POPULARITY
Cold weather, snow, and Christmas trees. Not necessarily something we may want to be thinking about right now as we're just beginning the fall season. However for some, they're thinking about this all year round. Chris Kirsch, owner of Enchanted Valley Acres in Cross Plains, says he and his team plan and maintain the farm's operations through every season, with specific activities tailored to the needs of the trees at different times of the year. “The care for young trees begins before they even arrive at the farm,” explains Kirsch. “It starts at the nursery, ensuring they are kept in optimal conditions until they are planted. Timing is crucial, as early planting in moist soil can significantly impact the growth and health of the trees.” Visit Enchanted Valley Acres website to learn more.See omnystudio.com/listener for privacy information.
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 93: Navigating Cybersecurity Realms: Unveiling Chris Kirsch's Multifaceted JourneyPub date: 2023-08-22In the captivating world of cybersecurity, where technology and innovation intersect to safeguard our digital landscapes, Derek is delighted to welcome today's distinguished guest, Chris Kirsch! Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a strategic social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a masterful pizza chef specializing in the art of bread baking! With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You're bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!Show highlights:Some lessons learned from PGP.Bridging the gap between hardware and software.How adding a second product to the sales process changes the hearts and minds of a sales team.Transitioning from working with crypto-geeks to hackers. (18:51)The value of cold-calling managers. (26:01)Two essential attitudes you can have to an acquisition.The benefits of being open and having conversations without expectations.Fingerprinting flaky devices.The importance of having a good inventory. Chris's advice to his younger self.Links and resources:(CS)²AI Derek Harp on LinkedInChris Kirsch on LinkedInRunZeroThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
In the captivating world of cybersecurity, where technology and innovation intersect to safeguard our digital landscapes, Derek is delighted to welcome today's distinguished guest, Chris Kirsch! Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a chef specializing in the art of bread baking! With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You're bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!Show highlights:Some lessons learned from PGP.Bridging the gap between hardware and software.How adding a second product to the sales process changes the hearts and minds of a sales team.Transitioning from working with crypto-geeks to hackers. (18:51)The value of cold-calling managers. (26:01)Two essential attitudes you can have to an acquisition.The benefits of being open and having conversations without expectations.Fingerprinting flaky devices.The importance of having a good inventory. Chris's advice to his younger self.Links and resources:(CS)²AI Derek Harp on LinkedInChris Kirsch on LinkedInRunZero
Chris Kirsch, CEO of runZero, joins Dennis Fisher to talk about the problem of trying to secure what you don't know you have, asset management, and his history in the original crypto war.
Chris is the founder of runZero, a cyber asset management company. Chris has been acquired six times, IPO'd once and is one of the few black badge holders of Defcon.Chris had one of his greatest challenges right after college at the start of his career.The whole business was dependent on a key encryption licence which was about to be withdrawn. It would take a year to replace properly. They had less than a month.His CEO was a great role model for Chris. He was calm under pressure and willing to take risks and had a mantra “There's always one move left”... Chris just had to find itCould he do it in time?In this episode we discuss,Making bold moves and taking risks in business;Where hard work and resilience can take you;Why taking a step back and reassessing situations with a fresh perspective is essential.Tune in to hear how Chris made strategic decisions that skyrocketed his career and got him to where he is today.Want to know how Future Fit you are? Take 3 mins to benchmark yourself with our Founder Fitness Test on peer-effect.com. You might discover some surprising gaps! Or just follow James on LinkedIn for more thoughts around coaching and being future fit.
