wildly popular TRIBE OF HACKERS - BLUE TEAM EDITION book. 

Lesley Carhart (@hacks4pancakes) joins us for the reboot of CyberSpeaksLIVE featuring Alethe Denis (@alethedenis) as our new co-host.  Lesley is a Principal Industrial Incident Responder at the industrial cybersecurity company Dragos, Inc. She has spent more than a decade of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. She is also the founder of the PancakesCon virtual conference occurring on Sunday 3/21/21. Details about events, villages, talks, and miscellany are available on the website: pancakescon.com or by following the event on Twitter (@PancakesCon).  In her free time (when she has it), she enjoys various martial art forms an quite skilled with a blade. She also teaches the discipline of martial arts to the younger generations. 

Joe Gray is a passionate Information Security professional, mentor, and public speaker on the topics of OSINT and Social Engineering techniques and methodology. During this episode, Joe shares his insights with our listeners on the tools and techniques to become a social engineering professional using OSINT-powered methods.  Please note, this episode has a special intro featuring Adrian Korn from TraceLabs (https://tracelabs.org), a non-profit organization that assists law enforcement agencies locate missing persons through crowd sourced OSINT research and capture-the-flag style online events. Joe's Upcoming Book: Practical Social Engineering https://www.amazon.com/Practical-Social-Engineering-Joe-Gray-ebook/dp/B085BW1P6R/ Social Connections: Twitter: https://twitter.com/C_3PJoe https://twitter.com/TheOSINTion LinkedIn: https://www.linkedin.com/in/joegrayinfosec/

In this episode our hosts, Duncan McAlynn (@infosecwar) and @Ell_o_Punk, discuss what it takes to give a winning talk at industry conferences, along with questions & answers from our live online audience.  Topics covered include: Background Story Secrets of a Great Talk Choosing Your Topic Writing a Great Abstract Audience Participation Tips for Slide Decks Before Your Talk While on Stage After Your Talk Virtual Conference Considerations Tools of the Trade Like the episode? Keep the conversation going with the hashtag #winningtalks.

CyberSpeaksLIVE with Jim O'Gorman of Offensive Security (@offsectraining) and our panel of #OSCP certified experts discuss everything you need to know to prepare yourself for the exam. Our panel includes: Blind Hacker, @TheBlindHacker John Dorobek, @_zenmaster_ iansecretario, @Iansecretario_ Roger Whyte, @teckkie2k (candidate) Learn about the OffSec Giving Program: https://www.offensive-security.com/offsec/offsec-giving-program/ Join the Dead Pixel Sec community: https://deadpixelsec.com/ Follow the OffSec Community Lead, @TJ_Null, on Twitter Connect with NOVA region hackers: https://novahackers.com/ Help support the @DianaInitiative and their events: https://dianainitiative.org

::TALKING POINTS:: Mental Health in the Hacking Community and Globally Social Engineering Your Own Mindset Innocent Lives Foundation TraceLabs Mental Health and Wellness for Volunteers Tribe of Hackers Alethe Denis is a social engineer who specializes in open-source intelligence (OSINT) and phishing, specifically voice elicitation or phishing over the phone. Awarded a DEF CON Black Badge at DEFCON 27 for Winning the Social Engineering Capture the Flag (SECTF) contest, she is the VP of Dragonfly Security, CFO of PENGUIN, Voice & Data Services and a Founding Member of the DC209 DEFCON Group. She's presented at BSides San Francisco, the Layer 8 Conference, and WHackzCon as well as joined panels at DerbyCon and the Human Firewall Event. Most recently, she and her team 'Password Inspection Agency' placed Second in the TraceLabs Global Missing Persons OSINT CTF V. She also volunteers as a TraceLabs content contributor and judge (when she’s not competing) and is an Innocent Lives Foundation Advocate creating awareness of the Innocent Lives Foundation Mission. ::LINKS:: Trace Labs - https://tracelabs.org/ Innocent Lives Foundation - https://www.innocentlivesfoundation.org/ Alethe on Twitter - https://twitter.com/alethedenis Her security company, Dragonfly Security - https://dragonflysecurity.com/ Layer8 Podcast Series - https://anchor.fm/layer-8-podcast (Alethe's episode here)

In this episode, we're joined by the distinguished SANS Institute fellow Dr. Johannes Ullrich, expert red teamer, author and university instructor, Phillip Wylie, and veteran recruiter extraordinaire, Juliana Riahi. Together, along with our live online audience, we  discuss the various perspectives of what matters most when considering one’s career paths, salary ranges and challenges they may face along the way. Connect with our special guests co-hosts: Juliana - https://sttjobs.com/ Johannes - ‪@johullrich ‬ Phillip - @PhillipWylie Mentions: Internet Storm Center Daily Stormcast SANS Institute Pwn School Project Tribe of Hackers ISSA ISACA ISC(2) FBI InfraGard Meetup

