Skip to main content
Blue Security

Blue Security

By Andy Jaw & Adam Brewer
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
Listen on
Where to listen
Amazon Music Logo

Amazon Music

Apple Podcasts Logo

Apple Podcasts

Castbox Logo

Castbox

Google Podcasts Logo

Google Podcasts

Overcast Logo

Overcast

Pocket Casts Logo

Pocket Casts

RadioPublic Logo

RadioPublic

Spotify Logo

Spotify

Stitcher Logo

Stitcher

Currently playing episode

Windows Device Management with Special Guest Shannon Fritz

Blue Security

1x
Cyber Threat Intelligence with Special Guest Charity Wright
This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Charity works for Recorded Future currently and she talks about how threat intelligence can help bolster your cybersecurity program and why it's important to start gathering intel whether it's an internal team, a vendor, or using open source intelligence (OSINT). ------------------------------------------- Youtube Video Link: https://youtu.be/zkAg_mBp7N4 ------------------------------------------- Documentation: Charity Wright Twitter: https://twitter.com/CharityW4CTI Linkedin: https://www.linkedin.com/in/cwillhoite/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
40:47
May 16, 2022
Andy was hacked!
This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened! ------------------------------------------- Youtube Video Link: https://youtu.be/Go6cb9pU6ng ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/expansion-of-fido-standard-and-new-updates-for-microsoft/ba-p/3290633 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:23
May 09, 2022
MFA Bombing
This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it. ------------------------------------------- Youtube Video Link: https://youtu.be/EFg-vw824PY ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:17
May 02, 2022
Interview with Special Guest Christina Morillo
This week, Adam and Andy talk with Christina Morillo about identity, diversity in information security, and her book "97 Things Every Information Security Professional Should Know: Collective Wisdom from the Experts." We had so much fun talking and it was a great interview! ------------------------------------------- Documentation: Colors of Infosec: https://podcasts.apple.com/us/podcast/colors-of-infosec-podcast/id1531541552 Book: https://www.amazon.com/Things-Information-Security-Professional-Should/dp/1098101391 Christina on Twitter: https://twitter.com/divinetechygirl https://www.christinamorillo.com/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:19
April 25, 2022
VPNs vs SDPs
Adam and Andy talk about VPN's versus Software Defined Perimeters (SDP) this week. They break down why companies still use VPN's and why they pose an infosec security risk. They present SDP's as a different way of thinking about how to access internal applications and some vendors in the space already. ------------------------------------------- Youtube Video Link: https://youtu.be/N8CxB84f50A ------------------------------------------- Documentation: https://www.blastwave.io/posts/house-of-cards-your-guide-to-getting-hacked-using-vpns https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/what-is-application-proxy https://www.microsoft.com/security/blog/2020/01/23/microsoft-zscaler-help-organizations-implement-zero-trust-model/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:20
April 18, 2022
Okta Says Sorry, Fake Warrants, New PCI Reqs
This week's episode, Adam and Andy talk about some interesting infosec news including Okta's apology and how that affected their stock prices. They also talk about the latest Apple zero days and an interesting tactic cybercriminals are using to get sensitive data out of organizations. Finally, they chat about the new PCI 4.0 standard and what's different from the current standard. ------------------------------------------- Youtube Video Link: https://youtu.be/Dja0bWaARQU ------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure/ https://krebsonsecurity.com/2022/03/fake-emergency-search-warrants-draw-scrutiny-from-capitol-hill/ https://www.darkreading.com/edge-articles/what-s-new-in-pci-dss-4-0-for-authentication-requirements ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:06
April 11, 2022
LAPSUS$
This week's episode, Adam and Andy talk about the hacker group LAPSUS$. They go over what makes this group unique in the cybercriminal world and a breakdown of the latest high value targets. ------------------------------------------- Youtube Video Link: https://youtu.be/w-7RPcOl8HE ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ https://www.linkedin.com/pulse/open-letter-okta-amit-yoran/ https://sec.okta.com/articles/2022/03/official-okta-statement-lapsus-claims https://support.okta.com/help/s/article/Frequently-Asked-Questions-Regarding-January-2022-Compromise?language=en_US ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
41:14
April 04, 2022
Infosec News Catch Up
This week's episode, Adam and Andy catch up on some infosec news including the new Cyber Incident Reporting Act signed into law last week and other reporting policies on the horizon. They also talk about CISA's advisory on misconfigured MFA and Russia's new root certificate. ------------------------------------------- Youtube Video Link: https://youtu.be/igcF6dLvq4E ------------------------------------------- Documentation: https://www.cisa.gov/uscert/ncas/alerts/aa22-074a https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting https://www.eff.org/deeplinks/2022/03/you-should-not-trust-russias-new-trusted-root-ca ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:08
March 28, 2022
Helpdesk Security
This week's episode, Adam and Andy talk about helpdesk security. Enterprise helpdesks are often a popular target for cybercriminals because they have access to sensitive information and accounts. Listen in as they talk about things to think about when driving towards a zero trust model for helpdesk security. ------------------------------------------- Youtube Video Link: https://youtu.be/6WPDH9W8UOQ ------------------------------------------- Documentation: https://www.linkedin.com/pulse/password-tickets-consume-31-40-help-desks-time-roy-verberne/?articleId=6627845881985146880 https://specopssoft.com/product/secure-service-desk/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:51
March 21, 2022
War in the Digital Age
This week's episode, Adam and Andy talk about the Russian invasion of Ukraine and the information war that is happening behind the scenes. They go over some specific takeaways on what to focus on in this heightened state of cybersecurity risk. ------------------------------------------- Youtube Video Link: https://youtu.be/a2452Yd0--g ------------------------------------------- Documentation: SANS Webcast: Russian Cyber Attack Escalation in Ukraine - What You Need To Know! https://www.youtube.com/watch?v=bZoHePqoBtM https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:34
March 14, 2022
Windows Hello for Business Revisited
This week's episode, Adam and Andy talk about the new cloud key trust deployment model for Windows Hello for Business in hybrid environments. Cloud key trust greatly simplifies the deployment of Windows Hello for Business by removing the requirement for any PKI infrastructure. If you've been waiting to try this passwordless solution to authenticate to Windows PC's, now is the time. There are benefits even if you are using Azure AD Joined devices. Listen in on how to get started today! ------------------------------------------- Youtube Video Link: https://youtu.be/9e7XyVWIPk8 ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26:12
March 07, 2022
Password Cracking
This week's episode, Adam and Andy talk about the basics of password cracking. Understanding how passwords are cracked by offensive security and cybercriminals can help defenders scope and make better password policies. ------------------------------------------- Youtube Video Link: https://youtu.be/f2IniyS8Le4 ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20:46
