Exploring the defensive side of cybersecurity through the eyes and experts.and innovators in the space. Exploring topics such as threat intelligence, threat hunting, security operations and more.
Daniel Borges, Senior Red Team Engineer at CrowdStrike and author of Adversarial Tradecraft in Cybersecurity, brings his unique perspectives on learning, training, and failure to the pod. Collaboration is key in any purple team, and Dan believes collaboration comes from a place of knowledge and understanding— of ourselves, others, and the security tools we use every day. In this episode, Daniel talks about the process of writing a book as a cyber practitioner and where he sees the gaps in purple teaming today. Timecoded Guide: [00:00] Pivoting from robotics to computer science to InfoSec [08:06] Finding a purple team in the Target breach aftermath [14:19] Understanding the trends of cyber practices & purple teaming [22:09] Deconflicting & blue team maturity ratings [30:40] Writing a book that covers blue & red perspectives [38:43] Failing as an opportunity for upward career mobility Sponsor Links: Thank you to our friends at Axonius and Plex Trac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What is one of your purple teaming pet peeves? In Dan's experience, a huge purple team pet peeve is how red and blue teams hinder one another. When there isn't solid communication between red and blue, bad blood is easily bred and the tension of a high-pressure situation, such as an attack incident, becomes so much worse. Jumping into an engagement or a test without communication and cooperation between both sides doesn't unify, it only divides and burns out practitioners. “It's extremely important when bringing people in, they know there's going to be an exercise, so they don't think the world is on fire. If you're doing incident response and detection, it's a marathon, not a sprint. You can't be putting out fires every day, you're gonna burn out.” What are your key takeaways about collaboration from your experiences in purple team settings? Collaboration, especially between red and blue teams, requires compromise and conscious thought. Instead of the selfish “us vs them” mentality of the red and blue silo structure, a purple team unites everyone on the same team, under the same end goal. Dan also recommends that practitioners stop and think about their reactions when collaborating together. Reactionary behavior hurts your team— and it wastes your time, too. “Sometimes, you have to let somebody fail. Sometimes, you have to let them do it and learn the lesson and if the impacts are not big enough, it's just better that way. It's just better that they see for themselves why this was a bad idea.” For those who might be interested in buying your book, Adversarial Tradecraft in Cybersecurity, what can they expect from it? When Dan began writing his book, he knew he wanted to look at techniques from both red and blue team perspectives. Part of his book is logistical, including how techniques can be applied in general situations. Another part of Dan's book is about lessons learned, especially from the failures he's experienced as a practitioner. The final piece, and perhaps the most important, is theory and ideas to consider to expand your perspective on the situations you may encounter in the field yourself. “[My book] is a lot of lessons learned from my time doing this. I've been attacking somebody and they found my code this way, or how I stopped a real campaign of attackers doing this technique. I think it's a lot of practical advice.” What advice would you give to anyone looking to get into InfoSec? InfoSec, or information security, is a field that requires balance to avoid burnout. Dan advises considering a career in InfoSec as a marathon, not a sprint. While the learning process can be long and difficult, Dan believes that InfoSec, just like purple teaming, isn't as difficult as someone might think from the outside. If you're able to think about a problem in a new way and engage your intelligence in your work, you can and will succeed. “I think a lot of InfoSec people are just smart people that can sit there and think about a problem. And if that sounds like you, then give it a shot because it's probably easier than you think and we need the people.” --------------- Links: Keep up with our guest Daniel Borges on LinkedIn and his blog Check out Daniel's book Adversarial Tradecraft in Cybersecurity: Offense versus defense in real-time computer conflict Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
Jorge Orchilles, Chief Technology Officer at SCYTHE and Principal SANS Instructor, brings his expertise in purple teaming to the pod this week to talk about the uniquely human and the understandably technical parts of red and blue collaboration. As the Purple Team Ambassador at SANS, Jorge lives for all things purple team, pioneering the purple team framework used in different SANS courses. This week, Jorge talks about transitioning from tech to security and remembering we all are working for the same goal. Timecoded Guide: [00:00] Growing up in tech & discovering the cybersecurity world [13:52] Moving from SOC & ethical hacking to pen testing [26:25] Encountering the human side of a purple team engagement [32:02] Proactive cybersecurity collaboration with PlexTrac & SCYTHE [45:57] Transitioning from red vs purple to purple through knowing all sides Sponsor Links: Thank you to our friends at Axonius and Plex Trac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What was your experience writing a book as you got into working security? As a system admin just starting to get into SOC, Jorge agreed to write a book on Windows 7. In the course of just a few months, Jorge ended up writing a book, finishing up his Master's degree, and working the night shift for his new SOC job. This type of grind paid off for Jorge's career, but he doesn't miss the amount of stress and strain he felt by trying to get everything done at once--- a common feeling amongst overworked tech employees. “It was a great experience [writing a book], but at the same time, I was finishing my Master's, and I just got the SOC job, so I had to work three months of night shift, and it was like 7pm to 7am. So, that night shift along with the Masters, along with writing a book was just a lot.” What was the moment that the purple team idea clicked for you? In 2016, Jorge encountered a purple team activity for the first time as an employee at Citigroup. Back then, Jorge explains that the term “purple team” didn't even exist yet, and their exercises were instead referred to as collaborative red team engagements. Still, the concept of purple teaming immediately piqued Jorge's interest, especially when he began to encounter the personal collaborative efforts of purple teaming within the rigid world of cyber and tech. “A lot of people think purple teaming is just these collaborative, hands-on exercises, but there's a psychological part of purple teaming no one ever talks about and that is the understanding that we are all human, we all have different goals, we all work for the same company.” What are things that we could do or exercises to perform to create a bonding experience in a purple team exercise? Purple teaming is much more than seating your red team and blue team in the same room. Jorge explains that goals for purple team engagements have to be thoroughly defined and understood by members of the team before the engagement begins. Through his work with SCYTHE and SANS, Jorge often encounters practitioners and managers with the wrong perspective on purple teaming, thinking it's just a forced effort instead of an active collaboration. “The overall goals need to be covered first. What is the goal? Is it to run an adversary emulation together so that the blue learns from the red and the red learns for the blue? Or, is it to foster a collaborative culture? Because those two goals are different.” What advice do you have for a security practitioner making that transition from red and blue team to a purple team? Jorge has two pieces of advice for up -and-coming practitioners looking to make the most of purple team opportunities: remember the human element and learn as much as you can. Remembering the human element reminds you that everyone you work with, blue or red teamer, is a real person striving to make your company a more secure place to work. Learning as much as you can allows for a well-rounded approach in everything you do, from red to blue and everything in between. “I do think that if you want to be good at either offense or defense, you have to understand the other side. It's hard to be a defender if you have absolutely no idea what the attackers are doing, and it's hard to be an attacker if you have no idea what the defenders are doing.” --------------- Links: Keep up with our guest Jorge Orchilles on LinkedIn, Twitter, and his personal website Learn more about SCYTHE on LinkedIn and the SCYTHE website Find out more about SANS course on the SANS website Check out Jorge's Purple Team Exercise Framework Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
