Skip to main content
CyberSpeaksLIVE

CyberSpeaksLIVE

By CyberSpeaksLIVE

CyberSpeaksLIVE is an InfoSec podcast series hosted by Duncan McAlynn (@infosecwar) and his special guest co-hosts, where YOU get to participate in the discussions with full video and audio. Following the live recording, we add the audio-only stream into our podcast feed for our awesome subscribers.

CyberSpeaksLIVE gives YOU, the InfoSec community, a voice that can be heard around the world!

Follow us on Twitter for upcoming guests announcements and live recording invites, @cyberspeakslive.
Listen on SpotifySend voice message
Available on
Apple Podcasts Logo
Google Podcasts Logo
Overcast Logo
PodBean Logo
RadioPublic Logo
Spotify Logo
Report content on Spotify
Currently playing episode

She Hacks Purple with Tanya Janca

CyberSpeaksLIVEFeb 02, 2022

00:00
01:09:14
She Hacks Purple with Tanya Janca

She Hacks Purple with Tanya Janca

All things AppSec and Purple Teaming with Tanya Janca, founder of the We Hack Purple community platform.

Feb 02, 202201:09:14
Tribe of Hackers - Blue Team Edition

Tribe of Hackers - Blue Team Edition

In this lively episode we speak with several contributing authors of the wildly popular TRIBE OF HACKERS - BLUE TEAM EDITION book. 

Feb 01, 202201:04:55
ICS, DFIR and PancakesCon with Lesley Carhart (Hacks4Pancakes)

ICS, DFIR and PancakesCon with Lesley Carhart (Hacks4Pancakes)

Lesley Carhart (@hacks4pancakes) joins us for the reboot of CyberSpeaksLIVE featuring Alethe Denis (@alethedenis) as our new co-host. 

Lesley is a Principal Industrial Incident Responder at the industrial cybersecurity company Dragos, Inc. She has spent more than a decade of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. She is also the founder of the PancakesCon virtual conference occurring on Sunday 3/21/21. Details about events, villages, talks, and miscellany are available on the website: pancakescon.com or by following the event on Twitter (@PancakesCon). 

In her free time (when she has it), she enjoys various martial art forms an quite skilled with a blade. She also teaches the discipline of martial arts to the younger generations. 


Mar 18, 202101:13:33
OSINT-Powered Social Engineering with Joe Gray (The Lost Tapes)

OSINT-Powered Social Engineering with Joe Gray (The Lost Tapes)

Joe Gray is a passionate Information Security professional, mentor, and public speaker on the topics of OSINT and Social Engineering techniques and methodology. During this episode, Joe shares his insights with our listeners on the tools and techniques to become a social engineering professional using OSINT-powered methods. 

Please note, this episode has a special intro featuring Adrian Korn from TraceLabs (https://tracelabs.org), a non-profit organization that assists law enforcement agencies locate missing persons through crowd sourced OSINT research and capture-the-flag style online events.

Joe's Upcoming Book:
Practical Social Engineering
https://www.amazon.com/Practical-Social-Engineering-Joe-Gray-ebook/dp/B085BW1P6R/

Social Connections:
Twitter:
https://twitter.com/C_3PJoe
https://twitter.com/TheOSINTion
LinkedIn:
https://www.linkedin.com/in/joegrayinfosec/

Sep 07, 202001:18:17
Giving a Winning Conference Talk with InfosecWar & Ell_o_Punk

Giving a Winning Conference Talk with InfosecWar & Ell_o_Punk

In this episode our hosts, Duncan McAlynn (@infosecwar) and @Ell_o_Punk, discuss what it takes to give a winning talk at industry conferences, along with questions & answers from our live online audience.  Topics covered include: Background Story Secrets of a Great Talk Choosing Your Topic Writing a Great Abstract Audience Participation Tips for Slide Decks Before Your Talk While on Stage After Your Talk Virtual Conference Considerations Tools of the Trade Like the episode? Keep the conversation going with the hashtag #winningtalks.
Aug 20, 202001:21:19
Offensive Security OSCP Exam Review

Offensive Security OSCP Exam Review

Aug 14, 202001:04:28
Mental Health in InfoSec with Alethe Denis

Mental Health in InfoSec with Alethe Denis

::TALKING POINTS::

  • Mental Health in the Hacking Community and Globally
  • Social Engineering Your Own Mindset
  • Innocent Lives Foundation
  • TraceLabs
  • Mental Health and Wellness for Volunteers
  • Tribe of Hackers

Alethe Denis is a social engineer who specializes in open-source intelligence (OSINT) and phishing, specifically voice elicitation or phishing over the phone. Awarded a DEF CON Black Badge at DEFCON 27 for Winning the Social Engineering Capture the Flag (SECTF) contest, she is the VP of Dragonfly Security, CFO of PENGUIN, Voice & Data Services and a Founding Member of the DC209 DEFCON Group.