February 28, 2022
Geopolitical Crises and Cybersecurity
This week's episode, Adam and Andy talk about some of the geopolitical crises happening around the world with Russia and China and how that affects cybersecurity defenders. ------------------------------------------- Youtube Video Link: https://youtu.be/LATDlvH6h90 ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:13
February 21, 2022
Windows Defender Application Control
This week's episode, Adam and Andy continue their Windows Security series and talk about Defender Application Control. This is a great feature built into Windows Enterprise that can help reduce the attack surface in many use cases. Listen in on how it works and how to test and implement it. ------------------------------------------- Youtube Video Link: https://youtu.be/A0LXCsIIFBM ------------------------------------------- Documentation: https://call4cloud.nl/2021/06/wdac-or-the-unexpected-virtue-of-ignorance/ https://webapp-wdac-wizard.azurewebsites.net/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22:53
February 14, 2022
Tabletop Scenarios with Special Guests Nate Gardner and Gavin Ashton
This week's episode, Adam and Andy have a great time chatting with fellow cybersecurity professionals Nate Gardner and Gavin Ashton walking through tabletop scenarios. This is something security defenders should do to test their incident response plan. ------------------------------------------- Youtube Video Link: https://youtu.be/kwxSCd40gWQ ------------------------------------------- Documentation: Nate Gardner: https://www.linkedin.com/in/nate-gardner-infosec/ Gavin Ashton:  https://twitter.com/gvnshtn https://www.linkedin.com/in/gvnshtn/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
47:00
February 07, 2022
News Smash
This week's episode, Adam and Andy talk catch up on some infosec news including BadUSB, President Biden's memorandum for National Security Systems, iOS/MacOS vulnerablities, and new hardware with Microsoft's Pluton Security Processor. ------------------------------------------- Youtube Video Link: https://youtu.be/yQebJcb2j3E ------------------------------------------- Documentation: https://www.darkreading.com/vulnerabilities-threats/more-security-flaws-found-in-apple-s-OS-technologies https://www.whitehouse.gov/briefing-room/presidential-actions/2022/01/19/memorandum-on-improving-the-cybersecurity-of-national-security-department-of-defense-and-intelligence-community-systems/ https://www.csoonline.com/article/3647173/badusb-explained-how-rogue-usbs-threaten-your-organization.html#tk.rss_all https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-excel-40-macros-by-default-to-block-malware/ https://www.csoonline.com/article/3647170/microsofts-pluton-security-processor-tackles-hardware-firmware-vulnerabilities.html#tk.rss_all ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:45
January 31, 2022
Windows Device Management with Special Guest Shannon Fritz
This week's episode, Adam and Andy talk with special guest Shannon Fritz on Windows Device Management. If you haven't listened to Shannon's episode on Device Identity, we encourage you to listen to it! Following up the conversation on device identity, Shannon talks all about managing devices using co-management and how device identity is related to management but mainly where the device lives does not affect how it is managed. Listen in on what it means to co-manage your Windows devices! ------------------------------------------- Youtube Video Link: https://youtu.be/LtkPvqLvG9Y ------------------------------------------- Documentation: Windows 10 Device Management vs Device Identity https://mrshannon.wordpress.com/2020/06/24/windows-10-device-management-vs-device-identity/ https://anchor.fm/blue-security-podcast/episodes/Say-Goodbye-to-Domain-Join-with-Special-Guest-Shannon-Fritz-erudur Shannon Fritz: https://twitter.com/mrshannonfritz ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
59:06
January 24, 2022
F12 and Find Out
This week's episode, Adam and Andy talk about the importance of the nomenclature we use in information security. They also talk about the perception of information security to those who are not in the field and how that can affect safety when it comes to red teaming. ------------------------------------------- Youtube Video Link: https://youtu.be/nMQC5D_P4qY ------------------------------------------- Documentation: https://techcrunch.com/2021/10/15/f12-isnt-hacking-missouri-governor-threatens-to-prosecute-local-journalist-for-finding-exposed-state-data/ https://boingboing.net/2021/12/30/reporter-likely-to-be-charged-for-using-view-source-feature-on-web-browser.html https://arstechnica.com/information-technology/2019/09/iowa-officials-claim-confusion-over-scope-led-to-arrest-of-pen-testers/ https://abcnews.go.com/US/wireStory/charges-dropped-men-broke-iowa-courthouses-68651855 https://www.darkreading.com/edge-articles/why-red-teaming-while-black-can-be-risky ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23:22
January 17, 2022
Digital Asset Management
This week's episode, Adam and Andy talk about a fundamental important program for security defenders: asset management. It may not be the most exciting aspect of security but knowing what you have makes it a lot easier to protect and response to attacks. ------------------------------------------- Youtube Video Link: https://youtu.be/Kui8x_lCYOk ------------------------------------------- Documentation: https://danielmiessler.com/blog/continuous-asset-management-security/ https://www.darkreading.com/vulnerabilities-threats/log4j-reveals-cybersecurity-s-dirty-little-secret ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
24:33
January 10, 2022
A look back on 2021
This week's episode, Adam and Andy give an update on Log4j/Log4Shell insights from the Google Security Team. They also look back on some of the vulnerabilities and cyberattacks from 2021 and discuss what's to come in 2022 for defenders. ------------------------------------------- Youtube Video Link: https://youtu.be/3XLwP8GFS3M ------------------------------------------- Documentation: https://security.googleblog.com/ https://www.av-comparatives.org/tests/business-security-test-2021-august-november/#management-summary https://news.microsoft.com/on-the-issues/tools-and-weapons/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30:29
January 03, 2022
Work Life Balance
This week's episode, Adam and Andy talk all about a healthy work life balance. With the pandemic still on-going and working from home or hybrid work environments looking like they are not going away, it's time to re-evaluate your boundaries and enforce them. Listen on what's worked for Adam and Andy as they put their mental health ahead of the hustle culture. ------------------------------------------- Youtube Video Link: https://youtu.be/lK147aYqt4k ------------------------------------------- Documentation: https://hbr.org/2021/12/hybrid-tanked-work-life-balance-heres-how-microsoft-is-trying-to-fix-it ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
37:52
December 27, 2021
Threat and Vulnerability Management
This week, Adam and Andy talk all about how to start and run a threat  and vulnerability program at your company. From asset management,  scanning, remediation, and validation, they go over what is involved and how to orchestrate the effort cross-function to avoid down time. A TVM program is a key pillar of your defense so if you do not have one or want to improve your current one, listen in! ------------------------------------------- Youtube Video Link: https://youtu.be/qTvtvfY3CaQ ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-devices?view=o365-worldwide https://www.tenable.com/products/nessus https://www.qualys.com/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