In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Their Story podcast on ITSPmagazine, Huxley Barbee delves into the world of InfoSec and asset management, discussing the importance of having a full asset inventory and how his company, RunZero, addresses this challenge with a cyber asset management solution.Founders HG Moore and Chris Kirsch identified the need for better tooling as security teams' scopes expanded beyond managing traditional IT devices to securing IoT and OT devices across various environments. RunZero helps organizations understand gaps in security controls coverage, identify potentially vulnerable devices in the face of zero-day threats, and more.Huxley Barbee explains that a full asset inventory, including asset details like location within the network, device function, and business context, can assist in determining which vulnerabilities or misconfigurations need immediate attention. Huxley highlights the delicate process of gathering information on devices and the importance of incremental fingerprinting, particularly in OT environments and those with often-unmanaged IoT devices.The trio also cover the business side, discussing the typical clients for RunZero and the mindset shift required to realize that existing asset discovery tools may not be sufficient. They discuss the collaboration between IT, OT, and security teams, emphasizing that having a full cyber asset inventory beyond the traditional IT asset inventory can help reduce remediation time and improve overall business decision-making.Tune in to this episode to learn more about RunZero's modern approach to asset management, the crucial role of visibility in addressing security challenges, and how a robust asset inventory by RunZero can help businesses leaders and security practitioners make better decisions.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuest: Huxley Barbee, Security Evangelist at RunZero [@runZeroInc] and lead organizer for BSides NYC [@bsidesnyc]On LinkedIn | https://www.linkedin.com/in/jhbarbee/On Twitter | https://twitter.com/huxley_barbeeOn Mastodon | https://infosec.exchange/@huxleyResourcesLearn more about RunZero and their offering: https://itspm.ag/runzervvyhCatch the video and podcast version of this conversation: https://itspmagazine.com/their-stories/its-difficult-to-secure-the-invisible-reinventing-asset-management-for-modern-challenges-in-it-iot-and-ot-a-runzero-story-with-huxley-barbeeBSides NYC Podcast: https://itsprad.io/event-coverage-1388Are you interested in telling your story?https://www.itspmagazine.com/telling-your-story
It is axiomatic in our industry that you can't protect what you don't know about, but assembling a comprehensive asset inventory can be much more difficult than it seems. Chris Kirsch, CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore, sits down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) to discuss:What asset management is and why it is importantFirst steps any organization should take to implement asset managementA high-level overview of some standard ways to manage asset inventory, and how runZero solves common problemsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.
The best Social Engineers do a tremendous amount of research before engaging a target. As luck would have it, we get to speak with one of them today! Chris and I talk about the pivotal role of OSINT in preparing for an SE engagement and also get a "peek behind the curtain" in relation to OSINT sources during a Social Engineering "capture the flag" style competition. Chris Kirsch is the CEO of runZero (www.runzero.com), a cyber asset management company he co-founded with Metasploit creator HD Moore. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering capture the flag competition at DEF CON, the world's largest hacker conference. If you'd like to learn more about Chris and the organizations he advocates for: Defcon 2022 OSINT & vishing research: https://medium.com/@chris.kirsch/top-osint-sources-and-vishing-pretexts-from-def-cons-social-engineering-competition-8e08de4c8ea8 Winning call from DEF CON SECTF 2017: https://www.youtube.com/watch?v=yhE372sqURU External perimeter recon using runZero: https://www.runzero.com/blog/external-scanning/ Competitive Intelligence talk at Layer 8 Conference: https://www.youtube.com/watch?v=NB-wLadJ3hk Facebook Talent Intelligence Collective: https://www.facebook.com/groups/talentintelligencecollective National Child Protection Task Force (NCPTF): https://www.ncptf.org/ Twitter profile: https://twitter.com/chris_kirsch Mastodon profile: https://infosec.exchange/@chris_kirsch LinkedIn profile: https://www.linkedin.com/in/ckirsch/ Chris' company: https://www.runzero.com/ Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org
Join our resident Business Ninja Kelsey, together with the CEO and Co-Founder of runZero, Chris Kirsch, as they talk about getting unmatched visibility and insights into every assets connected in your network. Discovery is the first step to building the asset inventory needed for effective IT and security programs. Yet, most organizations struggle to obtain a true inventory of all the devices and services running in their networks. runZero's mission is to make discovery as easy and safe as possible, so organizations know everything they have on their network and in the cloud.runZero delivers the data and context you need to effectively manage and secure assets across your environment.Learn more about them and visit their website today at https://www.runzero.com/-----Do you want to be interviewed for your business? Schedule time with us, and we'll create a podcast like this for your business: https://www.WriteForMe.io/-----https://www.facebook.com/writeforme.iohttps://www.instagram.com/writeforme.io/https://twitter.com/writeformeiohttps://www.linkedin.com/company/writeforme/https://www.pinterest.com/andysteuer/Want to be interviewed on our Business Ninjas podcast? Schedule time with us now, and we'll make it happen right away! Check out WriteForMe, more than just a Content Agency! See the Faces Behind The Voices on our YouTube Channel!