Angela Saccone, Community Manager at MetaCTF, Cyber Competitions Coordinator at Women's Society of Cyberjutsu, and Youtube Content Creator, joins the pod this week to talk about content of all kinds— from cyber competitions to online courses, k-pop dance videos to Python programming videos. Angela talks about her experiences from a red and a blue perspective, her drive to educate future cybersecurity practitioners, and why it's important to be transparent about the daily routine of cyber professionals. Timecoded Guide: [00:00] Getting involved in cyber with a communication-focused mindset [10:18] Falling in love with blue team & red team aspects of the cyber field [18:23] Collaborating in cyber competitions for Cyberjutsu [26:11] Mentoring the next generation of purple teamers [35:55] Learning something new with cloud software & purple teaming Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley Did you learn anything while being in CIO/CISO type roles that helped you better understand how to communicate with management and c-level executives? Working with upper-level management and c-level executives early in her career gave Angela a unique perspective on the importance of communication. Instead of focusing too heavily on jargon and technology-heavy vocabulary, Angela takes a more personalized, understanding tone with her c-level interactions. Bring those technical concepts into real-world examples in order to achieve that effective communication from the practitioner level through the c-suite. “We're all in this together. That sounds so cheesy, but that's really what it is, at the end of the day. Communicating is really important, and also, don't use so much jargon. You have to learn how to bring technical concepts into everyday plain English. That's not easy, but it's a skill.” When you had those purple team exercises, how much more of a benefit was that as opposed to when you're just working with your individual team? Cyber competitions were Angela's gateway drug to purple teaming. Experiencing such a collaborative yet competitive environment taught Angela to think in terms of real-world scenarios for red and blue team exercises. She learned to push her perspective beyond her individual team and consider each side of the red vs blue debate, which has made her a more well-rounded, collaborative, and educated cyber practitioner. “If I'm blue, I need to think red. I need to think about how they're getting in. How are they getting privilege escalation? With the red team, we need to think blue, in my opinion, because we need to think about: How are they defending? We need to dig in deeper.” What inspired you to start cyber content creation with your YouTube channel? Angela was originally exposed to content creation through MetaCTF, who asked her to create CTF walkthroughs on their YouTube channel. What started off as an experiment in expertise became a major passion for Angela, who was bitten by the content creator bug. She's since adapted her YouTube channel to focus on day-in-the-life vlogs and videos about her career as a community manager and her volunteer work with the Women's Society of Cyberjutsu. “I've always been this example for my social media audience, and even in person, where people are always asking me for help on cyber concepts. Instead of me just verbally saying it, I feel like video is the next best thing. It was really just to help people and also help myself.” What advice would you give someone in tech looking to transition into a purple teaming, collaborative environment? Although the idea of entering an environment that's collaborative might be daunting to those who have spent time in the red vs blue silo, Angela advocates for practitioners to always learn and grow. Expanding your knowledge and opening your mind to new experiences helps you achieve a new level with your career. Leveling up together should be the goal for all cybersecurity practitioners, regardless of if you're red, blue, or somewhere in between. “We have so many different resources to help people get involved, so it's good to just not be afraid. I know it's easier said than done but don't be afraid to fail and don't be afraid to succeed as well. Own it. Own those small victories, every small win is a win.” --------------- Links: Keep up with our guest Angela Saccone on LinkedIn, YouTube, and her website Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
Eric Thomas, Detection & Response Engineer at HD Supply, brings his 15 years of experience in tech and cyber to the show this week to discuss collaboration— the most essential piece of the purple team formula. Eric walks us through his day-to-day routine as an engineer and provides us with his own unique insight into his current company's purple team process. Additionally, Eric teaches us about his unique approach to training future professionals with red and blue team skills and philosophies. Timecoded Guide: [00:00] Transitioning from a tech/IT environment into cyber engineering [12:03] Walking through the day-to-day of a defense and response engineer [16:48] Collaborating with the DETH purple team [29:27] Developing security protocols for IoT and OT devices [39:33] Going beyond the "back in my day" training stereotype [51:22] Being the not-so-smartest person in the room Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What is the collaboration between red and blue teams like in your current role as a detection and response engineer? Although Eric is humble enough to admit that the purple team processes in his current work are not his singular idea, he will admit that he led the charge for a more collaborative environment. Leading this initiative started with the desire for a better SOC team. Eric's collaboration wasn't formal at all— he would simply ask other departments for help with their expertise— but this process led to a massively successful process that continues to this day. "My idea was, if we're trying to detect adversarial behavior, we have a resource internally. Who are experts at adversarial behavior? Why try to figure this out ourselves, right? It started off as a very informal thing. It started off as [collaborative] teams." Can you give a brief description of what IoT devices are and what type of testing you do with them? IoT is more than another acronym in the cyber industry— it refers to the Internet of Things, or the way everyday devices connect to the internet and to each other. The concept of IoT heavily connects to OT, or operational technology. Unfortunately, because these are lesser known systems, they're less secure and less understood by security teams. Eric's team of consultants aims to fix that issue, providing security protocols where there are none. "We have the technology and the mechanisms to protect our traditional IT. When it comes to OT and Internet of Things (IoT devices), this has been significantly overlooked. What we're seeing is a push to get security professionals more interested in protecting these devices." How are you training future professionals and teaching them to do things differently from the problematic ways you learned back in the day? It's almost too easy to slip into the problematic "back in my day" mindset of an experienced professional, but Eric actively combats the idea that the old ways of doing security were better when training students. Instead, Eric advocates for students to take a different, more unified approach to their learning process. Aspiring professionals shouldn't work in a silo and should instead be exposed to red and blue team processes during their learning journey. "Don't go into the silo, build your network, talk to people across the aisle, it's gonna make you a better pen tester. That's what I tell [upcoming professionals], that the more blue team friends you have, it's going to make you a better pen tester.” What advice do you have for any up-and-coming security folks who want to move into the industry? Collaboration is the name of the game, and Eric wants up-and-coming security practitioners to approach collaboration from a place of learning. No matter how knowledgeable or skilled you are in a certain process or technology, remember that you're not the smartest person in the room in every situation. Be curious about the work of others around you, and don't be afraid to ask questions and learn from your peers, no matter what team they're on. "If you can learn anything from my story, it's that you should collaborate, network, and talk to people. Never go into a room where you know you're going to be the smartest person, and never think you're the smartest person in the room, because then you won't ask questions." --------------- Links: Keep up with our guest Eric Thomas on Twitter and LinkedIn Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