29:44
December 20, 2021
Log4Shell
This week, Adam and Andy talk all about the Log4Shell vulnerability affecting the log4j Java library. They give an overview on how it works and how you as a security defender can secure your environment against it. ------------------------------------------- Youtube Video Link: https://youtu.be/D9KBcIHOQzI ------------------------------------------- Documentation: https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 https://github.com/Neo23x0/log4shell-detector https://twitter.com/shehackspurple/status/1469742868952584194 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:15
December 13, 2021
Security Champions
This week, Adam and Andy talk about a security champions program. This is a way to bolster the security culture and develop representatives in each business group to understand security initiatives and evangelize them for you at your company. It's also a way to have a inner ring of testers and even possible a talent pipeline. There's a lot to discuss so listen in! ------------------------------------------- Youtube Video Link: https://youtu.be/sbnppJR-eMo ------------------------------------------- Documentation: https://www.darkreading.com/careers-and-people/how-to-implement-a-security-champions-program ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21:22
December 06, 2021
Things are getting better
This week, Adam and Andy talk about how they see things improving in the cybersecurity industry from the Department of Justice and the US government investigating and hunting down cyber criminals and sanctioning the NSO group to bug bounties increasing and new regulations. ------------------------------------------- Youtube Video Link: https://youtu.be/Jr-prV9DEUg ------------------------------------------- Documentation: https://www.theverge.com/2021/11/8/22770701/revil-ransomware-arrest-kaseya-crypto-europol-cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/ https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
32:53
November 29, 2021
Zero Trust, Amazon Security, and other news
This week, Adam and Andy talk about some recent infosec news, a shocking article about Amazon's lack of security, and what zero trust means to them. ------------------------------------------- Youtube Video Link: https://youtu.be/Lzf-eYy7PTg ------------------------------------------- Documentation: https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/ http://us-cert.cisa.gov/ncas/current-activity/2021/02/26/nsa-releases-guidance-zero-trust-security-model https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWJJdT ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:04
November 22, 2021
Ignite 2021 Fall Highlights
This week, Adam and Andy go over some of the endpoint, Windows, and security announcements from Ignite. If you were too busy to watch any of the sessions or read about the updates, listen in as they give the highlights from the conference. ------------------------------------------- Youtube Video Link: https://youtu.be/GClAGTkzPmc ------------------------------------------- Documentation: https://news.microsoft.com/ignite-november-2021-book-of-news/ https://myignite.microsoft.com/home https://news.microsoft.com/november-2021-ignite/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
35:57
November 15, 2021
Cybersecurity Talent Gap
This week, Adam and Andy talk about the cybersecurity talent gap. They give advice to those who are trying to break into the field as well as hiring managers on changing the way they look at recruiting to widen the talent pipeline. They also talk about how gatekeepers are toxic to the industry. ------------------------------------------- Youtube Video Link: https://youtu.be/Iac0YlqiIx4 ------------------------------------------- Documentation: https://cybersecurity.att.com/blogs/security-essentials/theres-no-such-thing-as-an-entry-level-job-in-cybersecurity https://danielmiessler.com/blog/day-1-skills-required-to-land-an-entry-level-cybersecurity-job/ https://www.cyberseek.org/pathway.html https://twitter.com/FrankMcG/status/1455380836858089477?s=20 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:42
November 08, 2021
Microsoft Digital Defense Report, Consumer Expectations, and Gartner
This week, Adam and Andy talk about Microsoft's Digital Defense Report,  consumer expectations of "invisible" security, and should you rip out an  information security tool just because it's not on the Gartner Magic Quadrant. ------------------------------------------- Youtube Video Link: https://youtu.be/YXe79Uli1ow ------------------------------------------- Documentation: https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/ https://www.darkreading.com/operations/how-to-adapt-to-rising-consumer-expectations-of-invisible-security/a/d-id/1340989?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple https://twitter.com/snorkel42/status/1450492940938321921?s=21 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:25
November 01, 2021
Windows 365 with Special Guest Bradley Dupay
This week, Adam and Andy talk with Microsoft's Global Black Belt Specialist, Bradley Dupay, about the all new cloud PC offering called Windows 365. They go over how VDI has evolved over the years, the implementation details, use cases, and importance to security defenders. This was an amazing conversation! Listen in on how you can modernize your virtualized desktops for a secure hybrid workplace. ------------------------------------------- Youtube Video Link: https://youtu.be/PVo7_b9BJWg ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows-365/overview https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Bradley Dupay Linkedin: https://www.linkedin.com/in/bdupay/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
52:51
October 25, 2021
Facebook Outage Learnings and Windows 11 security
This week on the Blue Security Podcast, Adam and Andy talk about the Facebook outage and what security defenders can learn from reading their after actions report. They also dive into Windows 11 and the security features that make it the most secure version of Windows yet. ------------------------------------------- Youtube Video Link: https://youtu.be/DdGeRMkZVOM ------------------------------------------- Documentation: https://www.microsoft.com/security/blog/?p=93810 https://www.microsoft.com/security/blog/2019/10/21/microsoft-and-partners-design-new-device-security-requirements-to-protect-against-targeted-firmware-attacks/ https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ https://www.youtube.com/watch?v=tg9QUrnVFho ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:02
October 18, 2021
You are going to be a victim of ransomware
This week on the Blue Security Podcast, Adam and Andy talk about planning to be a victim of ransomware. This is a mindset shift. Instead of focusing on prevention, cybersecurity defenders should plan and practice how to mitigate the damage against a ransomware attack. ------------------------------------------- Youtube Video Link: https://youtu.be/MOq2KhhCjAI ------------------------------------------- Documentation: https://www.darkreading.com/vulnerabilities-threats/you-re-going-to-be-the-victim-of-a-ransomware-attack ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21:17
October 11, 2021
TPM design limitations and Apple-Google app store actions
This week on the Blue Security Podcast, Adam and Andy talk about two interesting topics. The first is a pentesting company's successful hack Bitlocker using a TPM limitation. They talk about why this is complicated and the mitigations for it. They also talk about Apple and Google's decision to pull a voting app from the store in Russia a day before the parliamentary elections and the effect it has on democracy. ------------------------------------------- Youtube Video Link: https://youtu.be/-GNLKWTtxTI ------------------------------------------- Documentation: https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network https://explainxkcd.com/wiki/index.php/538:_Security https://gizmodo.com/apple-and-google-pull-opposition-app-from-russian-store-1847695238 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
