Sittadel Podcast

Think of the CMMC like HIPAA for companies that work with the Department of Defense. It's a seemingly-endless list of concerns to juggle when planning a CMMC compliance journey, and the guides for getting started are overwhelming.  If you can make it past the Special Publications (like NIST 800-53 and 800-171), there are maturity levels to manage and DFARS requirements, and waiting at the finish line is the promise of legal ramifications if you did the whole thing wrong. 

In this episode, Nate and Joshua find a loophole to bring their Tye Dye Lazer Gun business to market without going through all the hassle that comes along with CMMC.  We're thankful that Joy Beland was there to talk us through our decision making process.

Joy seems to know everything about CMMC, which perfectly suites her as she travels around to meet with MSPs about their compliance concerns and runs the CMMC Boot Camp for Edwards Performance Solutions.  Joy Beland is easy to find on LinkedIn, and you can find more information about her boot camp at https://edwps.com.

For more titilating CMMC content, head over to www.sittadel.com, tweet us @sittadelpodcast, and send your questions to ask[at]sittadel.com.

It's Valentine's Day, and love is in the air in the Sittadel Podcast.  The birds are chirping, the phishers are rhythmically clacking away on their mechanical keyboards, and somewhere in the distance the cryptominers are buzzing away in a misconfigured S3 bucket.  On this very romantic episode of the Sittadel Podcast, Joshua tricks a Board-Certified Behavior Analyst into discussing cybersecurity for a solid hour.  

But this isn't just any run of the mill Security Awareness Training conversation.  This is a hot and heavy discussion between Joshua "Statistically Average in Height" Sitta and Joanna "The Perfect 10" Sitta.  To set the mood, Joanna explains the origins of Applied Behavior Analytics and gives us a crash course in behavior interventions.

The two discuss the fallacies of "Don't Click the Link" training and talk through two examples of pitfalls organizations wander into while dealing with the problem of phishing emails.  Always searching for Joanna's approval, Joshua finishes out the show by laying out his blueprint for effective Security Awareness Training. 

In this episode, we discuss Security Awareness Training, Phishing Emails, The Nigerian Prince scam, Spearphishing emails, the importance of data relevance, Hook Security, simulated phishing campaigns, and tikka masala.  For more Indian food recipes, head over to www.sittadel.com or send an email to Ask[at]Sittadel[dot]com.

In this episode of the Sittadel Podcast, Joshua came prepared with an extreme approach to cybersecurity incident handling.  In May of 2019, Israel Defense Force (IDF) shut down the attacks of Hamas cyber operatives.  Joshua had planned to talk through the implications of moving from a digital series of events to a physical series of events.  His notes on what can be learned about the moments after a cyberattack would have been valuable to hear.

Unfortunately, Joshua wasn't prepared for when Nate brought up the logistics of time travel.  It was all over after that.  Instead of predefined communication channels or incident severity matrices and escalation procedures, the conversation never returned from space.

If only this was covered in his response plan...

We're back from our long holiday break with some exciting news about 2020's most notorious ransomware gang: REvil.  X-Force, IBM's threat intelligence offering, reports that 36% of REvil's victims paid their ransom and at least 12% of victims watched as their sensitive stolen data was auctioned off to the highest bidders on the dark web between 2019 and 2020. 

REvil's back in the headlines, but this time the story is a little different.  After a string of law enforcement activity that pushed the gang further into obscurity, the nations of Russia and the United States have held hands to bring the ransomware group to justice.  It's a story almost too good to be true. 

Listen in as Nate and Joshua discuss the wild variance in numbers reported by differing news outlets, as they put on their tinfoil hats, and hear a word straight from the old timey prospector himself.

The holidays are a time to gather round the yule log with the family, reflecting on the most precious parts of your life.  And when you get sick of all that, we can turn our attention to the Metaverse and build that perfect digital life.  And while many analysts see the Metaverse as a 1 trillion dollar investment opportunity, cybersecurity professionals see more similarities to the Wild West.

In this special holiday episode, Nate and Joshua skim over a few notes on the holidays and discuss the future of social engineering attacks launched in the Metaverse.  The anonymity of blockchain technologies and crypto currencies create hurdles for proving ownership of digital commodities.  What recourse can you have when someone else's avatar is living in your digital house? 

At Sittadel, we believe cybersecurity empowers business.  If you're thinking about working with NFTs or setting up a storefront in the Metaverse, why not plan for your success (before your wallet is falls into someone else's hands!).  Start the conversation by tweeting us @sittadelpodcast or visiting our website at www.sittadel.com

The sky is falling, and it's all because of your kids' favorite video game. The National Vulnerability Database lists the recently identified Log4j vulnerability as a perfect 10 out of 10. It's everywhere from Minecraft to iCloud, and it doesn't take any special skills to copy and paste the exploit into remote systems. This time next year, businesses all over the globe will have either proved the value of their vulnerability and patch management operations - or they will have learned the reason these ops are a critical piece of running a business in 2021.