Nick Popovich, Hacker in Residence at PlexTrac, drops by to say hi to the Hacker Valley crew and give some insight into PlexTrac's purple teaming services. Starting his career in offensive security as a pen tester, Nick gained great insight into purple teaming at companies like Optiv before he joined PLexTrac's team of hackers. This week, Nick talks about PlexTrac's unique software integrations, practical purple team collaboration, and differentiating between his experiences in red teaming and pen testing in offensive cyber. Timecoded Guide: [00:00] Getting involved in tech through the Army & continuing as a civilian [07:02] Transitioning from security analyst into pen testing & offensive security [14:41] Explaining the difference between red teaming & pen testing [36:11] Collaborating red & blue to make the perfect purple team [43:16] Using PlexTrac for purple team engagements [50:07] Avoiding burnout & disengaging from hacking after work Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley What was that transition like for you from security analyst to pen tester? Nick describes his transition from being a security analyst who looked at pen testing reports to becoming a pen tester as nothing short of fascinating. After struggling to re-engineer the reports he was seeing at work as an analyst, Nick took his chances on becoming a practitioner through getting certified, expanding his education, and working for a small pen testing consulting company. Working in that boutique environment gave him an overall appreciation for the nuance and knowledge needed to be a successful pen tester. “I've gotten lucky to see both sides of the coin, meaning that raw boutique with six folks where you're the entire pen testing practice. And also, I've been in a pen testing practice with dozens upon dozens of team members supporting me.” People misunderstand purple teaming. Can you talk about what purple team collaboration really looks like? Many perceive purple teaming as the red team and the blue team just working together. In reality, Nick explains that an actual purple team requires a lot more than occasional proximity and communication— it requires strategy, established procedures, and set goals and outcomes. Instead of forcing proximity without the proper leadership or planning, a program like PlexTrac needs to be in place to further facilitate and create that complete purple team integration. “Folks still have their day job. During a purple team engagement, the blue team still has to protect the fidelity of the environment, they have a day job they're doing. So, establish rules, establish a procedure, and then, really come up with outcomes that you want to see.” How does red vs blue team collaboration translate into PlexTac's application? Purple team collaboration starts with having a clear plan and communication strategy. Enter PlexTrac, a program designed to be a place for collaboration. The best part of PlexTrac in Nick's opinion? They're the pane of glass to look through, not the replacement for other programs. Being able to integrate programs like SCYTHE into PlexTrac not only maximizes collaboration opportunities, but also avoids issues of conflicting technology. “It's a place for collaboration. It's a place where the data lives and you work on it together. Whether you're starting your purple team journey, or you have an established purple team and you want to derive more value, a platform like PlexTrac can go a long way.” What do you do outside of cybersecurity to avoid burnout? In his years of working with pen testers and practitioners, Nick has seen a lot of burnout and a lot of overworked cyber professionals. To avoid the burnout that feels all too common during the industry's current labor shortage, Nick hikes, plays pool, and tries to keep his screen time down. No matter what your hobby is, be it the media you consume, the content you create, or the games you enjoy, having an outlet outside of the industry will save you from burning out. “I'm not saying screens are bad. I'm just saying to find something that can disengage your mind from the hacks and the cracks, from the tech debt that your brain is incurring, is absolutely important. If you don't find a way to have balance, your brain is going to fry.” --------------- Links: Keep up with our guest Nick Popovich on LinkedIn and Twitter Learn more about PlexTrac on LinkedIn and the PlexTrac website Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
Alexia Crumpton, Lead Cybersecurity Engineer at MITRE, joins the pod this week to cover leaving the old ways of cybersecurity behind to embrace the new generation. As both an engineer with MITRE and an educator for future cybersecurity practitioners, Alexia understands the complexity of new and emerging concepts in modern day cybersecurity— and she sees the confusion our current training methods are creating. Alexia helps us answer: How can we teach the purple team perspective to the next generation? Timecoded Guide: [00:00] Gaming MMOs & becoming a cybersecurity engineer for MITRE [08:36] Knowing defensive & offensive cyber to sharpen any practitioner's skills [23:04] Teaching the new generation of cybersecurity & changing the old ways [32:13] Using Fortnite gaming to accessibly teach cyber skills [42:09] Learning cyber skills & being patient with the cybersecurity salary Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley Do you think knowing both the red and blue sides sharpens whatever side you're working on? Alexia describes defensive and offensive knowledge like a marriage— both have to not only coexist, but also work together. Having both defensive and offensive skills under your belt gives you, as a cyber practitioner, an overwhelming advantage in your ability to work efficiently. Instead of having to wait for someone to explain or struggle through systems you don't understand, you can rest assured nothing is missed and everything is understood. “When I first got into the defensive side, the way the SOC was moving, the way the blue team analysts were moving, I was like, ‘You guys are missing a lot of things that I had to develop to bypass all of the things that you're looking for.'” What would you say is the biggest challenge with trying to build that cohesive purple team mentality? In Alexia's opinion, two challenges hold back companies from being able to build a cohesive purple team: communication and training. Without proper communication protocols between team members, everyone fends for themselves and neither red nor blue team practitioners can fully understand each other. Without proper training and knowledge, teams are stuck arguing between the old ways of past technology and the new ways of present day programs. “If I know what you know and you know what I know, we can work together as two brains to create something that is innovative and better for the cybersecurity community as a whole. Us working as a team is better in the fight against adversaries than me working by myself.” How do we get corporations to embrace creating content developed around bringing people in, teaching them, and most importantly, investing in their talent? 28:51 Unfortunately for many new practitioners entering the industry, a large majority of cybersecurity companies still rely on the “old” way of doing many tasks and working with a lot of modern day tools. In Alexia's perspective, this “old” way of thinking creates a massive gap between new employees and experienced professionals where confusion and dissatisfaction thrive. If they embraced the new way and asked new professionals how they learn best, many companies would find talent more willing to learn and stay in cyber roles at their organization. “I think it's about working with a new generation, just asking them: How do you learn? How do you retain information? What do you want to know? What are you interested in? So that we're giving information that helps people, that tells them the resources that are out there.” What is a piece of advice that you wish you would have known early on in your career? As an educator herself, Alexia understands the money-driven, certificate-driven mindset of newer cybersecurity practitioners. However, for the next generation of cyber professionals, Alexia recommends not chasing a salary. Instead, be willing to learn different skills, roles, and teams within cybersecurity. When you have the information you need to be a well-rounded practitioner, the salary will follow and you will avoid burnout or dissatisfaction with your role. “Don't worry about chasing a salary, because when you find the field that you want to be in, that you love to be in, the money will follow. The money is definitely going to follow. Learn about the different career fields, because having that information is going to help you.” --------------- Links: Keep up with our guest Alexia Crumpton on LinkedIn Learn more about MITRE on LinkedIn and the MITRE website Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