27:46
October 04, 2021
Protonmail kerfuffle
This week on the Blue Security Podcast, Adam and Andy talk about the hot water Protonmail got themselves into when the news reported that they  provided IP address and device information on a Protonmail account to the Swiss government. It's a great discussion on privacy vs security and laws that companies have to abide by. ------------------------------------------- Youtube Video Link: https://youtu.be/ZMcUKQstqsA ------------------------------------------- Documentation: https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html https://protonmail.com/blog/climate-activist-arrest/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
17:17
September 27, 2021
Misconceptions about MDM
This week on the Blue Security Podcast, Adam and Andy go over a bunch of misconceptions about mobile device management spurred by some chatter on Twitter. Should you enroll your personal device with your company's management solution? Listen in as Adam and Andy go over what is technical possible or not possible with MDM solutions. ------------------------------------------- Youtube Video Link: https://youtu.be/RblAsBTYV9s ------------------------------------------- Documentation: https://twitter.com/decryptlyfe/status/1428739410338598913?s=20 https://twitter.com/ashleygjovik/status/1428495420917837826?s=20 https://twitter.com/cherthedev/status/1428808057643966468?s=20 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
43:03
September 20, 2021
One year anniversary!
This week on the Blue Security Podcast, Adam and Andy celebrate one year of the podcast looking back on past episodes and key takeaways. ------------------------------------------- Youtube Video Link: https://youtu.be/6iBtzPzsFM4 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
31:08
September 13, 2021
Apple's Protections for Children
This week on the Blue Security Podcast, Adam and Andy talk about Apple's new proposed iOS 15 feature to protect children. They break down the technical details of how Apple differs from the other tech companies already scanning for CSAM content as well as their new message protection. ------------------------------------------- Youtube Video Link: https://youtu.be/GBG42KZKbok ------------------------------------------- Documentation: https://techcrunch.com/2021/09/03/apple-csam-detection-delayed/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:08
September 06, 2021
Security News Edition: Lockfile, Razer, and T-mobile
This week on the Blue Security Podcast, Adam and Andy breakdown some of the latest infosec news. They go over some hardening advice on the current Exchange ProxyShell vulnerability and Lockfile's current ransomware campaign. They also discuss some interesting privileged escalation using Razer peripherals. Finally, they give their thoughts on the T-Mobile breach. ------------------------------------------- Youtube Video Link: https://youtu.be/vI3RRekjPcY ------------------------------------------- Documentation: https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 https://msrc.microsoft.com/update-guide/vulnerability/ADV210003 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
32:43
August 30, 2021
Windows Hello for Business
This week on the Blue Security Podcast, Adam and Andy discuss the enterprise-ready passwordless solution that's already built into your Windows 10 PCs. If your business-class PCs have a TPM, you have  everything you need to get started. Listen as Adam and Andy explain how  WHFB works, how to address privacy concerns, and how to quickly stand up  a POC or Pilot. ---------------------------------------------- Youtube Video Link: https://youtu.be/XK8BmcOSdco ---------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/ https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-planning-guide https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-deployment-guide ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
35:07
August 23, 2021
Mistakes that hinder a security team's success with Special Guest Nate Gardner
This week, Nate Gardner joins Andy to talk about mistakes that security teams can make that will hinder their success at organizations. And these aren't technical errors. Listen in because these mistakes can mean the difference in getting a tool or policy deployed! ---------------------------------------------- Youtube Video Link: https://youtu.be/YsqCpVPpVII ---------------------------------------------- Documentation: https://www.darkreading.com/edge/theedge/5-mistakes-that-impact-a-security-teams-success/b/d-id/1341470 Nate Gardner: https://www.linkedin.com/in/nate-gardner-infosec/ ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
19:31
August 16, 2021
Secure Privileged Access
This week, Adam and Andy go through Microsoft's best practice on securing privileged access. This documentation is amazing and extremely detailed. There are some great tips including administration and secure device management. ---------------------------------------------- Youtube Video Link: https://youtu.be/Mmg4ob-6u08 ---------------------------------------------- Documentation: https://docs.microsoft.com/en-us/security/compass/overview https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754 ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
45:57
August 09, 2021
Windows Defender Application Guard
This week, Adam and Andy continue their series on Windows security by talking about Windows Defender Application Guard. This is a great security feature in Windows 10 that isolates the browser in a hypervisor container. Listen in on the details and how to deploy it! ---------------------------------------------- Youtube Video Link: https://youtu.be/5ZbYWCrlhR8 ---------------------------------------------- Documentation: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22:57
August 02, 2021
Pegasus, Twitter MFA, & Underfunding Infosec
This week, Adam and Andy discuss some interesting articles that were published during the week. Pegasus, a suite of mobile phone exploits, was big in the news again. Twitter released a report on their MFA adoption. And an interesting post on Linkedin from a cybersecurity strategist spurred some discussion on underfunding cybersecurity as a strategy. ---------------------------------------------- Youtube Video Link: https://youtu.be/NdPrbfLaEV8 ---------------------------------------------- Documentation: https://www.washingtonpost.com/technology/2021/07/19/apple-iphone-nso/?utm_campaign=wp_main&utm_medium=social&utm_source=instagram https://www.bleepingcomputer.com/news/security/twitter-reveals-surprisingly-low-two-factor-auth-2fa-adoption-rate/ https://www.linkedin.com/posts/yoad-dvir_omg-a-loophole-activity-6817220058859749376-MmQT ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30:04
July 25, 2021
CISA's RVA findings and what it means for organizations
This week, Adam and Andy go over CISA's (Cybersecurity & Infrastructure Security Agency) Risk and Vulnerability Assessments finding for 2020. In CISA's report, there were data driven values for different vectors of attack mapped to the MITRE ATT&CK framework. CISA had many recommendations for mitigation that Adam and Andy talk through. ---------------------------------------------- Youtube Video Link: https://youtu.be/V6LAgb4KvFI ---------------------------------------------- Documentation: CISA RVA Documents: https://www.cisa.gov/publication/rva ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
50:49
July 19, 2021
