Cyber Speaks LIVE is a weekly InfoSec podcast series hosted by Duncan McAlynn (@infosecwar) and his special guest co-hosts, where YOU get to participate in the discussions with full video and audio. Following the live recording, we add the audio-only stream into our podcast feed for our awesome subscribers.
Cyber Speaks LIVE gives YOU, the InfoSec community, a voice that can be heard around the world!
Follow us on Twitter for upcoming guests announcements and live recording invites, @cyberspeakslive.
This week we get inside the head of red teamers by talking with Marcus and the guys about the latest edition of his book series, Tribe of Hackers - Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity. Beau and Phil get into the action as well, by sharing their unique perspectives as contributing co-authors to the book.
Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity
Phil's Pwn School Project:
Follow Them on Twitter:
Marcus - @marcusjcarey
Phil - @PhillipWylie
Beau - @dafthack
Fil & Stas, founders of the disruptive AttackForge platform, were recently presenting at Black Hat USA Arsenal telling their story about why pen testing is broken – a term we do hear often in security - and how they are trying to solve the problems.
In this episode of Cyber Speaks LIVE they shared their experiences and provided us with some keen insights for our listeners on this topic and provided a nice introduction to the AttackForge platform.
Recovered from the "missing episodes", in this special edition of Cyber Speaks LIVE, we're joined by MA Taylor, the highly acclaimed film director of #TheCreepyLine to discuss how YOU are for sale and the data privacy & protection implications of #Google and #Facebook. We examine everything from the Cambridge Analytica scandal to confirmation bias to election manipulations and SO much more! This is a NOT TO BE MISSED episode!
*This is a special edition of Cyber Speaks LIVE, recovered from the archives.* In this episode we are joined by 34-year veteran of the NSA and now Center for Internet Security (CIS) Senior VP & Chief Evangelist, Tony Sager to discuss the history and formation of SANS Top 20 and how it's evolved into today's CIS Top 20 Security Controls and what Tony and the organization (along with hundreds of volunteers around the globe) are doing to help organizations of all sizes help protect and defend themselves.
Troy Hunt joins Cyber Speaks LIVE as a special guest co-host to discuss recent data breaches, personal information protection and measures we can take to help protect our personal and corporate online identities.
Troy is the founder of the wildly popular website, Have I Been Pwned (HIBP, https://haveibeenpwned.com), a free service that aggregates data breaches and helps people establish if they've been impacted by malicious activity on the web.
He is also an Australian Microsoft Regional Director, a Microsoft Most Valuable Professional (MVP) and a brilliant Pluralsight instructor.
Links mentioned in the episode:
Have I Been Pwned website: https://haveibeenpwned.com
Troy's blog: https://troyhunt.com
Troy's Twitter: https://twitter.com/troyhunt
Have I Been Pwned Twitter: https://twitter.com/haveibeenpwned
Security.txt File Search Engine: https://crawler.ninja
The Creepy Line Documentary Film: https://thecreepyline.com
Ann Johnson, Corporate Vice-President of Cybersecurity at Microsoft, joins us to talk about how the company has transformed itself into a global security leader and how machine learning & artificial intelligence come into play. We also discuss Women in Tech, Motherhood and how diversity is critical in InfoSec.
Links referenced in this episode:
Security Advisor Alliance
Microsoft Software & Systems Academy
This episode proudly sponsored by Ivanti - makers of industry leading, enterprise-ready 3rd party patch management solutions for Microsoft System Center Configuration Manager. Find out more at: https://www.ivanti.com/products/patch-management-for-sccm
In this lively episode, fellow Irishman, Joe Carson, and I discuss a variety of inter-related cybersecurity topics with regards to the overarching theme of Insider Threats. We covered a lot of ground in a short time. Check it out!
## Here's the episode timeline:
12:52 - Vendors talking risk.
17:44 - Business Risk
21:54 - Cyber Security Frameworks
24:46 - Insider Threats
33:50 - Cyber Insurance Fraud
35:54 - Data Classification & Shadow IT
48:15 - Q&A (Don't skip this!)
Joseph Carson has more than 25 years of experience in enterprise security, an InfoSec award winner, author of Privileged Account Management for dummies and Cybersecurity for dummies. He is a CISSP and an active member of the cybercommunity, speaking at conferences globally. He’s a cybersecurity advisor to several governments, as well as critical infrastructure, financial, and maritime industries.
## Joe's Book, Least Privilege for Dummies
## Start a Privilege Manager Cloud Trial
In this episode, I'm joined by Gary R. Hayslip, Cybersecurity Strategist & CISO. Together we discuss the global impact of cybersecurity mergers & acquisitions, along with the impact that they are having on today's CISOs.
With over 25 years of information technology, security leadership, and risk management experience, Hayslip has an exceptional record of success leading multiple, diverse cross-functional security and risk governance teams in the planning, analyzing and implementation of information security programs to support organizational business objectives. Hayslip is a proven cybersecurity professional; he has established a reputation as a highly skilled communicator, author, and keynote speaker. Hayslip has developed the ability to work within all business channels of an organization and is extremely effective in communicating the nuances of cybersecurity in business/risk terms for executive management and boards of directors.
Hayslip’s previous executive roles include multiple CISO, CIO, Deputy Director of IT and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software. In all of these roles, Hayslip led diverse teams of 10 – 300 employees and built information technology and security programs from the ground up. He partnered with software development and agile teams, integrating security into innovative workflows and new services. Hayslip collaborated with customers, strategic partners, and executive leadership teams on the deployment of new products, merger & acquisition due diligence services, and the management of his organizations business risks.