In this episode, Nate and Joshua take a 30,000 ft view of software development and how functionality can sometimes translate to vulnerability.  The two discuss how patching out functionality can work, and why businesses of all sizes are feeling the squeeze from vendor management programs.

At Sittadel, we believe cybersecurity empowers business.  A mature cybersecurity program doesn't only serve to prevent losses and keep your data safe: It can also be your differentiator when bidding for work.  How can cybersecurity help you stand out from the crowd?  Find out at www.sittadel.com.

The grubrious emotet gang is back at it again, and rather than focus on the tricky cybersecurity wizardry necessary to go toe to toe with the threat, Joshua and Nate talk through some entry level security principles: Defense in Depth and IT Hygiene. Sometimes, it's the low hanging fruit that makes the difference between safe and sorry. 

If it's time you came up with a layered defense to cybersecurity threats, check out the website at https://www.sittadel.com.

Happy Thanksgiving, Everyone.

Joshua Sitta holds several Information Security credentials, created the phishing simulations and training for a big bank with over 5000 employees, and has written the playbook for how to identify phishing emails. Throughout his career, he's blocked millions of phishing emails from ever reaching the end user and has personally received hundreds of different phishing scams. He's seen it all, from the Nigerian Prince we all joke about to the spearphishing emails crafted by the world's most successful cyber criminals - and he's never fallen for even one of them. 

Until today. 

As Joshua talks through his eperience in falling for the easiest-to-identify phishing email ever, Nate points out how differently the two approach failure. For Nate, failure is one of the most important tools in his toolbox.

We'd like to set you up with a safety net and take the scary out of failure.  Sittadel is ready to be the group that has your back - 24 hours a day, 365 days a year.  Start the conversation at www.sittadel.com or send us an email at ask[at]sittadel.com.

Some men see EDR as it is; others see EDR as it should be.  Maxime Lamothe-Bressard joins Nate and Joshua for a discussion on the ways LimaCharlie is removing the roadblocks for working with some of the most important data points for Incident Responders and SOC analysts: file execution telemetry.  Maxime brings a wealth of experience to the show, bringing insight from his time at Google-X, CrowdStrike, and a French Cafe.  You can get started with LimaCharlie today for free by visiting limacharlie.io.

For more information, visit https://www.sittadel.com or tweet us at @sittadelpodcast.

Friend of the show Aaron Burns drops by the studio to talk about his experiences with scams sent straight to his phone.  Aaron and Nate do their best to reinvent a few new cybersecurity terms, but Joshua wasn't having any of that nonsense.  In this episode, the team discusses how Universal 2 Factor Authentication (U2A) promises big improvements by requiring login pages to prove their identity before users are permitted to login.

Happy Labor Day!  Comedian Jayson "Avocado" Acevedo helps the Sittadel Podcast team celebrate with a look at 3 day weekends and the social engineering risks they introduce for businesses.  Later, Jayson would weigh in on cryptographically relevant quantum computers, which could be the worst idea we've ever had.  What does quantum computing have to do with drive thru terminals?  Nothing, Jayson. Absolutely nothing.  

If you'd like to hear more from Jayson, head over to https://jaysonavocado.com

To enjoy CrowdStrike's APT database, check out https://adversary.crowdstrike.com

To chat with the Sittadel Podcast team, tweet us @sittadelpodcast, email us at ask(at)sittadel(dotcom), or start the conversation at https://sittadel.com

In this episode, we talk about social engineering, viruses, advanced persistent threats, APTs, CrowdStrike, Jayson Avocado, Marvel, DC, comic books, and several things that had to be edited out (looking at you, Jayson).

Trafenia joins us for another trip back to the 90s to talk about the Melissa Virus, Joshua tells us about how plywood fits into cybersecurity, and Nate introduces us to Jacques.

In this episode, the trio discusses phishing, security awareness training, Kevin Mitnick, Hook Security, honest hips, business continuity, and disaster recovery.

For more on what Sittadel can do for you, head to our website at https://www.sittadel.com

Trafenia Flynn Salzman has been working with computers since the movie Rush Hour was a relevant cultural reference.  She's bringing that depth of experience to the podcast and comments on the representation of women in cybersecurity, Cloud Security, Zero Trust, and CARTA.  Later, Nate would be disappointed the episode wasn't titled White Van Candy Man.

Topics in this episode include diversity, Cloud Security, ZTNA, CARTA, MFA, trust algorithms, data centers, and teradactyls.

For more on what Sittadel can do for you, head over to our website at https://www.sittadel.com.