Chris Kirsch is the CEO of runZero, a company he co-founded with Metasploit creator HD Moore to help companies solve their asset inventory challenges. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, the world's largest hacker conference.Connect with Behind Company Lines and HireOtter Website Facebook Twitter LinkedIn:Behind Company LinesHireOtter Instagram Buzzsprout
This Founder has some surprising additional talents outside of founding a company that's raised $5 million in VC funding to hunt for networked devices. After helping several start-up brands market their solutions, Chris Kirsch joined the founding team of runZero and is currently the company's CEO. In addition to a fun round of “fact or fiction,” The Founder Formula co-hosts Todd Gallina and Sandy Salty talked with Chris about: The evolution of a winning name for a company Developing a culture Mindful growth Celebrating client wins Listen in to learn all of this and more on this episode of The Founder Formula with Chris Kirsch, Co-Founder of runZero. Additional episodes of The Founder Formula can be found on Apple Podcasts, Spotify, or the Trace3 website.
This week, Carole Theriault is interviewing DEFCON Black Badge holder Chris Kirsch from RunZero on the recent DEFCON 30 vishing competition. Dave and Joe share some listener follow up from 3 different listeners, who share stories on disposable email addresses, as well as a little insight on a Best Buy scam mentioned in a previous episode. Joe's story is on gaming companies and whether or not they have to stoop down to stemming growth in cheats, hacks, and other types of fraud to keep customers coming back. Dave's story comes from his father, he has two stories, one involving a gift card scam and an email compromise of a family member's account. The other involves a fake invoice for tech support services. Our catch of the day comes from listener Felipe, who writes in asking Joe and Dave to make sense of the email he received saying that his refund was recalled from someone claiming to be the "Secretary for International Finance of United States Treasury Department." Links to stories: For Gaming Companies, Cybersecurity Has Become a Major Value Proposition Scam call center video Jim Browning scammers video Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
This week, Micah (@WebBreacher), and Christina (@ChristinaLekati) are joined by Chris Kirsch (chris_kirsch) for an interview! Chris is the CEO of runZero, a cyber asset management company he co-founded with Metasploit creator HD Moore. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, while last year, he participated as a judge for the vishing competition at the Social Engineering Community. In this interview, we discuss the intersection between OSINT and social engineering. Chris shares with us stories from the application of OSINT in social engineering operations, and describes some of the top OSINT techniques and resources that he observed at the Social Engineering vishing competition. You can follow Chris on: Twitter: https://twitter.com/chris_kirsch LinkedIn: https://www.linkedin.com/in/ckirsch/ Mastodon: https://infosec.exchange/@chris_kirsch
Someone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley/ (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault/ (Carole Theriault), joined this week by runZero's Chris Kitsch. Plus don't miss our featured interview with Akamai's Patrick Sullivan talking about bots in the retail sector. Warning: This podcast may contain nuts, adult themes, and rude language. Episode links: https://www.runzero.com/blog/rebrand-journey1/ (The rundown on becoming runZero: What I learned rebranding a company) - Chris Kirsch on the runZero blog. https://twitter.com/MelissaForPA/status/1580216538421899264 (Tweet by Melissa Shusterman) - Twitter. https://www.forbes.com/sites/thomasbrewster/2022/10/13/apple-airtag-stolen-democratic-signs-pennsylvania/?sh=3d6fc80b3342 (Apple AirTag Used To Find Over 100 Stolen Democratic Campaign Signs, Police Say) - Forbes. https://www.youtube.com/watch?v=dtZf-A4Qd5k (Wie eine russische Firma ungestört Deutschland hackt) - ZDF Magazin Royale on YouTube. https://apnews.com/article/russia-ukraine-technology-berlin-government-and-politics-b7d3c413308976c3ab05ca7fbb71e476 (German cybersecurity chief investigated over Russia ties) - AP News. https://www.theguardian.com/world/2022/oct/18/germany-cybersecurity-chief-sacked-russia-arne-schonbohm (German cybersecurity chief sacked following reports of Russia ties) - The Guardian. https://www.msn.com/en-gb/news/world/fraudster-swindled-virgin-trains-out-of-c2-a3116000-in-sophisticated-scam/ar-AA12Ru70 (Fraudster swindled Virgin Trains out of £116,000 in 'sophisticated' scam) - MSN. https://www.dailymail.co.uk/news/article-11299587/Virgin-Trains-worker-37-swindled-rail-firm-116-000-delay-repay-compensation-scam.html (Virgin Trains worker, 37, swindled rail firm out of £116,000 in 'delay and repay' compensation scam by photoshopping tickets to exploit flaw in system) - Daily Mail. https://www.moneysavingexpert.com/reclaim/train-delays/ (Train delays:How to claim if it's late or cancelled) - Money Saving Expert. https://dataportal.orr.gov.uk/popular-statistics/how-many-trains-arrive-on-time/ (How many trains arrive on time) - Gov.uk. https://www.birminghammail.co.uk/news/midlands-news/employee-swindled-virgin-trains-out-25207048 (Employee swindled Virgin Trains out of £116,000 in delay and repay compensation scam) - Birmingham Mail. https://explore.org/fat-bear-week (Fat Bear Week 2022). https://www.rollingstone.com/culture/culture-news/fat-bear-week-voter-fraud-attempt-1234608565/ (‘Fat Bear Week' Hit By Voter-Fraud Attempt) - Rolling Stone. https://pimeyes.com/en (PimEyes) - Face search engine. https://www.bbc.co.uk/iplayer/episode/p07r5pwq/the-fear-of-god-25-years-of-the-exorcist (The Fear of God: 25 Years of the Exorcist) - BBC iPlayer. https://www.smashingsecurity.com/store/ (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://www.smashingsecurity.com/kolide (Kolide) – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. https://bitwarden.com/smashing/ (Bitwarden) – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://www.akamai.com/smashing (Akamai) – Make the most of Cybersecurity Awareness Month by connecting with Akamai's experts on how you can achieve unmatched security. Where else can you take advantage of insights from 7 trillion DNS queries per day? Support the show: You can help the podcast by telling your friends and...
Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition. Guests: Christina Lekati (LinkedIn) (Twitter) Chris Kirsch (LinkedIn) (Twitter) Books and References: Top OSINT sources and vishing pretexts from DEF CON's social engineering competition, research by Chris Kirsch referenced in this episode YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence YouTube Playlist from the 2022 SANS OSINT Summit YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours The OSINT Curious project DEFCON Social Engineering Community 15 top open-source intelligence tools, CSO Online Top 25 OSINT Tools for Penetration Testing, SecurityTrails WebMii.com Hunter.io Wigle.net Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Threat Modeling: Designing for Security by Adam Shostack What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Perry's Books Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com
Today's episode is hosted by James and Karl. They talk to Chris Kirsch, Co-Founder and CEO of runZero about the ethics and philosophy behind social engineering (and how he got into teaching pickpocketing to red teamers), the amount of research that actually goes into the DEF CON Capture the Flag Competition (Chris won the coveted Black Badge at DEF CON 2017), how to protect yourself from Open Source Intelligence manipulation, and why he may (or may not) have psychic powers. Follow Chris' social engineering escapade on today's episode of Adventures of Alice & Bob!
