Podcast appearances and mentions of ed skoudis

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest. Ed Skoudis joins us to announce this year's Holiday Hack Challenge! Segment Resources: https://sans.org/holidayhack Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-851

We kicked things off by talking about the Holiday Hack Challenge, which is like this massive cyber playground that Sans puts out every year for everyone from fifth graders to government spooks. Ed Skoudis broke down how they're changing things this time, with an early release and a phased approach that'll give you more time to play and learn. But the real mind-bender was when Ed spilled the beans on how they build this whole thing using one giant Google sheet - I mean, we're talking hundreds of tabs, color-coded cells, and JSON to create entire virtual worlds. Then we covered the rest of the security news including hacking Mazda's infotainment system and more! Segment Resources: https://sans.org/holidayhack Show Notes: https://securityweekly.com/psw-851

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest. Ed Skoudis joins us to announce this year's Holiday Hack Challenge! Segment Resources: https://sans.org/holidayhack Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-851

We kicked things off by talking about the Holiday Hack Challenge, which is like this massive cyber playground that Sans puts out every year for everyone from fifth graders to government spooks. Ed Skoudis broke down how they're changing things this time, with an early release and a phased approach that'll give you more time to play and learn. But the real mind-bender was when Ed spilled the beans on how they build this whole thing using one giant Google sheet - I mean, we're talking hundreds of tabs, color-coded cells, and JSON to create entire virtual worlds. Then we covered the rest of the security news including hacking Mazda's infotainment system and more! Segment Resources: https://sans.org/holidayhack Show Notes: https://securityweekly.com/psw-851

In episode 108 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Ed Skoudis, CEO of Counter Hack Challenges and President of SANS Technology Institute. Together, they discuss the evolution of gaming and competition in cybersecurity and how these activities help to make the industry stronger.Here are some highlights from our episode:02:04. What goes into creating a game environment that attracts all kinds of skill levels04:43. A multi-disciplinary approach to creating a game environment16:14. How gaming and competition help to spot people with talent and potential23:32. The challenges of keeping pace with new technology32:03. The biggest challenges of putting a game environment together36:47. How to keep track of characters, situations, and story elements of a gameResourcesSANS Cyber RangesSANS Holiday Hack ChallengeEpisode 59: Probing the Modern Role of the PentestEpisode 95: AI Augmentation and Its Impact on Cyber DefenseLockBit 3.0 RaaS Gang Incorporates BlackMatter CapabilitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: https://www.montreat.edu/cybersecurity-code/ Purchase Ed's book here: https://a.co/d/gb3yRxU Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We'll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we'll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it's like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We'll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let's be real, how many of us actually do it? Stealthy Linux Malware: We'll also uncover Perfctl, the stealthy malware that's been creeping around Linux systems since 2021. It's like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It's like a horror movie that just won't end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn't have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-846

"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: https://www.montreat.edu/cybersecurity-code/ Purchase Ed's book here: https://a.co/d/gb3yRxU Show Notes: https://securityweekly.com/psw-846

"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: https://www.montreat.edu/cybersecurity-code/ Purchase Ed's book here: https://a.co/d/gb3yRxU Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We'll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we'll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it's like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We'll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let's be real, how many of us actually do it? Stealthy Linux Malware: We'll also uncover Perfctl, the stealthy malware that's been creeping around Linux systems since 2021. It's like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It's like a horror movie that just won't end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn't have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-846

"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: https://www.montreat.edu/cybersecurity-code/ Purchase Ed's book here: https://a.co/d/gb3yRxU Show Notes: https://securityweekly.com/psw-846

In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Show Notes: https://securityweekly.com/esw-374

In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Show Notes: https://securityweekly.com/esw-374