The Tech We Use
This week, Andy and Adam take a break from cybersecurity and have a little fun talking about the tech they use. They chat about their phones, computers, headphones, mics, and more! Below are links to the products they talk about. Note: This show is not sponsored. All items are purchased through personal means. ---------------------------------------------- Youtube Video Link: https://youtu.be/6Jq8v3aTM-A ---------------------------------------------- Documentation: Unifi: https://ui.com/consoles/ Asus ZenWifi AX review: https://www.cnet.com/reviews/asus-zenwifi-ax-review/ TP-Link Archer AX90: https://www.nytimes.com/wirecutter/reviews/best-wi-fi-router/ Unraid: https://www.unraid.net/ Synology: https://www.synology.com/en-us Marco's Podcasting Mics: https://marco.org/podcasting-microphones Rodecaster: https://rode.com/interfaces-mixers/rodecaster-pro Podmic: https://rode.com/microphones/podmic Meze 99 Noir Headphones: https://drop.com/buy/massdrop-x-meze-99-noir-closed-back-headphones Marco's Headphones: https://marco.org/headphones-closed-portable Nuraloop: https://www.nuraphone.com/products/nuraloop Herman Miller Aeron: https://www.hermanmiller.com/products/seating/office-chairs/aeron-chairs/ AK Racing Chair: https://drop.com/buy/akracing-premium-gaming-chair Arozzi Arena Desk: https://arozzi.com/product/arena/ USB Hub Switch: https://www.amazon.com/Rosewill-Peripheral-Computers-Controller-Included/dp/B07FQT43DM ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
42:29
July 12, 2021
Information Protection with Special Guest Rachel O'Shea
This week, Rachel O'Shea, a Senior Technical Specialist in Compliance at Microsoft, join Adam and Andy to talk about information protection and governance. Rachel has a wealth of experience in compliance and she talks about some of the tools within Microsoft's suite to help protect information as well as tips to get started and continuous re-evaluation of your compliance program.  ----------------------------------------------  Youtube Video Link: https://youtu.be/vet3BKiKEQQ  ----------------------------------------------  Documentation: Rachel O'Shea: https://www.linkedin.com/in/racheloshea/  Microsoft Compliance Center: https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365-worldwide  Microsoft Information Protection: https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide  ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
44:18
July 05, 2021
Should you block or allow this app?
This week, Adam and Andy talk about what infosec professionals should consider when being asked to block or allow an application. ---------------------------------------------- Youtube Video Link: https://youtu.be/Y8W5LSVpa4M ---------------------------------------------- Documentation: https://www.wired.co.uk/article/blackberry-india ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:10
June 28, 2021
Special Episode - Programming Note
Adam and Andy have some news to share!
05:19
June 21, 2021
Windows Defender Credential Guard
This week, Adam and Andy do a deep technical dive on Windows Defender Credential Guard. This security feature is part of Windows 10 Enterprise and not as broadly deployed as it should be. Learn what it is, how it works, and why you should have this on your roadmap to enable. ----------------------------------------------  Youtube Video Link: https://youtu.be/AQsxdW_iYlU ----------------------------------------------  Documentation: https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-known-issues ----------------------------------------------  Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
27:04
June 21, 2021
The True Cost of Ransomware
This week, Adam and Andy talk about how cyberattacks and ransomware incidents are increasing in  frequency and how the financial impact is getting greater both for  payments and for recovery. They go over the sometimes hidden costs of a  ransomware attack that security practitioners should be aware of to plan  and budget for. ---------------------------------------------- Youtube Video Link: https://youtu.be/RB-ujlVfjfU ---------------------------------------------- Documentation: https://blog.checkpoint.com/2021/05/12/the-new-ransomware-threat-triple-extortion/ https://unit42.paloaltonetworks.com/ransomware-threat-report-highlights/ https://www.fitchratings.com/research/insurance/sharply-rising-cyber-insurance-claims-signal-further-risk-challenges-15-04-2021 ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:40
June 14, 2021
Digital Every Day Carry (EDC)
This week, Adam and Andy talk about their digital "Every Day Carry" (EDC). These are tools they use personally on an every day basis to keep themselves and their data safe. They go through each tool and why they use it from phones, to browsers, to what social media accounts they keep. If you have other tools that are interesting that you use, be sure to contact the show and let us know! ---------------------------------------------- Youtube Video Link: https://youtu.be/df2Jd1gCupg ---------------------------------------------- Documentation: Secure Messaging: https://anchor.fm/blue-security-podcast/episodes/Secure-Messaging-ep42ct Mac Management: https://anchor.fm/blue-security-podcast/episodes/Mac-Management-with-Special-Guest-Matthew-Ward-and-Matt-Benyo-eu2i3r ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
42:49
June 07, 2021
That Infosec Op-Ed
This week, Adam and Andy talk about the op-ed written by Prof Allen Gwinn in The Hill that had the information security community up in arms. They counter his article in a thoughtful way because while many of his ideas are ultimately bad ideas, there are some nuggets of good ideas in there. And at least he got the infosec community talking and doing some self-reflection. Listen in on a balanced counter argument to his op-ed article. ---------------------------------------------- Youtube Video Link: https://youtu.be/W0A8Fbq1fB8 ---------------------------------------------- Documentation: https://thehill.com/opinion/technology/553891-our-cybersecurity-industry-best-practices-keep-allowing-breaches ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
45:60
May 31, 2021
Information Security Leadership with Special Guest Doug Turecek
This week, Adam and Andy talk with Doug Turecek. Doug has over 25 years of experience in information technology and is currently the Information Security Officer for Exact Sciences. They talk about what it's like to be a senior leader in information security including managing budgets, managing people, and managing expectations from other leaders in the business. If you're in leadership now or considering moving up the corporate ladder in information security, this is the episode for you! ---------------------------------------------- Youtube Video Link: https://youtu.be/6liR4S1Txns ---------------------------------------------- Documentation: Doug Turecek LinkedIn: https://www.linkedin.com/in/%C2%A9%EF%B8%8Fdoug-turecek-241847a/ ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
41:38
May 24, 2021
Colonial Pipeline and other news
This week, Adam and Andy talk about the Colonial Pipeline ransomware incident, the executive order President Biden signed on improving cybersecurity, and what infosec professional want to think about when it comes to their own defense and response to a ransomware incident. ---------------------------------------------- Youtube Video Link: https://youtu.be/OreXgsMp0Xs ---------------------------------------------- Documentation: Cyberspace Solarium Commission: https://www.solarium.gov/ CISA Alert (AA20-049A) Ransomware Impacting Pipeline Operations: https://us-cert.cisa.gov/ncas/alerts/aa20-049a Executive Order on Improving the Nation’s Cybersecurity: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:41
May 17, 2021
Security Change Management
