Episode 253 - Defenders only need to be right once
Play • 32 min

Josh and Kurt talk about this idea that seems to exist in security of "attackers only need to be right once" which is silly. The reality is attackers have to get everything right, defenders really only need to get it right once. But "defenders only need to be right once" isn't going to sell any products.

Show Notes

Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion
Links to discussed items: Yandex Employee Caught Selling Access to Users' Email Inboxes (thehackernews.com) Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple | Threatpost Google pitches security standards for 'critical' open-source projects | SC Media (scmagazine.com) Google’s approach to secure software development and supply chain risk management | Google Cloud Blog https://vectr.io/ https://www.kitploit.com/2021/02/damn-vulnerable-graphql-application.html https://www.blumira.com/careers/?gh_jid=4000142004 sec evangelist @blumira Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
57 min
Hacker Public Radio
Hacker Public Radio
Hacker Public Radio
HPR3281: HPR Community News for February 2021
New hosts Welcome to our new hosts: o9l, Some Guy On The Internet. Last Month's Shows Id Day Date Title Host 3261 Mon 2021-02-01 HPR Community News for January 2021 HPR Volunteers 3262 Tue 2021-02-02 My thoughts on diversity in Linux and open source swift110 3263 Wed 2021-02-03 My Beginnings in Tech o9l 3264 Thu 2021-02-04 Intro to Nagios norrist 3265 Fri 2021-02-05 My Chromebook Experience Ahuka 3266 Mon 2021-02-08 Upgrading Debian on my raspberry pi MrX 3267 Tue 2021-02-09 Ripping Media 2021 operat0r 3268 Wed 2021-02-10 Video Game Review - Ark Survival Evolved Enigma 3269 Thu 2021-02-11 Linux Inlaws S01E23: The first year of the five year plan monochromec 3270 Fri 2021-02-12 An Example of Using Layers Ahuka 3271 Mon 2021-02-15 Interview with a 6yo child operat0r 3272 Tue 2021-02-16 In GNU/Linux, there is no "diversity", we're all just data. Some Guy On The Internet 3273 Wed 2021-02-17 Embrace Firefox Some Guy On The Internet 3274 Thu 2021-02-18 My Custom dwm Setup arfab 3275 Fri 2021-02-19 D1 Mini Close Lid to Scan Ken Fallon 3276 Mon 2021-02-22 Deepgeek's thoughts about HD Radio deepgeek 3277 Tue 2021-02-23 Microsoft in my Debian repo Archer72 3278 Wed 2021-02-24 A Minor Victory Against Designed-In Obsolescence Beeza 3279 Thu 2021-02-25 Linux Inlaws S01E24: Legacy programming languages monochromec 3280 Fri 2021-02-26 What We Need For the ActivityPub Network Ahuka Comments this month These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 16 comments in total. Past shows There are 7 comments on 4 previous shows: * hpr2356 (2017-08-14) "Safely enabling ssh in the default Raspbian Image" by Ken Fallon. * * Comment 4: Leo_B on 2021-02-23: "If you're watching this in 2021" * Comment 5: Ken Fallon on 2021-02-25: "Updated versions" * hpr3187 (2020-10-20) "Ansible for Dynamic Host Configuration Protocol" by norrist. * * Comment 2: Windigo on 2021-02-10: "Interesting approach" * hpr3241 (2021-01-04) "HPR Community News for December 2020" by HPR Volunteers. * * Comment 1: clacke on 2021-02-16: "NoSQL and Redis" * Comment 2: clacke on 2021-02-16: "Redis pronunciation" * Comment 3: Dave Morriss on 2021-02-17: "Key/value storage" * hpr3259 (2021-01-28) "Nextcloud - The easy way" by Archer72. * * Comment 1: archer72 on 2021-02-01: "Show name" This month's shows There are 9 comments on 5 of this month's shows: * hpr3262 (2021-02-02) "My thoughts on diversity in Linux and open source" by swift110. * * Comment 1: norist on 2021-02-02: "Storyteller" * Comment 2: Bill n1vux on 2021-02-04: "well said" * Comment 3: Kevin O'Brien on 2021-02-04: "Further discussion" * Comment 4: blizzack on 2021-02-15: "Systematically kept out - part 1" * Comment 5: blizzack on 2021-02-15: "Systematically kept out - part 2" * hpr3269 (2021-02-11) "Linux Inlaws S01E23: The first year of the five year plan" by monochromec. * * Comment 1: claudiom on 2021-02-12: "Thanks for the invite...." * hpr3271 (2021-02-15) "Interview with a 6yo child " by operat0r. * * Comment 1: thelovebug on 2021-02-16: "Loved this!" * hpr3272 (2021-02-16) "In GNU/Linux, there is no "diversity", we're all just data." by Some Guy On The Internet. * * Comment 1: bookewyrmm on 2021-02-17: "welcome" * hpr3274 (2021-02-18) "My Custom dwm Setup" by arfab. * * Comment 1: mcnalu on 2021-02-19: "Might return to dwm" Mailing