Hayslip recently co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, which are considered among the leading books on enabling CISOs to expand their leadership and business expertise. He serves as an EvoNexus Selection Committee member, where he reviews and mentors cybersecurity and Internet-of-Things startups. He sits on the board of directors for both the Cyber Center of Excellence and Infragard’s San Diego chapter. Hayslip is an active member of the professional organizations ISC2, ISSA, ISACA, OWASP, and Infragard. He currently holds several professional certifications, including CISSP, CISA, and CRISC. Hayslip has a BS in information systems management from UMUC and an MBA from San Diego State University.
LinkedIn Profile: http://www.linkedin.com/in/ghayslip
After discovering her own intimate images online without consent, Katelyn Bowden, a bartender and single mother from Ohio, formed B.A.D.A.S.S. (Battling Against Demeaning And Abusive Selfie Sharing), a nonprofit coalition of NCP victims working together to fight back against the practice.
While she remains the CEO of B.A.D.A.S.S., and manages all of the organizations projects and goals, her strength and focus lies in Open-Source Intelligence (OSINT), civilian cyber security education, law enforcement training and investigations. In less than two short years, she, along with the amazing humans involved with her organization, have managed to not only help thousands of NCP victims, but to change the landscape of online sexual abuse.
In this episode, Katelyn shares with us her pro tips for conducting OSINT investigations, along with how to protect yourself against NCP.
Katelyn's social links:
In this episode, we're joined by the prince of cyber podcasting, Jack Rhysider, host of Darknet Diaries. Jack takes us through the process of bringing you into his mind theater as he is researching, interviewing folks and creating his hugely popular podcast series.
Jack Rhysider is a veteran to the security world. He gained his professional knowledge of security by working in a Security Operations Center for a Fortune 500 company, a place to where threats are detected and stopped. During that time he was exposed to hundreds of client’s networks ranging from schools, to government, to banks, and commercial organizations. Now Jack spends his time making the Darknet Diaries podcast.
You can follow Jack on Twitter at: https://twitter.com/jackrhysider
Stream his podcast from your favourite platform or from: https://darknetdiaries.com/
In this episode, I am joined by the lovely Tracy Maleeff, better known in our circles as @InfoSecSherpa. We discuss career development and transition along with the importance of building bridges to close the gaps between InfoSec groups and our users. Tracy also shares with us how she's successfully built security awareness training programmes and other trainings for her companies and community. Before closing out, Tracy shares her one bit of advice for anyone seeking to get into the InfoSec field.
More about her:
Tracy Z. Maleeff, @InfoSecSherpa, is a GIAC GSEC certified Cyber Analyst in the Security Operations Center for a global company. Prior to joining the Information Security industry, Tracy worked as a librarian in academic, corporate, and private law firm libraries. While a member of the Special Libraries Association, Tracy received the Dow Jones Innovate Award, the Wolters Kluwer Law & Business Innovations in Law Librarianship award, and was named a Fellow. She has presented at many conferences, both Library & Information Science as well as Information Security, on topics ranging from social media, networking, research strategies, and security awareness. She received the Women in Security Leadership Award from the Information Systems Security Association and is very active in the Info Sec community. Tracy holds a Master of Library and Information Science degree from the University of Pittsburgh, as well as undergraduate degrees from both Temple University (magna cum laude), and the Pennsylvania State University.
In this episode I'm honored to be joined by Roger A. Grimes, famed KnowBe4 evangelist, to discuss:
Top 3 Cyber Clusters of the week 1:00
Nine kinds of malware (literally!)
A flashback to the Microsoft Trustworthy Computing Initiative
Revisited WannaCry two years later - have we learned anything?
Debate whether Marcus Hutchins is a hero or a zero
Top 3 Cyber Clusters (1:00)
Roger Intro (7:00
9 Types of Malware & How to Detect & Defeat Them (9:56)
WannaCry Revisited (48:48)
Marcus Hutchins (52:31)
Kevin Mitnick (56:27)
About KnowBe4 (1:03:37)
9 Types of Malware & How to Detect & Defeat Them
1. Viruses 12:13
2. Worms 16:13
(Sidebar: Trustworthy Computing Initiative 17:53)
3. Trojans 12:42
4. Hybrids/Exotic Forms 27:54
(Sidebar: Botnets 27:07)
5. Ransomware 31:33
6. File-less (In-Memory Injection) 38:27
7. Adware 40:08
8. Malvertising 43:00
(Sidebar: 3rd Party Patching 45:18)
9. Spyware 47:15
CSO Online: 9 types of malware and how to recognize them
Think you know your malware? Here's a refresher to make sure you know what you're talking about — with basic advice for finding and removing malware when you've been hit
Continuing our recent “community matters” theme, I invite the team behind the scenes of BSides San Antonio event to talk about the history and legacy of BSides and what makes these security conferences held around the world so unique and so special to us all. And, we have a very honored guest surprise the team with his cameo appearance on the show! Mr. Jack Daniel, co-founder of Security BSides! What an honor!
In this inaugural episode of Cyber Speaks LIVE, I sit down with Marcus J Carey, CEO of Threatcare and Co-Author of Tribe of Hackers, to talk with our live audience about his growing up in Texas, doing crypto-communications in the US Navy, running a cyber startup and the birth of Tribe of Hackers. Marcus kindly takes questions from our audience that leads to some lively debate and engagement.