This week Andy and Adam talk about security change management. Rolling  out a security change or a new security product can be difficult and  stressful if not done correctly. It's important to communicate those  changes for a smooth user experience. Listen in on tips that Andy and  Adam have learned throughout their careers. ---------------------------------------------- Youtube Video Link: https://youtu.be/pNmb0wINY3I ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
35:49
May 10, 2021
Browser Security
This week Andy and Adam talk about browser security. They break down why it's important to secure your browser's configuration and recommendations on settings for Edge, Chrome, and Firefox. They also dive into some thoughts on privacy and advertising data/telemetry. ---------------------------------------------- Youtube Video Link: https://youtu.be/rJrQrzlZaH4 ---------------------------------------------- Documentation: CISA Guidance: https://us-cert.cisa.gov/publications/securing-your-web-browser Edge Management: https://docs.microsoft.com/en-us/deployedge/configure-microsoft-edge Microsoft Defender Application Guard: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-windows-defender-application-guard Chrome Management: https://support.google.com/chrome/a/answer/9710898?hl=en Chrome Browser Cloud Management: https://support.google.com/chrome/a/answer/9116814?hl=en Firefox Management: https://support.mozilla.org/en-US/products/firefox-enterprise/policies-customization-enterprise ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
41:08
May 03, 2021
Mentorship with Special Guest Matt Wood
This week Andy and Adam chat with Matt Wood. Matt is an information security manager who was Andy's first mentor in infosec. They talk about the importance of mentorship, what the relationship is like, and how to go about finding a mentor. ---------------------------------------------- Youtube Video Link: https://youtu.be/VQeiA0b8WPs ---------------------------------------------- Documentation: Matt Wood LinkedIn: https://www.linkedin.com/in/matthewwood/ Twitter: https://twitter.com/matt_wood Cyber Mentor Dojo: https://app.cybermentordojo.com/ ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
36:48
April 26, 2021
M365 Productivity Tips and Tricks
This week, Adam and Andy take a break from security and give you their favorite tips and tricks for the M365 Suite. Hopefully you learn something and we'd love to hear your tips and tricks! Email us or send us a DM on Twitter. ---------------------------------------------- Youtube Video Link: https://youtu.be/iwpcXOZYZfo ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
33:55
April 19, 2021
Zscaler Security with Raja Khalid
This week, Adam and Andy chat with Raja on Zscaler, one of our favorite tools when it comes to DNS security (and more!). Zscaler is a scalable security tool that performs category and reputation filtering. It also does advance threat protection, malware sandboxing, DLP, CASB, and a unique take on VPN. ---------------------------------------------- Youtube Video Link: https://youtu.be/T1Rudo8mXss ---------------------------------------------- Documentation: Raja Khalid Email: rkhalid@zscaler.com ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
39:55
April 12, 2021
Mac Management with Special Guest Matthew Ward and Matt Benyo
This week, Adam and Andy are joined by Matthew Ward and Matt Benyo to talk about Mac Management. Macs are more and more important in enterprises and getting a hold on how to manage them instead of letting the be "the wild west" is extremely beneficial to both device management teams and information security. ---------------------------------------------- Youtube Video Link: https://youtu.be/KTmpdEF8NT4 ---------------------------------------------- Documentation: Leverage enterprise identity and authentication - WWDC 2020 - Videos - Apple Developer https://developer.apple.com/videos/play/wwdc2020-10139/?time=182 ⤴︎ 3:02 "Using local accounts on macOS is our recommendation whenever possible for 1:1 deployments." Matt Benyo https://www.linkedin.com/in/matthew-benyo/ https://twitter.com/mattbenyo Matthew Ward https://www.linkedin.com/in/mtward/ ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
56:14
April 05, 2021
How to get into cybersecurity and the skills you need
This week, Adam and Andy cover how people can break into the cybersecurity industry and the skills they might need prior to finding their first job. They cover a range of topics from basic technical knowledge to tools to soft skills to certifications and more. If you're looking at getting into the industry, this episode is for you! ---------------------------------------------- Youtube Video Link: https://youtu.be/kMN05pe0WnU ---------------------------------------------- Documentation: https://www.rangeforce.com/ https://tryhackme.com https://www.hackthebox.eu/ https://letsdefend.io/ https://docs.microsoft.com/en-us/learn/ ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
52:36
March 29, 2021
Azure Sentinel with Special Guest John Joyner
This week, Microsoft MVP John Joyner joins the show to talk about Azure Sentinel. If you're in the market for a SIEM or looking to bolster your security tools at your organization, we give you some ideas to think about when it comes to Azure Sentinel and how it can be a very cost-effective way to gain oversight on your company's security posture. ---------------------------------------------- Youtube Video Link: https://youtu.be/FBBYH__6DFo ---------------------------------------------- Documentation https://docs.microsoft.com/en-us/azure/sentinel/ Sentinel Ninja Training https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310 John Joyner: https://twitter.com/john_joyner ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
42:19
March 21, 2021
Physical Security with Special Guest Wesley Strey
This week, Andy is joined by Wesley Strey to talk about the subdomain of physical security. There are so many great parallels between information security and physical security. We hope listeners walk away with a better understanding of how physical security can affect your information security program. ---------------------------------------------- Youtube Video Link: https://youtu.be/w1l29YHGj3o ---------------------------------------------- Wesley Strey LinkedIn: https://www.linkedin.com/in/wesley-strey-psp-593503a5/ ---------------------------------------------- Contact: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
34:56
March 15, 2021
Say Goodbye to Domain Join with Special Guest Shannon Fritz
This week, Shannon Fritz joins the show to talk about device identity and why you should start joining your devices to Azure Active Directory. This show is jam packed full of information from dispelling some of the myths of Azure AD joining to what steps to take to begin your Azure AD join journey. We hope you enjoy listening! ---------------------------------------------- Youtube Video Link: https://youtu.be/iO5a21WJhiA ---------------------------------------------- Documentation Windows 10 Device Management vs Device Identity https://mrshannon.wordpress.com/2020/06/24/windows-10-device-management-vs-device-identity/ Shannon Fritz: https://twitter.com/mrshannonfritz ---------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
01:01:08
March 08, 2021
Cloud Application Security Brokers
This week, Adam and Andy talk about cloud application security brokers (CASB). The podcast is focused more around Microsoft Cloud App Security but the concepts and use cases can be applied to any CASB solution. ---------------------------------------------- Youtube Video Link: https://youtu.be/j43MFpxMsqE ---------------------------------------------- Documentation MCAS Ninja Training: https://techcommunity.microsoft.com/t5/microsoft-security-and/the-microsoft-cloud-app-security-mcas-ninja-training-is-here/ba-p/1877343 ---------------------------------------------- Contact: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