She's presented at BSides San Francisco, the Layer 8 Conference, and WHackzCon as well as joined panels at DerbyCon and the Human Firewall Event. Most recently, she and her team 'Password Inspection Agency' placed Second in the TraceLabs Global Missing Persons OSINT CTF V. She also volunteers as a TraceLabs content contributor and judge (when she’s not competing) and is an Innocent Lives Foundation Advocate creating awareness of the Innocent Lives Foundation Mission.

::LINKS::


Aug 05, 202055:15
Edu, Certs or Exp: Which Matters Most?

Edu, Certs or Exp: Which Matters Most?

Mar 17, 202001:04:09
Kushtaka: High-Fidelity Sensors for Under-Resourced Blue Teams

Kushtaka: High-Fidelity Sensors for Under-Resourced Blue Teams

This week we are joined by Jared Folkins (@JF0LKINS) as he introduces us to his open source honeypot sensor system, Kushtaka, that helps you detect cyber attackers before they become entrenched.

Jared will be joined by Nathan McNulty (@nathanmcnulty), to give his firsthand account of using Kushtaka in production.

This week we also introduce a new segment where we'll be highlighting a non-profit charity or upcoming conference each episode. This week we'll be talking with wirefall, founder of @Dallas_Hackers and board member @BSidesDFW.

About Jared:
After surviving the dot-com crash of the late 90s, Jared Folkins went on to have a long career in systems and programming. In 2013 he turned a hobby into a career and has never looked back. Known for having technical chops and a high emotional IQ, he enjoys working with those who prioritize goals and people, while placing egos last.

He currently Red Teams for ThreatHound.com, Blue Teams for Bend La Pine Schools, and breaks down software while building up people at OpsecEdu.com.

If you want his help or you just need a new InfoSec friend, contact him at JaredFolkins.com.

Connect with Jared:
LinkedIn - https://www.linkedin.com/in/jared-folkins-b18783179/
Twitter - @JF0LKINS

Feb 20, 202058:10
Healthcare and IoT Device Security with Jennifer Reicherts, CEH

Healthcare and IoT Device Security with Jennifer Reicherts, CEH

In this episode, we are joined by IoT security practitioner, Jennifer Reicherts. Jennifer currently works as a Senior Information Security Analyst for an independent Children's Hospital Network in Minneapolis, MN where she is using her passion for protecting patient care by applying her skills in the areas of IoT technology, Incident Response, Threat Intelligence, and Security Training. Jennifer has spoken on the topic of the cybersecurity risks of IoT in Healthcare at conferences as well as private events. She is a Certified Ethical Hacker, an Executive Board Member of her local InfraGard Member Alliance, and most recently will be joining a planning committee for the most popular cybersecurity event in Minnesota.

Links mentioned in the show:
www.iamthecavalry.org/wp-content/uploads/2016/01/I-Am-The-Cavalry-Hippocratic-Oath-for-Connected-Medical-Devices.pdf
www.newamerica.org/cybersecurity-initiative/reports/do-no-harm-20/
www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf
Feb 20, 202049:35
Azure Security Center with Yuri Diogenes

Azure Security Center with Yuri Diogenes

In this episode, we are joined by the legendary Yuri Diogenes, Sr. Program Manager for Microsoft's Azure Security Center (ASC) product. Yuri has literally written the book on the subject and shares with us his keen insights into the platform, as well as CSPM and CWPP scenarios. 

Here are some important links that Yuri has also shared with us:

Also be sure to grab a copy of Yuri's print or electronic book, Microsoft Azure Security Center 2nd Edition, from MS Press for 30% off during checkout using the special Cyber Speaks LIVE discount code, AZURESEC:
https://www.microsoftpressstore.com/store/microsoft-azure-security-center-9780135752036. (Valid thru Nov. 28, 2019 only.) 

PLEASE, also listen to and share the Ryen Macababbad episode on Vets in Cyber. It is probably the most important episode we've recorded to-date.

The Azure product updates website mentioned during the show is available at: https://azurecharts.com. Enjoy!

