ISC StormCast for Tuesday, January 19th, 2021
Play • 6 min
Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
Cyber Work
Cyber Work
Infosec
CompTIA Security+ SY0-601 update: Everything you need to know
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul for 2021! The updated exam (from SY0-501 to SY0-601) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends of 2021. Get insights into the changes directly from the source, Patrick Lane, Director of Products at CompTIA, as he explains how Security+ is evolving to remain the “go-to” certification for anyone trying to break into cybersecurity. 0:00​ - Intro 4:10 - What is the CompTIA Security+ certification? 5:05​ - Security+ baseline technical skills 16:00​ - Security+ helps solve an industry problem 21:35​ - Security+ job roles 31:45​ - Job role skills and exam release 37:35​ - CompITA Cybersecurity Career Pathway 47:27​ - SY0-601 vs SY0-501: 6 big changes 52:10 - Security+ exam details 56:48- Live Q&A 1:02:13 - Outro Have you seen our new, hands-on training series Cyber Work Applied? Tune in every other week as expert Infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. You’ll learn how to carry out different cyberattacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred, and more. And it's free! Click the link below to get started. – 7 days of free Security+ training with your Infosec Skills trial: https://www.infosecinstitute.com/skills/learning-paths/comptia-security/ – Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast Patrick directs IT workforce skills certifications for CompTIA, including Security+, PenTest+, CySA+ and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including “Hack Proofing Linux: A Guide to Open Source Security.” About Infosec Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
1 hr 1 min
Cyber Security Interviews
Cyber Security Interviews
Douglas A. Brush | Weekly Interviews w/ InfoSec Pros
#115 – Alyssa Miller: We Are Lacking Empathy
https://www.linkedin.com/in/alyssam-infosec/ (Alyssa Miller) leads the security strategy for https://www.spglobal.com/ratings/en/ (S&P Global Ratings) as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust. A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team. As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer. In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more! Where you can find Alyssa: https://www.linkedin.com/in/alyssam-infosec/ (LinkedIn) https://twitter.com/AlyssaM_InfoSec (Twitter) https://alyssasec.com/ (Alyssa In-Security) https://www.thinkers360.com/tl/AlyssaMiller (Thinkers360)
51 min
The Social-Engineer Podcast
The Social-Engineer Podcast
Social-Engineer, LLC
Ep. 140 – Empathetic Security with Julie Rinehart
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy. 00:10 – Intro Phishing as a Service (PHaaS) Vishing as a Service (VaaS) Social Engineering Risk Assesment (SERA) SEVillage: The Human Hacking Conference Social-Engineer.com 01:56 – Introduction to Julie Rinehart 02:28 – How Julie got into the industry 06:21 – Dismantling the “stupid user” philosophy 07:53 – How to interview your employer 10:34 – The biggest milestones in Julie’s career 14:31 – How you can encourage users to report the phish they clicked on 19:22– What we can learn from “people who try to do the right thing and then mess up” 25:25 – The benefits of making security personal 28:34 – Julie's biggest challenges in the industry 30:28 – Increase security awareness using gamification 35:13 – Julie's mentors and most respected colleagues 38:54 - Julie’s podcast recommendations Armchair Expert (Episode 248 – David Farrier) The CyberWire Darknet Diaries 43:52 – Outro Ryan on Twitter Chris on Twitter Social-Engineer on Twitter Social-Engineer.org Social-Engineer.com SEVillage: The Human Hacking Conference Human Hacking Book The Innocent Lives Foundation Clutch
46 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 123 - Adventures in Venture Capital with Lindsay Lee
Lindsay Lee is the founder and managing member of Authentic Ventures. Authentic Ventures is an early stage VC firm based in Oakland CA. Lindsay has worked many years in the investment industries as well as venture capital and ran a direct investment fund. Authentic ventures is a new kind of firm focused primarily on women and under-represented minority founders. Authentic Ventures is focused on building its own network of women founders of more diverse backgrounds and entrepreneurs who really want to see success translate into more opportunities for their communities. Coming from modest beginnings and raised by immigrant parents from the West Indies, his parents really solidified the importance of education. Lindsay has worked in investment banking as an analyst alongside graduates of Ivy League schools, there he learned about his own determination to excel even in tough working conditions while learning as much as possible. After graduating from graduate school Lindsay started an ill-fated technology start up in 1999; funding was hard to find in the early naughts (00’s) especially for Black founders. After pivoting to working in asset management companies Lindsay joined a family office where he built and managed a portfolio. He reached a turning point there where he was able to look at public and private investments and assess the landscape. Lindsay decided he wanted to differentiate himself and focus efforts on really approaching investment in his own way, to invest in “early stage companies,” as opposed to series A or series B companies. A peer at another firm told him that it was going to be double the effort and twice the financing to get it off the ground. Lindsay’s drive and the network he was a part of propelled him through the challenges. The conversation touches upon the “rules of the game” for galvanizing new ideas and bringing new products and companies into the market. He speaks about the roles that entrepreneurs, lawyers and investors have in capital markets. Lindsay found his calling as an investor was one where he was a coach, rather than an entrepreneur who is trying to score goals all the time. Lindsay describes how his focus was on cultivating relationships and community in order to grow an interconnected network that would allow for long lasting impact in the landscape while also bringing success to his firm. He shares that the one thing he’s had to get right is finding A+ people to work with. In his approach as an investor he is trying to set the table for women of color and reserve, or build, a seat at the table that allows for success to be shared. Lindsay believes this focus will lead to more opportunities for more diverse teams. For folks interested in becoming an investor or entrepreneur Lindsay speaks about the importance of team building and utilizing the connections they already have as capital. He also urges people to not ignore the skills they’ve gained by applying themselves and that those skills plus knowledge of the space they’re focused on can create something that’s meaningful. Impactful Moments During Podcast 00:00 - Welcome back to the Hacker Valley Studio, introducing Lindsay Lee of Authentic Ventures, a VC firm that invests in seed and early stage companies. 02:30 - Building a more diverse inclusive VC network and culture. 04:30 - What the exploration of VC was like for Lindsay and what were some of the motivations for moving in this way in that sphere. 06:45 - Why it’s important for diversity that a firm like Authentic Ventures exists in Silicon Valley and the tech community. 07:20 - How VC firms can help create more wealth across communities of color and gender. 09:30 - The journey to VC and what exploring that world looked like for Lindsay. 10:00 - Entrepreneurship as a sport: who are players, rule-makers and play callers. 11:45 - Taking the long view on cultivating good investments and finding the right people. 12:20 - Starting his own thing in VC, differentiating himself and dealing with uncertainty 14:27 - What immersion in VC is like, navigating changing landscapes 15:15 - If you’re looking for a challenge, investing is a good field; things not going to plan. 15:45 - Why you need to find A+ people. 17:20 - Staying humble and grounded in VC 18:14 - What creates success in entrepreneurial endeavors 19:30 - Why Authentic Ventures has a culture of good energy 20:45 - Studying and data in VC, compounding experience and knowledge, the value of having a community 22:40 - Trying to find ideas and company with momentum 23:20 - No free lunch in investing? What does a margin of error mean in this VC world. 24:45 - Why VC firms learn about the founders, how to scrutinize the methodology 26:00 - If you’re an entrepreneur why you should get to know a VC fund outside of funding events. 27:00 - Being an early believer in trailblazers 28:00 - Authentic Ventures tries to win together, with the right people 29:25 - Lindsay talks about not starting out on First or Second Base and making an impact that helps his community. 30:35 - Having something to prove as an analyst at investment banks 31:45 - The best lesson to learn as an investor, understanding the people, connecting with people that share your values. 33:30 - Why there’s no substitute for excellence or hard work. 37:23 - Staying power and determination: “Get your money right.” 38:30 - Staying in touch with Lindsay Lee and Authentic Ventures Stay connected with Lindsay Lee by checking out Authentic Ventures Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.
41 min
More episodes
Search
Clear search
Close search
Google apps
Main menu