List discussions Policy decisions surrounding HPR are taken by the community as a whole. This discussion takes place on the Mail List which is open to all HPR listeners and contributors. The discussions are open and available on the HPR server under Mailman. The threaded discussions this month can be found here: http://hackerpublicradio.org/pipermail/hpr_hackerpublicradio.org/2021-February/thread.html Events Calendar With the kind permission of LWN.net we are linking to The LWN.net Community Calendar. Quoting the site: This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page. Any other business Tags and Summaries Thanks to the following contributor for sending in updates in the past month: *Dave Morriss* Over the period tags and/or summaries have been added to 10 shows which were without them. There are now 414 shows which need a summary and/or tags. If you would like to contribute to the tag/summary project visit the summary page at https://hackerpublicradio.org/report_missing_tags.php and follow the instructions there.
Cyber Work
Cyber Work
CompTIA Security+ SY0-601 update: Everything you need to know
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul for 2021! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends of 2021. Get insights into the changes directly from the source, Patrick Lane, Director of Products at CompTIA, as he explains how Security+ is evolving to remain the “go-to” certification for anyone trying to break into cybersecurity. 0:00​ - Intro 4:10 - What is the CompTIA Security+ certification? 5:05​ - Security+ baseline technical skills 16:00​ - Security+ helps solve an industry problem 21:35​ - Security+ job roles 31:45​ - Job role skills and exam release 37:35​ - CompITA Cybersecurity Career Pathway 47:27​ - SY0-601 vs SY0-501: 6 big changes 52:10 - Security+ exam details 56:48- Live Q&A 1:02:13 - Outro Have you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started. – 7 days of free Security+ training with your Infosec Skills trial: https://www.infosecinstitute.com/skills/learning-paths/comptia-security/ – Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast Patrick directs IT workforce skills certifications for CompTIA, including Security+, PenTest+, CySA+ and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including “Hack Proofing Linux: A Guide to Open Source Security.” About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
1 hr 1 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 123 - Adventures in Venture Capital with Lindsay Lee
Lindsay Lee is the founder and managing member of Authentic Ventures. Authentic Ventures is an early stage VC firm based in Oakland CA. Lindsay has worked many years in the investment industries as well as venture capital and ran a direct investment fund. Authentic ventures is a new kind of firm focused primarily on women and under-represented minority founders. Authentic Ventures is focused on building its own network of women founders of more diverse backgrounds and entrepreneurs who really want to see success translate into more opportunities for their communities. Coming from modest beginnings and raised by immigrant parents from the West Indies, his parents really solidified the importance of education. Lindsay has worked in investment banking as an analyst alongside graduates of Ivy League schools, there he learned about his own determination to excel even in tough working conditions while learning as much as possible. After graduating from graduate school Lindsay started an ill-fated technology start up in 1999; funding was hard to find in the early naughts (00’s) especially for Black founders. After pivoting to working in asset management companies Lindsay joined a family office where he built and managed a portfolio. He reached a turning point there where he was able to look at public and private investments and assess the landscape. Lindsay decided he wanted to differentiate himself and focus efforts on really approaching investment in his own way, to invest in “early stage companies,” as opposed to series A or series B companies. A peer at another firm told him that it was going to be double the effort and twice the financing to get it off the ground. Lindsay’s drive and the network he was a part of propelled him through the challenges. The conversation touches upon the “rules of the game” for galvanizing new ideas and bringing new products and companies into the market. He