Cyber Security Grey Beard

Follow Cyber Security Grey Beard
Share on
Copy link to clipboard

I'm a Cyber Security Grey Beard helping students, early professionals and seasoned cyber security specialists with career advice as well as job hunting assistance and ways to advance a career. I have over 25 years' information technology experience including over 20 years' in cyber security specifi…

Cyber Security Grey Beard


    • Nov 9, 2022 LATEST EPISODE
    • every other week NEW EPISODES
    • 22m AVG DURATION
    • 53 EPISODES


    Search for episodes from Cyber Security Grey Beard with a specific topic:

    Latest episodes from Cyber Security Grey Beard

    S4S3 State of Ransomware in Cyber Security - Interview by AlgoSec

    Play Episode Listen Later Nov 9, 2022 28:40


    Discussion with AlgoSec around ransomware based off of the Extrahop Cyber Confidence Index 2022.  I cover numerous questions about what organizations are doing today and what they should change to improve cyber defenses.  The crux of this study shows the cognitive dissonance of cyber security leaders and IT decision makers.  They believe one thing whereas the evidence completely contradicts what they say.

    S4E10 Cyber Security Attacks in the News Summer 2022

    Play Episode Listen Later Sep 21, 2022 16:11


    In this episode I discuss cyber-attacks in the Summer of 2022.  I'll review who was attacked, its impact, and the aftermath.  While I would love to go into the technical details about the attacks, that data becomes harder and harder to find with each breach and news release.  Victims are tight lipped and apparently being told more and more to not share technical details.   We know that both China and Russia have increased cyber-attacks due to global tension in Taiwan (Chinese Taipei) and Ukraine.  I am certain there have been many, many, more that we are not hearing about for internal security reasons as well as not “tipping our hand” that we know what's happening or who we believe is doing the attacks.  Attribution for attacks is extremely difficult as mentioned previously with the swatting incident on an American federal representative.  Sign up for NewsBits from SANSSign up for the OUCH! Newsletter at SANS; (Scroll down and signup in the lower right)PWC Cyber SurveyExtrahop SurveySecurity Magazine offers solid contentMore Information about the Hive RaaS Organization: Hive Targets Costa RicaLAUSD AttackNorth Korea, US Feds, Ransomware and Healthcare OrganizationsNorth Korea Crypto HeistOSC/Key Bank Attack

    S4E9 Online Cyber Security Tools and Building Lab Environments

    Play Episode Listen Later Sep 14, 2022 17:31


    This episode covers online tools and lab environments that cyber security students and early professionals can use to learn and increase technical skills.  While these environments are usually meant for those that want to get very deep with the technical side of cyber security, non-technical folks can certainly use these as well.  The tools/trainings go as deep as the user wants.  I also go over building a lab at home using Virtual Box or VMWare.  I also provide insight and recommendations for building a Cloud based lab environment in Azure or AWS.  This episode came out of comments made by Adrianus Warmenhove in S4E8 around VPN's and NordVPN.Send comments, questions, and episode ideas to: cybergreybeard@gmail.com RangeforceHack The BoxInfosec Institute SkillsHacker Rank for DevelopersHacktory.aiAzureAWSCloud ComparisonsMITRE ATT&CKKali.org Downloads (Then select “Virtual Machines)Sourceforge Comparison PageFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    S4E8 Interview with Adrianus Warmenhoven - Cyber Security and NordVPN

    Play Episode Listen Later Sep 7, 2022 30:55


    In this episode I spend 30-minutes talking with Adrianus Warmenhoven, Defensive Strategist at Nordvpn.   We dove into virtual private networks (VPN) and networking.  Hear how VPN's work, when to use them and why.  We discuss real-world examples and talk security stories as well as some cyber security history.Send comments, questions, and episode ideas to: cybergreybeard@gmail.com NordVPNRFC1918Tim Berners-LeeOSINT Tools – Open-Source Intelligence ToolingFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo. 

    S4E7 Red Team, Blue Team, Purple Team in the Cyber Security Realm

    Play Episode Listen Later Aug 31, 2022 24:41


    Here I talk about different avenues within cyber security.  We use terms such as red team, blue team, and purple team when discussing offense, defense, and a merger of the two.  I'll go over different technologies, teams that cover each of these areas and jobs that involve each team.  We have these teams and terms due to the size and complexity of the overall cyber security profession.   This episode provides a lot of insight on technologies and jobs to help listeners better focus on their cyber security journey.Send comments, questions, and episode ideas to: cybergreybeard@gmail.com RedscanRed Team Tools by Goran JevticMedium Article by Anil YelkenCrowdstrike CTIHalborn exploit development by Rob BehnkeFRSecureNodeZeroCyber RangesCISA Tabletop exercise packagesFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    S4E6 Getting More from Your Cyber Security Employer

    Play Episode Listen Later Aug 24, 2022 26:02


    This episodes has me  talking about how employees can get enhanced benefits from their employer.  Most people figure salary is the only thing that matters from when it comes to the benefits of working.  This is a major mistake.  Healthcare alone can potentially bring thousands of dollars per year in additional compensation and companies vary greatly in this area.  401(k) programs have the potential of financially beating healthcare benefits depending on your salary, contribution, and company match program.   Does your employer treat you right with travel arrangements and expenses?  How about gym memberships or mass transit reimbursements?  Listen on and find ways to make hundreds or even thousands of dollars more from your employers existing benefits.Send comments, questions and episode ideas to: cybergreybeard@gmail.comFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    S4E5 Interview with Perry carpenter of KnowBe4 - Cyber Security Awareness Training

