Larry and Joe speak with Duane Dunston, an Associate Professor of Cybersecurity at Champlain College

https://www.champlain.edu/academics/our-faculty/dunston-duane

Duane just celebrated 24 years in Cybersecurity. He is currently working towards his EdD in Education. Larry and I learned how incredible Duane is!  Among his many accomplishments, he volunteers as a security consultant with International Association of Human Traffickers and Investigators. He's working with Champlain students to develop technologies to facilitate the identification of trafficked victims.  Duane is currently  working on a cross-platform and mobile app to help identify victims of human trafficking. You can buy Duane a cup of coffee here: https://www.buymeacoffee.com/thedunston

And 

00:00 Larry and Joe listen to Duane's story of how he got into Cybersecurity, after growing up in a Group Home, he earned a college degree, and then got into tinkering with Log Analysis and worked his way through Graduate school as a janitor. He helped maintain the computers and shortly after became a Unix administrator. He didn't have an easy road, but he is perhaps the best example of what the Information Security community stands for.

4:50 Wireguard VPN and Duane's contribution with Nowire

check out his NoWire Github repo here: https://github.com/thedunston/nowire

11:15 Is Internet Privacy Possible?

19:53 Duane’s presentation at GrimmCon:  “Cognitive Science Aproach To Teaching Cybersecurity Education”

https://t.co/Owr38hXBVk?amp=1

20:15 Should Veterans spend their GI Bill on College Degrees or Certs to get their first job in Cyber?

Duane recommends Security+ Certs and to supplement it with the TryHackMe platform.

https://tryhackme.com/

It requires no home lab equipment so it helps those that have financial constraints.

22:30 Can someone go right into Pentesting?

Duane says you must have a base level of understanding of Networking, Windows and Linux administration.

23:00 eLearnSecurity Junior Penetration Tester (eJPT)

https://elearnsecurity.com/product/ejpt-certification/

23:50 Duane discusses how the OSCP Cert from Offensive Security is more difficult for people who struggle with self learning.

https://www.offensive-security.com/pwk-oscp/

26:00 Duane explains why he does not subscribe to the fatalistic “everyone will be hacked” mindset, and how SolarWinds is the worst case scenario of a Supply Chain compromise.

30:50 Why it is so difficult to detect cobalt strike beacons

32:45 Duane says the fundamentals are necessary: anti-malware, anti-phishing, and application control (allow-listing).

34:00 Web Browser sandboxing with Application Guard

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview

35:15 Weakness of application control is when exclusions are set, malware an remain undetected when hiding in those exclusions

36:50 Host level detection is important because network traffic is encrypted in SSL

37:40 Philosophical Discussion on why Ransomware attacks are on the rise

39:00 Duane discusses his volunteer work with 1) using Augmented Reality to help train people in construction and 2) helping with the problem of human trafficking

44:35 Larry asks Duane a tough question: What is your driving motivation? You keep learning even after being in 24 years in Cybersecurity (Duane just got his MITRE Attack certification).

Duane's Ted Talk can be viewed here: https://www.ted.com/talks/duane_dunston_the_answer_to_cybersecurity_threats_middle_high_schoolers 

Duane spoke at The Diana Initiative​ 2021; a two-day conference to elevate, inspire, and support women/non-binaries of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources. https://hopin.com/explore/speakers/IEfWTII6uHHgNc1ctq047ro2S 

51:00 Duane looks to the future - helping improve training providers. He would like to consult with a think tank on cybersecurity education or technology education or education policy. He can be reached on twitter at @GnuGro

52:37 Duane weighs in on the recent Infosec Bikini Controversy on twitter.  Read more about the controversy here: https://www.infosecurity-magazine.com/news/infosec-community-bikini-pics/