Bryson Bort, CEO and Founder of SCYTHE, dons his unicorn getup and joins the pod this week to talk about purple teaming and building businesses with community in mind. After founding GRIMM, his first company, Bryson wanted to carve a path of purple team innovation in cyber and created SCYTHE to do just that. Along the way, Bryson saw a need to further engage the cyber community in education and accessibility, and co-founded the ICS Village to encourage training opportunities and bridge industry skill gaps. Timecoded Guide: [00:00] Transitioning from army intelligence into founding GRIMM & SCYTHE [11:38] Education, certifications, & training efforts with GRIMM & ICS Village [23:53] Data driven security efforts vs compliance checklists [32:32] Combining Plex Trac with SCYTHE & MITRE ATT&CK [41:34] OT vs IT environments & the key to understanding risks for both [50:50] Cooking up community philanthropy as the Unicorn Chef Sponsor Links: Thank you to our friends at Axonius and PlexTrac for sponsoring this episode! Life is complex. But it's not about avoiding challenges or fearing failure. Just ask adaptive athlete Amy Bream. Want to learn more about how Amy controls complexity? Watch her video at axonius.com/amy PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley How was the transition from Army intelligence into the world of commercial cybersecurity? Before attending West Point, Bryson had his own cybersecurity experience hacking small devices like calculators as a curious kid. He credits this early curiosity as a foundational knowledge that led him not only to a career in intelligence, but later becoming a founder of cybersecurity companies. Transitioning away from working for the government allowed Bryson to achieve a level of freedom with consulting opportunities that he previous didn't have. “From a discipline side, it's a unique experience. I couldn't get it anywhere else. That being said, working with government is working with government. I had fun with the missions, but it was time to go. I wanted to do cyber more on my own terms, which is why I founded GRIMM.” GRIMM and other projects you've worked on seem to see staff training as a priority. Why is that? As skills gaps widen and employee shortages continue, Bryson explains that companies that don't provide training opportunities for staff stand out as major barriers to entry in cyber. Bryson's previous company, GRIMM, and his current one, SCYTHE, both offer mentorship and training opportunities for team members. Expecting to hire someone with all the skills is unrealistic, Bryson explains, and training is necessary for security to manage threats. “There's more work and need than there are people, which means we need to invest in folks. Most jobs really don't come through cold calls or the web. Most jobs come through relationships. If you know somebody who's interested, help them get into your company.” Why is that “blue team vs red team” mindset so hard for security practitioners to break out of? Bryson explains that the error of security practitioners' ways lies in not seeing security as process improvement. Unfortunately, cybersecurity is still overrun by egotistical employees, relying on whiteness or masculinity to inflate their intelligence and self importance. This only succeeds in creating tension-filled environments where there is no comprehensive assurance of security. Blue teams end up overwhelmed and red teams end up frustrated. “We don't need the pen tester or the red team to just win. Sure, that feels good, but that's not the point. We cannot be ego driven, we can't be win driven, and we can't continue to just create work that we're throwing on top of people when they already have a day job.” How do we get more companies to embrace the “purple team” mindset as more than a buzzword? Sometimes, companies misunderstand the purpose of creating a purple team and force the blue and red teams into the same working space instead of having them work together. Bryson explains that business buy in and leadership focus are essential to the success of any purple team. If the business doesn't want to buy into creating that workflow and leadership doesn't care about creating a real purple team, nothing good will come of the situation. “The starting point to any purple team is leadership. If leadership doesn't care, don't bother. At the end of the day, if business doesn't buy in, it's not going to happen. The purple team process can build that momentum once you've got that, but you can't do it without that buy in.” --------------- Links: Keep up with our guest Bryson Bort on Twitter and LinkedIn Learn more about SCYTHE on LinkedIn and the SCYTHE website Thank you to our friends at Axonius and Plex Trac for sponsoring this episode! Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
In this episode, we're joined by Maril Vernon. Maril is a purple team lead and co-host of the Cyber Queens Podcast. From a background in marketing, Maril's natural curiosity and determination lead her to a new career in cybersecurity with the Air National Guard and beyond. She discovered that there isn't one job in the field, but many types to choose from. She landed her first job in cyber security by applying her soft skills and tenacity. Maril says never to be afraid to ask “stupid” questions. Timecode Guide: [3:21] Maril's origin story [7:27] Beating imposter syndrome [12:33] Curiosity of a pentester [16:47] Red Vs Blue [21:24] Purple works together [41:46] Invest in people [45:44] Maril's hobbies [52:10] Cyber Queens Podcast [58:12] A piece of advice [59:56] Where to find Maril Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it's not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley Give the Rookie a Chance Maril explains that entry-level employees aren't given the trust or space to grow. These employees are the future of the industry, and frankly, the older employees are burned out. When given the proper training and investment they can share the load and lift companies to higher places. “I leaned in hard to those soft skills that I knew that I brought with me, in lieu of the technical skills I did not have. And for that company, that was enough, that got my foot in the door.” Red and Blue are Fighting the Same Enemies Red and Blue teams are often pitted against each other, but in reality, they are fighting the same war. Maril believes you should make small talk before you talk shop. Rapport, discourse, and transparency are key to creating workplace communication. Davin and Maril explore the relationship between Red teams and Blue teams, how they differ, and what possibilities happen when they work together as a purple team. “One of the things purple teams are able to do is on the tangible side, it's to definitively demonstrate proactive and reactive cyber resilience. If it's done properly you can actually say this is our quantified ability to sport and attack proactively or to reactively.” ------ Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Maril on Twitter and LinkedIn. Listen to Cyber Queens Podcast. Follow Davin on LinkedIn. Continue the conversation by joining our Discord.
In this episode, host Davin is joined by Tyson Supasatit, the Director of Product Marketing at Uptycs, to discuss how Upytcs is leveraging the MITRE D3FEND framework to further build upon their defensive capabilities. Tyson shares how Uptycs utilizes their robust use case library to demonstrate and provide creative solutions to their customers, compares the ATT&CK and D3FEND frameworks, and explores how Uptycs is leveraging the D3FEND framework to better implement defensive countermeasures. Lastly, Tyson gives his advice to folks looking to break into cybersecurity. Guest Bio: Tyson Supasatit is the Director of Product Marketing at Uptycs. He's been in the infosec space for over 10 years and has been fascinated with cyber defense for longer than he can remember. In his spare time, Tyson raises chickens, along with two children and various other pets. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Learn more about the MITRE ATT&CK and MITRE D3FEND frameworks Stay in touch with Tyson Supasatit on LinkedIn and Twitter Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Hear more from Hacker Valley Media and Hacker Valley Blue
In this episode of Hacker Valley Blue, host Davin is joined by McKenna Yeakey, a Corporate Security Engineer at Plaid, to discuss the importance of human-centric security. Mckenna explores the “human” aspects of her job and why end user impact plays such a major role in her decision making. She shares how she leverages her natural curiosity and problem solving skills to perform the ins and outs of threat intel as well as her thoughts on The Great Resignation and skill gaps in cybersecurity. Lastly, McKenna expresses her passion for mentoring the next generation of cyber professionals and her tips for newcomers in the field. Guest Bio: Mckenna Yeakey is a Corporate Security Engineer in the FINTECH industry. She leverages her technical skills and domain knowledge to bring value to the organization and the cybersecurity community. She is also a very active member of the Women's Society of Cyberjutsu, Cybersecurity Gatebreakers Foundation, and an SME for CompTIA. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Mckenna Yeakey on LinkedIn and Twitter Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