    Play Episode Listen Later Aug 17, 2022 30:39


    Conversation with Perry Carpenter, C | CISO, MSIA, who currently serves as chief evangelist and strategy officer for KnowBe4, the world's most popular security awareness and simulated phishing platform.   Perry and I talked about the history of KnowBe4, his journey in cyber security, what students and early professionals can study to succeed in social engineering among other topics.  Perry talks about his background and how he took his Arts and Science education to become an extremely successful cyber security professional.  Perry gives advice on what he looks for in hiring early professionals.Please make sure to send questions, comments, and episode recommendations to cybergreybeard@gmail.comFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.Perry is A recognized thought leader on security awareness and the human factors of security, he's provided security consulting and advisory services for the world's best-known brands. His previous book, Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, quickly gained a reputation as the go-to guide for security awareness professionals worldwide, and, in 2021, he was inducted into the Cybersecurity Canon Hall of Fame.  He's the creator and host of the popular 8th Layer Insights podcast and co-author of the new book The Security Culture Playbook: An Executive Guide to Reducing Risk and Developing Your Human Defense Layer (Wiley; April 19, 2022). Learn more at SecurityCultureBook.com. KnowBe4The Art of Deception by Kevin MitnickThe Art of Invisibility by Kevin Mitnick

    S4S2 AlgoSec Interview: Aplication Security for Cyber Security Professionals

    Play Episode Listen Later Aug 10, 2022 20:26


    Podcast sponsored by AlgoSec where I discuss how applications impact network and security engineers.  This was a 1:1 conversation between me as an SME with a marketing leader  at AlgoSec.  You can find the full video interview here.  This topic provides detail on challenges experienced by network and security engineers related to applications and application security.  We talk about a business focus and the need for network and security engineers to know and focus on more than packets and protocols.For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    S4E4 Getting Deep with Cyber Security Applications

    Play Episode Listen Later Aug 3, 2022 19:25


    In this episode, I discuss the detail and complexity inherent with software solutions including specific jobs that relate to cyber security applications.  Many of us tend to think that software is only skin deep.  In reality, applications go from involved to intricate to MASSIVELY COMPLEX.  Too often I've engaged with projects where I figure, oh, it's a software program, no big deal.  Then I get surprised by the depth, detail, and breadth of the product. Listen in and hear about all of the jobs tied to cyber security applications and the ancillary components related to them.  Cyber security is not just for the technical professionals.  Dive in and understand what's out there for non-technical professionals as well as lots of opportunities for keyboard beaters. Make sure to send your questions, comments, and episode recommendations to cybergreybeard@gmail.comFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    S4E3 Interview with W. Curtis Preston aka Mr. Backup - Backups, HA/DR and Cyber Security

    Play Episode Listen Later Jul 27, 2022 28:00


    In this episode I step away from my normal monologue style to interview a renowned guest, W. Curtis Preston.  Curtis, the Chief Technical Evangalist at Druva, is also known as Mr. Backup.  Curtis runs his own website, Backup Central dot com with his own Podcast called Restore It All.  He also participates in the No Hardware Required Podcast for Druva. Curtis and I discuss the relationship between backups and cyber security.  He also shares his professional journey and offers advice to students and early professionals related to their professional future. Please make sure to send questions, comments, and episode recommendations to cybergreybeard@gmail.comModern Data Protection by W. Curtis PrestonSnorkel42 Reddit Security CadenceNo Hardware Required PodcastRestore it all PodcastBackup Central WebsiteOVH Cloud Provider FireConte Ransomware GroupFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.HA/DR - High Availability and Disaster RecoveryRPO/RTO – Recovery Point Objective/Recovery Time ObjectiveMFA – Multi-Factor Authentication: What we know, what we have, who we are

    S4E2 Cyber Security Con Game - Online Scam

    Play Episode Listen Later Jul 20, 2022 18:29


    This episode goes into great detail about a timeshare scam that directly targeted me.  I tell the story along with detailed steps the con artists took to try and make me their victim.  I provide steps taken to PROVE they were liars and thieves.  I conclude with 12 critical steps everyone should implement that will protect them from online scams.  We are all at risk to con artists through phone, text, and email.  Knowledge is power and this episode  empowers my listeners with critical data required to protect themselves and their loved ones.For those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

    S4E1 Starting a New Cyber Security Job

    Play Episode Listen Later Jul 13, 2022 21:20


    In this episode I discuss how to start a new cyber security job.  I talk about emotions associated with starting over, fear, stress, anxiety, excitement,  and joy, among others.  I touch on topics around people, processes and technology at the company.  This episode discusses change and how to deal with it.  Starting a new job happens to nearly every employee and it is important to know you are not alone and that the challenges with starting over are universal.  Herein I discuss what to focus on, what to look for, and what to look out for.For those interested in donating to Josh, my mentee looking to relocate to Canada where he will study cyber security, please visit GiveSendGo.