Troy Hunt created www.HaveIBeenPwned.com with the expectation that a few of his mates would use it to keep their accounts safe, but today it's the resource the world uses to monitor passwords at risk for credential stuffing attacks. Troy spends an hour on the podcast discussing password strength, his work at Pluralsight, and answering the age old question: What do squirrels have to do with cybersecurity?

We thank Troy both for his time and for making the Internet a safer place.

Joshua tries to talk about the role of executive management in a cybersecurity operation, but Nate would rather talk about movies.

We talk about everything you need to know before buying cyber security insurance, and Nate and Joshua chat about an update to the Kaseya ransomware that crippled 1500 small businesses.

Bearded barley is a cool season annual cereal grain, growing about 3 feet high.  It's great for adding lots of organic matter or biomass in a short period of time.  Additionally, it provides erosion control and weed competition. You can't get cybersecurity facts like these anywhere else.

What's the business you've always wanted to start?  Gourmet hot dog cart?  A crafty booth at the farmer's market?  That's too normal for Nate, who wants to create new dinosaurs.  In this episode, we talk through the Kaseya supply chain attack which demands $70 million for the data of over 1500 small businesses.  Nate and Joshua discuss ransomware, Kaseya, RMM tools, and an archaeopteryx. 

We want to say thank you for trusting Sittadel to bring cybersecurity to Lakeland - and the rest of the globe - as we now have clients and listeners all over the globe.  If you want to learn more about Sittadel, start the conversation at www.sittadel.com. 

Jeffrey Snover is currently serving Microsoft as the CTO for Modern Workforce Transformation, and he spends an hour with Joshua with Nate discussing everything from dinosaurs to professional advice. Joshua can barely keep it together as they discuss PowerShell, Microsoft, women in technology, Windows Server, Unix, GUI and CLI, fatherly advice, the rapid elasticity of Azure, change management, and professional wrestling.

Thank you for the impact you have had on my life, Jeffrey.
-Joshua

Before the Wannacry attack, MalwareTechBlog was just another place you could go to read about the weapons used by cybercriminals. After the mind behind MalwareTech found a kill switch buried in the Wannacry code, all eyes were on Marcus Hutchins. In this episode, Nate and Joshua talk through one of the most fascinating stories in cyber defense. And offense. Depends on which part of the timeline we're talking about...

In this episode, we talk about sinkholing, malware, reverse engineering, wannacry, the NSA, shadowbrokers, and with deep respect, Marcus Hutchins.

Why didn't John Connor use Ransomware to defeat The Terminator? In this episode, Nate and Joshua discuss the best ways to defend against an attack by robots using a machine learning algorithm to identify their targets. Along the way, they stumble upon the meaning of life.

In this episode, we discuss tensorflow, IBM Watson, AI, artificial intelligence, machine learning, autonomous vehicles, and influence. 

We hit three main topics in this episode: The endless stream of cyber attacks making headlines, network topology, and personal security.  Nate coins the phrase, "What you're choosing should be based on what you're using," which perfectly summarizes the approach business owners should have when designing their network.

In this episode, we discuss a series of ransomware attacks, cyber extortion, keyloggers, password managers, UTM platforms, network design, and dinosaurs.

You can count on Nate and Joshua to tackle the hard questions like: How tall is the average American male and what's scarier than a network leviathan. Trafenia Flynn Salzman, a Cloud Security Architect for the federal government, drops by to give her thoughts on how network security is affected by using cloud systems. 

In this episode, we talk about Zero Trust, network security, cloud security, MFA, access control lists, SaaS, PaaS, IaaS, Anonymous, and a few network security threats. 

Thinking about network security but don't know where to begin? In this episode, Joshua walks Nate through a few network security fundamentals:  Stateful vs Stateless firewalls and IDS vs IPS appliances.  It's just enough cybersecurity mumbo jumbo to set the state for June's Network Security series.  

Also, Hoobastank. We talk a lot about Hoobastank. 

Is there a secret to getting hired in a cybersecurity role? Not really, but Nate and Joshua break down a few different approaches to land your first job.  In this episode, we talk about CompTia A+, Net+, Sec+, CySA+, CISA, CISM, CISSP, and GCFA certifications, as well as penetration testing and forensics ceilings.

Another day, another headline - this time involving the largest gas pipeline in America.  The Department of Homeland Security and the FBI agree that ransomware threatens the existence of small businesses with incidents spiking by over 300% during the pandemic.  The challenge falls to us to figure out how to make a compelling argument for preparing for the ransom before your data is gone. 

In this episode, we talk about ransomware, 2600 baud modems, blackberry, Colonial Pipeline Company, DarkSide (loosely), and the fact that people are just meat computers.