A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they're up to? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dr Jessica Barker. Plus don't miss our featured interview with Rumble's Chris Kirsch. Visit https://www.smashingsecurity.com/275 to check out this episode's show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Chris Kirsch and Jessica Barker.
Germany tells consumers to stop using Kaspersky anti-virus products, OSINT reveals a secret government department (with help from an Apple AirTag), and the UK says it's taking a hard line on dick pics. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch. Visit https://www.smashingsecurity.com/266 to check out this episode's show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: Chris Kirsch.
Have you ever thought you could find more assets in your network that you thought you would have? Do you have segments that haven't been scanned yet? Or maybe subnets that you have ignored? These and much more is what asset discovery brings to the table to any security team, helping to prevent the next big incident. In today's episode we sat down with Chris Kirsch, CEO and co-founder of Rumble and chatted about why covering the basics, like having a full inventory of your network with all the managed and unmanaged devices, is a best practice to secure any environment. Topics discussed in this episode: Rumble's founding story and background Why Rumble's engine is very benign to the network Where customers that migrate to Rumble come from Why vulnerability scanners don't tell much about what a particular asset is A two point approach for asset discovery in a cloud environment How customers use Rumble in a response style situation 3 Pieces of advice to succeed at asset management and device security in the future.
Traci and Alex review the latest intel on the Brian Laundrie and Gabby Petito case. We hear from Brett Johnson on the latest on what's new with ransomware. Then DefCon Social Engineering Contest winner Chris Kirsch visits Truth Lies and Coverups. He details what it takes to beat the best of the best—tricking fortune 500 companies to reveal info to let him into their networks. We also talk about breaking into and manipulating voting machines. Make sure you listen to this one so you know what's REALLY going on out there and how to protect yourself from it.
Facebook suffers a massive (and very public) failure, Britain announces plans for counter-attacking nation states in cyberspace, and there's a tragic story related to ransomware. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Chris Kirsch. And don't miss our featured interview with Attivo Network's Carolyn Crandall. Visit https://www.smashingsecurity.com/246 to check out this episode's show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guests: Carolyn Crandall and Chris Kirsch.
Gifted pick-pocketers can use social engineering skills to choose their victims. Many times as we travel, we may not realize that our body language makes us an easy target. Today's guest is Chris Kirsch. Chris is the CRO and co-founder of Rumble. With a background in product marketing and technical mindset, he has helped formulate go-to marketing strategies at PGP, Rapid7, and Veracode. In 2017, he earned the black badge for winning the social engineering capture the flag competition at DEFCON. He has a passion for InfoSec, OSINT, and is a volunteer advisor for the National Child Protection Task Force. Show Notes: [1:05] - Welcome Chris! Chris shares his background. [2:20] - Chris co-founded Rumble, an asset discovery company to help clients secure their network. [3:48] - Pick-pocketers are masters of misdirection. [6:34] - Chris explains why he got into the social engineering side of DEFCON. [8:18] - When in Paris, Chris's father was pick-pocketed which prompted him to start researching. [11:18] - After meeting a magician at a convention, Chris then became interested in open-source intelligence (OSINT). [11:51] - Chris defines the difference between the two schools of thought on pick-pocketing. [13:29] - Some pick-pocketers can steal without interacting with people while others utilize social interactions. [15:31] - Chris shares in more detail the story of his father being pick-pocketed. [17:38] - This experience showed Chris and his family a way that teams of people can work together to fool a target. [20:03] - There are some unusual laws that limit consequences for theft. [21:50] - Chris shares tips on where to place your wallet when traveling and demonstrates a scenario. [25:18] - Escalators are areas where pick-pocketing teams can be very successful. [28:17] - Placing your hand in your pocket to intentionally keep your belongings safe might actually