Defensive Security Podcast Episode 253
47 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 105 - Striving for Impact with David Tsao
In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview longtime friend David Tsao.  David is a security advisor who leads security engineering at Marqeta, and he is an ever-innovating wealth of knowledge.  Ron and Chris ask David about his background, philosophy of leadership, and more!  David took a nontraditional route into the security field, as he had a background in chemistry and pharma before breaking into the security community.  Ron and Chris ask David to explain various aspects of his experience, including decisions regarding when to buy or build things, how vendors may find problems to tackle, and his own founder’s journey as a team builder.  David’s story of team-building opens the door to conversation about his role as a leader in the field, and he tells Ron and Chris about his expectations about leadership and how they matched reality, strategies for assuring opportunity for team impact and giving individual employees opportunities, and what he looks for in his work of hiring employees. Another major topic of conversation is David’s philosophy concerning the social commentary of the day.  More specifically, Ron and Chris wonder how he thinks about issues surrounding both diversity and inclusion and wealth and income gaps.  David explains his thoughts and desire to partner with others in work for change, and also shares the story of a past experience tasting social change and feeling like he made a difference.  Finally, David offers advice to listeners eager to make an impact on their own community, as well as listeners looking with a broad vision and wanting to bring change to the world.  1:34 - This episode features David Tsao and starts with a look at his background. 3:48 - David handles questions of building vs. buying and operating as a vendor. 9:54 - The conversation turns to David’s founder’s journey. 13:26 - David is asked about his first step into leadership, including expectations and reality. 15:05 -David gets into some team strategies and ways to best serve individual employees.  20:48 - What does David look for in hiring people new to the security field? 23:59 - Ron and Chris want to know David’s philosophy on social commentary going on now. 28:14 - They ask David to share a story about seeing and contributing to social change. 30:47 - Where should people who want to make a community impact start? 33:37 - What’s one piece of advice to listeners wanting to bring change in the world?   Links: Connect with David on LinkedIn. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about ByteChek, and mention Hacker Valley Studio to receive a limited time offer!
36 min
The Social-Engineer Podcast
The Social-Engineer Podcast
Social-Engineer, LLC
Ep. 135 - Fear of video and snakes with Lisa Forte
In this episode, Chris Hadnagy and Maxie Reynolds are joined by social engineering and insider threats expert: Lisa Forte. Learn how Lisa went from fighting terrorists and real-life sea pirates to being an expert on cybercrime and social engineering. Discover how scammers are taking advantage of global uncertainty and understand how to protect yourself from attack. 00:00 – Introduction to Lisa Forte 02:38 – Lisa's path to a career in social engineering 05:27 – The psychology that terrorists use to recruit teenagers 07:52 – Lisa's experience with fighting cyber crime 08:43 – Why Lisa named her cyber security company “Red Goat” 10:23 – The world pandemic made hospitals and their supply chains vulnerable to attack 14:38 – Keep secure by realizing the value of the information you possess 15:41 - How Cyber Volunteers 19 is helping to save lives by making hospitals secure. (twitter) 21:25 – Ego suspension is a required skill for a good social engineer 25:47 – Find someone who gives you honest feedback 27:28 – How Chris deals with harsh criticism 30:27 – New documentary: “hacker:HUNTER Ha(ck)cine” (Part 1) (Part 2) 34:44 – Lisa's Vlog: “Rebooting” 35:44 – Lisa's and Chris’s experience with exposure therapy. 40:00 – How scammers take advantage of global uncertainty 42:37 – Law enforcement has a big disadvantage when fighting cyber crime 45:42: Lisa’s Contact info: LinkedIn Website Rebooting vlog with Chris Twitter 46:56 – Lisa's Book recommendation Prisoners Of Geography 50:20 – Outro Social-Engineer.com Social-Engineer.org The Human Hacking Conference The Innocent Lives Foundation Human Hacking Book Phishing As A Service® Trainings: Practical Open Source Intelligence For Everyday Social Engineers * 11-12 November 2020 - VIRTUAL Advanced Practical Social Engineering Training * 17-20 November, 2020 - VIRTUAL
53 min
Getting Into Infosec
Getting Into Infosec
Ayman Elsawah (@coffeewithayman)
Lisa Jiggetts - From Navy Cook To Pentester To Non-Profit Founder!