    MSS Forum Phoenix - Understanding Today's Network Security Challenges

    Play Episode Listen Later Jun 15, 2022 32:33


    Brief introduction to Season 4 - July 2022-Sept 2022 and then the full session I presented at for the MSS Forum in Phoenix on May 12, 2022.  The topic covers today's cyber security networking challenges.  I offer recommendations for solutions and provide advice on where security professionals can focus.  If you want a copy of the deck I used, send an email to cybergreybeard@gmail.com.Please donate to my Cyber Security mentee, Josh GbemisolaThe Cuckoo's EggThe Phoenix ProjectIBM Cost of a Data BreachMSS Forum PhoenixAlgoSec

    S3S4 A Job is Just a Job - The Vaccine Mandate

    Play Episode Listen Later Nov 18, 2021 11:28


    Many people are threatened with losing their jobs or violating their conscience.  This episode talks about how you are not alone.  I talk about standing up for what you believe in.  Swim upstream if that's for you.  Do not "go along to get along" if that does not comport with your values.  Stand up.  Be strong.  Leave your employer if they force you to violate your beliefs.  Do not feel the need to justify yourself.  An employer is an employer, nothing more.  There are firms out there that align with your beliefs and moral fortitude, find them if that's in your best interest.

    S3S3 Infosec Inspire Conference: Working with HR, L&D to drive training results

    Play Episode Listen Later Nov 10, 2021 35:45


    Fireside chat with Garrettson Blight, Principal at Booz Allen Hamilton led  by Kate Rodgers, Director of Brand at Infosec virtually on October 19, 2021.  We discussed learning and development opportunities in our organizations and how important it is for employees.  Salary is only a single benefit to employment.  Learning and development along with healthcare comes in second for many professionals.  We discuss how employees can take advantage of training in the workplace.  "We need to appeal to the staffs, they have lot of other options." - Garrettson Blight, Principal, Booz Allen Hamilton.

    S3E10 Cyber Security Attacks in the News

    Play Episode Listen Later Oct 6, 2021 21:19


    In this episode I talk about high profile cyber-attacks in the Spring and Summer of 2021.  I'll review who was attacked, what the attack involved, it's impact, the aftermath, and how it affected the economy. Sign up for NewsBits from SANS at https://www.sans.org/newsletters/newsbites/ Review Security Intelligence periodically: https://securityintelligence.com/Security Magazine offers solid content:  https://www.securitymagazine.com/Executive Order 14208: https://www.cisa.gov/executive-order-improving-nations-cybersecurityWe are at War, Cyber War: https://www.securitymagazine.com/articles/96125-we-are-at-war-a-cyber-war16 Sectors off limits: https://www.itsecurityguru.org/2021/06/17/biden-says-16-sectors-should-be-off-limits-to-attack/Arctic Wolf Survey: https://arcticwolf.com/resources/press-releases/arctic-wolf-global-survey-reveals-lack-of-confidence-in-cybersecurity-defenses-and-government-action-amid-fears-of-state-sponsored-attacksInsurance and Ransomware: https://www.barrons.com/articles/ransomware-attack-cyber-insurance-industry-51633075202Infant death tied to ransomware 2019: https://threatpost.com/babys-death-linked-ransomware/175232/Colonial Pipeline:https://www.securezoo.com/2021/05/pipeline-ransomware-attack-shuts-down-for-45-of-east-coasts-fuel-us-passes-emergency-waiver https://medium.com/cloud-security/colonial-pipeline-hack-4486d16f2957JBS Breach: https://minnesota.cbslocal.com/2021/06/01/meat-producer-jbs-hit-by-cyberattack-worthington-plant-closes-for-the-day/ https://www.bloomberg.com/news/articles/2021-05-31/meat-is-latest-cyber-victim-as-hackers-hit-top-supplier-jbsIowa Co-Op Links: https://www.foxbusiness.com/technology/ransomware-attack-new-cooperative-agriculture-grain-pork-chicken-supplyhttps://www.securezoo.com/2021/09/iowa-based-farm-service-provider-new-cooperative-hit-by-blackmatter-ransomware-attack/Minnesota Attackhttps://www.reuters.com/technology/minnesota-grain-handler-targeted-ransomware-attack-2021-09-23/ https://www.cybersecuritydive.com/news/agriculture-food-ransomware-coop/607080/

    S3E9 Cyber Security Incident Response Planning

    Play Episode Listen Later Sep 29, 2021 22:15


    In this episode I talk about incident response plans, what they are, why they are important and how to create one.  NIST, the National Institute of Standards and Technology has a fabulous document entitled Computer Security Incident Handling Guide, Special Publication 800-61 Rev. 2.  This document prescribes key data for incident response plans.  In this episode I'll review key components of this document and how and why these components play a key role in cyber security incident response planning. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf 

    S3E8 Cyber Security Stories - Real World Examples

    Play Episode Listen Later Sep 22, 2021 23:02


    In this episode I talk about real situations I've experienced.  I won't name companies, only industry and relative geography so as not to expose any entities.  Some of these are more egregious than others, all are good learning experiences, for early as well as experienced professionals.  Many look to join Cyber Security and wonder what it's really like out there, these tales should provide some insight to that curiosity.  I encourage each of you to think of solutions to these problems.  While I give some throughout the episode, there are many ways to solve problems.  Don't just think about technical solutions.  What processes or procedures could these organizations implement?  How about training, not just their IT and security staff but their end users as well.  Spending money may solve a problem; however, if the product or service is not installed or utilized properly, will money really make it better?  Use these stories to grow yourself and help you understand what the real world of cyber security, on the ground, really looks like.