40:07
February 28, 2021
Password Managers
This week, Adam and Andy talk about password managers. They discuss on password managers can protect you from phishing attacks, pros/cons of storing your TOTP key within your vault, and compare three different popular password managers on the market: Lastpass, 1Password, and BitWarden. ---------------------------------------------- Youtube Video Link: https://youtu.be/op9TGKlRZDY ---------------------------------------------- Documentation https://blog.1password.com/totp-and-1password/ https://gmail.googleblog.com/2008/03/2-hidden-ways-to-get-more-from-your.html https://www.ghacks.net/2013/09/17/can-now-use-email-aliases-outlook-com/ ---------------------------------------------- Contact: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
40:24
February 22, 2021
What is EvilGinx and How do you protect against it?
This week, Adam and Andy talk about a Red Team/Pentesting tool called EvilGinx. They explain how this tool works and how cyber-criminals can use it to bypass MFA enabled accounts. Most importantly, they provide several ways to mitigate against this using enterprise driven phishing education campaigns, security awareness training, and device-based conditional access. ---------------------------------------------- Youtube Video Link: https://youtu.be/a2NLk0GnUJ8 ---------------------------------------------- Contact: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
41:38
February 15, 2021
Modern Device Management
This week, Adam and Andy go over modern device management. They discuss how to use device based conditional access to make access decisions on corporate or personal devices spanning different operating systems in the modern "work from home" and post-COVID world. ---------------------------------------------- YouTube Video Link: https://youtu.be/s46ZhXnngjg ---------------------------------------------- Documentation: Windows Autopilot https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot Apple Business Manager https://support.apple.com/guide/apple-business-manager/what-is-apple-business-manager-apdd344cdd9d/web Android Enterprise Enrollment https://www.android.com/enterprise/enrollment/ Android Device Manager Deprecation https://www.blog.google/products/android-enterprise/da-migration/ JAMF Apple Device Management https://www.jamf.com ---------------------------------------------- Contact: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ---------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/  Email: andy@bluesecuritypod.com ---------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
44:60
February 08, 2021
Real-world Ransomware Experience with Special Guest Gavin Ashton
This week, Adam and Andy speak with Stealthbits security strategist, Gavin Aston. Gavin wrote the blog "Maersk, me & notPetya" and brings a unique percepective to information security defense as someone who's survived a ransomware attack. Youtube Video Link Documentation: Maersk, me & notPetya Protecting Microsoft 365 from on-premises attacks Contact: Gavin Aston Twitter: @gvnshtn Andy Jaw Twitter: @ajawzero LinkedIn: andyjaw Email: andy@bluesecuritypod.com Adam Brewer Twitter: @ajbrewer LinkedIn: adambrewer Email: adam@bluesecuritypod.com ---------------------------------------------- Twitter: @bluesecuritypod Instagram: @bluesecuritypodcast Facebook: @bluesecpod
40:20
February 01, 2021
Application Security with Special Guest Tanya Janca
This week, Adam and Andy speak with application security guru, Tanya Janca, author of Alice and Bob learn Application Security. It was an amazing conversation where they touched on secure app design practices, password requirements, and infosec industry mentorship and education. Youtube Video Link Documentation: Alice and Bob learn Application Security We Hack Purple Academy We Hack Purple Youtube/Podcast Contact: Tanya Janca Twitter: @shehackspurple LinkedIn: tanya-janca Andy Jaw Twitter: @ajawzero LinkedIn: andyjaw Email: andy@bluesecuritypod.com Adam Brewer Twitter: @ajbrewer LinkedIn: adambrewer Email: adam@bluesecuritypod.com ---------------------------------------------- Twitter: @bluesecuritypod Instagram: @bluesecuritypodcast Facebook: @bluesecpod
59:11
January 25, 2021
Secure Messaging
This week, Adam and Andy go over some news about Microsoft Defender for Identity and Intel's new CPU ransomware protection. There was also some news about Whatsapp's new privacy policy. Adam and Andy dive into a comparison of the most popular secure messaging apps including an exploit that would affect all secure messengers. Documentation: Whatsapp's Updated Privacy Policy Signal Messenger Threem Messenger Secure Messaging Apps Comparison Contact: Twitter: @bluesecuritypod Instagram: @bluesecuritypodcast Andy Jaw Twitter: @ajawzero LinkedIn: andyjaw Email: andy@bluesecuritypod.com Adam Brewer Twitter: @ajbrewer LinkedIn: adambrewer Email: adam@bluesecuritypod.com
37:18
January 18, 2021
Solarwinds Revisited and Tech Policy under a Biden Administration
This week, Adam and Andy revisit some more guidance that has come out about Sunburst/Solarigate since the initial breach. Additionally, they share some thoughts about this week's insurrection at the US Capitol and the cybersecurity implications. Finally, with a Biden administration and a Democratic controlled government, Andy and Adam speculate on what might be taken up as priority when it comes to tech policy. Documentation: Microsoft Solarigate Resource Center Using Splunk to Detect Sunburst Backdoor Analyzing Solorigate, the compromised DLL file  that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers Using Microsoft 365 Defender to protect against Solorigate M365 advanced hunting queries Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers Protecting Microsoft 365 from on-premises attacks Contact: Twitter: @bluesecuritypod Instagram: @bluesecuritypodcast Andy Jaw Twitter: @ajawzero LinkedIn: andyjaw Email: andy@bluesecuritypod.com Adam Brewer Twitter: @ajbrewer LinkedIn: adambrewer Email: adam@bluesecuritypod.com
35:05
January 11, 2021
Information Security Tips & Tricks for Parents
Happy New Year! To ring in the new year, this week's episode focuses on parents who are working from home while having to help home school their kids as well. Adam and Andy go through a lot of tips and tricks that will help secure home networks, devices, and cloud accounts. Documentation: Setup OpenDNS Quad9 Disney Circle Eero Wifi How to change your wireless router's admin password 3-router method (Stacking routers for security) Ubiquiti Unifi Apple's Data Access when personal safety is at risk Microsoft Families Apple Families Google Families Contact: Twitter: @bluesecuritypod Instagram: @bluesecuritypodcast Andy Jaw Twitter: @ajawzero LinkedIn: andyjaw Email: andy@bluesecuritypod.com Adam Brewer Twitter: @ajbrewer LinkedIn: adambrewer Email: adam@bluesecuritypod.com
31:41
January 04, 2021
Merry Christmas! Learn how to spin up your own VM lab and dev environments
This holiday week, Adam and Andy give you some advice on how to spin up your own virtual machine lab and dev environment. They go through SaaS applications that have free dev environments as well as tools to use to manage VM's. They also give tips on what you can do with that lab environment from testing policies to managing devices in Intune and even learning about tools like Mimikatz and John the Ripper. Documentation: Lab Building Guide: Virtual Active Directory Script to spin up AD controllers quickly Microsoft Developer Subscription Android Images Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
33:46
December 27, 2020
Our thoughts on Fireeye, Solarwinds, and Sunburst
