Claim Ownership

Author:

Subscribed: 0Played: 0
Share

Description

 Episodes
Reverse
There is something about a good spy story that seems to really resonate with people in the cybersecurity world. We love watching the moves and the counter moves, and the sneaking around, and the social engineering, and hacking, and all of the gadgets and toys, and car chases, and fights and double crosses and triple crosses. Yeah, you get the point.  But how much of that is real and how much can be chalked up to an author's creative license? And what's life and work like for real people in the intelligence industry? This episode features two guests: ex-CIA agent Peter Warmka and Andrew Hammond, historian and curator at the International Spy Museum. Guests: Peter Warmka (LinkedIn) (Twitter) (Website) Andrew Hammond (LinkedIn) (Twitter) (Website) Books and References: Confessions of a CIA Spy: The Art of Human Hacking, by Peter Warmka The CIA Guy & CIA Spy Podcast, Peter Warmka and Robert Siciliano Peter Warmka Videos International Spy Museum website SpyCast Podcast, hosted by Andrew Hammond INTEL.gov The Evolution of Espionage in America, INTEL.org Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
For this week, we are revisiting a previous episode that first aired as Season 1 Episode 10. In this episode, we discuss the concept of security culture -- specifically, the difficulty that security leaders have in defining what a security culture actually is. Luckily, we can draw on learnings from organizational culture management and culture transformation experts. Guests for this episode include, David Sturt, Executive Vice President of the O.C. Tanner Institute, author of Great Work: How to Make a Difference People Love and Appreciate: Celebrating People, Inspiring Greatness., Dr. Jessica Barker (co-CEO and Co-Founder, Socio-Technical Lead at Cygenta; author of Confident Cyber Security and co-author of Cybersecurity ABCs), Kai Roer, Chief Research Officer at KnowBe4, creator of the Security Culture Framework, author of Build a Security Culture, and Michael Leckie, founding partner at Silverback Partners, LLC and author of The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good. Guests: David Sturt Dr. Jessica Barker Kai Roer Michael Leckie References, Resources & Books: Security ABCs Part 1: Make Awareness Transformational, 8Li Season 1, Episode 9 4 Ways to Build a Thoughtful Security Culture, by Perry Carpenter 7 Tips for Building a Strong Security Culture, by Perry Carpenter Appreciate: Celebrating People, Inspiring Greatness, by David Sturt Build a Security Culture, by Kai Roer Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Jessica Barker Culture Rules! The 10 Core Principles of Corporate Culture, by John R. Childress Cybersecurity ABCs: Delivering awareness, behaviours and culture change, by Jessica Barker, Adrian Davis, and Bruce Hallas Great Work: How to Make a Difference People Love, by David Sturt The Heart of Transformation: Build the Human Capabilities that Change Organizations for Good,, by Michael Leckie The Importance Of A Strong Security Culture And How To Build One, by Perry Carpenter Perry Carpenter's (ISC)2 Info Security Professional Journal 4 episode series on Security Awareness (Episode 1, Episode 2, Episode 3, Episode 4) Security Culture and Credential Sharing, KnowBe4 Research Security Culture Report 2021: A Global Security Culture Perspective During a Pandemic, KnowBe4 Research Seven Dimensions of Security Culture, KnowBe4 Research Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
On this episode, Perry sits down with Jenny Radcliffe (a.k.a. The People Hacker). Jenny is a well-known speaker, podcaster, professional social engineer, and physical penetration tester… in other words, she’s a social engineer who specializes not only in tricking people into doing things they shouldn’t do… but she also specializes getting into places she shouldn’t be and finding things she shouldn’t be able to find. Her job is to embody the criminal mindset and use the skills of a criminal to find the vulnerabilities that a criminal would find. In this interview, Jenny talks shop about her path to becoming a full time social engineer, the realities of penetration testing, inherent vulnerabilities in buildings and humans, and how to continuously improve at anything. Guests: Jenny Radcliffe (LinkedIn) (Twitter) (Website) Books and References: Bruce Schneier blog about the Security Mindset Video -- Jenny Radcliffe: How I Fooled A £2mil Security System Jenny's interview on the Jordan Harbinger Show Jenny's interview on Darknet Diaries Jenny's interview on the Security Mastermind's Podcast The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Harvard Business Review article on the Principles of Persuasion A blog series Perry did on Deception (Part 1), (Part 2). Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition. Guests: Christina Lekati (LinkedIn) (Twitter) Chris Kirsch (LinkedIn) (Twitter) Books and References: Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition, research by Chris Kirsch referenced in this episode YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours The OSINT Curious project DEFCON Social Engineering Community 15 top open-source intelligence tools, CSO Online Top 25 OSINT Tools for Penetration Testing, SecurityTrails WebMii.com Hunter.io Wigle.net Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Threat Modeling: Designing for Security by Adam Shostack What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
In this episode, Perry talks about the value of storytelling and provides 7 tips for anyone who faces the fear associated with staring at a blank screen, wondering how they can begin to create fresh content. This is adapted from a presentation Perry recently gave at the 2022 SANS Security Awareness Summit. Books & Resources: Overview of "The Iron Triangle" Visual Summary of Perry's SANS Security Awareness Summit presentation YouTube Video: You are not a storyteller - Stefan Sagmeister @ FITC Security is Alive: 8th Layer Insights, Season 2, episode 6 Creativity for Non Creatives: 8th Layer Insights, Season 2, episode 10 Igniting and Sustaining Creativity: 8th Layer Insights, Season 2, episode 1 Unleashing Trojan Horses for the Mind: 8th Layer Insights, Season 1, episode 1 Steal Like an Artist: 10 Things Nobody Told You About Being Creative, by Austin Kleon Show Your Work: 10 Ways to Share Your Creativity and Get Discovered,, by Austin Kleon MasterClass -- Margaret Atwood Teaches Creative Writing "Everything is Alive" Podcast Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
In this episode, Perry sits down with Mikko Hyppönen for a wide ranging discussion about the history, current state, and future of cybersecurity. We also discuss Mikko's new book, the title of which is derived from Hyppönen's Law: If It's Smart, It's Vulnerable. Guest: Mikko Hyppönen (LinkedIn) (Twitter) (Web) Books & Resources: If It's Smart, It's Vulnerable, by Mikko Hyppönen Mikko's TED Talks Daemon, by Daniel Suarez Internet of Things and data placement, by Dell Technologies Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
This is a follow-up to Season 2, episode 4 –Bridging the Cyber Skills Gap. Many listeners contacted me saying that they loved the episode, but wished that I’d put more focus on people trying to find a career in cybersecurity later in life. So, consider this episode a Bridging the Cyber Skills Gap Part 2. We’ll hear the stories of several people who’ve come to cybersecurity a bit later in life. This episode features interviews with Alethe Denis, Tracy Z. Maleeff (a.k.a. InfoSec Sherpa), Phillip Wylie, Lisa Plaggemier, Naomi Buckwalter, and Alyssa Miller. Guests: Alethe Denis (LinkedIn) (Twitter) (LinkTree) Tracy Z. Maleeff (a.k.a. InfoSec Sherpa) (LinkedIn) (Twitter) Phillip Wylie (LinkedIn) (Twitter) (Medium) Lisa Plaggemier (LinkedIn) (Twitter) Naomi Buckwalter (LinkedIn) Alyssa Miller (LinkedIn) (Twitter) (Website) Books & Resources: The Cybersecurity Career Guide, by Alyssa Miller The Pentester BluePrint: Starting a Career as an Ethical Hacker, by Phillip Wylie The Hacker Factory Podcast | With Phillip Wylie Building the Next Generation of Cybersecurity Professionals, LinkedIn Learning course from Naomi Buckwalter 8Li: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More How to Break Into Cybersecurity, article by Katlyn Gallo Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
Cyber Mindfulness