And, thank you to Nick Espinosa for providing data regarding the breaches of the week. Be sure to follow him on Twitter: @NickAEsp



Dec 02, 201901:01:36
Live from Microsoft Ignite - Cybersecurity in Local Government

Live from Microsoft Ignite - Cybersecurity in Local Government

In this special episode recorded live from #MSIgnite, I'm joined by Charles Burton of the Calcasieu Parish Police Jury and Mark Simos of Microsoft to discuss the topic of cybersecurity best practices in local governments.
Be sure to connect with our guest co-hosts and thank them for their appearance on the show:
Charles Burton
Information Technology Director, Calcasieu Parish Police Jury
www.linkedin.com/in/cburton/
@CharlieBurton
Mark Simos
Lead Cybersecurity Architect, Microsoft
www.linkedin.com/in/marksimos/
@MarkSimos
Nov 16, 201901:00:00
Transitioning Our Nation’s Vets into Cybersecurity with Sgt. Ryen Macababbad of Microsoft

Transitioning Our Nation’s Vets into Cybersecurity with Sgt. Ryen Macababbad of Microsoft

With Veteran's Day upon us, I was truly blessed to be joined by US Army veteran Sgt. Ryen Macababbad from Microsoft to discuss veteran transition to civilian life and the crisis facing our nation with veteran suicide rates. This is my proudest episode yet. Please listen, like and share. You never know who may need to hear the message that Ryen is sharing.
Show references:
Veteran's Suicide Prevention Hotline: 1-800-273-8255
Connect with Ryen on Twitter:

twitter.com/Ryen_Mac (@ryen_mac)

LinkedIn's program to support US veterans:

socialimpact.linkedin.com/programs/veterans

Daniel Savage on LinkedIn:

blog.linkedin.com/author/d/daniel-savage

Microsoft Transition Program for Veterans, servicemembers, and military spouses

aka.ms/mssa

The Ultimate LinkedIn Cheat Sheet

www.linkedin.com/pulse/ultimate-linkedin-cheat-sheet-michael-quinn

Purepost military translation tool

www.purepost.co/
Nov 07, 201928:36
Tribe of Hackers - Red Team Edition featuring Marcus J Carey, Beau Bullock and Phillip Wylie

Tribe of Hackers - Red Team Edition featuring Marcus J Carey, Beau Bullock and Phillip Wylie

Sep 23, 201957:51
Why Pentesting is Broken Today with the AttackForge Team

Why Pentesting is Broken Today with the AttackForge Team

Fil & Stas, founders of the disruptive AttackForge platform, were recently presenting at Black Hat USA Arsenal telling their story about why pen testing is broken – a term we do hear often in security - and how they are trying to solve the problems.
In this episode of Cyber Speaks LIVE they shared their experiences and provided us with some keen insights for our listeners on this topic and provided a nice introduction to the AttackForge platform.

Sep 11, 201901:05:55
The Creepiness Behind Facebook and Google with Film Director M.A. Taylor

The Creepiness Behind Facebook and Google with Film Director M.A. Taylor

In this special edition of Cyber Speaks LIVE, we're joined by MA Taylor, the highly acclaimed film director of #TheCreepyLine to discuss how YOU are for sale and the data privacy & protection implications of #Google and #Facebook. We examine everything from the Cambridge Analytica scandal to confirmation bias to election manipulations and SO much more! This is a NOT TO BE MISSED episode! 
Aug 14, 201901:01:46
Cybersecurity Best Practices and Controls with Tony Sager of the Center for Internet Security (CIS)

Cybersecurity Best Practices and Controls with Tony Sager of the Center for Internet Security (CIS)

*This is a special edition of Cyber Speaks LIVE, recovered from the archives.* In this episode we are joined by 34-year veteran of the NSA and now Center for Internet Security (CIS) Senior VP & Chief Evangelist, Tony Sager to discuss the history and formation of SANS Top 20 and how it's evolved into today's CIS Top 20 Security Controls and what Tony and the organization (along with hundreds of volunteers around the globe) are doing to help organizations of all sizes help protect and defend themselves. 
Aug 07, 201953:45
Data Beaches and Protecting Your Personal Data with Troy Hunt of haveibeenpwnd.com

Data Beaches and Protecting Your Personal Data with Troy Hunt of haveibeenpwnd.com

Troy Hunt joins Cyber Speaks LIVE as a special guest co-host to discuss recent data breaches, personal information protection and measures we can take to help protect our personal and corporate online identities.