    S3E7 Interviewing and Presenting as a Cyber Security Professional

    Play Episode Listen Later Sep 15, 2021 25:23


    While this podcast focuses on cyber security professionals, this episode provides general and wide-ranging interviewing and presentation tips.  The discussion goes into detail about how and why we communicate and then provides examples and performance tips.  Later there are examples, and recommendations for how to interview, present, and speak publicly overall.  I give suggested questions to ask interviewers and provide information on delivering more engaging and successful presentations.  I also give a handful of tips on speaking and presenting virtually including how to handle the camera, backgrounds, and suggestions for dress.  This episode delivers real world tips for elevating professionals interviewing skill and presentation ability. 

    S3S2 Business and Emotional Skills for Tomorrow's CISO - Live at the MSS LA 2021

    Play Episode Listen Later Sep 8, 2021 39:53


    Audio recording of session at MSS Forum LA on June 30th, 2021.  Group discussion lead by Phelim Rowe of CTG Intelligence.  We review the top "post holder" and go into depth around who has responsibility for cyber security in an organization.  I was pleased to join Richard Staynings, Shawn Kohrman, Ashwin Krishnan, and Louis Arul-Doss on this round table discussion.You can watch the Zoom recording on YouTube at https://www.youtube.com/watch?v=uvvqbOMiTmELook out for an MSS Forum in your area.  I've spoken at L.A., Denver, and Phoenix and look forward to participating at future conferences.

    S3S1 Conversation with a Cyber Security Early Professional

    Play Episode Listen Later Sep 1, 2021 35:26


    In this special episode I'm sharing a real-world conversation I had with an early professional at my company.  This individual worked for a couple of years in the healthcare field as an administrator and then moved to an extremely large company.  He reached out wanting to know what to study and how and where to steer his career.  Listen to this real life conversation and understand a direction and path to take in the cyber security field.  I'm posting this special episode to help all of my listeners understand choices and opportunities.  If you would like to have a similar conversation, reach out at cybergreybeard@gmail.com.

    S3E6 Cyber Security Certifications

    Play Episode Listen Later Aug 25, 2021 24:52


    Discussion on cyber security certifications.  Which make sense.  Where to focus.  How to proceed.  I cover certifications from GIAC, ISC2, ISACA, EC-Council, Amazon, Microsoft, Google, CompTIA, and others.  This episode discusses areas to find training and recommendations before taking certification exams.  These are recommendations only and based on my opinion and experiences.  Please do research before investing in any certification or training course.ISC2: https://www.isc2.org/ISACA: https://www.isaca.org/Offensive Security: https://www.offensive-security.comEC-Council: https://cert.eccouncil.org/GIAC: https://www.giac.org/GIAC Roadmap: https://www.giac.org/certifications/get-certified/roadmapAWS: https://aws.amazon.com/certification/12 MS Azure certifications https://cloudacademy.com/blog/microsoft-azure-certifications-which-is-right-for-you-and-your-team/ Google Cloud Certifications: https://cloud.google.com/certification/SANS: https://www.sans.org/Infosec Institute: https://www.infosecinstitute.com/UDEMY: https://www.udemy.com/Cloud Academy: https://cloudacademy.com/

    S3E5 Cyber Security Grey Beard Information Security Book Reviews

    Play Episode Listen Later Aug 18, 2021 21:41


    Book reviews of four cyber security books published between 2019-2020. Dark Mirror: Edward Snowden and the American Surveillance State by Barton Gellman 2020, The Hacker and The State by Ben Buchanan, 2020, Sandworm by Andy Greenberg, 2019 and The Coming Cyber War by Marc Crudgington, 2020.  These books provide great insight to where we are in the cyber security profession.  They discuss history, technology, and attacks.  Cyber security professionals need to understand the threat landscape.  These books all help with that in their own way.Dark Mirror: https://www.barnesandnoble.com/w/dark-mirror-barton-gellman/1122928803?ean=9780143110477Hacker and The State: https://www.barnesandnoble.com/w/the-hacker-and-the-state-ben-buchanan/1132885872?ean=9780674987555Sandworm: https://www.barnesandnoble.com/w/sandworm-andy-greenberg/1129288539?ean=9780525564638The Coming Cyber War:  https://www.barnesandnoble.com/w/the-coming-cyber-war-marc-crudgington/1137913105?ean=9781735916309PRISM:  https://www.masslive.com/politics/2013/06codename_prism_secret_program_data_mining.htmlShadow Brokers:  https://darkwebjournal.com/shadow-brokers/Stuxnet:  https://www.csoonline.com/article/3218104/what-is-stuxnet-who-created-it-and-how-does-it-work.htmlWiper:  https://iranprimer.usip.org/blog/2019/oct/25/invisible-us-iran-cyber-warFancy Bear: https://www.crowdstrike.com/blog/who-is-fancy-bear/Sandworm: https://resources.infosecinstitute.com/topic/apt-sandworm-notpetya-technical-overview/Gucifer:  https://www.justice.gov/opa/pr/romanian-hacker-guccifer-sentenced-52-months-prison-computer-hacking-crimesEternal Blue: https://www.cisecurity.org/wp-content/uploads/2019/01/Security-Primer-EternalBlue.pdfSands Casino Hack: https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.htmlDNC Hack: https://www.wusa9.com/article/news/russians-hack-the-dnc-a-timeline/65-bd1326a7-7ed5-4cd7-92a3-63eed75f1bd9