Cyber Mindfulness

2022-08-0947:19

You've probably been hearing the term 'mindfulness' a lot these days. And for good reason. We humans seem to be busier and more stressed out than ever before, and mindfulness practices seem to offer positive benefit. But how does mindfulness intersect with cybersecurity? What practices can we learn and promote to decrease human risk in our organizations and live safer digital lives? In this episode, we explore the topic of cyber mindfulness. And to do so, we'll be hearing from Anna Collard, Michael Davis, and Yvonne and Jasmine Eskenzi. Guests: Anna Collard (LinkedIn) (Twitter) (Company Site) Michael Davis (LinkedIn) (Company Site) Yvonne Eskenzi (LinkedIn) (Twitter) (Company Site) Jasmine Eskenzi (LinkedIn) (Twitter) (Company Site) Books & Resources: The Zensory App Research Paper: The current state of mind: A systematic review of the relationship between mindfulness and mind-wandering Research Paper: Training to Mitigate Phishing Attacks Using Mindfulness Techniques Research Paper: Understand the mistakes that compromise your company's security University of Dayton's Cyber Mindful program overview The Human Firewall: 3 Mindfulness Techniques Your Team Can Use to Prevent Phishing Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
On this bonus episode, Perry sits down with physical penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers (TOOOL), Deviant Ollam. They discuss lockpicking, physical penetration testing, locksport, and the ethics of teaching these skills. Guest: Deviant Ollam (Twitter) (YouTube) (Website) Books & Resources: 8th Layer Insights S2E8: Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More Lockpicking Resources from Deviant Ollam Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, by Deviant Ollam. (Amazon affiliate link) Practical Lock Picking: A Physical Penetration Tester's Training Guide, by Deviant Ollam. (Amazon affiliate link) TOOOL US -- The Open Organization of Lockpickers TOOOL US instructional videos on YouTube The Official TOOOL Slides The Lockpicking Lawyer on YouTube Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
On this bonus episode, Perry sits down with investigative journalist, speaker, podcaster, and author, Geoff White to talk about his path into investigative journalism, podcasting, and his new book, "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War." Guest: Geoff White (LinkedIn) (Twitter) (Website) Books & Podcasts: Lazarus Heist Book Lazarus Heist Podcast Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
Please take the listener survey--->>> https://www.surveymonkey.com/r/8LI_Survey <<<--- One of the things that defines 8th Layer Insights is the amount of writing, editing, and production that’s involved. Each episode generally takes about 30 hours of work to complete. And, since this is a personal project, that equates to quite a few late nights and weekends. It can be exhausting… but it’s totally worth it.  YOU make it worth it. One of my main goals is ensuring that I’m doing everything possible to make this show sustainable AND continuing to improve and to never sacrifice quality. So – with that being said – I’ll let you in on how I’m planning to do it. Just a couple weeks ago, I created a company called 8th Layer Media and have brought on a brilliant partner – his name is Mason Amadeus. Mason will serve as a co-Creative Director and Production Manager. (like Carl, but more competent).  