This week we are joined by Jared Folkins (@JF0LKINS) as he introduces us to his open source honeypot sensor system, Kushtaka, that helps you detect cyber attackers before they become entrenched. Jared will be joined by Nathan McNulty (@nathanmcnulty), to give his firsthand account of using Kushtaka in production. This week we also introduce a new segment where we'll be highlighting a non-profit charity or upcoming conference each episode. This week we'll be talking with wirefall, founder of @Dallas_Hackers and board member @BSidesDFW. About Jared: After surviving the dot-com crash of the late 90s, Jared Folkins went on to have a long career in systems and programming. In 2013 he turned a hobby into a career and has never looked back. Known for having technical chops and a high emotional IQ, he enjoys working with those who prioritize goals and people, while placing egos last. He currently Red Teams for ThreatHound.com, Blue Teams for Bend La Pine Schools, and breaks down software while building up people at OpsecEdu.com. If you want his help or you just need a new InfoSec friend, contact him at JaredFolkins.com. Connect with Jared: LinkedIn - https://www.linkedin.com/in/jared-folkins-b18783179/ Twitter - @JF0LKINS

In this episode, we are joined by IoT security practitioner, Jennifer Reicherts. Jennifer currently works as a Senior Information Security Analyst for an independent Children's Hospital Network in Minneapolis, MN where she is using her passion for protecting patient care by applying her skills in the areas of IoT technology, Incident Response, Threat Intelligence, and Security Training.  Jennifer has spoken on the topic of the cybersecurity risks of IoT in Healthcare at conferences as well as private events.  She is a Certified Ethical Hacker, an Executive Board Member of her local InfraGard Member Alliance, and most recently will be joining a planning committee for the most popular cybersecurity event in Minnesota. Links mentioned in the show: https://www.iamthecavalry.org/wp-content/uploads/2016/01/I-Am-The-Cavalry-Hippocratic-Oath-for-Connected-Medical-Devices.pdf https://www.newamerica.org/cybersecurity-initiative/reports/do-no-harm-20/ https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf

In this episode, we are joined by the legendary Yuri Diogenes, Sr. Program Manager for Microsoft's Azure Security Center (ASC) product. Yuri has literally written the book on the subject and shares with us his keen insights into the platform, as well as CSPM and CWPP scenarios.  Here are some important links that Yuri has also shared with us: How to Effectively Perform an Azure Security Center PoC https://techcommunity.microsoft.com/t5/Azure-Security-Center/How-to-Effectively-Perform-an-Azure-Security-Center-PoC/ba-p/516874 Survival Guide to Drive your Secure Score Up in Azure Security Center https://techcommunity.microsoft.com/t5/Azure-Security-Center/Survival-Guide-to-Drive-your-Secure-Score-Up-in-Azure-Security/ba-p/752649 Azure Security Center documentation page https://docs.microsoft.com/en-us/azure/security-center/ Also be sure to grab a copy of Yuri's print or electronic book, Microsoft Azure Security Center 2nd Edition, from MS Press for 30% off during checkout using the special Cyber Speaks LIVE discount code, AZURESEC: https://www.microsoftpressstore.com/store/microsoft-azure-security-center-9780135752036. (Valid thru Nov. 28, 2019 only.)  PLEASE, also listen to and share the Ryen Macababbad episode on Vets in Cyber. It is probably the most important episode we've recorded to-date. The Azure product updates website mentioned during the show is available at: https://azurecharts.com. Enjoy! And, thank you to Nick Espinosa for providing data regarding the breaches of the week. Be sure to follow him on Twitter: @NickAEsp

In this special episode recorded live from #MSIgnite, I'm joined by Charles Burton of the Calcasieu Parish Police Jury and Mark Simos of Microsoft to discuss the topic of cybersecurity best practices in local governments.  Be sure to connect with our guest co-hosts and thank them for their appearance on the show: Charles Burton Information Technology Director, Calcasieu Parish Police Jury https://www.linkedin.com/in/cburton/ @CharlieBurton Mark Simos Lead Cybersecurity Architect, Microsoft https://www.linkedin.com/in/marksimos/ @MarkSimos