make you a target. [30:31] - When something else is on your mind, you are an easy target. It is hard to always be aware. [33:19] - Chris uses an example of a phishing scam that demonstrates social engineers move you from rational thinking to emotional. [36:20] - Many people take these scams personally when in reality, scammers have no idea who you are. [38:27] - Chris references a documentary from the point of view of a social engineering target. [40:51] - Darren Brown on YouTube and Netflix has several videos and shows that demonstrate the psychology of many scams and manipulation. [43:59] - The sample you are seeing is what the person wants you to see. [45:12] - Chris gives actionable steps to take when feeling suspicious. [47:09] - Chris describes a time when he was able to use social engineering strategies that would have been shot down if the target had done something simple. [49:21] - For the “long con” scammers, Chris has advice about trust. [51:42] - Search for Kirsch Identity Fraud and you find free resources on identity theft. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Chris Kirsch on LinkedIn Chris Kirsch on Twitter Rumble Network Discovery Web Page Rumble Discovery on Twitter
Have you ever taken time to view the world through the eyes of an attacker? Doing so is an interesting and useful exercise. Understanding the mind of an attacker is fundamental to securing your organization or aspects of your personal life. After all, if you aren't doing the job of viewing things from an attacker's perspective, that means that only the attackers are. The idea is to understand the mindset, motivations, and capabilities of a possible threat actor so that you aren't simply oblivious to your vulnerabilities. This episode is a deep dive into attacker mindsets, we'll hear from four experts who really know what it is to view the world through the eyes of an attacker. Featuring Chris Kirsch (DEF CON Social Engineering CTF Black Badge winner and co-founder of Rumble, Inc.), David Kennedy (Founder of Binary Defense and TrustedSec), Maxie Reynolds (Author of The Art of Attack: Attacker Mindset for Security Professionals, and Technical Team Leader, Social-Engineer, LLC), and Ted Harrington (Author of Hackable: How to Do Application Security Right, and Executive Partner at Independent Security Evaluators). Guests: Maxie Reynolds (https://www.linkedin.com/in/maxiereynolds/) David Kennedy (https://www.linkedin.com/in/davidkennedy4/) Chris Kirsch (https://www.linkedin.com/in/ckirsch/) Ted Harrington (https://www.linkedin.com/in/securityted/) Books and References: Bruce Schneier blog about the Security Mindset: https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html Origin of "Devil's Advocate": https://allthatsinteresting.com/devils-advocate-origin Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/ 12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/ The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds Hackable: How to Do Application Security Right by Ted Harrington The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick Threat Modeling: Designing for Security by Adam Shostack Threat Modeling: A Practical Guide for Development Teams by Izar Tarandach and Matthew J. Coles Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter Music and Sound Effects by Blue Dot Sessions & Storyblocks. Artwork by Chris Machowski.
Chris Kirsch co-founder and chief revenue officer at Rumble joins us in our June monthly show to talk about how Rumble is solving the problem of asset discovery. You also get to see a demo of Rumble in action and learn about the many talents that Chris has like pickpocketing! ** Links mentioned on the […] The post Asset Discovery with Chris Kirsch Co-Founder at Rumble appeared first on The Shared Security Show.
Co-Founder and Chief Revenue Officer Chris Kirsch joins co-host Andy Bonillo on Episode #185 of Task Force 7 Radio to share his perspective on why companies have historically struggled solving the asset inventory problem and the unique approach Rumble is taking to solve it. Chris also shared his journey with HD Moore that led them to start Rumble. We finished up the show with Chris sharing his advice for new entrepreneurs and early career cyber security practitioners. All this and much, much more on Episode #185 of Task Force 7 Radio.
For this episode, we speak with three social engineers who are also hobbyists in the art of magic. Magic is often about deception, distraction and sleight of hand techniques. We'll talk with Lee, Richard and Chris about how they got started learning these techniques, as well as some of the psychology needed to make people believe the tricks and find the overlaps with social engineering.