This week, Adam and Andy give you their thoughts on the Fireeye and Solarwinds breach. They also give defenders advice on immediate steps to help strengthen their organizations as well as some future insights on the direction security may be heading in terms on identity and device management. Finally, they give some thoughts on why it is important for security, business, and technical teams need to work as one cohesive unit in order to make security programs successful. Documentation: Unauthorized Access of FireEye Red Team Tools Check Point Response to FireEye Red Team Tools Leak CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor "The Chat" by Gavin Ashton Becoming resilient by understanding cybersecurity risks: Part 2 Detecting Abuse of Authentication Mechanisms by the NSA Protecting Microsoft 365 from on-premises attacks Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
34:26
December 21, 2020
Passwordless Authentication
Passwordless authentication is one of those rare features that strengthens security while making it easier for users to sign in. This week, Adam and Andy breakdown passwordless authentication options for enterprises in Windows, Azure AD, and other third party IDP's. They also address concerns about privacy when it comes to biometric data. Documentation: Windows Hello for Business Plan a passwordless authentication deployment in Azure Active Directory Passwordless authentication options for Azure Active Directory Factor Sequencing for Okta Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
38:03
December 14, 2020
Conditional Access
This is it! Adam and Andy are finally diving into conditional access. They give an overview on what conditional access is including different types of conditional access like user, sign-in, and device based. Stick around until the end where Adam gives a great overview on a new feature for Azure AD authentications called Continuous Access Evaluation that changes the duration authentication tokens and how they are evaluated. Documentation: Advancing Password Spray Attack Detection Continuous Access Evaluation in Azure AD is now in public preview! Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
34:56
December 07, 2020
Work from Home - Tips and Tricks
On this week's episode, Andy and Adam give you their tips and tricks for working from home. Having been in mature work from home company cultures, they have insights on what it was like pre and post pandemic. Enjoy! Documentation: Rework by Jason Fried and David Heinemeier Hansson Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
26:09
November 30, 2020
Our thoughts on Chris Krebs, Infosec Job Security, and Infosec Qualifications
On this week's episode, Andy and Adam give their thoughts on the firing of Chris Krebs, former director of CISA. They also talk about their opinions on whether a CISO should be fired after a cybersecurity breach. Finally, they discuss if people need to have technical degrees and what qualifications are required to be in infosec. Documentation: CISA's Statement on the Nov 3rd Election IT Director fired after ransomware attack Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
24:38
November 23, 2020
Active Directory Security with Special Guest Morgan Patzwald
This week, Morgan joins Adam and Andy on the podcast to discuss on-prem Active Directory security. They dive into administrator privileges, best practice for account creation, GPO's, and server admins. They also discuss the concept of Privileged Access Workstations (PAW). Documentation: Securing Privileged Access Privileged Access Workstations Morgan Patzwald Twitter: @morgancpatz Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
36:58
November 16, 2020
Single-Sign On (SSO) and Self-Service Password Reset (SSPR)
This week, Adam and Andy go over why you should think about using an Identity Provider (IDP) to onboard your SaaS apps to use SSO. They also talk about why it's really important to think about what IDP to go with prior to making a decision. Finally, they talk about SSPR and why it's important to implement this feature in your organization. Documentation: Azure AD SSO options Enable Azure SSPR Enable Okta SSPR Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
31:58
November 09, 2020
How did we get into information security and career progression advice
This week, Adam and Andy bring you a bonus episode where they talk about how they got into information security and offer advice on career progression in IT and cybersecurity. Documentation: Free Microsoft Developer's Environment Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
43:19
November 02, 2020
Ransomware protection - Part 4 - Windows 10 Security, Network Segmentation, Detection and Recovery
This week, Adam and Andy wrap up the ransomware series by first going over controlled folder access in Windows 10 security and Onedrive for Business Known Folder Move. They discuss network segmentation and go into tools and process for detection and incident response. Finally, they conclude with tips on business continuity and disaster recovery when it comes to ransomware and cybersecurity. Documentation: Controlled Folder Access Onedrive for Business Known Folder Move Azure ATP/Microsoft Defender for Identity Ransomware Decryptors Maersk NotPetya Blog Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
29:32
October 26, 2020
Ransomware Protection - Part 3 - Admin Rights, Email Protection, Phishing Training
This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into the concept of least privileged access and administrative rights, email protection solutions, and phishing/cybersecurity training program concepts for your company. Documentation: Exchange Online Protection Overview https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-worldwide Office 365 ATP https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
33:58
October 19, 2020
Ransomware Protection - Part 2 - EDR, Patching, and Pentesting
This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into EDR solutions, patching and vulnerability assessment management, and pentesting. Documentation: Maersk, me & notPetya: https://gvnshtn.com/maersk-me-notpetya/ The Untold Story of NotPetya, the Most Devastating Cyberattack in History: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
32:23
October 12, 2020
Ransomware Protection - Part 1 - Soft Skills and Endpoint Protection
Due to the recent ransomware attacks, Adam and Andy use this episode to kick off a series on how to protect your company from ransomware. We started with how security professionals need to have soft skills in order to be successful at any organization. We followed up with a deep dive on why we believe Microsoft Defender for Endpoint is the most cost effective solution you can deploy. Documentation: Microsoft Defender in a Sandbox: https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/ Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
33:33
October 05, 2020
Enabled MFA!
In this episode, Adam and Andy talk about why if you have not enabled MFA for your identity provider (IDP), this should be your top priority today. They also talk about steps for implementation and their thoughts on user documentation. Documentation: Zerologon Vulnerability https://www.secura.com/blog/zero-logon Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
30:47
September 28, 2020
Geo-restricting IP addresses, Password policies, Defense against password spray attacks
In this first episode, Adam and Andy discuss whether geo-restricting IP addressing is considered "good" security. They also discuss Azure AD password protection as a method to protect against password spraying attacks. Documentation:  Overview on Azure AD password protection: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-password-protection-is-now-generally-available/ba-p/377487   How to deploy Azure AD protection: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy  Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/
31:58
September 21, 2020