In this episode of Hacker Valley Blue, host Davin is joined by Christopher Peacock, a Detection Engineer at SCYTHE, to discuss all things blue team. Christopher explores why asset management is a great security starting point for small organizations and why advanced persistent threats (APTs) are becoming increasingly difficult to defend against. He emphasizes the importance of red and blue team collaboration and takes time to share his career advice to those looking to break into the field. Guest Bio: Chris is an Adversary Emulation - Detection Engineer at SCYTHE, specializing in Purple Team Exercises and Detection Engineering. His previous experience includes multiple roles such as Cyber Threat Intelligence Analyst, Cyber Threat Hunter, Tier 3 SOC Analyst, Incident Responder, Cyber Security Consultant, and Purple Team Lead. He previously worked at Raytheon Intelligence & Space as well as General Dynamics Ordnance and Tactical Systems. Additionally, he has experience in multiple industries, including Energy, Finance, Healthcare, Technology, and Defense. Current certifications include GCTI, GCFA, GCED, eJPT, and CSIS. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Christoper Peacock on LinkedIn Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
In this episode of Hacker Valley Blue, host Davin is joined by John Stoner and Andy Piazza to talk about the current state of cyber threat intelligence. John and Andy explore the gap that exists between technical team leads and security leadership, the urgent need for more entry and junior level hires in the field, as well as their favorite CTI resources and tools. Lastly, they share their tips and advice to those interested in breaking into cybersecurity. Guest Bio: John Stoner has over 21 years of experience in the US Intelligence Community (USIC), DOD, and national security industry with 12+ focused in cybersecurity. He has experience with Cyber Threat Intelligence (CTI), instructional design, cyber counterintelligence (CI), Defense Industrial Base (DIB) engagements, NIST 800-171 & 800-53 familiarity, Advanced Persistent Threat (APT) analysis, Risk Management Framework (RMF) and Governance, Risk and Compliance (GRC). Andy Piazza is a threat management expert with experience across multiple fields of operations, ranging from high level strategic management down to tactical/technical field ops. Led diverse teams in high-stress environments world-wide, from counter-narcotics to cyber threat analysis; achieving complex mission objectives through focusing on team development and process maturation. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with John on LinkedIn Stay in touch with Andy on LinkedIn Connect with Davin Jackson on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
In this episode of Hacker Valley Blue, Davin is joined by the founder and COO of MaxProd Technologies, Marcus Bowie, to share his story from helpdesk, to SOC analyst, to business owner. Marcus shares how he leveraged his resourcefulness and work ethic to fast track his on-the-job work experience. Marcus explores how he strived for success, built on his knowledge over time, and pivoted to new job opportunities along the way. He takes a deep dive into how he and blue teams stay sharp and prepared against emerging threats as well as his thoughts on the skills gap in cybersecurity. Lastly, Marcus gives his tips and advice for newcomers breaking into the field. Guest Bio: Founder and COO of MaxProd Technologies. Marcus has 12+ years of experience in Information Technology. He has supported several agencies including Department of State Diplomat Security and Department of Homeland Security Customs Border & Patrol. Marcus is now supporting the Department of Energy as a Cyber Security Engineer and Nuclear Regulatory Commission as a Forensics SME. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Marcus on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
How do you use threat intelligence to inform your decision making? In this episode, Davin and guest Katie Nickles take a deep dive into cyber threat intelligence. Katie explores the role threat intelligence plays in determining an organization's security posture, how threat intel helps blue teams stay ahead of and anticipate emerging threats, and what the day-to-day of a Director of Intelligence looks like. Katie shares her passion for teaching and nurturing the next generation of cybersecurity professionals and getting more girls/women interested in tech. Lastly, Kaite shares why she feels asset inventory is an inexpensive solution and great starting point for companies looking to kick off a security program. Guest Bio: Katie Nickels is the Director of Intelligence for Red Canary as well as a SANS Instructor for FOR578: Cyber Threat Intelligence and a non-resident Senior Fellow for the Atlantic Council's Cyber Statecraft Initiative. She has worked in cyber threat intelligence and network defense for over a decade for the U.S. DoD, MITRE, Raytheon, and ManTech. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Katie on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
When red and blue forces unite, everyone wins. Eric Belardo joins Davin in this episode to discuss the benefits of blue and red teams working together, the challenges blue teamers face, and the benefits of diversity of thought. Be sure to tune in to this impactful episode of Hacker Valley Blue: The Defenders. Guest Bio: Eric Belardo is a former CISO and experienced professional with over 30 years experience in Cyber Security Risk Management, Security Operations Center Management & Operations, Security Architecture (COBIT, TOGAF, DODAF), Application Security, Security Operations Management, Penetration testing and GRC. He is also a former Forensics Investigator and Instructor. OT/ICS/PLC/SCADA and IT security. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Eric on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
Welcome to episode 1 of season 3 for Hacker Valley Blue! In this season, host Davin Jackson will be gathering the BEST blue team defenders in the field to share their expert advice, tips and strategies to up your defensive game in cybersecurity. In this episode Davin is joined by Lesley Carhart, an ICS Incident Response and hacker extraordinaire. The two take a deep dive into Lesley's cyber background, address blue teaming common misconceptions, and where her “hacks for pancakes” tagline comes from. Guest Bio: Lesley Carhart is a Principal Incident Responder at the industrial cyber security company Dragos, Inc. She has spent the last 14 years of her 20+ year IT career specializing in information security, with a heavy focus on incident response to nation-state adversary attacks. Prior to Dragos, she was the incident response team lead at Motorola Solutions, performing digital forensics and incident handling services for both enterprise and public safety customers. Her focus at Dragos is developing forensics and incident response tools and processes for uncharted areas of industrial systems. She is also a curriculum developer and instructor for the Dragos “Assessing, Hunting and Monitoring Industrial Control System Networks” course. Lesley was named a “Top Woman in Cybersecurity” by Cyberscoop news, was voted DEF CON Hacker of the Year in 2020, and received the Guidance Enfuse conference “Women in Technology” award. She holds a Bachelor's Degree in Network Technologies from DePaul University, A.A.S. in Avionics Systems and Electronics Systems, GIAC GCIH, GREM, GCFA, and GCFE certifications, and currently serves as a Cyber Systems NCO in the US Air Force Reserves. Links: Thank you to our friends at Axonius and Uptycs for sponsoring this episode! Stay in touch with Lesley on Twitter and LinkedIn Connect with Davin on LinkedIn and Twitter Watch the live recording of this show on our YouTube Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Blue