    S3E4 Cyber Security Grey Beard Financial Guidance

    Play Episode Listen Later Aug 11, 2021 23:06


    Financial guidance based on my 30 years' experience, economic degree, financial education, and wonderful direction from my father, a 40+ year professional financial advisor.  I veer away from my standard cyber security talks in this episode to help students and early professionals learn, grow, and advance their financial well being.  I see a critical need for, and interest in, financial advice and take time herein to help my listeners.Note these are my opinions and recommendations only.  I am not a professional or certified financial advisor and cannot be held liable or responsible for others' financial decisions.One item I didn't mention - tracking your finances.  Make sure to use a tool such as Quicken, Mint.com, or a similar financial tracking program.  Consolidate ALL financial data into one place.Check out:1)  Warren Buffet2)  Rule of 723)  The difference between investing and gambling4)  ETFs vs. Mutual Funds5)  Diversification6)  Dollar cost averaging7)  Budgeting8)  Quicken, Mint, or another financial tracking tool

    S3E3 - Own Your Cyber Security Career

    Play Episode Listen Later Aug 4, 2021 17:11


    Advice and examples on how to own your career.  While I focus on cyber security, these tips are valid for any profession.  I give examples of my past as well as situations friends have experienced over the years.  My advice includes tips such as be strong, be proud, track what you do, toot you own horn, and many more.  This is a talk going back to the roots of this Podcast, helping cyber security students and early professionals learn, grow, and advance.Send questions, comments, or thoughts to cybergreybeard@gmail.com

    S3E2 - What to Focus on at Work and Where to Steer Your Cyber Security Career

    Play Episode Listen Later Jul 28, 2021 27:30


    What jobs are out there, what jobs interest you and/or fit best with your desires, abilities, and preferences.  I talk about  eight (8) practices, over a dozen jobs, and 12 markets/industries, for listeners to learn about.  This talk came out of a 1:1 I had with an early professional at my company and I believe many listeners can benefit from this conversation.  Where do you want to take your cyber security career?  What's out there?  How do you find it?  What should you do?Reach out with questions, comments, or for assistance:  cybergreybeard@gmail.comExamples of "Practices"1)    Identity and Access Management2)    Infrastructure and/or Cloud Security (Tactical)3)    Offensive Testing4)    Threat Management5)    Cloud Security (Strategic)6)    Data Security7)    Application Security8)   Governance Examples of "Markets/Verticals"1)    Healthcare – hospitals, payers2)    Financial Services – Banks, credit unions, insurance companies, 3)    Governments – Local, city, state, Federal4)    Retail – Walmart, BBBY, Home Depot, Petsmart, etc.5)    Automotive – Honda, Toyota, BMW, Dodge, Chrysler, etc.6)    Airline – United, American, El Al, Lufthansa, etc.7)    O&G – Exxon, Shell, BP, etc.8)    Communications – Comcast, Centurylink9)    Technology – MSFT, GOOG, AAPL, FB, HP, IBM10)  Entertainment – Disney (ESPN, ABC, Pixar), Netflix, MGM, Caesars – is this a gaming subset of entertainment11)  Education – K-12, Universities, trade schools, conservatories12) Defense - Lockheed Martin, Bell Helicopter, CSC, Harris Corporation, SAIC, etc.

    S3E1 - About the Upcoming Cyber Security Grey Beard Season

    Play Episode Listen Later Jul 21, 2021 15:26


    Herein I talk about where I've been for the past 8 months, what's been going on, and what this season entails.  I go over 7 specific topics I will cover and ask the audience for input on guest speakers and other topics.  This is an exciting talk about the future and what to expect upcoming from Cyber Security Grey Beard.

    Remote Working in a Distributed Business Environment

    Play Episode Listen Later Feb 17, 2021 28:02


    How are businesses, with focus on managed security service providers, dealing with remote working in a distributed work environment? This recording comes from a half hour panel discussion on this topic.Session from Third Annual MSS Forum Denver put on by CTG Intelligence and sponsored by KnowBe4, Hackdefnet, Fishtech Group and Stellar Cyber.Title: Understanding the Evolution of Third Party Security in a Remote Working and Distributed Business EnvironmentBrad Rhodes, Head of Cyber Security, Zvelo Amelia Cohen, Withheld Eric Jeffery, Senior Solutions Architect, IBM Security Rachel Harpley, Director, RecruitBit Security William Hoffman, Co-Founder and CIO, Frontline Cyber Solutions https://denver.mssconference.com/wp-content/uploads/2021/02/MSS-Denver-III-2021-Draft-Agenda-v6.2.pdf

    Cyber Security Grey Beard's Professional Journey and Jobs for Students and Early Professionals

    Play Episode Listen Later Feb 3, 2021 48:19


    Discussion around my professional journey with ties into what cyber security jobs exist for students and early professionals. I talk about specific jobs including network operations, security operations, forensic analysis and others. The class I spoke to was a Networking I class so I spend a bit of time discussing network technologies. I go over specific cyber security threats and attacks while tying them into the daily work of security professionals.