Don’t worry – Carl will still be around in season 3 and beyond. It’s hard to unseat Carl. But Mason will play a big part in increasing my capacity. Here’s where you can help: we need your input on what’s working with the show and what can be improved. We want your honest, unfiltered feedback so that we can make a show that isn’t just good – it’s great… consistently great. We also want to get information on how you first found out about 8th Layer Insights, what topics you want the show to explore and more. We even want to know if you have better ideas for the name of the show. …Seriously, if you submit an alternate show name, and we decide to adopt that name, you’ll win a $300 Amazon gift card. There will be other prizes as well. If you’re ready to help shape the future of 8th Layer Insights, take the survey: https://www.surveymonkey.com/r/8LI_Survey Survey closes Friday, June 3, 2022. Perry's Books: Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Wondering who Mason is? Here are a few links: Twitter (@itsMasonAmadeus) Website (https://masonamadeus.com/) Podcast (PodCube) Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerMedia [dot] com
If you could interview a password, what questions would you ask? Today, May 5th, 2022 is World Password Day. World Password Day was first established in 2013 and is celebrated each year on the 1st Thursday in May. To celebrate, I thought it would be fun to share an excerpt of a previous episode ("Security is Alive") where I interviewed multiple security-related objects. This clip is my interview with Dave the Password. Stick around after the interview for a few password-related tips and best practices!
Creativity can be a scary topic for technologists. Most of us haven't been trained in the art and science of creativity and so they either feel out of their depth when called on to create content. But it doesn't have to be that way. In this episode, Perry sits down with New York Times bestselling author, Michelle Richmond, Audible bestselling author Rob Dircks, and two critically acclaimed cybersecurity podcasters, Ran Levi (creator and host of the Malicious Life podcast) and David Spark (creator and host of the CISO Series podcast) to discuss creativity, how to create relatable content, and how to communicate technology-related content in clear and compelling ways. Guests: Ran Levi (LinkedIn) (Website) David Spark (LinkedIn) (Website) Michelle Richmond (LinkedIn) (Website) (Amazon Page) Rob Dircks (LinkedIn) (Website) (Amazon Page) Books and Resources: 8Li Season 1, Episode 1: Unleashing Trojan Horses for the Mind 8Li Season 2, Episode 1: Igniting and Sustaining Creativity 8Li Season 2, Episode 2: You're Listening to "The Dark Stream" 8Li Season 2, Episode 3: Technology & the Law of Unintended Consequences 8Li Season 2, Episode 6: Security is Alive "Malicious Life" Podcast, Ran Levi "CISO Series" Podcast, David Spark How do you explain virtualization to your mom? -- David Spark video "Everything is Alive" Podcast "Writing Excuses" Podcast The Wonder Test: A Novel, by Michelle Richmond (Amazon affiliate link) The Marriage Pact: A Novel, by Michelle Richmond (Amazon affiliate link) Where the Hell is Tesla? A Novel, by Rob Dircks (Amazon affiliate link) You're Going to Mars (An Audible Original), by Rob Dircks (Amazon affiliate link) Story: Substance, Structure, Style and the Principles of Screenwriting, by Robert McKee (Amazon affiliate link) HBR Guide to Persuasive Presentations (HBR Guide Series), by Nancy Duarte (Amazon affiliate link) Alchemy: The Dark Art and Curious Science of Creating Magic in Brands, Business, and Life, by Roy Sutherland (Amazon affiliate link) How Creativity Rules the World: The Art and Business of Turning Your Ideas into Gold, by Maria Brito (Amazon affiliate link) On Writing: A Memoir of the Craft, by Stephen King (Amazon affiliate link) You Are an Artist: Assignments to Spark Creation, by Sarah Urist Green Ticktime Pomodoro Timer (Amazon affiliate link) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerMedia [dot] com