This is the finale of Know Thyself. What an incredible journey, we feel like this entire experience flew by so fast, we got to talk to so many incredible people about knowing yourself, knowing your team, knowing your tech stack, knowing your environment, and even knowing your story. Make your organization better make your security posture better, strive for impact, what are the most high leverage things that you can do today to make everybody's lives easier, or more safe, and then yield the feedback, there might be some things that you might be missing, you might need to ask questions, ask for feedback, get some information from your stakeholders, what what are you thinking about that I might not be thinking about? asking these different things is how you know thyself. And this is how you get to know the people that are around you, your peers, your stakeholders, the more knowledge you have got started with that Sun Tzu quote, in the very beginning of the podcast, if you know yourself and you know your enemy, you need not fear the results of 100 battles. So if you really understand yourself, and you have good threat intelligence, understanding the externals, you have good vulnerability management that understands the externals and the internals, if you mash all that information together, I think you'll be able to do great things with your cybersecurity program. Key Takeaways 0:02 Introduction to the show 0:49 Our Sponsor, Axonius 2:09 Welcome back 2:31 Reflecting on Know Thyself 3:17 Recap This Seasons Guest 3:22 Marcus Carey 4:17 John Strand 5:05 Aaron Reinhart & Jamie Dixon 5:54 Chaos Engineering 7:12 Lenny Zeltser, asset inventory 7:54 Kevin Allison, Storytelling is a soft skill 10:19 John Strand 12:13 Can we do better? 13:54 What kind of leader are you? 14:26 Do you have unsupported devices? 17:34 Ask yourself these questions 13:33 Go back to the EASY Framework 21:50 Learning 23:29 Exploration 24:00 Immersion 27:28 Reach Hacker Valley Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Supported by Axonius
In this masterclass of HVB season 2 we brought in a master story teller in Kevin Allison. The biggest thing is to get a person to understand, don't just summarize, don't just walk us through a Wikipedia like where you're just giving us a broad overview. And you're explaining; it's important to remember sensory details that will help us see almost like movie scenes, what was happening between people. That is what brings the story alive. So that's a good case right there where the bones of the story were incredible. Like that's just on paper and an incredible overview of a story, but it's not going to work unless you can fill in all those sensory details that bring it alive and make it emotional for us. Storytelling is a soft skill that offers the ability to contextualize cybersecurity in a manner that any organization can understand to allow their business to stay safe. Key Takeaways: 0:00 Previously on the show 2:37 Kevin introduction 3:20 Episode begins 3:39 Where Kevin is today 7:58 Kevin's origin story 12:04 Cybersecurity is performing 17:08 Storytelling for business 21:00 Engineering a story 26:12 Authentic storytelling 34:54 Speaking isn't perfect 41:02 Where to find Kevin The Story Studio RISK!: True Stories People Never Thought They'd Dare To Share RISK! Podcast Twitter Facebook Instagram Risk Show Podcast Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
If want to get into computer security, you're going to learn to love it, you're going to have to be successful, because a lot of computer security isn't just about bits and bytes, it's really about effectively communicating what needs to be done to the right people. In this episode we have the incredible John Strand. Organizations need to become more proactive, and see where those weak spots are to protect themselves from something like ransomware. You need to run a pen test because you can have somebody literally launch those attacks, and identify those weaknesses in those vulnerabilities before the bad people do. What's the gap that we can all learn from? It's passwords. By and large for most users, passphrases are the way to go. And, multi-factor authentication is actually a very sound strategy. If you look at one key tenant of computer security, complexity is the enemy of computer security. And security is constantly trying to catch up and protect against yesterday's attacks. So, the future is more connected, it's more complicated. And the problem is, we still have people that use weak passwords, we still have people that click on links from strangers. And ultimately, when we're looking at that future, you're going to see the exact same problems that we've always had complicated on a much, much, much, much, much larger scale. As things get more and more pushed to the cloud. There'll be no shelter here, the front line is everywhere. World of computer security. Key Takeaways: 0:00 Previously on the show 2:02 John introduction 2:44 Episode begins 2:47 What John is doing today 3:45 John's core tenets 5:51 How pen testing is “Blue” 6:17 Why understanding fundamentals matters 8:55 Ransomware 10:41 Organizations need to be prepared 11:58 Password gap 13:37 Password philosophy 17:07 Multi-factor authentication 21:40 What to do today 24:24 New problems 26:44 Learn your own network 28:26 Where to find John John Strand on Twitter John Strand on LinkedIn Black Hills Information Security Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
In this episode, we brought in two exceptional guests that are no stranger to chaos. In fact, they've identified ways to engineer for chaos. In the studio, we have Aaron Rinehart, CTO, and founder at Verica. We also have Jamie Dicken, former manager of applied security at Cardinal Health and current director at Resilience. These two are also authors of Security Chaos Engineering. If you haven't read that book it's already out, you should check it out. Chaos engineering is the technique of introducing turbulent conditions into a distributed system to try to determine the conditions that cause it to fail before it actually fails. So they simplify it. What we do with chaos engineering is learn about the system without experiencing the pain of an outage or an incident. You learn to trust your gear by testing. The biggest impact really came once we understood how security chaos engineering fits into the bigger security picture. It's not about just being a part of the latest and greatest techniques and having the excitement of doing something that's cutting edge, but security chaos engineering at the end of the day. It's useless unless what you've learned drives change. Key Takeaways: 0:00 Previously on the show 1:40 Aaron Rinehart and Jamie Dixon introduction 2:08 Episode begins 2:59 What Jamie and Aaron are doing today 3:13 What Jamie is doing 4:13 What Aaron is doing 5:00 Discuss chaos engineering 9:26 Importance of chaos engineering 10:16 Myths of chaos engineering 12:55 Chaos engineering customer impacts 17:34 Learning to trust the test and end result 19:03 Reader and customer feedback 22:21 Chaos engineering gone wrong 27:39 Implementing change in cybersecurity 28:11 Building a team of experts 39:08 Getting involved in chaos engineering 41:09 Tools for listeners 43:25 Keeping up with Aaron and Jamie Aaron Rinehart on Twitter aaron@verica.io Jamie Dicken on Twitter Verica on LinkedIn Verica Free Book Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
In this episode, we brought back our good friend Lenny Zeltser. Lenny is Chief Information Security Officer at Axonius. He's developed a mindset of looking at security components as building blocks to create a holistic security environment. To this day, even while operating as an executive, he has wisdom that anyone can learn from. Quite often, the less sexy aspects of information security are ignored, when in reality, you need to understand what resources you're supposed to protect, which assets are compromised, and the infrastructure for your organization. People jump right into fighting the big fires, and as you know, there is a reason why there are so many day-to-day urgent activities. To start moving in a positive direction, Lenny shares this advice, “Understand what the major data sources you can tap into rather than thinking ‘let me create this one new way of serving everything I have are.'” The information is there. Think about three sources of information that might get you the biggest bang for the buck! Key Takeaways: 0:00 Previously on the show 1:40 Lenny introduction 2:05 Episode begins 3:10 What Lenny is doing today 5:35 The evolution of Lenny's career 8:30 Parallels between beginning and now 10:38 Journey and growth of REMnux 13:00 Challenges Lenny has faced 15:21 Collaboration surprises 17:18 Horror stories 20:18 Enforcing policies 23:34 Asset management 26:08 New tech and trends 28:45 Biggest discovery about self 32:38 Advice for others 34:24 Keeping up with Lenny Links: What Lenny Does Lenny on the Web Follow Lenny on Twitter Lenny on LinkedIn Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
In this episode of Hacker Valley Blue, we brought in a guest who has been on a journey of transformation of self and technology. Our guest is Chani Simms, managing director of Meta Defence Labs. We talk about what is essential for cybersecurity. If there was a magic box that could solve an issue, what problem would Chani want solved? “People!” They need to be trained, and care, and have buy in. They must be devoted to what they're doing. They need cultural awareness and support – it isn't easy and the hardest job. When it comes to leadership, organizations need to use people already in the organization. It is important to know what they're trying to do. You have to use security as an enabler. Leadership is responsible for communicating objectives and goals. Key Takeaways 0:00 Previously on Hacker Valley Blue 1:36 In this episode 3:10 Background and day job 5:37 Cyber essentials 13:46 Keeping up to date 15:26 Access control 17:07 Security hygiene 19:48 Magic box 21:32 Leadership fundamentals 26:22 Formula 1 analogy 28: 46 Wrap up Links: Chani on LinkedIn Chani on Twitter Email: info@metadefencelabs.com Sponsored by Axonius Hacker Valley Studio Chris Cochran on LinkedIn Ron Eddings on LinkedIn
Know thy organization is key! Wise words from the powerful Marcus J. Carey. Don't be afraid to admit the bad stuff and be honest about the situation. Most of the time people get fired because they are scared to admit the failure. You have to build a tight network of people you trust who will be brutally honest with you. You need those people who are going to tell you the truth. Other people will see your superpowers before you do. Superman didn't know he was different, but others saw the differences and the strengths he didn't even realize he had. Always pay attention to how people react to what you do, then you will figure out what you are really good at. We over emphasize what we suck at and ignore what we are good at. Don't do that. You need to understand how amazing, awesome and beautiful you are. Double down and double down hard. Do not be afraid to show your talents and be confident in your superpower. In security, there is a role for everybody. Key Takeaways: 1:40 In this episode 2:12 Welcome 3:40 Marcus background 4:57 What lead Marcus to cyber 7:09 Self discovery 9:48 Creations and inventions 14:22 Gathering and retaining information 17:53 Auxiliary skill 21:35 Abilities and mission 25:26 Overlooked areas 31:44 Advice to others 35:41 Staying up-to-date with Marcus Links: Marcus on Twitter Marcus' Books on Amazon Marcus on LinkedIn Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter Sponsored by Axonius
Welcome to Hacker Valley Blue Season 2 “Know Thyself”. Instead of focusing on the enemy – threat intelligence and environment, we are focusing on knowing yourself and security stack. You need to know the business, but also the fundamentals of security landscape. Without the fundamentals, you cannot reach the level of success you desire. Getting laser sharp on computer networks and how computers speak to each other. Without understanding how each of the pieces work together, you cannot make strategic decisions. We have many guests this season that will teach more about the fundamentals. Stop ignoring the fundamentals and find synchronicity among your team. Building this team makes an impact for the business. You will have positive outcomes. Stop sweeping the issues under the rug to make better decisions. Cybersecurity is a lot like playing a game of chess using pieces, policies, and guidelines. Opponents use the same things but don't play by the rules. You continually must up your game and face the opponent who isn't playing fairly. Knowing business, team, story and self is so important and that is what is coming up on the rest of the season. Key Takeaways 0:00 Welcome 2:00 Kick-off 3:13 The fundamentals 5:46 How do you get people excited? 7:07 Making an impact on a business 8:43 Where does one begin to know thyself 10:32 Formula 1 analogy 12:32 Leadership 16:00 Superpowers 19:38 Three Rs of memory 24:58 Chaos engineering 27:56 The brother's trip 30:11 Stepping into unknown 31:15 Play at work 32:00 Season recap Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ron Eddings on Twitter Follow Chris Cochran on Twitter This entire season is sponsored by Axonius
In this episode of the Hacker Valley Studio podcast's Hacker Valley Blue series, Ron and Chris wrap up the season with a recap of its past episodes and major takeaways, as well as a look at what's to come for them personally and for the podcast. Looking back on the season, Ron and Chris consider the importance of communication in the field of threat intelligence, specifically thinking of insights from their talk with D'Arcy and lessons in poetry and delivery from Valentina. They cover the surprise of Jack's willingness to share personal thoughts, review their discussions of bias (specifically highlighting talks with Jon and Susan), and recount things learned about the concept of unhackability. Listeners will hear about the inevitability of mistakes in threat intelligence work, the “easy button” framework, the season theme of sharpening oneself outside of work, and the dynamic of a threat intelligence team. 0:47 - Ron and Chris talk about the importance of communication in the field of threat intelligence. 2:56 - What was one surprise in this season? 3:52 - The hosts review their conversations about bias. 6:55 - The episode turns to the “easy button” framework and the need for personal sharpening outside of work. 16:15 - Ron and Chris consider the inevitability of analysts missing things and the building of a team. 20:22 - What is the future of threat intelligence for Chris and Ron? 27:50 - The hosts review their insights about the possibility of an unhackable device or app. 29:43 - What is next for the Hacker Valley Studio podcast? Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about RiskIQ
Ron and Chris host their vocal coach, D'Arcy Webb, for this episode of the Hacker Valley Studio podcast's Hacker Valley Blue series. Since threat intelligence is a communications-based function, Ron and Chris look to “The Speech Diva” for insight. She has experience as an actress, was a coach for TEDxCambridge, and loves teaching people how to access the power of language to touch people's hearts and change their minds. As the conversation begins, D'Arcy explains her background to listeners. She explains how an acting incident early in her career turned her attention to the topic of vocals, and clarifies that she has spent the last 25 years teaching and exploring this aspect of performance. D'Arcy is passionate about treating the voice as the instrument that it is, and she works with students such as Chris and Ron to help them discover the musical and magical components to language and improve their own speaking practice. The way we speak, she insists, impacts people, and so it is well worth pursuing excellence in this area. 1:29 - Listeners are introduced to D'Arcy. 4:35 - The group considers Ron and Chris's progress in speech. 6:08 - D'Arcy believes that magic and music are inherent in language. 8:48 - Who are D'Arcy's favorite speakers, and what is the value of pauses? 12:03 - People wanting to grow need to learn the fundamentals. 17:05 - D'Arcy addresses filler words. 19:31 - The group thinks about comfortable technique, Pablo Neruda, onomatopoeia, and more. 27:52 - D'Arcy speaks to the power of speech and the importance of proper breathing. Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about D'Arcy Webb Connect with D'Arcy on Facebook Email D'Arcy at darcy@darcywebb.com Learn more about our sponsor RiskIQ
This episode of the Hacker Valley Studio podcast's Hacker Valley Blue series is a bit unique. It features Brandon Dixon, the VP of Strategy at RiskIQ, a major sponsor of the podcast. Brandon co-founded Passive Total in 2014, and it was later purchased by RiskIQ. He is the quintessential guest, invested in fitness, philosophy, tech, and leadership. He is an expert in both the practice and business of threat intelligence, and he shares with Ron and Chris about himself, his work, and the field. Much of the conversation focuses on Brandon and his work background. Brandon explains his journey into the threat intelligence field, from his early interest, through jobs in tech and academia, and to work in espionage research. Eventually, he and friend Steve McGinty saw a need and tried to solve it; their efforts took shape in the company they co-founded, Passive Total. Brandon explains to listeners the process by which he and Steve created Passive Total, as well as the way in which they arrived at the deal to sell Passive Total to RiskIQ. Brandon was heavily involved in the integration of Passive Total into RiskIQ, before eventually settling into a specific role within RiskIQ that capitalizes his love of the business side of the field. He aims to work in light of his personal philosophy on life and success, which he also details. 0:26 - The conversation begins with an introduction to this unique episode, its guest, and his background. 2:43 - The group considers the changing business of threat intelligence and what drives Brandon. 8:24 - The next topics are bias and intelligence collection, as well as what surprises Brandon. 13:00 - Brandon shares the story of Passive Total and its integration into RiskIQ, also addressing the business side of the field and lessons learned through his experience. 24:04 - Brandon addresses intelligence leads and the question of unhackability. 34:44 - What is Brandon's philosophy on life and success? 39:37 - Brandon explains what threat intelligence leaders need to do to improve their programs. Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Brandon on Twitter Learn more about our sponsor RiskIQ Follow RiskIQ on Twitter Connect with RiskIQ on YouTube
This episode of the Hacker Valley Studio podcast is the fifth installment in this first season of the Hacker Valley Blue series, and features guest Susan Peediyakkal, an expert in building threat intelligence programs. Susan is a cyber threat intelligence consultant, the founder of BSides Sacramento, and a member of the advisory boards for several cybersecurity companies. She joins hosts Ron and Chris to speak to her background, the future of threat intelligence, and much more. Susan first details her background, running through the highlights of her approximately 16 years in cybersecurity, which have focused mostly on threat intelligence. Susan began her career in the air force, and is still a reservist. She worked with radar, and eventually decided to cross-train and branch into IT. The following years saw her in a number of roles with various organizations, and move decisively into the threat intelligence field. Eventually, Susa noticed that her career trajectory was moving her toward building threat intelligence programs for government entities. She built programs for such varied clients as the government of Abu Dhabi, USPS, US courts, and industry leaders. She recently paused her work to pursue further education, but has since returned to work as a threat intelligence practitioner. 1:40 - Listeners are introduced to the episode and today's guest, Susan Peediyakkal; Susan then shares her background. 5:41 - The group considers the importance of community, misconceptions Susan has noticed about her field, and the artistry and human element of threat intelligence. 16:02 - What kind of bias is Susan running into, and where do analysts go wrong with regard to bias? 21:38 - Susan addresses the term “unhackable.” 24:35 - Susan and her hosts turn to matters of podcasting, voice, and speaking. 31:40 - What do people outside the field get wrong about it? 33:48 - What's the future look like for Susan, her field, and the workforce? Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Follow Susan on Twitter Connect with Susan on LinkedIn Learn more about the episode sponsor, RiskIQ
This episode of the Hacker Valley Studio podcast features Jon DiMaggio, a Senior Threat Intelligence Analyst at Symantec. Jon is a researcher and longtime bad guy chaser, and Ron and Chris fill this installment of Hacker Valley Blue with Jon's thoughts on ransomware, threat research, attribution, and more! 1:41 - Listeners are introduced to Jon DiMaggio and the episode before Jon explains his background.. 5:04 - The first major topic Jon shares about is that of nation-states, specifically speaking to the work of combating nation-state attackers. 12:57 - The conversation turns to the economics of ransomware. 18:39 - What are Jon's thoughts on the possibility of another major worm attack? 20:26 - Jon is asked about how people can enter his field or that of hacking. 24:54 - How should listeners approach attribution and bias, and how has Jon navigated bias in his own life? 31:31 - The group considers Jon's mental organization, his recall of information, and the topic of communication. Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Access the recent work and research on Symantec's threat intelligence feed Learn more about the episode sponsor, RiskIQ
In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris welcome Valentina Palacín for the third episode in the Hacker Valley Blue series. Valentina is a threat hunter who used to work as a translator, and she is currently a senior cyber threat intelligence analyst. She joins Ron and Chris to talk about her background in languages, poetry and the impact of words, and much more. As the conversation gets underway, Valentina explains her background to listeners. She studied translation before starting her career in that field, but transitioned to information technology about two years ago. In her free time, she researches threat hunting in her home country of Argentina. It was challenging for Valentina to change her career path, since she had no background in computer science, but she took multiple steps - working in web development, learning to do programming, taking courses, and more - ultimately becoming a threat intel analyst and speaker. Though the journey was difficult, Valentina feels she was born to work in her current field, and has found her past experience, including knowledge of over 7 languages, to be helpful in her work. 1:38 - Listeners are introduced to Valentina, her background, and her challenging process to enter into the large intel community in Argentina . 5:24 - Did knowledge of language impact Valentina's threat intelligence work? 7:55 - Valentina shares about her programming experience and details her journey into threat intel. 14:23 - What are Valentina's thoughts about MITRE and the relation between intelligence and threat hunting? 18:06 - The group considers how to keep up with changes in the field, and acknowledges that threat intelligence will not catch everything. 22:48 - One thing that Valentina is passionate about pursuing is hobbies outside of work. 27:56 - Does poetry help with threat intelligence work? 32:53 - The conversation turns to Valentina's community, focusing on BlueSpace Security. Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Connect with Valentina Palacín on Twitter Connect with Valentina on LinkedIn Learn more about the episode sponsor, RiskIQ
Fan-favorite Jack Rhysider of the Darknet Diaries podcast joins Hacker Valley Studio hosts Ron and Chris for the second episode of Hacker Valley Blue! Jack joins the show again during an ideal season - one focused on threat intelligence - and this episode will focus on Jack's past in the field of threat intelligence, as well as on a major issue faced daily by analysts in the field: that of managing bias. As the conversation begins, the group focuses on threat intelligence and Jack's work in the field. Jack has been pouring himself into his own podcast, leaning into the fact that threat intelligence is a form of knowing what has happened in the past by his sharing of stories. Jack explains what has surprised him recently in his work, how he maintains a sharp sense of focus, and what sort of continuity he sees between the news-sharing of his current role and a more formal practitioner role within the field of threat intelligence. Jack's podcast work necessitates practical skill in his field, and demands an ability to share complex concepts through simple expression. 1:40 - Listeners are introduced to Jack and the episode ahead. 4:13 - How is Jack currently thinking about storytelling? 8:40 - The group dives into some topics related to Jack's work: his focus and need for practical skill. 12:37 - The conversation turns to the subject of bias. 28:28 - What is Jack doing for research today, and how does he navigate technical questions of storytelling? 36:35 - Finally, Jack and his hosts turn to considerations of personal privacy. Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about Jack Rhysider Follow Jack on Twitter Learn more about Darknet Diaries Learn more about the episode sponsor, RiskIQ
Hosts Ron and Chris welcome you to today's episode! This episode of Hacker Valley Studio is the start of a new season, Hacker Valley Blue, a series dedicated to threat intelligence, exclusively for listeners. The episode begins with Ron and Chris sharing their backgrounds in threat intelligence and cybersecurity. Chris picked intelligence as his job field in the United States Marine Corps, and eventually went on to The National Security Agency and United States Cyber Command. He focused on the how, who, and what of all the cyber-attacks happening at the time. Chris then went on to create his own company, and do consulting work in threat intelligence for over a decade. Throughout the episode, you will hear about what threat intelligence can do for businesses. Ron and Chris discuss how analysts can build rapport with the employees and stakeholders using their intelligence, and what questions companies should ask of analysts for the best results. They do this by walking listeners through Chris' EASY framework. 1:07 - The new season of Hacker Valley Blue is introduced. 3:43 - Chris shares his background in intelligence. 6:15 - Ron shares his background in intelligence 11:43 - What can threat intelligence do for an organization? 17:50 - The EASY Framework 18:41 - Elicit Requirements 21:40 - Asses Collection Plan 26:03 - Strive for Impact 30:24 - Yield the Feedback Links: Learn more about Hacker Valley Studio Support Hacker Valley Studio on Patreon Follow Hacker Valley Studio on Twitter Follow Ronald Eddings on Twitter Follow Chris Cochran on Twitter Learn more about the episode sponsor, RiskIQ
© 2020-2025 Ivy Podcast Discovery LLC