    Business Leadership and Cyber Security Integration

    Play Episode Listen Later Nov 25, 2020 48:18


    45 minute presentation delivered to the Long Island ISC2 chapter on October 20, 2020. I created this content for IIA/ISACA Chicago and launched for ISC2 as the content has wide appeal throughout the Cyber Security spectrum. This talk focuses on leadership and the need for engagement throughout organizations. We are, in many ways, the same in Cyber Security as we were 25+ years ago. Something has to change and this talk focuses on leadership engaging as a potential solution.The agenda covers: Introduction, Leadership Matters, Disparity Requires Variety, True Stories, Statistics, Engage and Understand, Level Up Cyber Security, Solutions that Make a Difference, Conclusion.For a copy of the slides, please send a note to cybergreybeard@gmail.com.

    Ep. 21 - Cyber Security Offensive Tools

    Play Episode Listen Later Oct 28, 2020 17:29


    NOTE: THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY! I DO NOT CONDONE OR ENDORSE USING THIS INFORMATION FOR ILLEGAL OR NEFARIOUS PURPOSES.Herein I provide key offensive testing tools along with clear description of what they do, when and why to use them and the impact these tools have on target systems.I discuss or mention the following products:Linux - Kali, UbuntuTORVPN - ExpressVPN, OpenVPN, Hide.meNMAP and NSE ScriptsMetasploitPacket Capture Tools - Wireshark, TCPDump, Windump, tshar, Network MinerPassword Crackers/Tools - Mimikatz, JohntheRipper, L0phtcrack, Hashcat, Hydra, xHydraHash Tools - Raidbow Tables, Crackstation, onlinehashcrackVulnerability Management - Nessus, Nexpose, Qualys

    Ep. 20 - Cyber Security Offensive Actions

    Play Episode Listen Later Oct 21, 2020 13:21


    NOTE: THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY! I DO NOT CONDONE OR ENDORSE USING THIS INFORMATION FOR ILLEGAL OR NEFARIOUS PURPOSES. Ethical hacking discussion on offensive actions. I go through standard hacker methodology and actions performed in a breach. I mention jobs associated with these skills and discuss defensive mechanism in association with these offensive actions. Thank you Cloud Academy (https://cloudacademy.com) for sponsoring this episodeLockheed Martin Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.htmlCertified Ethical Hacker: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

    Interview by Chris Seinko, Host of Cyber Work Podcast

    Play Episode Listen Later Oct 14, 2020 52:41


    Interview on my background and journey along with discussion on the cyber security profession. Chris Seinko of Cyber Work hosts the Infosec Institute cyber security podcast and we discuss how to help students and early professionals grow in Cyber Security.Catch the video version recorded on Zoom at: Reach out with questions, comments or suggestions for future episodes: cybergreybeard@gmail.com

    Ep. 19 - Cyber Security Greybeardians Questions Answered

    Play Episode Listen Later Oct 7, 2020 19:06


    Episode responding to Greybeardian questions. I’ve heard from a number of listeners and want to share their experiences along with my suggestions and recommendations to their common situations. I know many listeners find themselves in the same position as these individuals, let’s all learn from one another and grow together.Examples of questions answered this episode:I'm struggling with my job hunt, can you please guide me with some career advice? How do I break into Cyber Security?I 'm looking to get into the world of cybersecurity & my goal is to become a CEH, where do I start?Send questions, comments, ideas and thoughts to cybergreybeard@gmail.comThanks to my sponsors:Populum https://www.populum.comCloud Academy: https://www.cloudacademy.com

    Ep. 18 - Cyber Security Defensive Actions

    Play Episode Play 31 sec Highlight Listen Later Sep 30, 2020 17:44


    Discussion surrounding critical defensive actions all information security users must utilize. I talk about managing and maintaining personal devices and how this directly relates to professions involving cyber security. Network security, system administration, endpoint protection, identity and access management as well as other jobs deal with daily work we should all do on our personal devices.To comment, ask questions or give suggestions for future episodes reach out at cybergreybeard@gmail.comNotes: Thank you Populum for sponsoring this episode: https://populum.com/. I appreciate the support in this episode from Cloud Academy: https://cloudacademy.com/ Tools/Products Mentioned in this Episode: Privacy related web browser: https://duckduckgo.com/Host Intrusion Freeware: https://ossec.netLinux Log Monitoring: https://kde.org/applications/en/ksystemlogWindows Event Viewer: Search in WindowsDefault Router Passwords: https://bestvpn.org/default-router-passwords/Software and Driver Updates: https://www.kcsoftwares.com/?download (SUMO and DUMO)Identity and Access Management: https://www.okta.com/Cloud File Storage – Dropbox https://www.dropbox.com/Cloud File Storage – Box https://www.box.com

    Ep. 17 - Cyber Security Defensive Tools

    Play Episode Play 24 sec Highlight Listen Later Sep 23, 2020 17:56


    Tools and recommendations to enhance personal and understand corporate cyber security defense. I go over endpoint protection including anti-virus, anti-spyware, and anti-malware discussing how this ties into a SIEM in the corporate world. I spend a bit of time on VPN's and what the network sees and how these enhance privacy and security. I discuss password managers and why they are important. I talk about multi-factor authentication and conclude with digital certificates and email encryption.Thank you Populum for sponsoring this episode: https://populum.com/. I appreciate the support in this episode from Cloud Academy: https://cloudacademy.com/ To comment, ask questions or give suggestions for future episodes reach out at cybergreybeard@gmail.comTechnologies that I use and reference in this episode:ExpressVPN - https://www.expressvpn.com/LastPass - https://www.lastpass.com/Norton AV (Norton360) - https://us.norton.com/products/norton-360-standard?inid=nortoncom_nav_norton-360-standard_homepage:homeSuperAntiSpyware - https://www.superantispyware.com/ProtonMail - https://protonmail.com/