speaks about the roles that entrepreneurs, lawyers and investors have in capital markets. Lindsay found his calling as an investor was one where he was a coach, rather than an entrepreneur who is trying to score goals all the time. Lindsay describes how his focus was on cultivating relationships and community in order to grow an interconnected network that would allow for long lasting impact in the landscape while also bringing success to his firm. He shares that the one thing he’s had to get right is finding A+ people to work with. In his approach as an investor he is trying to set the table for women of color and reserve, or build, a seat at the table that allows for success to be shared. Lindsay believes this focus will lead to more opportunities for more diverse teams. For folks interested in becoming an investor or entrepreneur Lindsay speaks about the importance of team building and utilizing the connections they already have as capital. He also urges people to not ignore the skills they’ve gained by applying themselves and that those skills plus knowledge of the space they’re focused on can create something that’s meaningful. Impactful Moments During Podcast 00:00 - Welcome back to the Hacker Valley Studio, introducing Lindsay Lee of Authentic Ventures, a VC firm that invests in seed and early stage companies. 02:30 - Building a more diverse inclusive VC network and culture. 04:30 - What the exploration of VC was like for Lindsay and what were some of the motivations for moving in this way in that sphere. 06:45 - Why it’s important for diversity that a firm like Authentic Ventures exists in Silicon Valley and the tech community. 07:20 - How VC firms can help create more wealth across communities of color and gender. 09:30 - The journey to VC and what exploring that world looked like for Lindsay. 10:00 - Entrepreneurship as a sport: who are players, rule-makers and play callers. 11:45 - Taking the long view on cultivating good investments and finding the right people. 12:20 - Starting his own thing in VC, differentiating himself and dealing with uncertainty 14:27 - What immersion in VC is like, navigating changing landscapes 15:15 - If you’re looking for a challenge, investing is a good field; things not going to plan. 15:45 - Why you need to find A+ people. 17:20 - Staying humble and grounded in VC 18:14 - What creates success in entrepreneurial endeavors 19:30 - Why Authentic Ventures has a culture of good energy 20:45 - Studying and data in VC, compounding experience and knowledge, the value of having a community 22:40 - Trying to find ideas and company with momentum 23:20 - No free lunch in investing? What does a margin of error mean in this VC world. 24:45 - Why VC firms learn about the founders, how to scrutinize the methodology 26:00 - If you’re an entrepreneur why you should get to know a VC fund outside of funding events. 27:00 - Being an early believer in trailblazers 28:00 - Authentic Ventures tries to win together, with the right people 29:25 - Lindsay talks about not starting out on First or Second Base and making an impact that helps his community. 30:35 - Having something to prove as an analyst at investment banks 31:45 - The best lesson to learn as an investor, understanding the people, connecting with people that share your values. 33:30 - Why there’s no substitute for excellence or hard work. 37:23 - Staying power and determination: “Get your money right.” 38:30 - Staying in touch with Lindsay Lee and Authentic Ventures Stay connected with Lindsay Lee by checking out Authentic Ventures Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.
41 min
Cyber Security Interviews
Cyber Security Interviews
Douglas A. Brush | Weekly Interviews w/ InfoSec Pros
#115 – Alyssa Miller: We Are Lacking Empathy
https://www.linkedin.com/in/alyssam-infosec/ (Alyssa Miller) leads the security strategy for https://www.spglobal.com/ratings/en/ (S&P Global Ratings) as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust. A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team. As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer. In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more! Where you can find Alyssa: https://www.linkedin.com/in/alyssam-infosec/ (LinkedIn) https://twitter.com/AlyssaM_InfoSec (Twitter) https://alyssasec.com/ (Alyssa In-Security) https://www.thinkers360.com/tl/AlyssaMiller (Thinkers360)
51 min
Clear search
Close search
Google apps
Main menu