With Veteran's Day upon us, I was truly blessed to be joined by US Army veteran Sgt. Ryen Macababbad from Microsoft to discuss veteran transition to civilian life and the crisis facing our nation with veteran suicide rates. This is my proudest episode yet. Please listen, like and share. You never know who may need to hear the message that Ryen is sharing.   Show references:  Veteran's Suicide Prevention Hotline: 1-800-273-8255  Connect with Ryen on Twitter:  https://twitter.com/Ryen_Mac (@ryen_mac)  LinkedIn's program to support US veterans:  https://socialimpact.linkedin.com/programs/veterans  Daniel Savage on LinkedIn:  https://blog.linkedin.com/author/d/daniel-savage Microsoft Transition Program for Veterans, servicemembers, and military spouses  https://aka.ms/mssa  The Ultimate LinkedIn Cheat Sheet  https://www.linkedin.com/pulse/ultimate-linkedin-cheat-sheet-michael-quinn  Purepost military translation tool  https://www.purepost.co/

This week we get inside the head of red teamers by talking with Marcus and the guys about the latest edition of his book series, Tribe of Hackers - Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity. Beau and Phil get into the action as well, by sharing their unique perspectives as contributing co-authors to the book.  Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325 Phil's Pwn School Project: https://pwnschool.com/about-pwn-school/ Follow Them on Twitter: Marcus - @marcusjcarey Phil - @PhillipWylie Beau - @dafthack Threatcare: https://threatcare.com

Fil & Stas, founders of the disruptive AttackForge platform, were recently presenting at Black Hat USA Arsenal telling their story about why pen testing is broken – a term we do hear often in security - and how they are trying to solve the problems. In this episode of Cyber Speaks LIVE they shared their experiences and provided us with some keen insights for our listeners on this topic and provided a nice introduction to the AttackForge platform.

In this special edition of Cyber Speaks LIVE, we're joined by MA Taylor, the highly acclaimed film director of #TheCreepyLine to discuss how YOU are for sale and the data privacy & protection implications of #Google and #Facebook. We examine everything from the Cambridge Analytica scandal to confirmation bias to election manipulations and SO much more! This is a NOT TO BE MISSED episode!

*This is a special edition of Cyber Speaks LIVE, recovered from the archives.* In this episode we are joined by 34-year veteran of the NSA and now Center for Internet Security (CIS) Senior VP & Chief Evangelist, Tony Sager to discuss the history and formation of SANS Top 20 and how it's evolved into today's CIS Top 20 Security Controls and what Tony and the organization (along with hundreds of volunteers around the globe) are doing to help organizations of all sizes help protect and defend themselves.

Troy Hunt joins Cyber Speaks LIVE as a special guest co-host to discuss recent data breaches, personal information protection and measures we can take to help protect our personal and corporate online identities.  Troy is the founder of the wildly popular website, Have I Been Pwned (HIBP, https://haveibeenpwned.com), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web.  He is also an Australian Microsoft Regional Director, a Microsoft Most Valuable Professional (MVP) and a brilliant Pluralsight instructor. Links mentioned in the episode: Have I Been Pwned website: https://haveibeenpwned.com Troy's blog: https://troyhunt.com Troy's Twitter: https://twitter.com/troyhunt Have I Been Pwned Twitter: https://twitter.com/haveibeenpwned Security.txt File Search Engine: https://crawler.ninja The Creepy Line Documentary Film: https://thecreepyline.com

Ann Johnson, Corporate Vice-President of Cybersecurity at Microsoft, joins us to talk about how the company has transformed itself into a global security leader and how machine learning & artificial intelligence come into play. We also discuss Women in Tech, Motherhood and how diversity is critical in InfoSec.  Links referenced in this episode: Security Advisor Alliance https://www.securityadvisoralliance.org/ Microsoft Software & Systems Academy https://aka.ms/mssa   OUR SPONSOR This episode proudly sponsored by Ivanti - makers of industry leading, enterprise-ready 3rd party patch management solutions for Microsoft System Center Configuration Manager. Find out more at:  https://www.ivanti.com/products/patch-management-for-sccm 

In this lively episode, fellow Irishman, Joe Carson, and I discuss a variety of inter-related cybersecurity topics with regards to the overarching theme of Insider Threats. We covered a lot of ground in a short time. Check it out!  ## Here's the episode timeline: 12:52 - Vendors talking risk. 17:44 - Business Risk 21:54 - Cyber Security Frameworks 24:46 - Insider Threats 33:50 - Cyber Insurance Fraud 35:54 - Data Classification & Shadow IT 48:15 - Q&A (Don't skip this!) #About Joe: Joseph Carson has more than 25 years of experience in enterprise security, an InfoSec award winner, author of Privileged Account Management for dummies and Cybersecurity for dummies.  He is a CISSP and an active member of the cybercommunity, speaking at conferences globally.  He’s a cybersecurity advisor to several governments, as well as critical infrastructure, financial, and maritime industries. ## Joe's Book, Least Privilege for Dummies ## Start a Privilege Manager Cloud Trial