"Security Awareness" is a slippery topic for a lot of people. It's a well known phrase -- and, let's face it, it's a phrase that can be very misleading. In this episode, Perry sits down with Dr. Jessica Barker (author and co-CEO at Cygenta), Cassie Clark (Security Awareness Lead Engineer at Brex), John Scott (Head of Security Education at Bank of England), and Lance Spitzner (Director, SANS Institute: Founder, Honeynet Project) to discuss what is currently being done well and, more importantly, where it needs to grow over the next few years. Spoiler alert: it's all about managing human risk. Guests: Dr. Jessica Barker (LinkedIn) (Twitter) Cassie Clark (LinkedIn) (Twitter) John Scott (LinkedIn) (Twitter) Lance Spitzner (LinkedIn) (Twitter) Books and Resources: 8Li S1 E9: Security ABCs Part 1: Make Awareness Transformational 8Li S1 E10: Security ABCs Part 2: 8th Layer Insights and the Quest for Security Culture Cybersecurity ABCs: Delivering awareness, behaviours and culture change by Jessica Barker, Adrian Davis, Bruce Hallas, & Ciarán Mc Mahon A Data-Driven Computer Defense: A Way to Improve Any Computer Defense by Roger A. Grimes Security Awareness Program Builder: Practical guidelines for building your Information Security Awareness Program & prep guide for the Security Awareness and Culture Professional (SACP)™ by Mark Majewski People-Centric Security: Transforming Your Enterprise Security Culture by Lance Hayden Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek (Amazon affiliate link) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon affiliate link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon affiliate link) Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com
Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn’t mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk. In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We’ll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk), Christian Hunt (Founder of Human Risk), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2). Original release date: Aug 31, 2021. Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation, Freakonomics 20 Cognitive Biases That Affect Risk Decision Making, SafetyRisk.net Factor Analysis of Information Risk (FAIR) Framework The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, by Michele Wucker (Amazon Affiliate Link) You Are What You Risk: The New Art and Science of Navigating an Uncertain World, by Michele Wucker (Amazon Affiliate Link) Why are Humans Bad at Calculating Risk?, Cogency Why You're Probably Not So Great at Risk Assessment, NY Times Why the Human Brain is a Poor Judge of Risk, Wired Humans are Terrible at Assessing Risk, by Kimberly Forsythe Why We're Awful at Assessing Risk, USA Today CISO Desk Reference Guides vol1 & vol2, by Bill Bonney, Gary Hayslip, Matt Stamper (Amazon Affiliate Link) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon Affiliate Link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon Affiliate Link) Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski.
What images come to mind when you see or hear the word 'Cybersecurity?' That word probably evokes mental images of people hunched over keyboards launching cyberattacks at each other. Or maybe you picture someone picking a lock or stealing a badge to slip into a building. In other words, most people picture the battle... or what some might think of as "the fun parts." But, here's the thing. Not everyone gets to participate in these aspects of cybersecurity and, in many cases, finding safe and legal ways to practice these skills can be challenging. So where can curious minds turn? That's where gamification can really help. There are a ton of really fun and engaging ways to learn these skills without fear of being arrested or breaking something. These are also great ways to level-up cybersecurity skills and help bring new people into the field. In this episode, we explore the "fun and games" of cybersecurity: lock picking, (CTFs) capture