    Ep. 16 - Cyber Security Threats in Remote Work and School Environments

    Play Episode Play 20 sec Highlight Listen Later Sep 16, 2020 15:50


    Today's remote work and school environments enhance cyber security risks. I discuss real attacks and technologies now bypassed due to work at home policies. With so many new devices, and millions of additional individuals working and going to school remotely, there are increased and enhanced threats impacting anyone utilizing devices to access the Internet. I conclude with solutions and dwell on the fact that we all must be diligent to this new world of Internet access.Thank you Populum for sponsoring this episode. https://populum.com/. Thank you Anita A. of Canada for this Topic. Please send your thoughts, comments or ideas to cybergreybeard@gmail.comOther Notes: VPN Split Tunneling Article: https://www.infosecurity-magazine.com/opinions/vpn-split-tunneling/July Issue of CISO Magazine, Cyber Security After COVID: https://cisomag.eccouncil.org/SANS News Bites: https://www.sans.org/newsletters/newsbitesMurder during Zoom Class: https://www.washingtonpost.com/nation/2020/08/13/girl-witness-mother-murder-zoom/Toy Gun Story: https://www.thecollegefix.com/boy-showed-zoom-class-his-nerf-gun-teacher-assumed-it-was-a-toy-school-called-police-on-him-anyway/Zoom Bombing: https://www.kvue.com/article/news/education/river-ridge-elementary-leander-isd-zoom-bombing-porn-williamson-county-texas/269-e470ec4b-b77d-4a8d-8cad-55c38827b1a4Data on Stuxnet: https://www.techrepublic.com/article/stuxnet-the-smart-persons-guide/Corrections: Stuxnet launched in 2010, not 2015 as I incorrectly stated.

    Ep. 15 - Cyber Security Governance and Compliance

    Play Episode Listen Later Sep 9, 2020 15:38


    Discussion around cyber security governance and compliance. What they are, the professions that perform these roles and what they do and how they differ. I go over key regulations including SOX, HIPAA, GDPR and others explaining what they cover and why it matters to cyber security professionals.cybergreybeard@gmail.com Sarbanes Oxley: https://www.soxlaw.com/PCI-DSS: https://www.pcisecuritystandards.org/HIPAA: https://www.hhs.gov/hipaa/index.htmlGDPR: https://gdpr-info.eu/CCPA: https://oag.ca.gov/privacy/ccpaGDPR Enforcement and Fines: https://www.enforcementtracker.com/HIPAA Fines: https://compliancy-group.com/hipaa-fines-directory-year/Tennessee Diagnostic Medical Imaging Service: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/tmi/index.htmlLifespan Health: https://www.hhs.gov/about/news/2020/07/27/lifespan-pays-1040000-ocr-settle-unencrypted-stolen-laptop-breach.html

    Ep. 14 - Cyber Security and Privacy

    Play Episode Listen Later Sep 1, 2020 21:55


    Detailed talk around cyber security and privacy. I provide examples around IOT devices such as RING and Echo as well as GPS, social media and other areas involving privacy today. I give real world stories involving court cases and tales where people had and /or could have their privacy violated by others using certain technologies. I provide corporate examples as to how privacy impacts cyber security and information technology professionals. I spin in personal examples as to how privacy situations impacted me in three different instances throughout my careers showing this is not "pie in the sky."References:https://www.forbes.com/sites/tjmccue/2019/04/19/alexa-is-listening-all-the-time-heres-how-to-stop-it/#546fe9145e2dhttps://techcrunch.com/2018/11/14/amazon-echo-recordings-judge-murder-case/#:~:text=A%20New%20Hampshire%20judge%20has,further%20clues%20to%20their%20killer.https://www.scotusblog.com/case-files/cases/carpenter-v-united-states-2/https://encyclopedia.ushmm.org/content/en/article/martin-niemoeller-first-they-came-for-the-socialistshttps://securityintelligence.com/think-youve-got-nothing-to-hide-think-again-why-data-privacy-affects-us-all/

    Ep. 13 - Cyber Security Trends

    Play Episode Listen Later Aug 25, 2020 13:12


    Discussion around a handful of key cyber security trends including IOT/IOMT, AI/ML, Mobile, Social Engineering and Threat Hunting. Back to the roots of Cyber Security Grey Beard, I take 13 minutes to help students, early professionals and job changers understand a handful of areas requiring knowledge and skill based on today's trends. I provide examples of IOT/IOMT and how they impact lives and why it affects cyber security professionals. I do the same for the other areas with a detailed wrap up on an up and coming cyber security professional, the Threat Hunter, what they do and why they are important.Thank you Anita A. from Canada for the topic idea.Reference:https://www.congress.gov/congressional-report/116th-congress/senate-report/112/1https://www.forbes.com/sites/leemathews/2017/07/27/criminals-hacked-a-fish-tank-to-steal-data-from-a-casino/#7c2640432b96Correction: The fish tank breach did lead to data loss.