Troy is the founder of the wildly popular website, Have I Been Pwned (HIBP, https://haveibeenpwned.com), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web.

He is also an Australian Microsoft Regional Director, a Microsoft Most Valuable Professional (MVP) and a brilliant Pluralsight instructor.

Links mentioned in the episode:
Have I Been Pwned website: haveibeenpwned.com
Troy's blog: troyhunt.com
Troy's Twitter: twitter.com/troyhunt
Have I Been Pwned Twitter: twitter.com/haveibeenpwned
Security.txt File Search Engine: crawler.ninja
The Creepy Line Documentary Film: thecreepyline.com
Jul 19, 201901:00:22
Ann Johnson Discusses Microsoft Cybersecurity, AI, Women in Tech & Diversity

Ann Johnson Discusses Microsoft Cybersecurity, AI, Women in Tech & Diversity

Jul 12, 201954:32
Insider Threats and the Science of How to Stop Them with Joe Carson of Thycotic

Insider Threats and the Science of How to Stop Them with Joe Carson of Thycotic

In this lively episode, fellow Irishman, Joe Carson, and I discuss a variety of inter-related cybersecurity topics with regards to the overarching theme of Insider Threats. We covered a lot of ground in a short time. Check it out!  ## Here's the episode timeline: 12:52 - Vendors talking risk. 17:44 - Business Risk 21:54 - Cyber Security Frameworks 24:46 - Insider Threats 33:50 - Cyber Insurance Fraud 35:54 - Data Classification & Shadow IT 48:15 - Q&A (Don't skip this!) #About Joe: Joseph Carson has more than 25 years of experience in enterprise security, an InfoSec award winner, author of Privileged Account Management for dummies and Cybersecurity for dummies.  He is a CISSP and an active member of the cybercommunity, speaking at conferences globally.  He’s a cybersecurity advisor to several governments, as well as critical infrastructure, financial, and maritime industries. ## Joe's Book, Least Privilege for Dummies ## Start a Privilege Manager Cloud Trial 
Jul 01, 201958:03
Cyber Acquisitions and Their Impact on the Industry with Gary Hayslip

Cyber Acquisitions and Their Impact on the Industry with Gary Hayslip

In this episode, I'm joined by Gary R. Hayslip, Cybersecurity Strategist & CISO. Together we discuss the global impact of cybersecurity mergers & acquisitions, along with the impact that they are having on today's CISOs.  With over 25 years of information technology, security leadership, and risk management experience, Hayslip has an exceptional record of success leading multiple, diverse cross-functional security and risk governance teams in the planning, analyzing and implementation of information security programs to support organizational business objectives. Hayslip is a proven cybersecurity professional; he has established a reputation as a highly skilled communicator, author, and keynote speaker. Hayslip has developed the ability to work within all business channels of an organization and is extremely effective in communicating the nuances of cybersecurity in business/risk terms for executive management and boards of directors. Hayslip’s previous executive roles include multiple CISO, CIO, Deputy Director of IT and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software. In all of these roles, Hayslip led diverse teams of 10 – 300 employees and built information technology and security programs from the ground up. He partnered with software development and agile teams, integrating security into innovative workflows and new services. Hayslip collaborated with customers, strategic partners, and executive leadership teams on the deployment of new products, merger & acquisition due diligence services, and the management of his organizations business risks. Hayslip recently co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, which are considered among the leading books on enabling CISOs to expand their leadership and business expertise. He serves as an EvoNexus Selection Committee member, where he reviews and mentors cybersecurity and Internet-of-Things startups. He sits on the board of directors for both the Cyber Center of Excellence and Infragard’s San Diego chapter. Hayslip is an active member of the professional organizations ISC2, ISSA, ISACA, OWASP, and Infragard. He currently holds several professional certifications, including CISSP, CISA, and CRISC. Hayslip has a BS in information systems management from UMUC and an MBA from San Diego State University. LinkedIn Profile: http://www.linkedin.com/in/ghayslip Twitter: @ghayslip
Jun 22, 201956:24
Jack Rhysider of Darknet Diaries Talks Podcasting, Prison and Intel Sharing

Jack Rhysider of Darknet Diaries Talks Podcasting, Prison and Intel Sharing

In this episode, we're joined by the prince of cyber podcasting, Jack Rhysider, host of Darknet Diaries. Jack takes us through the process of bringing you into his mind theater as he is researching, interviewing folks and creating his hugely popular podcast series. 

About Jack

Jack Rhysider is a veteran to the security world. He gained his professional knowledge of security by working in a Security Operations Center for a Fortune 500 company, a place to where threats are detected and stopped. During that time he was exposed to hundreds of client’s networks ranging from schools, to government, to banks, and commercial organizations. Now Jack spends his time making the Darknet Diaries podcast. 

You can follow Jack on Twitter at:  https://twitter.com/jackrhysider 

Stream his podcast from your favourite platform or from:  https://darknetdiaries.com/ 


Jun 07, 201958:10
Cyber Career Development and Overcoming the Challenges with InfoSecSherpa

Cyber Career Development and Overcoming the Challenges with InfoSecSherpa

In this episode, I am joined by the lovely Tracy Maleeff, better known in our circles as @InfoSecSherpa. We discuss career development and transition along with the importance of building bridges to close the gaps between InfoSec groups and our users. Tracy also shares with us how she's successfully built security awareness training programmes and other trainings for her companies and community. Before closing out, Tracy shares her one bit of advice for anyone seeking to get into the InfoSec field.  More about her: Tracy Z. Maleeff, @InfoSecSherpa, is a GIAC GSEC certified Cyber Analyst in the Security Operations Center for a global company. Prior to joining the Information Security industry, Tracy worked as a librarian in academic, corporate, and private law firm libraries. While a member of the Special Libraries Association, Tracy received the Dow Jones Innovate Award, the Wolters Kluwer Law & Business Innovations in Law Librarianship award, and was named a Fellow. She has presented at many conferences, both Library & Information Science as well as Information Security, on topics ranging from social media, networking, research strategies, and security awareness. She received the Women in Security Leadership Award from the Information Systems Security Association and is very active in the Info Sec community. Tracy holds a Master of Library and Information Science degree from the University of Pittsburgh, as well as undergraduate degrees from both Temple University (magna cum laude), and the Pennsylvania State University.
Jun 03, 201959:24
Dissecting Malware Variants and Defenses with Roger Grimes of KnowBe4

Dissecting Malware Variants and Defenses with Roger Grimes of KnowBe4

In this episode I'm honored to be joined by Roger A. Grimes, famed KnowBe4 evangelist, to discuss: Nine kinds of malware (literally!)  A flashback to the Microsoft Trustworthy Computing Initiative  Revisited WannaCry two years later - have we learned anything?  Debate whether Marcus Hutchins is a hero or a zero Episode Timeline: Top 3 Cyber Clusters (1:00) Roger Intro (7:00 9 Types of Malware & How to Detect & Defeat Them (9:56) WannaCry Revisited (48:48) Marcus Hutchins (52:31) Kevin Mitnick (56:27) About KnowBe4 (1:03:37) 9 Types of Malware & How to Detect & Defeat Them      1. Viruses 12:13      2. Worms 16:13 (Sidebar: Trustworthy Computing Initiative 17:53)      3. Trojans 12:42      4. Hybrids/Exotic Forms 27:54 (Sidebar: Botnets 27:07)      5. Ransomware 31:33      6. File-less (In-Memory Injection) 38:27      7. Adware 40:08      8. Malvertising 43:00 (Sidebar: 3rd Party Patching 45:18)      9. Spyware 47:15 CSO Online: 9 types of malware and how to recognize them Think you know your malware? Here's a refresher to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit https://www.csoonline.com/article/2615925/security-your-quick-guide-to-malware-types.html
May 18, 201901:08:12
Security BSides co-founder, Jack Daniel and the BSides SATX Team Talking About Why Community Matters

Security BSides co-founder, Jack Daniel and the BSides SATX Team Talking About Why Community Matters

Continuing our recent “community matters” theme, I invite the team behind the scenes of BSides San Antonio event to talk about the history and legacy of BSides and what makes these security conferences held around the world so unique and so special to us all. And, we have a very honored guest surprise the team with his cameo appearance on the show! Mr. Jack Daniel, co-founder of Security BSides! What an honor!
May 09, 201952:08
Marcus Carey, CEO Threatcare and Founder of the Tribe of Hackers

Marcus Carey, CEO Threatcare and Founder of the Tribe of Hackers

In this inaugural episode of Cyber Speaks LIVE, I sit down with Marcus J Carey, CEO of Threatcare and Co-Author of Tribe of Hackers, to talk with our live audience about his growing up in Texas, doing crypto-communications in the US Navy, running a cyber startup and the birth of Tribe of Hackers. Marcus kindly takes questions from our audience that leads to some lively debate and engagement.
May 06, 201953:22