the flag competitions, simulations, and even pickpocketing and magical (sleight of hand and misdirection) thinking. Perry's guests are Alethe Denis (social engineer and DefCon 2019 Social Engineering CTF winner), Deviant Ollam (penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers), Chris Kirsch (Co-Founder and CEO of Rumble, DefCon 2017 Social Engineering CTF winner) , and Gerald Auger (Founder of Simply Cyber, Director of Cybersecurity Education & Cybersecurity Program Manager at ThreatGEN). Guests: Alethe Denis (LinkedIn) (Twitter) (Website) Deviant Ollam (Twitter) (YouTube) (Website) Chris Kirsch (LinkedIn) (Twitter) Gerald Auger (LinkedIn) (Twitter) (YouTube) Resources & Books: What is Gamification? Lockpicking Resources from Deviant Ollam Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, by Deviant Ollam Practical Lock Picking: A Physical Penetration Tester's Training Guide, by Deviant Ollam TOOOL US -- The Open Organization of Lockpickers TOOOL US instructional videos on YouTube The Official TOOOL Slides The Lockpicking Lawyer on YouTube Bump Keys in the News - San Francisco #3 -- YouTube clip TraceLabs OSINT Capture the Flags 50 CTF (Capture the Flag) & Pentesting Websites to Practice Your Hacking & Cybersecurity Skills in 2021 Hands-on Hacking Demo | CTF - Capture the Flag in 15 Minutes!, YouTube video by ITProTV Capture the Flag? Change Your Life, YouTube video by John Hammond Don’t Wait for the Perfect Time for a Tabletop Exercise, National Law Review ThreatGEN's Red & Blue Game Gerald Auger's Simply Cyber Discord Server Chris Krisch's pickpocketing talk at Layer8 Security Conference Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com
If you love learning about cons, scams, and tricks, then this is the episode for you. Listen as Perry sits down with Brian Brushwood, someone who has made understanding and teaching scams and tricks his life's work. Brian is the creator of Scam School, Scam Nation, Hacking the System, Modern Rogue, and more. For the past 20 years, he's toured around the world teaching and demonstrating everything from side show stunts, to sleight-of-hand magic, to the intricacies of con artistry. Brian’s new podcast, World’s Greatest Con is a deep-dive into the stories and tactics behind the most intricate and interesting cons imaginable. In season 1, he told the story of Operation Mincemeat, a WWII plot devised by Ian Fleming (creator of James Bond) to trick none other than Adolf Hitler. Season 2 covers five different cons all related to the game show industry… it’s both entertaining and riveting in some very unexpected ways. A big thank you to my friends over at the PodCube podcast for creating a custom skit for this episode. If you are a fan of sketch comedy, be sure to check out their show! (PodCube: The Future, is Yesterday™). Guest: Brian Brushwood (Website) (Twitter) Books and Resources Brian's Website World's Greatest Con podcast site Scam School YouTube Channel Modern Rogue YouTube Channel Brian Brushwood Mistreats His Tongue Brian doing psychic surgery on Penn & Teller: Fool Us Brian doing the "hidden ghost" trick Brian's Entire Bizarre Magic Stage Show How to make a fake tongue (without using a deer tongue) Operation Mincemeat -- Wikipedia 13 Unbelievably Fascinating Game Show Cheating Scandals That'll Shock Both Devoted And Casual Fans -- Buzzfeed Project Alpha -- Wikipedia Going Mental: A Conversation with Banachek -- 8th Layer Insights S1E7 PodCube Podcast Thinking, Fast and Slow by Daniel Kahneman  Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: The opening skit featured the voice talents of Rich Daigle (a.k.a. Mouth Almighty), Hannah Trusty, Adriana Beals, and Rob McCollum. Writing support for this episode's opening section from Terry Hicks Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com
Security is Alive

Security is Alive

2022-02-2245:11

Every now and then you need to try something new. That's what this episode is. If you listened to Season 2, Episode 3 (Technology and the Law of Unintended Consequences), you may remember the mock interview with Janet, the virtual assistant. This episode expands that idea and features a set of four mock interviews -- all with security-related object. This is an interesting experiment to help flesh-out some ideas behind these objects, the reasons they exist, their motivations, and the situations in which they find themselves. On this episode, we have four guests: Samantha, a piece of facial recognition software with a really interesting idea, Dave the password who has a pretty bad sharing problem, Devon, a secure email gateway who is struggling with the weight of the world and Barb, the phishing email who will say just about anything possible to get you to click that link. Guests:  Samantha – Facial Recognition Software Dave – Password Devon – Secure Email Gateway Barb – Phishing Email Books and Resources: MasterClass -- Margaret Atwood Teaches Creative Writing "Everything is Alive" Podcast Krebs on Security - Password Do’s and Don’ts What makes a good password? 9 rules to protect you from cyberattacks World Password Day: Roger Grimes on passwords Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate How does facial recognition work? Facial recognition: top 7 trends (tech, vendors, use cases) NISTIR 8238 Ongoing Face Recognition Vendor Test (FRVT) Part 2: Identification How Accurate are Facial Recognition Systems – and Why Does It Matter? Social Engineering Red Flags Email Security Gap Analysis Shows 10.5% Miss Rate What are Email Security Gateways, How Do They Work, and What Can They Offer Your Organization? The Creative Writing Coursebook: 40 Authors Share Advice and Exercises for Fiction and Poetry On Writing: A Memoir of the Craft by Stephen King Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Additional voice talent provided by Luna Freyava, Rich Daigle (a.k.a. Mouth Almighty), Punyaha Mukherjee, and Tabitha Garland Music and Sound Effects by Blue Dot Sessions, Envato Elements, & SmartSound Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com
On this episode, Perry sits down with James Linton (formerly known as The Email Prankster). In 2017, James went on a virtual joyride exploiting the ways that people interact with emails. One of the most interesting things about James' story is that his exploits didn't rely on any type of highly technical method(s); they were simple display name deceptions. But that didn't stop him from fooling CEOs from some of the worlds largest banks, celebrities, and high ranking staff members in the White House. James' success using these simple methods serves as a warning for us all. We don't fall for scams because they are technically sophisticated or because we are stupid. We fall for scams because we are human. Guest: James Linton (LinkedIn) (Website) Books and Resources: Anatomy Of An Email Impersonation Spree: Who Got Pranked And Why An email prankster is hitting the CEOs of the world's biggest banks How to Prank the Rich and Powerful Without Really Trying Morgan Stanley CEO James Gorman falls for email prank This Man Pranked Eric Trump And Harvey Weinstein — Now He Just Wants A Job Media Coverage YouTube Playlist James Linton -- Wikipedia Entry The Journal of Best Practices: A Memoir of Marriage, Asperger Syndrome, and One Man's Quest to Be a Better Husband by David Finch Perry -- Interview on Springbrook's Converge Autism Radio Perry -- Security Weekly Interview Perry Carpenter - The Aspies Guide to Social Engineering - DEF CON 27 Social Engineering Village Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com
If you've been following the cybersecurity industry for the past few years, you've likely heard about the "cyber skills gap." In this episode, Perry sits down with Heath Adams (TCM Security), Professor Karla Carter (Bellevue University), Sam Curry (Cybereason), and Lola Obamehinti (eBay) to explore what the skills gap is and how to begin to close the gap. We touch on subjects such as where traditional degrees, online training, certifications, mentorship, and networking fit in, as well as the value of diversity. And we offer thoughts for employers, current industry professionals, and job seekers. Guests: Heath Adams (LinkedIn) Karla Carter (LinkedIn) Sam Curry (LinkedIn) Lola Obamehinti (LinkedIn) Books and Resources: Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career, by Dr. Jessica Barker Cybersecurity Domain Map ver 3.0 by Henry Jiang Cybersecurity Employment in 2022: Solving the Skills Gap, by Jenn Fulmer Cybersecurity: The Starting Line, by 4n6Lady The 8 CISSP domains explained, by Luke Irwin Examination of Personality Characteristics Among Cybersecurity and Information Technology Professionals, by Sarah E. Freed (utc.edu) GenCyber Camps: Inspiring the Next Generation of Cyber Stars NSA National Centers for Academic Excellence in Cybersecurity Navigating the Cybersecurity Career Path by Hellen E. Patton Over 200,000 Girl Scouts Have Earned Cybersecurity Badges by Ashley Savageau Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World, by Marcus J. Carey & Jennifer Jin The Value of Certifications, by Javvad Malik Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter Word Notes Podcast definition of Cybersecurity Skills Gap Production Credits: Additional voice talent provided by Rich Daigle. Additional research by Nyla Gennaoui. Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ *** Use of The Twilight Zone theme music in this episode is considered 'Fair Use' under copyright law due to its 'transformative' nature as a parody. Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: hello [at] 8thLayerInsights [dot] com
Comments (11)

Julie Gatesman

I've been telling everyone I will not see "where the crawdads sing" when the movie comes out because the story in my mind was just so emotional and just perfect and I can't imagine even trying to compare it to anything else. I don't even want to. what a great way to describe that!

Aug 8th
Reply

Sarah Luv Burkhardt

Loved this!! Thought it was super entertaining the way you put the stories together.

Apr 13th
Reply (2)

Federico Giovannetti

Excellent insights, guests and lots of fun to listen to. Highly recommend.

Mar 28th
Reply (1)

FORUM TOTO

forumtoto bandar togel online terpercaya dan berbayar

Mar 10th
Reply

Robert Hoffman

Highly informative and entertaining. Well done.

Mar 2nd
Reply (1)

Jack Rhysider

first

May 21st
Reply (1)
Download from Google Play
Download from App Store