Lisa Jiggetts knew from an early age that she was going to be in tech an cyber. A navy veteren who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Checkout her journey into the cybersecurity field.Notes * Originally a cook in the military, then migrated to information security. * Looked for opportunities to transition into information security by talking to people in and outside her social network. * Networking can be hard, but it will turn in your favor. * Lisa is an introvert, but know how to become an extrovert when needed.Quotes * "When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up." * “That's the biggest thing you can do. I think is networking because somebody knows somebody" * "So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door" * "[Networking is] hard, but, just do it because in the end, it's gonna turn out in your favor."Links * Lisa on Twitter: https://twitter.com/lisajiggetts * Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 * Women’s Society of Cyberjutsu : https://womenscyberjutsu.org/Getting Into Infosec * Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ * T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ * Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe * Ayman on Twitter: https://twitter.com/coffeewithayman
42 min
Cyber Work
Cyber Work
Infosec
Privileged access management and work-from-home tips
Today we’re talking cloud security and work-from-home. If you’ve ever checked your work email on your personal phone – I know you have, because we’ve all done it! – or touched up some time-sensitive spreadsheets on the same ipad your kids use to play Animal Crossing, Terence Jackson, Chief Information Security & Privacy Officer of Thycotic, is going to tell you how to tighten up your security protocols to ensure that work-from-home doesn’t become breach-from-home! – Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/ – View transcripts and additional episodes: https://www.infosecinstitute.com/podcast With more than 17 years of public and private sector IT and security experience, Terence Jackson is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company. He has also worked as a Senior Security Consultant for Clango, Inc., a top Identity and Access Management (IAM) consultancy. He was featured in and also was a contributor to the book “Tribe of Hackers.” * About Infosec* Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
50 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks
Sébastien Dudek - @FlUxIuS @penthertz Why we are here today? Software Defined Radio (sdr-radio.com) What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks? What other kinds of attacks can be launched? (I mean, other than replay type attacks) Door systems (badge systems) NFC? Contactless credit card attacks Smart building/home control systems Bluetooth attacks Point Of Sale systems Cellular radio 3g/4g/5g Industrial control systems Home appliances Medical telemetry systems Drones! LoRa - Wikipedia DASH7 - Wikipedia - custom TCP stack for LoRa Vehicle-to-grid - Wikipedia (V2G) Automatic Wireless Protocol Reverse Engineering | USENIX Hunting mobile devices endpoints - the RF and the Hard way | Synacktiv - Sébastien Dudek How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools | by Sander Walters | Medium Carrier Aggregation explained (3gpp.org) Mobile phone jammer - Wikipedia World’s top hackers meet at the first 5G Cyber Security Hackathon - Security Boulevard Supply chain attacks - systems tend to use wireless chipsets or protocols LTE-torpedo-NDSS19.pdf (uiowa.edu) -privacy attacks on 4g/5g networks using side channel information How does someone make a faraday cage on the cheap? (mentioned in one of your class agendas) Lots of IoT devices use your typical home wifi connection, can’t you just sniff packets to get what you need? Replay attacks on car fobs: Jam and Replay Attacks on Vehicular Keyless Entry Systems (s34s0n.github.io) Attacks on Tesla wireless entry: Tesla’s keyless entry vulnerable to spoofing attack, researchers find - The Verge Garage door opener attacks: How to Hack a Garage Door in Under 10 Seconds and What You Can Do About It - ITS Tactical Kid’s toy opens garage doors: This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations? Cellular? Zigbee? I’m a wireless manufacturer of some kind of device. I’m freaked now by hearing you talk about how easy it is to attack wireless systems. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me? Wireless defense system? https://www.researchgate.net/publication/321491751_Security_Mechanisms_to_Defend_against_New_Attacks_on_Software-Defined_Radio List of SDR software: The BIG List of RTL-SDR Supported Software (rtl-sdr.com)
49 min
Search
Clear search
Close search
Google apps
Main menu