    Ep. 12 - Pep Talk

    Play Episode Listen Later Jul 28, 2020 11:16


    With the dreariness of the world today between COVID-19, riots, lock downs, and increased crime in certain areas, I thought it would be nice to have a positive pep talk for my listeners. Herein I discuss focusing on a North Star and driving to success. Take responsibility for yourself, don't blame others. Understand that everyone falls down and that's okay, it's about how we get up that matters.Note that my comment on Copyright should've been Trademark.Note that my comment at the end about another "article" refers to another episode.Email me at Cybergreybeard@gmail.com with episode ideas and/or questions.

    Ep. - 11 Layoffs and the Job Hunt

    Play Episode Listen Later Mar 27, 2020 12:45


    Times are tough and layoffs are imminent. Here I talk about my experiences getting laid off and having to lay off employees (friends). I spend a substantial amount of time discussing signs to watch for and actions companies take that precede layoffs. I explain that it's a scary time filled with a lock of control and unknowns. You are not alone and I explain what to do and how to move forward.

    Ep. - 10 Life is a Journey

    Play Episode Listen Later Mar 5, 2020 10:54


    Many people want it all right now. Life is a journey, both personally and professionally. This 10-minute podcast discusses that it's okay to be where you are and finding happiness along the journey should take precedence over everything else. Plan, prepare, progress, patience, these factors enable success and happiness throughout the journey. Understand you are not alone, you're in a good place and it's normal to take time between promotions, jobs and raises.

    Proactive Defense in Lieu of a Panicked Response

    Play Episode Listen Later Oct 30, 2019 42:39


    A replay of the presentation I delivered on October 29,2019, at the Swissotel in Chicago, IL for the IIA/ISACA 6th Annual Cyber Security and Hacking Conference. The topic covers a handful of well-known hacks, how they happened and what could've and should've been done to prevent them. I continue talking about people, processes and technologies that organizations should employ and deploy to protect themselves. I conclude the session talking about potential solutions and risk remediation including executive sponsorship, governance, risk and compliance, security awareness training and others. If you'd like a copy of the slides used in this presentation, please send an email to cybergreybeard@gmail.com and I'll provide them.

    EP. 9 - Cyber Security: Professional Tips and Personal Growth

    Play Episode Listen Later Oct 10, 2019 10:52


    A serious conversation about the difficulty of being 18-27 and that finding a path is hard. You are not alone. I talk about the "fog of war," what it is and how it impacts life, business, and family. I continue discussing our inner self vs. outer self and how what we do today matters for the next job we set out to get.

    Ep. 8 - Cyber Security Projects, Deployments, Infrastructure and Architecture

    Play Episode Listen Later Oct 3, 2019 15:31


    Details on the complexity of cyber security projects including talks about cloud, on-premise and hybrid deployments. Examples of basic to complex real-world cyber security implementations. Discussion regarding teams and staff involved with cyber security deployments. Some talk around requests for proposal, quotes, and information (RFP, RFI, RFQ, RFx) to help understand how projects start. Background on what architects do versus engineers and support. Overall talk about cyber security projects, deployments, infrastructure, and architecture for students and early professionals.

    Ep. 7 - Cyber Security Job Technologies: WAF, IAM, Forensics, IDS/IPS

    Play Episode Listen Later Sep 16, 2019 12:00


    Cyber Security Job information for students, early professionals, and experienced staff retraining or switching roles. Herein I cover what the following technologies are and what professionals use them: Web Application Firewall (WAF), Identity and Access Management (IAM), Forensics, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Cyber Security Job guidance for students, early professionals and experienced individuals looking for a new profession in Cyber Security or retraining.

    Ep. 6 - Cyber Security Jobs: Proxy/NAT, MFA, MDM, Asset and Patch Management

    Play Episode Listen Later Aug 30, 2019 13:27


    Talk around key cyber security technologies. Detailed explanations on each with job descriptions and roles helping prospects decide how and where to apply these technologies in the cyber security field. In part 2, I talk about Proxy/NAT, Multi-Factor Authentication (MFA), Mobile Device Management (MDM), Asset Management and Patch Management. Cyber Security Job guidance for students, early professionals and experienced individuals looking for a new profession in Cyber Security or retraining.

    Ep. 5 - Cyber Security Technologies: Anti Virus, Anti Spyware, Spam Protection, Firewalls

    Play Episode Listen Later Aug 23, 2019 14:13


    Talk around key cyber security technologies. Detailed explanations on each with job descriptions and roles helping prospects decide how and where to apply these technologies in the cyber security field. This is part 1 where I talk about encryption, anti-virus, anti-malware/spyware, spam protection and firewalls. Cyber Security Job guidance for students, early professionals and experienced individuals looking for a new profession in Cyber Security or retraining.

    Ep. 4 - Getting Started as Cyber Security Professional

    Play Episode Listen Later Aug 16, 2019 10:05


    Talk explaining how to start in cyber security. I go into detail on parts of cyber and technologies and jobs to focus on. I give different paths depending on background and educational desire and ability. Not all cyber security professionals need four-year degrees. Cyber Security Job guidance for students, early professionals and experienced individuals looking for a new profession in Cyber Security or retraining.

    Ep. 3 - Social Media Do's and Don'ts for Cyber Security Professionals

    Play Episode Listen Later Aug 6, 2019 9:41


    Suggestions and examples surrounding professionalism and social media. Discussion on Facebook, LinkedIn, Instagram and Twitter, primarily. Cyber Security Job guidance for students, early professionals and experienced individuals looking for a new profession in Cyber Security or retraining.

    Claim Cyber Security Grey Beard

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel