POPULARITY
3 episodes with Certified Ethical Hacker
2 episodes with Certified Ethical Hacker
3 episodes with Certified Ethical Hacker
2 episodes with Certified Ethical Hacker
9 episodes with Certified Ethical Hacker
Ik deed het al eens met CISM, maar zou ik ook slagen voor Certified Ethical Hacker zonder training?In deze aflevering gaan we het hebben over het (denk ik) meest omstreden certificaat in de security-wereld.Zou ik, die totaal geen pentester is, slagen voor CEH? En wat zegt dat over dit certificaat?Luister de aflevering nu of kijk op YouTube:https://youtu.be/oZC35XLs_vI
En este episodio de Data Shot, tenemos una conversación fascinante con Sandra, CEO y fundadora de Grupo Alapti, quien nos lleva al mundo de la cyberseguridad y la importancia de las certificaciones profesionales. Desde el prestigioso programa Certified Ethical Hacker hasta los desafíos de implementar inteligencia artificial en la seguridad digital, Sandra nos cuenta cómo estas certificaciones pueden marcar la diferencia en el currículum de cualquier profesional de IT. Además, profundizamos en el valor que aporta la capacitación práctica y las alianzas estratégicas para fortalecer la seguridad en América Latina. ¡No te lo pierdas! Este podcast está presentado por X-DATA, el laboratorio de análisis y visualización de datos más afectivo en México, es el manual que necesitas para potenciar tus negocios y proyectos a través de los datos. Página oficial: https://x-data.mx/ Sigue a Data Shot en: Instagram: https://www.instagram.com/datashotmx/ YouTube: https://www.youtube.com/playlist?list=PLxWnfdiUXDOCA-sAw5zSwx3DnvNVmWG5L También te invitamos a seguir a X-DATA en todas nuestras redes sociales: Instagram: https://www.instagram.com/xdatamx/ LinkedIn: https://www.linkedin.com/company/x-data/ Twitter: https://twitter.com/xdatamx TikTok: https://www.tiktok.com/@xdatamx YouTube: https://www.youtube.com/@x-data5728
The Certified Ethical Hacker v13 (CEH v13 AI) introduces advanced AI-powered tools and strategies, equipping ethical hackers with modern techniques to tackle evolving cyber threats. This Episodecovers all the new features of CEH v13, including AI-driven vulnerability detection, automated threat analysis, and enhanced tools for penetration testing.
In this Episode, we dive deep into What's New in Certified Ethical Hacker v13 (CEH v13 AI) and explore how the latest AI-driven updates are transforming the ethical hacking landscape. With the growing integration of artificial intelligence in cybersecurity, CEH v13 has brought a wave of improvements that every aspiring and experienced ethical hacker should be aware of.
Get ready to hack your way to success with this comprehensive
Welcome to Day 2 of the CEH Exam Prep: Hack Your Way to Success at InfosecTrain! This session takes your ethical hacking skills to the next level, ensuring you're well-prepared to conquer the Certified Ethical Hacker (CEH) certification exam. Day 2 delves deeper into key hacking methodologies, attack vectors, and defense strategies that are critical for ethical hackers in today's ever-evolving cybersecurity landscape.
Infosec and Cyber Work Hacks are here to help you pass the CEH, or Certified Ethical Hacker exam. For today's Hack, Akyl Phillips, Infosec bootcamp instructor in charge of the CEH/Pentest+ dual-cert bootcamp, walks us through four sample CEH questions, explaining the logic behind each answer and discounting the wrong ones with explanations, allowing you to reach the right answer in a logical and stress-free way. This episode is a real eye-opener for aspiring red teamers, so keep it here for this Cyber Work Hack! 0:00 - Mastering the CEH exam2:42 - Types of CEH exam questions3:32 - CEH exam question examples12:08 - Why a CEH boot camp is helpful 13:44 - How long is the CEH exam?14:37 - Best CEH exam advice15:18 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Cyber Work Hacks knows that you have what it takes to pass the Certified Ethical Hacker (CEH) exam! And you don't have to do it alone! Infosec's CEH boot camp instructor Akyl Phillips gives you his top tips and tricks for taking the exam! Phillips breaks down the common formats for CEH questions, talks common mistakes people make while taking the exam and why it's not the end of the world if you fail the CEH on the first time (especially if you do it with an Infosec CEH/Pentest+ dual-cert boot camp). As Phillips puts it, first you have to get to know the beast, and that will allow you to slay the beast! Sharpen your tools and get down to business with this Cyber Work Hack.0:00 - Certified ethical hacker exam1:42 - What is ethical hacking and the roles using it?2:46 - Tips and tricks for taking the CEH exam3:32 - Tools to have before the CEH exam5:09 - Common mistakes people make with the CEH exam6:11 - What if I fail the CEH exam? 7:02 - Will I get CEH exam feedback?7:49 - Best piece of advice for CEH exam day8:55 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Welcome to Part 2 of the CEH Certified Ethical Hacker Exam Free Practice Questions for the year 2024. This Podcast provides you with a valuable opportunity to enhance your preparation for the CEH certification exam. In this session, we present a comprehensive set of practice questions that cover various domains tested in the CEH exam. These questions are designed to simulate the actual exam environment, enabling you to assess your knowledge and identify areas that require further improvement. #CEH2024 #CEHExam #Cybersecurity #EthicalHacking #CEHPrep #PracticeQuestions #infosectrain #Certification #ITSecurity #CEHPreparation #HackingSkills #SecurityTraining #CEHStudy #CybersecurityExam #CEHPractice #CEHQuiz #CEH2024Exam #CEHTraining #CEHCertification #CEHStudyMaterial
In this session, we present a comprehensive set of practice questions that cover various domains tested in the CEH exam. These questions are designed to simulate the actual exam environment, enabling you to assess your knowledge and identify areas that require further improvement. #CEH2024 #CEHExam #Cybersecurity #EthicalHacking #CEHPrep #PracticeQuestions #infosectrain #Certification #ITSecurity #CEHPreparation #HackingSkills #SecurityTraining #CEHStudy #CybersecurityExam #CEHPractice #CEHQuiz #CEH2024Exam #CEHTraining #CEHCertification #CEHStudyMaterial
In this episode Jacob speaks with master Certified Ethical Hacker instructor Eric Reed about his background, how he started teaching, and several scenarios explaining how hackers compromise business networks.Eric's website: https://ericreedlive.com/Follow Eric on LinkedIn: https://www.linkedin.com/in/ericreedlive/Eric Reed is a master cybersecurity instructor with more than 30 years of IT experience! He has been teaching since 2005 and is a master at his craft.Eric specializes in instructor led cybersecurity training for the following certifications:Certified Ethical Hacker (CEH)Computer Hacking Forensic Investigator (CHFI)Certified Security Analyst CertificationCertified Network DefenderCompTIA's Security+Certified Information Systems Security Professional (CISSP)-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e2&utm_campaign=coursesNeed a FedRAMP authorized Password Manager?Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/
In this episode of the podcast, I chat all things cyber security with Reformed IT CEO Joe Burns. We discuss what it means to be an "ethical hacker", and what you can do as a business to prevent cyber crime. Link to the Reformed IT Scorecard: https://scorecard.reformed-it.co.uk/cybersecurityhttps://reformed-it.co.uk/ Hosted on Acast. See acast.com/privacy for more information.
Troy Vinson is a Principal Software Architect at Clear Measure as a CISSP (Certified Information System Security Professional). He is an experienced leader, architect, and problem-solver in Information Systems Security and Software Development technologies and has spent the majority of his career integrating computer science, information science, and cognitive science to assist in software development and the management of information. Topics of Discussion: [2:39] Is Troy a Certified Ethical Hacker? If so, what does that mean, and what does he see in the divide of focus between security and programming? [5:08] What do we know about the Rackspace security breach? [7:37] How many hosted exchange customers does Rackspace have? [11:01] Having a contingency plan in place and a recovery plan is very important. [14:07] What's the most basic way that someone could start doing this for themselves? [21:08] Non-malicious use is also a protection against malicious use. [26:09] What is email protection, and how do you use it? [28:24] What should development teams be thinking about, security-wise, for their custom applications? [32:54] The importance of having a software bill of materials so that you have a policy about which software can be used. Mentioned in this Episode: Architect Tips — New video podcast! Azure DevOps Clear Measure (Sponsor) .NET DevOps for Azure: A Developer's Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon! Jeffrey Palermo's YouTube Jeffrey Palermo's Twitter — Follow to stay informed about future events! Programming with Palermo programming@palermo.network Rackspace Ep 161 with Troy Vinson Rackspace Status KnowBe4 Sonar Source Microsoft Security Engineering Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.
InfosecTrain is a globally recognized leading training provider for many certification courses. In this Video we will discuss "Why Learn Certified Ethical Hacker (CEH) With InfosecTrain?" Please visit https://www.infosectrain.com/ or Write back to us at sales@infosectrain.com or call us at IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 for more information. Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains
The Certified Ethical Hacker (C|EH v12) program is one of the most respected certifications in the cybersecurity field. It has been the world's number one ethical hacking certification for 20 years and is continuously ranked number one in ethical hacking certification by different firms. The EC-Council launched a new version of Certified Ethical Hacker (CEH) certification on 7th September 2022 that is CEH v12. #cehv12 #ceh #cehcertification #cehvideo #ceh v12launch #eccouncil #ethicalhacking #ethicalhackingcourse Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com ✅Agenda of the Session ✔️What is CEH? ✔️What New in CEHv12 ✔️Certify ✔️Engage ✔️Compete ✔️Select Your Course Kit Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/ Telegram: https://t.me/infosectrains
InfosecTrain offers CEH v12 Certification Training . To know more about this course and other training we conduct, please visit https://www.infosectrain.com/courses/certified-ethical-hacker-ceh-training/ or write into us at sales@infosectrain.com The Certified Ethical Hacker (C|EH v12) program is one of the most respected certifications in the cybersecurity field. It has been the world's number one ethical hacking certification for 20 years and is continuously ranked number one in ethical hacking certification by different firms. Infosectrain's CEH Online Training and Certification program follows the latest version of CEH that is v12. The updated learning framework covers not only a comprehensive training program to prepare you for the certification exam but also the industry's most robust, in-depth, hands-on lab and practice range experience. Subscribe to our channel to get video updates. Hit the subscribe button above. Facebook: https://www.facebook.com/Infosectrain/ Twitter: https://twitter.com/Infosec_Train LinkedIn: https://www.linkedin.com/company/infosec-train/ Instagram: https://www.instagram.com/infosectrain/
How do you become a Cyber Security Expert? Hello and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we're going to talk about how to provide advice and mentoring to help people understand how to become a cybersecurity expert. As always, please follow us on LinkedIn, and subscribe to our podcasts. As a security leader, part of your role is to develop your people. That may not be written anywhere in your job description and will probably never be on a formal interview or evaluation, but after years of being entrusted with leadership positions, I have learned what differentiates true leaders from those who just accomplish a great deal is the making of the effort to develop your people. Now, you may have heard the phrase, "take care of your people," but I'll take issue with that. I take care of my dog. I take care of a family member who is sick, injured, or incapacitated. Why? Because they are not capable of performing all of life's requirements on their own. For the most part, your people can do this. If you are constantly doing things for people who could have otherwise done it themselves, you run the risk of creating learned helplessness syndrome. People, and even animals, can become conditioned to not do what they otherwise could do out of a belief that someone else will do it for them. I am NOT going to get political here, so don't worry about that. Rather, I want to point out that effective leaders develop their people so that they may become independent actors and eventually become effective leaders themselves. In my opinion, you should measure your success by the promotion rate of the people entrusted to you, not by your own personal career advancement or financial success. That brings me to the subject of today's podcast -- how do you counsel and mentor others on how to become a cyber security expert? If you are listening to this podcast, there's a very good chance that you already are an expert in our field, but if not, keep listening and imagine that you are mentoring yourself, because these lessons can apply to you without having seek out a mentor. Some people figure it out, and when asked their secret, they're like Bill Murray in the movie Stripes, "We trained ourselves, sir!" But most of the time, career mastery involves learning from a number of others. Today on CISO Tradecraft we are going to analyze the question, " How do you become a Cyber Security Expert?" I'm going to address this topic as if I were addressing someone in search of an answer. Don't tune out early because you feel you've already accomplished this. Keep listening so you can get a sense of what more you could be doing for your direct reports and any proteges you may have. Let's start at the beginning. Imagine being a high school kid with absolutely zero work experience (other than maybe a paper route -- do kids still do that?) You see someone that tells you they have a cool job where they get paid to ethically hack into computers. Later on, you meet a second person that says they make really good money stopping bad actors from breaking into banks. Somehow these ideas stick into your brain, and you start to say to yourself, you know both of those jobs sound pretty cool. You begin to see yourself having a career in Cyber Security. You definitely prefer it to jobs that require a lot of manual labor and start at a low pay. So, you start thinking, "how I can gain the skills necessary to land a dream job in cyber security that also pays well?" At CISO Tradecraft we believe that there are really four building blocks that create subject matter experts in most jobs. The four building blocks are: Getting an education Getting certifications Getting relevant job experience, and Building your personal brand So, let's explore these in detail. Number 1: Getting an education. When most people think about getting an education after high school, they usually talk about getting an associate's or a bachelor's degree. If you were to look at most Chief Information Security Officers, you will see the majority of them earn a bachelor's degree in Computer Science, an Information Systems or Technology degree from a college of business such as a BS in Management of Information Systems (MIS) or Computer Information Systems, or more recently a related discipline such as a degree in Cyber Security. An associate degree is a great start for many, particularly if you don't have the money to pay for a four-year university degree right out of high school. Tuition and debt can rack up pretty quickly, leaving some students deeply in debt, and for some, that huge bill is a non-starter. Fortunately, community colleges offer quality educational opportunities at very competitive rates relative to four-year degree institutions. For example, Baltimore County Community College charges $122 per credit hour for in-county residents. A couple of miles away, Johns Hopkins University charges $2,016 per credit hour. Now, that's a HUGE difference -- over 16 times if you do the math. Now, Hopkins does have some wonderful facilities and excellent faculty, but when it comes to first- and second-year undergraduate studies, is the quality and content of the education THAT different? Well, that's up to you to decide. The important take-away is, no one should decide NOT to pursue a cybersecurity education because of lack of money. You can get started at any age on an associate degree, and that may give you enough to go on to get your first job. However, if you want to continue on to bachelor's degree, don't give up. Later I'll explain about a program that has been around since 2000 and has provided over 3,300 students with scholarships AND job placement after graduation. Back to those going directly for a bachelor's degree. Now, the good news is that your chosen profession is likely to pay quite well, so not only are you likely to be able to pay off the investment you make in your education, but it will return dividends many times that which you paid, for the rest of your career. Think of financing a degree like financing a house. In exchange for your monthly mortgage payment, you get to enjoy a roof over your head and anything else you do with your home. As a cybersecurity professional, in exchange for your monthly student loan payment, you get to earn well-above average incomes relative to your non-security peers, and hopefully enjoy a rewarding career. And, like the right house, the value of your career should increase over time making your investment in your own education one of your best performing assets. Does this mean that you 100% need a bachelor's degree to get a job in cyber? No, it does not. There are plenty of cyber professionals that speak at Blackhat and DEF CON who have never obtained a college degree. However, if ten applicants are going for an extremely competitive job and only seven of the ten applicants have a college degree in IT or Cyber, you shouldn't be surprised when HR shortens the list of qualified applicants to only the top five applicants all having college degrees. It may not be fair, but it's common. Plus, a U.S. Census Bureau study showed that folks who have a bachelor's degree make half a million dollars more over a career than those with an associate degree, and 1.6 times what a high school diploma holder may earn over a lifetime. So, if you want more career opportunities and want to monetize your future, get past that HR checkbox that looks for a 4-year degree. Now, some people (usually those who don't want to do academic work) will say that a formal education isn't necessary for success. After all, Bill Gates and Mark Zuckerberg were college dropouts, and they're both worth billions. True, but that's a false argument that there's a cause-and-effect relationship there. Both were undergraduates at Harvard University when they developed their business ideas. So, if someone wants to assert a degree isn't necessary, counter with you'll agree once they are accepted into Harvard, and they produce a viable business plan as a teenager while attending classes. You see, completing four years of education in a field of study proves a few things. I've interviewed candidates that said they took all of the computer science and cybersecurity courses they wanted and didn't feel a need to "waste time" with fuzzy studies such as history and English composition. Okay, I'll accept that that person had a more focused education. But consider the precedent here. When a course looked uninteresting or difficult, that candidate just passed on the opportunity. In the world of jobs and careers, there are going to be tasks that are uninteresting or difficult, and no one wants to do them, but they have to get done. As a boss, do you want someone who has shown the pe d completed it with an A (or maybe even a B), or do you want someone who passed when the going got a little rough? The business world isn't academia where you're free to pick and choose whether to complete requirements. Stuff has to get done, and someone who has a modified form of learned helplessness will most likely not follow through when that boring task comes due. Remember I said I was going to tell you how to deal with the unfortunate situation where a prospective student doesn't have enough money to pay for college? There are a couple of ways to meet that challenge. It's time to talk to your rich uncle about paying for college. That uncle is Uncle Sam. Uncle Sam can easily finance your college so you can earn your degrees in Cyber Security. However, Uncle Sam will want you to work for the government in return for paying for your education. Two example scholarships that you could look into are the Reserve Officer Training Corps (ROTC) and Scholarship for Service (SFS). ROTC is an officer accession program offered at more than 1,700 colleges and universities across the United States to prepare young adults to become officers in the U.S. Military. For scholarship students, ROTC pays 100% of tuition, fees, books, and a modest stipend for living expenses. A successful degree program can qualify an Army second lieutenant for a Military Occupation Specialty (or MOS) such as a 17A Cyber Operations Officer, a 17B Cyber and Electronic Warfare Officer, or a 17D Cyber Capabilities Development Officer, a great start to a cybersecurity career. For the Navy, a graduating Ensign may commission as an 1810 Cryptologic Warfare Officer, 1820 Information Professional Officer, 1830 Intelligence Officer, or an 1840 Cyber Warfare Engineer. The Navy uses designators rather than MOS's to delineate career patterns. These designators have changed significantly over the last dozen years and may continue to evolve. The Marine Corps has a 1702 cyberspace officer MOS. Note that the Navy and the Marine Corps share a commissioning source in NROTC (Navy ROTC), and unlike the Army that has over 1,000 schools that participate in AROTC and the Air Force that has 1,100 associated universities in 145 detachments, there are only 63 Navy ROTC units or consortiums, although cross-town affiliates include nearly one hundred more colleges and universities. There are a lot of details that pertain to ROTC, and if you're serious about entering upon a military officer career, it's well worth the time and effort to do your research. Not all ROTC students receive a scholarship; some receive military instruction throughout their four years and are offered a commission upon graduation. Three- and four-year scholarship students incur a military obligation at the beginning of sophomore year, two-year scholarship students at the beginning of junior year, and one-year scholarship students at the start of senior year. The military obligation today is eight years, usually the first four of which are on active duty; the rest may be completed in the reserves. If you flunk out of school, you are rewarded with an enlistment rather than a commission. These numbers were different when I was in ROTC, and they may have changed since this podcast was recorded, so make sure you get the latest information to make an informed decision. What if you want to serve your country but you're not inclined to serve in the military, or have some medical condition that may keep you from vigorous physical activity, or had engaged in recreational chemical use or other youthful indiscretions that may have disqualified you from further ROTC consideration? There is another program worth investigating. The National Science Foundation provides educational grants through the Scholarship For Service program or SFS for short. SFS is a government scholarship that will pay up to 3 years of costs for undergraduate and even graduate (MS or PhD) educational degree programs. It's understood that government agencies do not have the flexibility to match private sector salaries in cyber security. However, by offering scholarships up front, qualified professionals may choose to stay in government service; hence SFS continues as a sourcing engine for Federal employees. Unlike ROTC, a participant in SFS will incur an obligation to work in a non-DoD branch of the Federal government for a duration equal to the number of years of scholarship provided. In addition to tuition and education-related fees, undergraduate scholarship recipients receive $25,000 in annual academic stipends, while graduate students receive $34,000 per year. In addition, an additional $6,000 is provided for certifications, and even travel to the SFS Job Fair in Washington DC. That job fair is an interesting affair. I was honored to be the keynote speaker at the SFS job fair back in 2008. I saw entities and agencies of the Federal government that I didn't even know existed, but they all had a cybersecurity requirement, and they all were actively hiring. SFS students qualify for "excepted service" appointments, which means they can be hired through an expedited process. These have been virtual the last couple of years due to COVID-19 but expect in-person events to resume in the future. I wrote a recommendation for a young lady whom I've known since she was born (her mom is a childhood friend of mine), and as an electrical engineering student in her sophomore year, she was selected for a two-year SFS scholarship. A good way to make mom and dad happy knowing they're not going to be working until 80 to pay off their kid's education bills. In exchange for a two-year scholarship, SFS will usually require a student to complete a summer internship between the first and second years of school and then work two years in a government agency after graduation. The biggest benefit to the Scholarship for Service is you can work at a variety of places. So, if your dream is to be a nation state hacker for the NSA, CIA, or the FBI then this offers a great chance of getting in. These three-letter agencies heavily recruit from these programs. As I mentioned, there are a lot of other agencies as well. You could find work at the State Department, Department of Health and Human Services, the Department of Education, the Federal Reserve Board, and I think I remember the United States Agency for International Development (USAID). Federal executive agencies, Congress, interstate agencies, and even state, local, or tribal governments can satisfy the service requirement. So, you can get paid to go to college and have a rewarding job in the government that builds a nice background for your career. How would you put all this together? I spent nine years as an advisor to the National CyberWatch Center. Founded as CyberWatch I in 2005, it started as a Washington D.C. and Mid-Atlantic regional effort to increase the quantity and quality of the information assurance workforce. In 2009, we received a National Science Foundation award and grants that allowed the program to go nationwide. Today, over 370 colleges and universities are in the program. So why the history lesson? What we did was align curriculum between two-year colleges and four-year universities, such that a student who took the designated courses in an associate degree program would have 100% of those credits transfer to the four-year university. That is HUGE. Without getting into the boring details, schools would certify to the Committee on National Security Systems (CNSS) (formerly known as the National Security Telecommunications and Information Systems Security Committee or NSTISSC) national training standard for INFOSEC professionals known as NSTISSI 4011. Now with the help of an SFS scholarship, a student with little to no financial resources can earn an associate degree locally, proceed to a bachelor's degree from a respected university, have a guaranteed job coming out of school, and HAVE NO STUDENT DEBT. Parents, are you listening carefully? Successfully following that advice can save $100,000 and place your child on course for success. OK, so let's fast forward 3 years and say that you are getting closer to finishing a degree in Cyber Security or Computer Science. Is there anything else that you can do while performing a summer internship? That brings us to our second building block. Getting certifications. Number Two: Getting a Certification Earning certifications are another key step to demonstrate that you have technical skills in cyber security. Usually, technology changes rapidly. That means that universities typically don't provide specialized training in Windows 11, Oracle Databases, Amazon Web Services, or the latest programming language. Thus, while you may come out of a computer science degree with knowledge on how to write C++ and JavaScript, there are a lot of skills that you often lack to be quite knowledgeable in the workforce. Additionally, most colleges teach only the free version of software. In class you don't expect to learn how to deploy Antivirus software to thousands of endpoints from a vendor that would be in a Gartner Magic quadrant, yet that is exactly what you might encounter in the workplace. So, let's look at some certifications that can help you establish your expertise as a cyber professional. We usually recommend entry level certifications from CompTIA as a great starting point. CompTIA has some good certifications that can teach you the basics in technology. For example: CompTIA A+ can teach you how to work an IT Help Desk. CompTIA Network+ can teach you about troubleshooting, configuring, and managing networks CompTIA Linux+ can help you learn how to perform as a system administrator supporting Linux Systems CompTIA Server+ ensures you have the skills to work in data centers as well as on-premises or hybrid environments. Remember it's really hard to protect a technology that you know nothing about so these are easy ways to get great experience in a technology. If you want a certification such as these from CompTIA, we recommend going to a bookstore such as Amazon, buying the official study guidebook, and setting a goal to read every day. Once you have read the official study guide go and buy a set of practice exam questions from a site like Whiz Labs or Udemy. Note this usually retails for about $10. So far this represents a total cost of about $50 ($40 dollars to buy a book and $10 to buy practice exams.) For that small investment, you can gain the knowledge base to pass a certification. You just need to pay for the exam and meet eligibility requirements. Now after you get a good grasp of important technologies such as Servers, Networks, and Operating Systems, we recommend adding several types of certifications to your resume. The first is a certification in the Cloud. One notable example of that is AWS Certified Solutions Architect - Associate. Note you can find solution architect certifications from Azure and GCP, but AWS is the most popular cloud provider, so we recommend starting there. Learning how the cloud works is extremely important. Chances are you will be asked to defend it and you need to understand what an EC-2 server is, types of storage to make backups, and how to provide proper access control. So, spend the time and get certified. One course author who provides a great course is Adrian Cantrill. You can find his course link for AWS Solutions Architect in our show notes or by visiting learn.cantrill.io. The course costs $40 and has some of the best diagrams you will ever see in IT. Once again go through a course like this and supplement with practice exam questions before going for the official certification. The last type of certifications we will mention is an entry cyber security certification. We usually see college students pick up a Security+ or Certified Ethical Hacker as a foundation to establish their knowledge in cyber security. Now the one thing that you really gain out of Security+ is a list of technical terms and concepts in cyber security. You need to be able to understand the difference between Access Control, Authentication, and Authorization if you are to consult with a developer on what is needed before allowing access to a site. These types of certifications will help you to speak fluently as a cyber professional. That means you get more job offers, better opportunities, and interesting work. It's next to impossible to establish yourself as a cyber expert if you don't even understand the technical jargon correctly. Number Three: Getting Relevant Job Experience OK, so you have a college degree and an IT certification or two. What's next? At this point in time, you are eligible for most entry level jobs. So, let's find interesting work in Cyber Security. If you are looking for jobs in cyber security, there are two places we recommend. The first is LinkedIn. Almost all companies post there and there's a wealth of opportunities. Build out an interesting profile and look professional. Then apply, apply, apply. It will take a while to find the role you want. Also post that you are looking for opportunities and need help finding your first role. You will be surprised at how helpful the cyber community is. Here's a pro tip: add some hashtags with your post to increase its visibility. Another interesting place to consider is your local government. The government spends a lot of time investing in their employees. So go there, work a few years, and gain valuable experience. You can start by going to your local government webpage such as USAJobs.Gov and search for the Career Codes that map to cyber security. For example, search using the keyword “2210” to find the job family of Information Technology Management where most cyber security opportunities can be found. If you find that you get one of these government jobs, be sure to look into college repayment programs. Most government jobs will help you pay off student loans, finance master's degrees in Cyber Security, or pay for your certifications. It's a great win-win to learn the trade. Once you get into an organization and begin working your first job out of college, you then generally get one big opportunity to set the direction of your career. What type of cyber professional do you want to be? Usually, we see most Cyber Careerists fall into one of three basic paths. Offensive Security Defensive Security Security Auditing The reason these three are the most common is they have the largest amount of job opportunities. So, from a pure numbers game it's likely where you are to spend the bulk of your career. Although we do recommend cross training. Mike Miller who is the vCISO for Appalachia Technologies put out a great LinkedIn post on this where he goes into more detail. Note we have a link to it in our show notes. Here's some of our own thoughts on these three common cyber pathways: Offensive Security is for those that like to find vulnerabilities in things before the bad guys do. It's fun to learn how to hack and take jobs in penetration testing and the red team. Usually if you choose this career, you will spend time learning offensive tools like Nmap, Kali Linux, Metasploit, Burp Suite, and others. You need to know how technology works, common flaws such as the OWASP Top Ten web application security risks, and how to find those vulnerabilities in technology. Once you do, there's a lot of interesting work awaiting. Note if these roles interest you then try to obtain the Offensive Security Certified Professional (OSCP) certification to gain relevant skill sets that you can use at work. Defensive Security is for the protectors. These are the people who work in the Security Operations Center (SOC) or Incident Response Teams. They look for anomalies, intrusions, and signals across the whole IT network. If something is wrong, they need to find it and identify how to fix it. Similar to Offensive Security professionals they need to understand technology, but they differ in the types of tools they need to look at. You can find a defender looking at logs. Logs can come from an Intrusion Detection System, a Firewall, a SIEM, Antivirus, Data Loss Prevention Tools, an EDR, and many other sources. Defenders will become an expert in one of these tools that needs to be constantly monitored. Note if you are interested in these types of opportunities look for cyber certifications such as the MITRE ATT&CK Defender (MAD) or SANS GIAC Certified Incident Handler GCIH to gain relevant expertise. Security Auditing is a third common discipline. Usually reporting to the Governance, Risk, and Compliance organization, this role is usually the least technical. This discipline is about understanding a relevant standard or regulation and making sure the organization follows the intent of the standard/regulation. You will spend a lot of time learning the standards, policies, and best practices of an industry. You will perform risk assessments and third-party reviews to understand how we certify as an industry. If you would like to learn about the information systems auditing process, governance and management of IT systems, business processes such as Disaster Recovery and Business Continuity Management, and compliance activities, then we recommend obtaining the Certified Information Systems Auditor (CISA) certification from ISACA. Ok, so you have a degree, you have certifications, you are in a promising job role, WHAT's Next? If you want to really become an expert, we recommend you focus on… Number Four: Building your personal brand. Essentially find a way to give back to the industry by blogging, writing open-source software, creating a podcast, building cybersecurity tutorials, creating YouTube videos, or presenting a lecture topic to your local OWASP chapter on cyber security. Every time you do you will get smarter on a subject. Imagine spending three hours a week reading books in cyber security. If you did that for ten years, think of how many books you could read and how much smarter you would become. Now as you share that knowledge with others two things happen: People begin to recognize you as an industry expert. You will get invited to opportunities to connect with other smart people which allows you to become even smarter. If you spend your time listening to smart people and reading their works, it rubs off. You will absorb knowledge from them that will spark new ideas and increase your understanding The second thing is when you present your ideas to others you often get feedback. Sometimes you learn that you are actually misunderstanding something. Other times you get different viewpoints. Yes, this works in the financial sector, but it doesn't work in the government sector or in the university setting. This feedback also helps you become smarter as you understand more angles of approaching a problem. Trust us, the greatest minds in cyber spend a lot of time researching, learning, and teaching others. They all know G Mark's law, which I wrote nearly twenty years ago: "Half of what you know about security will be obsolete in eighteen months." OK so let's recap a bit. If you want to become an expert in something, then you should do four things. 1) Get a college education so that you have the greatest amount of opportunities open to you, 2) get certifications to build up your technical knowledge base, 3) find relevant job experiences that allow you to grow your skill sets, and 4) finally share what you know and build your personal brand. All of these make you smarter and will help you become a cyber expert. Thanks again for listening to us at CISO Tradecraft. We wish you the best on your journey as you Learn to Earn. If you enjoyed the show, tell one person about it this week. It could be your child, a friend looking to get into cyber security, or even a coworker. We would love to help more people and we need your help to reach a larger audience. This is your host, G. Mark Hardy, and thanks again for listening and stay safe out there. References: https://www.todaysmilitary.com/education-training/rotc-programs www.sfs.opm.gov https://www.comptia.org/home https://www.whizlabs.com/ https://www.udemy.com/ https://learn.cantrill.io/p/aws-certified-solutions-architect-associate-saa-c03 https://www.linkedin.com/feed/update/urn:li:activity:6965305453987737600/ https://www.offensive-security.com/pwk-oscp/ https://mitre-engenuity.org/cybersecurity/mad/ https://www.giac.org/certifications/certified-incident-handler-gcih/ https://www.ccbcmd.edu/Costs-and-Paying-for-College/Tuition-and-fees/In-County-tuition-and-fees.aspx https://www.educationcorner.com/value-of-a-college-degree.html https://www.collegexpress.com/lists/list/us-colleges-with-army-rotc/2580/ https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104478/air-force-reserve-officer-training-corps/ https://www.netc.navy.mil/Commands/Naval-Service-Training-Command/NROTC https://armypubs.army.mil/pub/eforms/DR_a/NOCASE-DA_FORM_597-3-000-EFILE-2.pdf https://niccs.cisa.gov/sites/default/files/documents/SFS%20Flyer%20FINAL.pdf https://www.nationalcyberwatch.org/
A CISO's Guide to Pentesting References https://en.wikipedia.org/wiki/Penetration_test https://partner-security.withgoogle.com/docs/pentest_guidelines#assessment-methodology https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf https://pentest-standard.readthedocs.io/en/latest/ https://www.isecom.org/OSSTMM.3.pdf https://s2.security/the-mage-platform/ https://bishopfox.com/platform https://www.pentera.io/ https://www.youtube.com/watch?v=g3yROAs-oAc **************************** Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader. My name is G. Mark Hardy, and today we're going to explore a number of things a CISO needs to know about pentesting. As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. Now to get a good understanding of pentesting we are going over the basics every CISO needs to understand. What is it Where are good places to order it What should I look for in a penetration testing provider What does a penetration testing provider need to provide What's changing on this going forward First of all, let's talk about what a pentest is NOT. It is not a simple vulnerability scan. That's something you can do yourself with any number of publicly available tools. However, performing a vulnerability scan, and then acting on remediating what you find, is an important prerequisite for a pentest. Why pay hundreds of dollars per hour for someone to point out what you can find yourself in your bunny slippers sipping a latte? Now let's start with providing a definition of a penetration test. According to Wikipedia a penetration test or pentest is an authorized simulated cyber-attack on a computer system performed to evaluate the security of a system. It's really designed to show weaknesses in a system that can be exploited. Let's think of things we want to test. It can be a website, an API, a mobile application, an endpoint, a firewall, etc. There's really a lot of things you can test, but the thing to remember is you have to prioritize what has the highest likelihood or largest impact to cause the company harm. You need to focus on high likelihood and impact because professional penetration tests are not cheap. Usually, they will usually cost between $10,000-$30,000 but if you have a complex system, it's not unheard of to go up to $100,000. As a CISO you need to be able to defend this expenditure of resources. So, you will usually define a clear standard that our company will perform penetration tests on customer facing applications, PCI applications, and Financially Significant Application or SOX applications once per year. My friend John Strand, who founded Black Hills Information Security, pointed out in a recent webcast that sometimes you, the client, may not know what you mean by the term pentest. Sometimes clients want just a vulnerability scan, or sometimes an external scan of vulnerabilities to identify risk, or sometimes a compromise assessment where a tester has access to a workstation and tries to work laterally, or sometimes a red team where a tester acts like a threat actor and tries to bypass controls, or a collaborative effort involving both red teams and blue teams to document gaps and to help defenders do their job better. He goes on to state that your pentest objective should be to "provide evidence of the effectiveness of current defensive mechanisms and attack detection methodologies." Please do not confuse a penetration test with a Red Team exercise. A red team exercise just wants to accomplish an objective like steal data from an application. A penetration test wants to enumerate vulnerabilities in a scoped target system so the developer can patch and remediate. It's a subtle difference but consider that a red team only needs to find one vulnerability to declare success, whereas a penetration test keeps going to help identify potentially exploitable vulnerabilities. Now, is a pentest about finding ALL vulnerabilities? I would say no – there are vulnerabilities that might require a disproportionate amount of resources to exploit for little or no value – something with a CVSS score of 4.0 or the like. Those can often be left unpatched without consequence – the cost of remediating may exceed the value of the risk avoided. There really is a “good enough” standard of risk, and that is called “acceptable risk.” So, when scoping a pentest or reviewing results, make sure that any findings are both relevant and make economic sense to remediate. Let's take the example that you want to perform a web application pentest on your public website so you can fix the vulnerabilities before the bad actors find them. The first question you should consider is do you want an internal or an external penetration test. Well, the classic answer of "it depends" is appropriate. If this website is something of a service that you are selling to other companies, then chances are those companies are going to ask you for things like an ISO 27001 certification or SOC 2 Type 2 Report and both of those standards require, you guessed it, a penetration Test. In this case your company would be expected to document a pentest performed by an external provider. Now if your company has a website that is selling direct to a consumer, then chances are you don't have the same level of requirement for an external pentest. So, you may be able to just perform an internal penetration test performed by your company's employees. I'd be remiss if I didn't mention the Center for Internet Security Critical Controls, formerly know as the SANS Top 20. The current version, eight, has 18 controls that are listed in order of importance, and they include pentesting. What is the priority of pentesting, you may ask? #18 of 18 -- dead last. Now, that doesn't mean pentests are not valuable, or not useful, or even not important. What it does mean is that pentests come at the end of building your security framework and implementing controls. Starting with a pentest makes no sense IMHO, although compliance-oriented organizations probably do this more often than they should. That approach makes the pen testers job one of filtering through noise -- there are probably a TON of vulnerabilities and weaknesses that should have been remediated in advance and could have been with very little effort. Think of a pentest as a final exam if you will. Otherwise, it's an expensive way to populate your security to-do list. OK let's say we want to have an external penetration test and we have the 10-30K on hand to pay an external vendor. Remember this, a penetration test is only as good as the conductor of the penetration test. Cyber is a very unregulated industry which means it can be tricky to know who is qualified. Compare this to the medical industry. If you go to a hospital, you will generally get referred to a Medical Doctor or Physician. This is usually someone who has a degree such as a MD or DO which proves their competency. They will also have a license from the state to practice medicine legally. Contrast this to the cyber security industry. There is no requirement for a degree to practice Cyber in the workforce. Also, there is no license issued by the state to practice cyber or develop software applications. Therefore, you need to look for relevant Cyber certifications to demonstrate competency to perform a Penetration Test. There's a number of penetration testing certifications such as the Certified Ethical Hacker or CEH, Global Information Assurance Certification or GIAC GPEN or GWAP, and the Offensive Security Certified Professional or OSCP. We strongly recommend anyone performing an actual penetration test have an OSCP. This certification is difficult to pass. A cyber professional must be able to perform an actual penetration test and produce a detailed report to get the actual certification. This is exactly what you want in a pentester, which is why we are big fans of this certification. This certification is a lot more complicated than remembering a bunch of textbook answers and filling in a multiple-choice test. Do yourself a favor and ask for individuals performing penetration tests at your company to possess this certification. It may mean your penetration tests cost more, but it's a really good way to set a bar of qualified folks who can perform quality penetration tests to secure your company. Now you have money, and you know you want to look for penetration tests from companies that have skilled cyber professionals with years of experience and an OSCP. What companies should you look at? Usually, we see three types of penetration testing companies. Companies that use their existing auditors to perform penetration tests – firms like KPMG, EY, PWC, or Deloitte (The Big 4 1/2). This is expensive but it's easy to get them approved since most large companies already have contracts with at least one of these companies. The second type of company that we see are large penetration testing companies. Companies like Bishop Fox, Black Hills Information Security, NCC Group, and TrustedSec, focus largely on penetration testing and don't extend into other areas like financial auditing. They have at least 50+ penetration testers with experience from places like the CIA, NSA, and other large tech companies. Note they are often highly acclaimed so there is often a waitlist of a few months before you can get added as a new client. Finally, there are boutique shops that specialize in particular areas. For example, you might want to hire a company that specializes in testing mobile applications, Salesforce environments, embedded devices, or APIs. This is a more specialized skill and a bit harder to find so you have to find a relevant vendor. Remember if someone can pass the OSCP it means they know how to test and usually have a background in Web Application Penetration testing. Attacking a Web application means being an expert in using a tool like Burp Suite to look for OWASP Top 10 attacks like SQL injection or Cross Site Scripting. This is a very different set of skills from someone who can hack a Vehicle Controller Area Network (CAN) bus or John Deere Tractor that requires reverse engineering and C++ coding. Once you pick your vendor and successfully negotiate a master license agreement be sure to check that you are continuing to get the talent you expect. It's common for the first penetration test to have skilled testers but over time to have a vendor replace staff with cheaper labor who might not have the OSCP or same level of experience that you expect. Don't let this happen to your company and review the labor and contract requirements in a recurring fashion. Alright, let's imagine you have a highly skilled vendor who meets these requirements. How should they perform a penetration test? Well, if you are looking for a quality penetration testing guide, we recommend following the one used by Google. Google, whose parent company is called Alphabet, has publicly shared their penetration testing guidelines and we have attached a link to it in our show notes. It's a great read so please take a look. Now Google recommends that a good penetration test report should clearly follow an assessment methodology during the assessment. Usually, penetration testers will follow an industry recognized standard like the OWASP Web Security Testing Guide, the OWASP Mobile Security Testing Guide, the OWASP Firmware Security Testing Guide, the PCI DSS Penetration Testing Guide, The Penetration Testing Execution Standard, or the OSSTMM which stands for The Open Source Security Testing Methodology Manual. These assessment methodologies can be used to show that extensive evaluation was done, and a multitude of steps/attacks were carried out. They can also standardize the documentation of findings. Here you will want a list showing risk severity level, impact from a business/technical perspective, clear concise steps to reproduce the finding, screenshots showing evidence of the finding, and recommendations on how to resolve the finding. This will allow you to build a quality penetration test that you can reuse in an organization to improve your understanding of technical risks. If I can get good penetration tests today, perhaps we should think about how penetration testing is changing in the future? The answer is automation. Now we have had automated vulnerability management tools for decades. But please don't think that running a Dynamic Application Security Testing Tool or DAST such as Web Inspect is the same thing as performing a full penetration test. A penetration test usually takes about a month of work from a trained professional which is quite different from a 30-minute scan. As a cyber industry we are starting to see innovative Penetration Testing companies build out Continuous and Automated Penetration Testing tooling. Examples of this include Bishop Fox's Cosmos, Pentera's Automated Security Validation Platform, and Stage 2 Security Voodoo and Mage tooling. Each of these companies are producing some really interesting tools and we think they will be a strong complement to penetration tests performed by actual teams. This means that companies can perform more tests on more applications. The other major advantage with these tools is repeatability. Usually, a penetration test is a point in time assessment. For example, once a year you schedule a penetration test on your application. That means if a month later if you make changes, updates, or patches to your application then there can easily be new vulnerabilities introduced which were never assessed by your penetration test. So having a continuous solution to identify common vulnerabilities is important because you always want to find your vulnerabilities first before bad actors. Here's one final tip. Don't rely on a single penetration testing company. Remember we discussed that a penetration testing company is only as good as the tester and the toolbox. So, try changing out the company who tests the same application each year. For example, perhaps you have contracts with Bishop Fox, Stage 2 Security, and Black Hill Information Security where each company performs a number of penetration tests for your company each year. You can alternate which company scans which application. Therefore, have Bishop Fox perform a pentest of your public website in 2022, then Stage 2 Security test it in 2023, then Black Hills test it in 2024. Every penetration tester looks for something different and they will bring different skills to the test. If you leverage this methodology of changing penetration testing vendors each cycle, then you will get more findings which allows you to remediate and lower risk. It allows you to know if a penetration testing vendor's pricing is out of the norm. You can cancel or renegotiate one contract if a penetration testing vendor wants to double their prices. And watch the news -- even security companies have problems, and if a firm's best pentesters all leave to join a startup, that loss of talent may impact the quality of your report. Thank you for listening to CISO Tradecraft, and we hope you have found this episode valuable in your security leadership journey. As always, we encourage you to follow us on LinkedIn, and help us out by letting your podcast provider know you value this show. This is your host, G. Mark Hardy, and until next time, stay safe.
Today on That Tech Pod, Laura and Gabi talk to Cyber Siblings Anu and Sumeet Kukar. Anu is the 2022 Global Power 100 Women in Cyber and 2021 winner Australia's IT Security Champion. She is passionate about paving a way to support professionals from diverse skills background to contribute in cyber. To achieve this, she is driving a global campaign Switch2CyberTM. Anu is known as the Cyber UntanglerTM who advises CxO and Boards with her 20+ years of experience in consulting and industry. She brings her cyber, data, emerging tech, risk, governance & regulatory expertise. She has delivered global keynotes, insights on panels, podcast guest and author of publications totalling 80+ across 9 countries. She shares practical insights through her unique storytelling whilst taking the audience on a virtual tour around the world.Sumeet is a global speaker, panelist and podcast guest, covering topics on cyber security, education, hacking, risk and resiliency and was formerly awarded Australia's Emerging Leader of the Year. He is the CEO and Founder of Arascina®, which enables non-techies to be work-ready in cyber and is also the Board Committee and Sector Lead for Education & Research in international trade. He is a Chartered Accountant and a Certified Ethical Hacker, has built cyber and risk functions in financial services as an interim Chief Risk Officer and taught four disciplines of Science at the University. Learning often takes a long time and needs to be maintained just like your health. The speed of change in today's tech world means we've got to learn faster. Sumeet's purpose is to enable you to learn cyber. Lightning-fast. As a Learning NibblerTM, he finds bite-sized learning in everyday things and uses them to develop capabilities.www.thattechpod.com
Larry completes the "Certified Ethical Hacker" course and then Larry asks Joe about the new book he published "Securing Microsoft 365" available on Amazon https://www.amazon.com/Securing-Microsoft-365-Joe-Stocker/dp/1956630015/ref=sr_1_1?crid=1U874UDJKI0A3&keywords=securing+microsoft+365&qid=1653877474&sprefix=securing+micro%2Caps%2C125&sr=8-1
Meet Michael Cavanaugh Vice President of Insurtech Growth for Boost Insurance, where he is responsible for the development, implementation, and success of new & emerging products for Insurtech businesses. Whether Pet, Renters or Cyber - Boost is enabling companies to write the new fun and profitable lines of insurance and remove barriers to entry. Before his move to Boost, Mike was with Apogee Insurance Group for 12 years where he led the growth and development of the Tech & Cyber product broking team.As a graduate of the St. Joseph's University School of Risk Management and a Certified Ethical Hacker, Mike leverages this experience to address the gap in technology and insurance that prevents many companies and individuals from understanding the benefit of Cyber Insurance. Mike's background in Insurance and Computer Science allows him to provide insight into the changing Cyber Security Risk Management environment and the Insurtech landscape for the Insurance community. Follow the Insurtech Leadership Podcast airing weekly hosted by Joshua R. Hollander. We give you up-close access and personal insights from the leaders of the fastest-growing #insurtechs and most innovative #insurance carriers and brokers.
In this episode I talk with Joe Burns, CoFounder of Reformed IT, Professional Speaker, Certified Ethical Hacker and Coach. Firstly we talk about building a business at a young age and how that went. We talk about exiting that business and his experience of that. We discuss his roles in professional speaking and coaching. We talk about being a Certified Ethical Hacker and Joe provides some basic cyber security tips. Finally we talk about his current business and the growth plans for that.
Born in Kenya. Immigrated to the USA. Grace walked into a cyber cafe in Kenya and was checking her email. She saw an ad to apply for a green card in 2003, and went to the studio next door, took a picture then came back to the cyber cafe to apply for a green card and forgot all about it. One year later she received a letter from the Kentucky Consular Center that she had won a green card. She has a degree in Information Systems Technology from United States International University. At 23, she came to the USA and started her life's journey What You Will Learn: How growing up in Kenya is similar to growing up in Britain How the way women think is valuable in cybersecurity engineering How Grace removed her blind spots by fixing herself energetically Why Grace didn't recognize racial discrimination when moving to the US What a Certified Ethical Hacker does Why do hackers target objects other than computers How to secure your home from cyber attacks How to raise children with a broader world view without imposing your own biases How to contact Grace Kamau: LinkedIn: https://www.linkedin.com/in/gkamwati/
In this episode, Dr Andrew Rivers goes down deep geek with Nino Crudele, an Azure MVP and Certified Ethical Hacker, an expert in cloud security and governance. Please watch and enjoy!
Once upon a time, Gartner predicted that by 2020, more than 25 percent of cyberattacks in healthcare delivery organizations would involve some kind of IoT device. In medical terms, that means wirelessly connected and digitally monitored implantable medical devices like pacemakers, deep brain neurostimulators and insulin pumps. These aren't the esoteric things that mioght make the world go round, but are difficult to explain to the layperson. But the people who are literally kept alive by these devices, it their continued functionality is literally a matter of life and death. You feel me? In 2018 Cybesecurity Ventures released research stating that medical devices have an average of 6.2 vulnerabilities each. Furthers, they found that 60% of medical devices were at end-of-life stage with no patches or upgrades available. The scariest of all cyber malintent in the healthcare space may lie ahead. Researchers in Israel announced last year that they'd created a computer virus capable of adding tumors into CT and MRI scans. They are talking about malware designed to fool doctors into misdiagnosing high-profile patients, according to a story by Kim Zetter in The Washington Post. So what do we do? On today's No Name Security Podcast, Matt Stephenson welcomes Mitch Greenfield, Director of Core Security Architecture at Humana. We go all over the healthcare security map in a chat ranging from returning to work to securing telehealth operations to the intricacies of securing a wildly diverse enterprise... we might even squeeze in a little bit of pickle ball. Yeah… you read that right. Great stuff this on this episode! Check it out… About Mitch Greenfield Mitch Greenfield is Director of Core Security Architecture at Humana. He's been there for over 13 years and has served in previous roles which included ethical hacking and penetration testing for Humana as well as their partners and aqcuisitions. Mitch is a Certified Ethical Hacker and Licensed Penetration Tester, among many other things. He also co-hosts the Collaboration Chronicles podcast About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well. In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know... Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy. Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round... If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support
En este episodio platicamos con Gustavo Rojas sobre del examen de certificación CEH (Práctico), nos cuenta su experiencia al tomar este examen, algunos consejos y qué sigue en su camino de certificaciones de hackeo ético. ¡No se lo pierdan!
As the founder & executive director of #BlackGirlsHack, Tennisha Martin has set out to change what the cyber security applicant pool consists of and is removing barriers for any and all.Black Girls Hack, a now official 501c3 nonprofit, provides free training and resources for those looking to gain certifications in Security+, eLearnSecurity's Junior Penetration Tester, and the coveted Certified Ethical Hacker. They also hold weekly 'Friday Night Labs' for people who have no experience and are looking to have hands on experience. Along with the many amazing things her organization is and has set out to do, Tennisha talks to us about her dislike of anything that swims or crawls!GuestTennisha Martin, Founder & Executive Director of Black Girls Hack (@blackgirlshack on Twitter)HostsAngela Marafino | Chantel SimsThis Episode's SponsorsIf you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsResourcesTennisha's Linktree: https://linktr.ee/tennishaBlack Girls Hack Organization: http://blackgirlshack.org/For more podcast stories from Focal Point with Chantel Sims and Angela Marafino, visit: https://www.itspmagazine.com/focal-point-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships
Episode responding to Greybeardian questions. I’ve heard from a number of listeners and want to share their experiences along with my suggestions and recommendations to their common situations. I know many listeners find themselves in the same position as these individuals, let’s all learn from one another and grow together.Examples of questions answered this episode:I'm struggling with my job hunt, can you please guide me with some career advice? How do I break into Cyber Security?I 'm looking to get into the world of cybersecurity & my goal is to become a CEH, where do I start?Send questions, comments, ideas and thoughts to cybergreybeard@gmail.comThanks to my sponsors:Populum https://www.populum.comCloud Academy: https://www.cloudacademy.com
Our latest episode dives into a topic that has harbored both mystery and a dark stigma – the Dark Web. Mike Vesel brings Mark Scholl to the discussion, a Wipfli Principal who specializes in IT topics and has several certifications including “Certified Ethical Hacker.” Sharing their knowledge and experience, Mike and Mark explore the Dark Web’s history and present-day being as well as discuss how to protect themselves and institutions from the criminal threats that exist within. Listen now to learn more about what the Dark Web truly is, why it is stigmatized and the potential impact it might have on your institution.
Adam Kehler hacks his clients systems and they pay him to do it! As a Certified Ethical Hacker and the practice leader of a healthcare cybersecurity consulting practice for Online Business Systems, Adam talks about the role of ethical hacking, the newly emerging role of the virtual CISO, and the number one security threat that … Continue reading Episode 36: Ethical hacking, the rise of the virtual CISO and the number one security threat to hospitals today Ft. Adam Kehler →
My guest today is Ashley Chimahnda. He is an IT security specialist and a certified ethical hacker. He defines himself as someone who empowers the vulnerable using technology. In this episode, we learn what exactly an ethical hacker is opposed to a non-ethical hacker; he lets us know some tips and tricks to protect ourselves on line, especially in the digital age. We also find out about FundisaCode, an NGO which he works with and is very passionate about. FundisaCode works to narrow the digital divide between children in underprivileged communities and those in urban areas. Do stay tuned for more!Support the show (https://paypal.me/RootofSciPod?locale.x=en_US)
Welcome to another episode of Develomentor. Today's guest is Olivia Liddell. Olivia Liddell is a Technical Curriculum Developer at Amazon Web Services. Over the course of her career, she has created innovative teaching and technical training solutions for learners from diverse backgrounds and skill levels.A Certified Ethical Hacker, Olivia frequently speaks on topics such as social engineering and security awareness. In her spare time, she enjoys distance running, studying linguistic anthropology, and developing web applications for Arabic language learners.Click Here –> For more information about tech careersEpisode Summary“If I gave kids a worksheet and said ‘do this’ they would feel bored. After playing this computer game, not only were they saying ‘Ms. Liddell, I want to learn more about this’, but they were also competing with each other. They said ‘Arabic was fun!’“—Olivia LiddellIn this episode we’ll cover:What is social engineering?Mischievous activities Olivia did to get her family kicked off AOLWhat is the day to day of a curriculum developer at Amazon Web Services (AWS)How sharing your ideas on Twitter will help you speak at conferencesKey Milestones[2:19 ] – In college, Olivia studied anthropology and middle eastern studies. After taking on jobs assisting higher education, Olivia decided to become a teacher through The Academy of Urban School Leadership. This was a big move for her. [4:49] – Olivia taught Arabic in middle schools. She had to work hard to engage her students, After some time, she started to incorporate her love for technology into teaching. [7:05] – There weren’t many language computer games out there. Yet there were plenty of games for math and science. This is when Olivia decided to take a shot at creating content and developing games. [10:30] – Olivia recalls talking to a mentor who inspired her to develop educational games.[14:30]- Olivia started writing content and games on AOL. She also recalls first encountering the ‘view source’ button and how it changed her life![17:27] – Olivia talks about how she keeps up with new technology. She has cultivated an inspiring twitter feed. She often prefers learning in tidbits as opposed to taking formal online classes. [19:24] – How did Olivia get into speaking at conferences? Listen to one of her speeches here: https://www.youtube.com/watch?v=roFiSHyUmCk[21:50] – Practical tips to improve your communication skills: Think about literally where is this person coming from? What was their morning like? You can find more resources in the show notesTo learn more about our podcast go to https://develomentor.com/To listen to previous episodes go to https://develomentor.com/blog/Follow Olivia LiddellTwitter: @OliRaviLinkedIn: linkedin.com/in/olivialiddell/Website: https://www.olivialiddell.com/Follow Develomentor:Twitter: @develomentorFollow Grant IngersollTwitter: @gsingersLinkedIn: linkedin.com/in/grantingersoll
In this episode, we are joined by IoT security practitioner, Jennifer Reicherts. Jennifer currently works as a Senior Information Security Analyst for an independent Children's Hospital Network in Minneapolis, MN where she is using her passion for protecting patient care by applying her skills in the areas of IoT technology, Incident Response, Threat Intelligence, and Security Training. Jennifer has spoken on the topic of the cybersecurity risks of IoT in Healthcare at conferences as well as private events. She is a Certified Ethical Hacker, an Executive Board Member of her local InfraGard Member Alliance, and most recently will be joining a planning committee for the most popular cybersecurity event in Minnesota. Follow her on Twitter: @sniffsdapkts Connect with her on LinkedIn: https://www.linkedin.com/in/jennifer-r-6328624/ Links mentioned in the show: https://www.iamthecavalry.org/wp-content/uploads/2016/01/I-Am-The-Cavalry-Hippocratic-Oath-for-Connected-Medical-Devices.pdf https://www.newamerica.org/cybersecurity-initiative/reports/do-no-harm-20/ https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf --- Send in a voice message: https://anchor.fm/cyberspeakslive/message
Terry Cutler is a Certified Ethical Hacker and the Founder and Chief Executive Officer of the IT security and data defense company Cyology Labs, Inc. They protect small businesses, large corporations, families and individuals from cyber-criminals who victimize an estimated 1.5 million people a day, 600K on Facebook alone. He also created the Internet Safety University Cyber Awareness Course who provides people's with the right training and hands-on experience that will help them spot vulnerability, fend off attacks, and respond to cyber security emergencies. To contact Terry: https://terrycutler.com/ https://www.linkedin.com/in/terrycutler/ ---- Podcast Studio: https://www.facebook.com/kbsnetworkoff/ Audiovisual done by: https://www.instagram.com/prodmodusoperandi/ Follow me / Subscribe for more: Podcast: Hugo Prince on Apple Podcast, Spotify & Google Podcast LinkedIn: https://www.linkedin.com/in/princehugo/ Facebook: https://www.facebook.com/hugoprince/ Youtube Channel: Hugo Prince Instagram: https://www.instagram.com/princehugo/ ——
Episode 4: Interview with a Security Camera Hacker... In this Episode of the Security In-Focus Podcast we discuss with Alissa Knight Cybersecurity Evangelist and Certified Ethical Hacker the steps hackers to take to Infiltrate CCTV Systems, The Vulnerabilities of Commercial Security Cameras, the Convergence of Cyber and Physical Security Systems & What Advise do Hackers have for IT Managers in Securing their video surveillance systems. The post Interview with a Security Camera Hacker appeared first on Umbrella Technologies.
This episode speaks of the importance of cyber insurance
http://www.alainguillot.com/terry-cutler/ Terry Cutler is a professional Certified Ethical Hacker. He has been voted #1 Top Influencer in CyberSecurity by IFSEC Global 2018 and has won multiple Awards as a hacker and as a trainer. Terry's job is to break in computer systems, private, corporations, or even governments and show security weaknesses to his clients. Terry started his hacking journey in 2005, inspired by TV shows such as CSI. He found a course called "Certified Ethical Hacking." he decided to take the course, flew to Washinton DC. and took a course alongside the FBI, the CIA, and the Navy Seals. Computer cybercrime is a one trillion dollar industry, especially with Ransomware. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. A typical random is anywhere from $300,00 to $600,000. The top 3 ways that hackers use to get into your computer are: Discovering weak passwords Social engineering: the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim's natural tendencies and emotional reactions. Phishing: the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
Why is advertising so good at influencing people and how can it get you to buy products, services, and put your trust in people? In this preview video from my 42 Secrets of Influence course at https://jerry.tips/42influence we'll discuss the secret power of adverting and how this can benefit you as an influencer! Ready to get started? Once you complete this video please use the link above to register for the complete 42 Secrets of Influence course! Help us reach 500,000 YouTube subscribers and enjoy new tutorials daily! https://jerry.tips/ytsub Free IT security and network training playlist! https://jerry.tips/hacking19 Ethical hacking forever course bundle! https://jerry.tips/hackforever Master Ethical Hacking 2019 Coupon! https://jerry.tips/masterhacking How to Hack in 2019: Noob to Certified Ethical Hacker with CEH V10 discount code! https://jerry.tips/ceh10 Start White Hat Hacking in 2019 promo! https://jerry.tips/whitehat More hacking courses and bundles! https://jerry.tips/jbstore Get all Jerry Banfield courses forever! https://jerry.tips/forever Get private label rights to sell this course yourself as a partner! https://jerrybanfield.com/partners/ Web hosting for JerryBanfield.com? https://jerrybanfield.com/kinsta Email marketing software? https://jerrybanfield.com/activecampaign Video course host for Uthena? https://jerrybanfield.com/thinkific Transcriptions and closed captions? https://jerrybanfield.com/transcripts Equipment and reading list? https://jerrybanfield.com/resources Socials! https://www.facebook.com/jbanfield https://www.youtube.com/jerrybanfield https://twitter.com/JerryBanfield https://www.twitch.tv/jerrybanfield/ https://www.instagram.com/jerrybanfield/ Love, Jerry Banfield https://jerrybanfield.com/ https://jerrybanfield.com/blog/ https://jerrybanfield.com/books/ https://jerrybanfield.com/gaming/ https://jerrybanfield.com/music/ https://jerrybanfield.com/partners/ https://jerrybanfield.com/podcast/ https://jerrybanfield.com/resources/ --- Support this podcast: https://anchor.fm/jerrybanfield/support
Shep Hyken interviews Mike Grande, the founder and CEO of Rock Out Loud and The Staten Island School of Rock. They discuss Mike’s successful philosophies of providing an outstanding experience to his customers. The Interview with Mike Grande:Focus on a simple growth philosophy: to grow your business one customer at a time. If you do your job right, you will earn loyalty and then your customers will help your business grow by recommending your business to friends and family.Know the real purpose of your business and how it can impact your customers. To Mike, music is secondary at his school. He and his fellow teachers—called “coaches”—focus on creating leaders and building self-confidence in their students using music as a tool.Change the customer’s state of mind—break the customer’s preoccupation when they walk through your door or call you. For example, whenever Mike’s students enter one of his schools, a motion detector triggers a crowd chant to pump them up and prepare them for a stellar lesson. Prime your customers in a similar way to ensure their interaction with you is the best it can be.Personalization is a vitally important concept in business. Consider giving your customers personalized gifts to show appreciation for their loyalty. Don’t brand the gifts or turn them into a sales ploy; this is an opportunity to insert some humanity into a service interaction. Have the mindset of “this gift is the least I can do for a loyal customer.”It’s crucial for everyone you work with to be on the same page when it comes to your mission statement. Everyone must be in alignment with the vision of the company, and there needs to be total buy-in from all employees. This comes from creating, cultivating, and defending your company culture.Quote: “For the leader of an organization to be truly successful, you must know your ‘why’ and your mission.” – Mike Grande About: Mike Grande is the founder and CEO of The Staten Island School of Rock and Rock Out Loud. When he’s not teaching or playing music, he is the CTO and a Certified Ethical Hacker for Owl Rock. Shep Hyken is a customer service and experience expert, New York Times bestselling author, award-winning keynote speaker, and your host of Amazing Business Radio. Learn more about your ad choices. Visit megaphone.fm/adchoices
Infosec's Keatron Evans discusses ethical hacking careers and the Certified Ethical Hacker (CEH).
"Companies need to identify the third parties they work with because if they lose data, YOUR company's going to be facing the problem even though you weren't the one that lost the data'. GBD52. Expert certified 'ethical hacker' and top-rated tech speaker Mike Foster of the Foster Institute took time off from planning conference keynotes to talk to us during a skiing break in Montana. He tells Kyle Hannan (AICPA & CIMA, UK) about the ICT journey that has taken him from the C64s of yesterday to the CTOs of tomorrow. There are some foundational and practical steps to boost organisational protection against increasingly universal vulnerabilities. WE DISCUSS: best practices and strategies. 2-factor authentication. security 'DMZ's for 3rd-party assurance. GDPR and data privacy. the importance of software updates and OS upgrades how to toughen defences. we also break down some of the commonly-used examples of top level jargon like 'bad actors', DMZs, 2FA, system-hardening, 'bloatware', CCPA and 'principle of least privilege'. OUR GUEST: Mike Foster, founder of the Mike Foster Institute (USA) is a Certified Ethical Hacker, Certified Information Systems Auditor, and Certified Information Systems Security Professional. He's delivered more than 1,500 presentations and training sessions around the world and has consulted at hundreds of companies in North America. Connect with him at https://www.linkedin.com/in/themikefoster/ LINKS: Visiting the Chicago area this Spring? Join us on the ground or online for the AICPA & CIMA "CFO Conference" in Chicago this April 24-26th 2019. Want to check if your email address has ever been compromised in a data breach? Use the free website have I been powned. For visitors inside the US, visit Foster Institute.(this won't display for web visitors from outside the USA). For those in the rest of the world, see his LinkedIn page. Find related CPD/CPE resources at the AICPA Store and the CGMA Store. MORE ABOUT OUR PODCAST. These conversations with our expert guests are recorded by different members of the AICPA & CIMA team from our offices around the world. While the sound quality may vary, the insights will always be consistently useful. Hear more. Get our shows every week automatically and free. Share them easily with colleagues and friends by using the icons on your app or media player. Skill Up. Find related CPD/CPE resources at the AICPA Store and the CGMA Store. Connect. Use the hashtags #GoBeyondDisruption or follow @AICPANews @CIMA_News. You can email our team at beyond.disruption@aicpa-cima.com and visit our project page at GoBeyondDisruption.com. ©2018 Association of International Certified Professional Accountants (AICPA & CIMA). All rights reserved.
Rusty Wilson started his career as a signals intelligence analyst in the US Army where, while deployed in Korea, he cut his algorithmic teeth on Perl scripts that ended up slicing days of processing time from his intelligence data processing before "Big Data" was even a catch phrase.Rusty is a Certified Ethical Hacker, and a Hacking Forensic Investigator, among 10 other professional certifications. He's carried the titles CIO, CTO, and VP of Technology.All the while he pursued his passion for providing strategic career development coaching for IT and engineering professionals, wisdom he shares with us in this episode. See acast.com/privacy for privacy and opt-out information.
Your phone is your most prized possession, making it the most vulnerable security risk you own. Did you know that hackers are able to access nearly all your accounts with just your phone number? In this episode of Komando on Demand, Kim explores the serious threat of hijacking smartphones and how cybercriminals can ruin your life. Founder and CEO of InForceCyber.com Asen Kehayov, who is a Certified Ethical Hacker from Bulgaria, advises on what people can do to safeguard their data. Learn more about your ad choices. Visit megaphone.fm/adchoices
Your phone is your most prized possession, making it the most vulnerable security risk you own. Did you know that hackers are able to access nearly all your accounts with just your phone number? In this episode of Komando on Demand, Kim explores the serious threat of hijacking smartphones and how cybercriminals can ruin your life. Founder and CEO of InForceCyber.com Asen Kehayov, who is a Certified Ethical Hacker from Bulgaria, advises on what people can do to safeguard their data.
Today's Guest, Mr. Raji Abdulgafar, He is a Programmer, Python lover, Certified Ethical Hacker, Community Developer, Digital Forensics Expert and in the recently concluded NaijaSecCon his team (L.I.G S3C) came out as the first runner up, He is a passionate and curious researcher, he shares his story with us. Do listen and have fun. “I don't focus on the challenges, if I focus on the challenge I won't move on” Notes from Today's Episode: Your curiosity and desire to figure out how things work propels you to probe and understand the underlying principles behind a lot of things For users security ensure you are logged in and viewing the right website you intend to visit Avoid code redundancy; Write a simple code Don't chose a dictionary word as your password or anything related to your personal life e.g. street name, names of your loved ones. They are easy to crack; ensure to change your passwords periodically. Never use a password for multiple accounts, so in case one of them is compromised, the other accounts are still secured You could secure your network by filtering file sharing across a network and also use VPNs Have a Vision and a Goal you are working towards (A big picture for your career), it propels you past your challenges. Demystifying myths The Myth that all hackers are bad, I don't seem to know where they got that from. Well, maybe in movies they see the guy behind the black and green screen. This is not true, an ethical hacker is someone who legally attempts to break into a computer system or network in order to find its vulnerability (weakness) and secure it. Remember to go out and create Awesomeness, I am looking forward to hearing from you, send in your comments via email: thecreativeschronicles@gmail.com, remember to subscribe on iTunes and any other podcasting app you use, just search for thecreativeschronicles on your podcasting app and subscribe, thank You! Show Notes: Abdulgafar Raji on Twitter - @mrgaphy
Sean Pohl lives on the web. But it’s not the web many of us ever want to frequent. Sean spends time on the “dark web.” This is the area of cyberspace where you’ll find dangerous people – that seek to steal and sell credit card numbers, medical records and sensitive business information for profit. Sean is a Certified Ethical Hacker – a hacker who uses his online savvy for good. In this episode of the Life@AT&T podcast Sean explains how ethical hackers help keep our network and our customers a step ahead of cyber criminals.
It is crucial that you preemptively defend against potential breaches. But what are the weaknesses within your security? Jason Karn, Total HIPAA's Chief Compliance Officer speaks with Drew Green, Director of Information Technology at Thomas, Judy and Tucker about what it means to be a Certified Ethical Hacker, the other certifications applicable to penetration testing, […]
It is crucial that you preemptively defend against potential breaches. But what are the weaknesses within your security? Jason Karn, Total HIPAA’s Chief Compliance Officer speaks with Drew Green, Director... Read More ›
I spoke with Adam Cohen, an attorney and a managing director with the Berkeley Research Group, a global strategic advisory and expert consulting firm. He is a Certified Ethical Hacker and provides guidance on data governance, compliance, and security, including cybersecurity, digital forensics and electronic discovery. We discussed his role at the Berkeley Research Group, the work he performs as an ethical hacker, his evolution from a law firm partner to a consultant with technical data security certifications, the distinctions between the challenges that in-house lawyers face versus those of their outside counsel, and where data governance is headed.
I spoke with Adam Cohen, an attorney and a managing director with the Berkeley Research Group, a global strategic advisory and expert consulting firm. He is a Certified Ethical Hacker and provides guidance on data governance, compliance, and security, including cybersecurity, digital forensics and electronic discovery. We discussed his role at the Berkeley Research Group, the work he performs as an ethical hacker, his evolution from a law firm partner to a consultant with technical data security certifications, the distinctions between the challenges that in-house lawyers face versus those of their outside counsel, and where data governance is headed.
I spoke with Adam Cohen, an attorney and a managing director with the Berkeley Research Group, a global strategic advisory and expert consulting firm. He is a Certified Ethical Hacker and provides guidance on data governance, compliance, and security, including cybersecurity, digital forensics and electronic discovery. We discussed his role at the Berkeley Research Group, the work he performs as an ethical hacker, his evolution from a law firm partner to a consultant with technical data security certifications, the distinctions between the challenges that in-house lawyers face versus those of their outside counsel, and where data governance is headed.
During a Security Incident, or in the course of an investigation, it may become necessary to gather evidence for further use in a possible court case in the future. But if you don't have 4-10,000 dollars USD for fancy forensic software, you'll need to find methods to preserve data, create proper integrity, and have a proper custody list to show who handled the data, how it was collected, etc. This podcast was not meant to turn you into an expert, but instead to go over the finer points of the process, and even where you should turn to if you need help. Certified Ethical Hacker book I was referencing in the show: http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119252245,miniSiteCd-SYBEX.html Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-044-Evidence_chain_of_custody_data_integrity.mp3 #YouTube: https://www.youtube.com/watch?v=aJA2ry6npKI #iTunes: https://itunes.apple.com/us/podcast/2016-044-chain-custody-data/id799131292?i=1000377566298&mt=2 #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582
You can call me a hacker, I don’t mind. It’s right there on my business card: Certified Ethical Hacker. Because that’s what I do. When asked, I’ll (Legally) break into your home desktop, your company’s computer system, or your corporation’s IT system. Why would you want me to do that? Well, wouldn't you rather that I do it before the unethical, evil hacker does it first? If the bad guy beats me to it, he’ll turn your life upside down in costly and cruel ways that you can’t even imagine. It happens every minute of every day in today’s digital world. I’ll show you how to combat this potential nightmare and protect your yourself, your family and your business. For corporations, we start with a current assessment of your threats, vulnerabilities & risks. Then we can establish where you need to be with protection and accountability solutions. What I do: • Test customer networks for security holes and help plug them • Online and in-person Internet safety lessons to conventions, organizations, businesses, community associations, and ordinary folks everywhere. • Media interviews on national television, radio, in print, and online publications. Each time I make a presentation, it gives me hope that people are waking up to the reality that the Internet, along with all the wonderful benefits that it brings has danger lurking at your doorstep. So get protected now ... Please visit: http://www.InternetSafetyUniversity.com to learn how you can protect yourself, your family and your business with this FREE Internet Safety Video Series. Cybersecurity, ethical hacking, internet self-defense, and education: this is what I do and I can do it for you. http://terrycutler.com https://www.facebook.com/terrycutler911 https://twitter.com/Terrypcutler
Nesta nova edição do SegInfocast, apresentamos o áudio do Webinar #32 da Clavis Segurança da Informação sobre o curso Teste de Invasão em Redes e Sistemas e a certificação Ethical Hacking Foundation da EXIN. Neste episódio o instrutor Rafael Ferreira, abordamos o que há de novo na terceira edição do O objetivo deste webinar é a divulgação do curso de Teste de Invasão em Redes e Sistemas da Academia Clavis, que pela primeira vez, será também um curso preparatório para a certificação internacional Ethical Hacking Foundation da EXIN. Caso o aluno deseje, no final do curso ele pode adquirir o Voucher para a realização do exame. Durante o curso são realizadas simulações controladas de ataques a redes, sistemas e ferramentas, visando analisar a segurança do mesmo. Os alunos aprendem a utilizar ferramentas para avaliação e identificação de vulnerabilidades seguindo padrões internacionais de Testes de Invasão, como NIST 800-42, OWASP, OSSTMM e ISSAF/PTF. Sobre o instrutor Rafael Soares Ferreira é Sócio Diretor Técnico do Grupo Clavis Segurança da Informação. Profissional atuante nas áreas de testes de invasão e auditorias de rede, sistemas e aplicações, e de detecção e resposta a incidentes de segurança. Já prestou serviços e ministrou cursos e palestras sobre segurança da informação para grandes empresas nacionais, internacionais, órgãos públicos e militares, assim como em diversos eventos, entre eles: GTS – Grupo de Trabalho em Segurança de Redes do cgi.br, CNASI – Congresso de Segurança da Informação, Auditoria e Governança TIC, FISL – Fórum Internacional de Software Livre, OWASP Day, Bhack Conference, SegInfo – Workshop de Segurança da Informação, Bsides SP, entre outros. Na Academia Clavis é instrutor dos seguintes cursos: Certified Ethical Hacker (CEH), Teste de Invasão em Redes e Sistemas,Auditoria de Segurança em Aplicações Web, Análise Forense Computacional, Teste de Invasão em Redes e Sistemas EAD,Auditoria de Segurança em Aplicações Web EAD e Análise Forense Computacional EAD. Possui as certificações CEH v8 (Certified Ethical Hacker), ECSA v4 (EC-Council Certified Security Analyst), CHFI v8 (Computer Hacking Forensic Investigator), CompTia Security+, SANS SSP-CNSA (Stay Sharp Program – Computer and Network Security Awareness) e ENSA v4.1 (EC-Council Network Security Administrator).
Intro / Outro Vivienne Mort - ГГПТКН https://www.youtube.com/watch?v=mf7lFcOraVw 00:02:13 The FBI Drops Its Case Against Apple After Finding a Way Into That iPhone http://goo.gl/M96YTK iOS forensics expert’s theory: FBI will hack shooter’s phone by mirroring storage http://goo.gl/6j2wSl 00:05:54 Apple's fruitless rootless security broken by code that fits in a tweet http://goo.gl/5d0aI7 00:09:37 About the Panama Papers http://goo.gl/LmVx8I 00:14:39 Hack Brief: Turkey Breach Spills Info on More Than Half Its Citizens http://goo.gl/9rXh38 00:15:13 Megabreach: 55 MILLION voters' details leaked in Philippines http://goo.gl/kh4Amj 00:18:00 Costa Rica launches investigation after reports hackers ‘rigged’ 2014 election http://goo.gl/GZm656 00:21:04 BlaBlaCar & Uber 00:23:59 Why Hospitals Are the Perfect Targets for Ransomware http://goo.gl/4Yvtjk 1,400+ Vulnerabilities Identified in Medical Supply System https://goo.gl/adrm0n 00:28:52 Meet the new ransomware that knows where you live http://goo.gl/BvMp09 00:30:27 Certified Ethical Hacker website caught spreading crypto ransomware http://goo.gl/b1f46Y 00:33:11 Sources: Trump Hotels Breached Again http://goo.gl/hd3MCj 00:34:33 Adobe Patches Flash Player Zero-Day Threat http://goo.gl/wKtVoX Mindless Flash masses saved as exploit kit devs go astray with 0day http://goo.gl/bXA6A2 00:35:36 FBI: $2.3 Billion Lost to CEO Email Scams http://goo.gl/tCdANU 00:36:13 Uber Will Pay $10,000 ‘Bug Bounties’ to Friendly Hackers http://goo.gl/E9O7pN 00:36:53 How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript http://goo.gl/W1ZBQw 00:39:39 No Password Required! 135 Million Modems Open to Remote Factory Reset http://goo.gl/vKWE69 00:40:07 Karamba Security https://www.karambasecurity.com/ 00:44:15 WordPress pushes free default SSL for hosted sites http://goo.gl/MJ03Mg 00:45:31 Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc http://goo.gl/uusxvY 00:46:55 How Pirates And Hackers Worked Together To Steal Millions Of Dollars In Diamonds http://goo.gl/KcuOSv 00:48:15 DNS root server attack was not aimed at root servers – infosec bods http://goo.gl/sUzudU Видео запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg
What is Cyber security, and why should we pay attention to it? Cyber security also known as information technology security, “focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.” Would you like to learn how to improve your security posture and more quickly detect security threats before they occur? Join us for an hour of free information and tips on Cyber security from a Security expert Kai Pfiester. You’ll learn what hackers are after and determine if you or your business are a potential targets and how hackers attack you! Kai will also share some helpful tips on how to protect yourself and your business. Your Life Now radio show proudly presents Kai Pfiester, a cyber-security expert, the president of Black Cipher Security, a cyber-security company. He specializes in helping small to medium-sized businesses protect themselves from hackers, malware, insider threats and physical theft. Kai He holds numerous IT security certifications such as Certified Ethical Hacker, OSWP and Security+. He has written articles on cyber security for the NJ Law Journal, NJ Business magazine, Burlington Regional Chamber of Commerce and several online publications. As a speaker, he has done presentations for the Phi Alpha Delta Law Fraternity International, NJ Society of CPAs, and several local business organizations. For more information, please feel free to contact us at: http://YourLifeNow.info Or email us at: YourLifeNow.llc@gmail.com
Description: Digitization offers law firms significant opportunities, but also presents huge threats. While many of the top law firms are greatly progressing in their cyber security efforts, a vast majority of small to mid-sized firms still do not fully understand the risks and implications of failing to adequately protect their rich repositories of personal information, corporate secrets and intellectual property. This presentation will provide a snapshot of IT Security threats facing law firms today and the importance of focusing on cyber security efforts. Speakers: Richard Martinez is an IT professional in the legal industry with 19 years of experience in infrastructure, cyber security, SEO/SEM/SEP, project management and team building. Holding a Certified Ethical Hacker certification and serving as the IT Manager in an Am Law 20 firm, he also consults with small to mid-size businesses on their digital efforts from attracting new clients to retaining, optimizing and securing their data once it is received. Previous roles in multiple Am Law 100 firms give Richard a unique perspective of the legal technology process from an out-sourced and in-house perspective. Jeffrey Brandt has been the CIO for several top 100 U.S. law firms, and has 30 years of experience in the field of legal automation. He now consults to law firms and professionals on projects as diverse as process and electronic workflow management, knowledge management, information governance and security, BYOD/S, communities of practice and IT executive coaching. Jeffrey is also the Editor of the popular PinHawk Legal Technology Digest and is a frequent educational speaker at industry conferences.
In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…
On this week's all-star episode: We introduce Charles Tendell, a Certified Ethical Hacker and co-host of the Computer America radio show. Charles will give you insights on the huge security break-in at Target, Neiman Marcus and other retailers, where the raw details of tens of millions of credit and debit cards were stolen by online criminals. He'll also talk about Bitcoin, the online digital currency, and security issues impacting Mac and Windows PCs. We are also joined by John Martellaro, Senior Editor, Analysis & Reviews for The Mac Observer and a columnist for The Street, who will focus his conversation on Google's decision to sell its Motorola Mobility handset division, at fire sale prices, to Lenono, the large Asian PC maker. You'll also hear him explain why Wall Street doesn't understand Tim Cook, the future of the Mac, and an illuminating encounter with a disappointed Microsoft Surface RT customer.
Dave Kennedy on ethical hacking using PowerShell News Execute commands and scripts from anywhere including the office and remote locations, as well as from a Web browser or smart phone with PowerGUI Pro from Quest Software. With the MobileShell feature, administrators can quickly run commands to troubleshoot problems or make changes, even when away from your desk! This gives teams more flexibility to work remotely while traveling, and to leverage admins from other offices in case of an emergency. · Execute queries remotely to determine if services or processes are running · Restart services, processes, or entire servers · Check mailbox settings · Unlock user accounts · Reset passwords · Run custom scripts Visit quest.com/powerguipro and see why PowerShell and Quest PowerGUI are the ultimate Windows management tools. Usergroup news: Atlanta PSUG next meeting is Nov 16th with Ed Wilson speaking November Arizona PowerShell User Group meets Nov 3rd. Topic is building GUIs using PrimalForms New PowerShell Usergroup: Minneapolis and Saint Paul PowerGUI Pro and PowerGUI 2.2 are out! Doug Finke will be doing a PowerShell session at the Westchester Code Camp Nov 6th Intel vPro Expert Center Blog: Version 2 of the PowerShell Module for Intel vPro Technology released A reminder that the PowerGUI Challenge 2010 is underway until Nov15th Jonathan Medd posted a discount code for PowerShell in Practice Announcing the New PowerShell Virtual Chapter of PASS! Interview Our interview is brought to you by SAPIEN Technologies, makers of PrimalScript and PrimalForms. Links: Social-Engineer.org podcast Book choice: Pro Windows PowerShell: http://apress.com/book/view/9781590599402 Chatroom Buzz ## favorite linux distros? Backtrack/ubuntu ## Scripting language/Programming language history Python ## how about how SET came to be? ### what did you develope for backtrack? Q: how simular do you see python and psh? ## this sounds like a n00b question probably, but has dave used python 3 or stuck with python 2.x? i've struggled with the ctypes he mentioned with 3.x. Q: do you use psh automation scripts to do system tests? ## would you say most networks are turtle shells? ## thoughts on Certified Ethical Hacker cert? ### great description on what the tool is and some backround on it but did you just say one day "hey i want to be able to do something like this automaticaly" or was it someone who wanted the tool? CISSP = if you didn't know how to secure a machine before the cert.. you still don't after.. ## best ways to sell security to decision makers? Opportunity cost? Disaster scenarios? ## how has dave used powershell in a test? i have not listened to his defcon talk. i can see where powershell can be handy since it's almost on every server. like wmi via powershell? Q: is a recorded session or powerpoint slides available for posting in the notes from his defcon session ## Have you looked at attacking winrm or did you play with remoting at all? ##By a weak SA password are describing a brute force attack on the SA, to the SMO? ## how often do new security tools come out? Or are there more updates to existing tools? Q: How often is he using psh for testing? ## Q what resouces has Dave used to learn more about powershell scripting and how to use it? ## how 'powerful' is PS compared to linux/bash? ## What did you not like in PowerShell when learning it? ## What would you do to secure powershell from people like you? ## He's mentioned execution restriction policy twice... what makes them so weak? but flash can't see through....walls Hero - Superman Resources This segment brought to you by ServerFault.com The Scripting Guy has two great guest posts from listener Tome: Tap into the PowerShell Community for Fun and Education Learn How to Load and Use PowerShell Snap-ins Intel vPro Expert Center Blog: PowerShell Module for Intel vPro Technology: PowerShell Drives Beta - Part 1 Don Jones has released a 4 chapter PowerShell "crash course" Manage WSUS with PowerShell Tips From Rob C. $list = @" "@ $col = $list.split("`n") |% {$_.trim()}
Join me in this episode as I speak with penetration testing expert and COO, Jason Nickola, of Pulsar Security.Connect with Jason here:Twitter - chm0dxLinkedIn - jasonnickolahttps://www.linkedin.com/in/jasonnickola/Jason is a Senior Security Consultant and COO at Pulsar Security, specializing in pentesting and red teaming. Equally passionate about enabling others in their journeys as he is about security and technology, Jason is an organizer of the BSides NH conference, A SANS instructor for SEC560: Network Pentesting and Ethical Hacking, a frequent speaker and trainer at both local and national events, and a founder of TechRamp, a nonprofit which aids in the transition to technical careers. He is a three-time Core Netwars Tournament champion and one of just 23 people in the world named by the SANS Institute as both a Red Team and Blue Team Cyber Guardian. Jason has earned a long list of technical certifications including GIAC Security Expert (GSE), Offensive Security Certified Expert (OSCE), GXPN, GWAPT, GPEN, GREM, GCIA, GMON, GMOB, GNFA, GCUX, GCIH, GCWN, GCCC, GAWN, GSEC, GPYC, GSNA, GDAT, GCFA, GCDA, GCFE, GLEG, Certified Ethical Hacker, Security+, Network+, and OSCP.Support this podcast at — https://redcircle.com/cyber-life/donations
© 2020-2025 Ivy Podcast Discovery LLC