It's another Swapcast! Nate applies some of his inside knowledge of the entertainment industry to tell us about the odd ramifications to the time North Korea attacked Sony in response to an unpopular plot development in The Interview.

Whether you call them North Korea, Lazarus Group, Guardians of Peace, or a handful of other code names, Nate talks us through the standard operating procedures used by one of the most active groups on the planet.

In this episode, we talk about Seth Rogen, James Franco, Disney, Sony Pictures Entertainment, email security, malware droppers, shamoon whiper malware, and Microsoft Sam.  

We were supposed to talk about the Facebook breach, but Nate asked Joshua a question about himself.

In this episode, we talk about automation with PowerShell, Robocopy, Batch Scripts, registry reconnaissance, SSH, and ransomware.

You asked for it - here's part 1 of our episode on Bitcoin. Joshua and Nate talk through the things individuals should consider before investing in cryptocurrencies (including a few cyber threats to keep in mind), how to break into Ft Knox and kite checks, and a billionaire that wants you to know about his skills in video games. 

In this episode, we talk about bitcoin, etherium, substratum, blockchain technology, Kim Dotcom, coin miners, and methods of keeping your bitcoin wallet safe from password theft.  Not featured: financial advice. 

Nate and Joshua catch up with Trafenia Flynn Salzman, CCSP, an Information Security Architect for the US federal government and leads the nation's 3-letter organizations through a multi-year initiative to implement a Zero Trust approach to cybersecurity.  It's one of our top 10 best episodes (as of the time of this writing). 

In this episode, we talk about zero trust, antivirus, firewalls, network segmentation, and the importance of IT asset inventories.

This episode goes way off the rails as we discuss the effect of interdepartmental politics on a cybersecurity response team.  The Threat Hacktors don't have to wait for committee approvals to act, so institutions without predefined incident response plans struggle to keep pace with long term cyber incidents.  Nate (who I understand is very funny) coins the phrase, "badvertising," and we talk about a deer wearing a mustache. 

In this episode, we talk about emotet, trickbot, file binary heuristics and telemetry, thread hijacking, watering hole attacks, and badvertising. 

What do Sony and the Bank of Bangladesh have in common?  Were they both hacked by Club Penguin using the North Korean malware known as Hidden Cobra?  While Nate raises important questions about Club Penguin's involvement in the attempted theft of $850,000,000.00, Joshua went on a 34 minute rant about EDR, MDR, and DDR (don't worry - it was cut for time!).

In this episode, we talk about phishing emails, Secure Email Gateways (AKA SEGways), and the importance of having a firm grip on financial procedures. 

When American and Israeli cyber operations join forces, you end up with one of the most sophisticated malware operations in history. Nate learns how to make a nuclear bomb, and Josh doesn't know how cars work.

In this episode, we discuss zero day vulnerabilities, USB drive controls, hardening, maintaining a software inventory, Carbon Black, and the importance of having a security ally (like Red Canary).

There's a new worst case scenario for small businesses.  In this special emergency release of the Sittadel Podcast, Nate brings the cybersecurity as we talk about over a hundred thousand compromised organizations, and Joshua makes it lit. It's a full on swapcast! And this time, the microphones are on. 

Featured:

CVE - Common Vulnerabilities and Exposures - a unique tracking number for thousands of vulnerabilities
CVSS - the Common Vulnerability Scoring System - a Richter Scale analog for rating the severity of vulnerabilities
IDS/IPS - Intrusion Detection / Prevention Systems - a network appliance that can detect malicious behavior over the network to shut down attempted compromise

...and Fitkicks foldable shoes.

Joshua Sitta and Nate Fleming talk through one of the most successful cyber attacks in history - Solarigate. In this episode, we cover the basics of setting up your own Cybersecurity Strategy both in business and in personal lives.  Not featured: Hugh Jackman.

What's it take to cripple the largest shipping company in the world?  About 7 minutes.  Joshua talks through the impact NotPetya had on Møller – Mærsk and explains the approach he uses for combating ransomware.  Later, Nate works some things out about Tommy.  Featured in this episode are attack.mitre.org and RanSim.

For free tips on defeating ransomware, check out The Free Ransomware Defense resource on Sittadel.com. 

If it wasn't clear, this episode is not sponsored by Møller – Mærsk.

Nate and Joshua manage to talk through important security issues like bears, worms, and monkeys.  In this episode, we highlight the way cybercriminals can share the love without compromising an email server if DKIM, DMARC, and SPF were never configured.

Nate Fleming (Comedian) and Joshua Sitta (Cybersecurity Professional) host the Sittadel Podcast which takes listeners on a journey through cybersecurity incidents and their application to their small business. This episode is about the great Target Hack of 2013 and how that was a supply chain attack, email security and a few references to Hugh Jackman.