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374

The top priority on the CIS Critical Security Controls list has never changed: inventory and control of enterprise assets. Yet it remains one of the most challenging controls to implement, much less master. The refrain, "you can't secure what you don't know about" is as old as information security itself. Complicating this task is the fact that improving asset management isn't an aspiration unique to the security team. IT, finance, facilities, and other groups within large enterprises are concerned with this as well. This often leads to challenges: should all these groups attempt to standardize on one common asset database or CMDB? Or should security go their own way, and purchase their own asset management tool? Answering these questions would be a lot easier if we had someone with an IT asset management (ITAM) perspective, and fortunately, we do! Jeremy Boerger of Boerger Consulting joins us to help us understand the IT perspective, so we can understand if there are opportunities for security and IT to help each other out, or at least find some common ground! Boerger Consulting Resources: Email newsletter LinkedIn newsletter Book page Amazon book page I often say that it isn't the concepts or ideas in cybersecurity that are bad, but the implementations of them. Sometimes the market timing is just wrong and the industry isn't ready for a particular technology (e.g. enterprise browsers). Other times, the technology just isn't ready yet (e.g. SIEMs needed better database technology and faster storage). Since the ideas are solid, we see these concepts return after a few years. Application allowlisting is one of these product categories. Threatlocker has been around since 2017 and is now a late stage startup that has achieved market fit. We chat with the company's CEO and founder, Danny Jenkins to find out how they learned from the mistakes made before them, and differentiate from the technology some of us remember from the late 2000s and early 2010s. Segment Resources: ThreatLocker Solutions This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In this interview, Maor Bin, CEO and Co-Founder of Adaptive Shield, discusses the evolving landscape of SaaS Security. He highlights the challenges posed by the security gap resulting from the rapid adoption of SaaS applications and why SaaS security is beyond just misconfiguration management. Segment Resources: https://www.adaptive-shield.com/landing-page/the-annual-saas-security-survey-report-2025-ciso-plans-and-priorities/ This segment is sponsored by Adaptive Shield. Visit https://securityweekly.com/adaptiveshieldbh to download the Annual SaaS Security Survey Report! Cybersecurity professionals are often confronted with ethical dilemmas that need to be carefully navigated. In 25 years of teaching incident handling and penetration testing, Ed has often been asked by his students for help in ethical decision-making. Ed will share some of their questions and his recommended approaches for addressing them. Ed also has a new book out, The Code of Honor, about cybersecurity ethics. All proceeds go to scholarships for college students. Segment Resources: 1) Ed's book, published June 18, 2024: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862/ref=sr11?crid=1DSHPCXDIQ1VT&dib=eyJ2IjoiMSJ9.rmZX2-3mj1nI74iKkjbKkQSNKCuRjjn-QQ8qrzVy21tMRAXuKu5Qr5rPgtszkVd7zJMV7oVTuImUZIxMQfecnaRlNRfAVI5G7azyWi8lY.WHOujvlsQXPTJaHuEafwRC2WVKZe474eVXHn46kLiEY&dib_tag=se&keywords=skoudis&qid=1722767581&sprefix=skoudis%2Caps%2C90&sr=8-1 2) Holiday Hack Challenge - sans.org/holidayhack Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-374

On this episode, Perry gets to sit down with Ed Skoudis to discuss the simplicity and complexities of cybersecurity ethics. Ed's new book is The Code of Honor: Embracing Ethics in Cybersecurity. Guest: Ed Skoudis (LinkedIn) (Twitter) (Website) Books and References: The Code of Honor: Embracing Ethics in Cybersecurity, by Paul J. Maurer and Ed Skoudis The Mysterious Case of Rudolf Diesel: Genius, Power, and Deception on the Eve of World War I, by Douglas Brunt The Cybersecurity Code (downloadable): https://www.montreat.edu/cybersecurity-code/ The Code of Honor book page YouTube Video: Inside SANS Holiday Hack Challenge 2023 | Host: Ed Skoudis | August 29, 2023 Perry's Books (Amazon Associate Links) NEW BOOK (Oct 1, 2024): FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions Book website: https://thisbookisfaik.com Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com

Guests: Ed Skoudis, President at SANS Technology Institute [@SANS_EDU]On LinkedIn | https://www.linkedin.com/in/edskoudis/At RSAC | https://www.rsaconference.com/experts/ed-skoudisHeather Mahalik Barnhart, Faculty Fellow & DFIR Curriculum Lead at SANS, Sr Dir of Community Engagement at Cellebrite [@Cellebrite]On LinkedIn | https://www.linkedin.com/in/heather-mahalik-cellebrite/On Twitter | https://twitter.com/HeatherMahalikAt RSAC | https://www.rsaconference.com/experts/heather-mahalikJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrichAt RSAC | https://www.rsaconference.com/experts/johannes-ullrich____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this new episode of the On Location Podcast with Sean and Marco, listeners were treated to an in-depth preview of the RSA Conference SANS Keynote, featuring engaging dialogues with industry luminaries Ed Skoudis, Heather Mahalik Barnhart, and Johannes Ullrich. Each brought to the fore their unique perspectives and expertise, providing a fascinating glimpse into the current state and future direction of cybersecurity.Ed Skoudis, President of the SANS Technology Institute College, stands at the forefront of cybersecurity education, guiding the future of the field through his leadership and vision. As moderator of the RSA Conference keynote panel, Skoudis emphasized the panel's history and its focus on burgeoning cybersecurity threats and innovations. His dual role as a SANS fellow and the founder of CounterHack challenges underscores a commitment to practical, real-world applications of cybersecurity knowledge.Heather Mahalik Barnhart brings a wealth of experience as the Curriculum Lead at SANS and a Senior Director of Community Engagement at Celebrite. Her expertise in mobile threats and digital intelligence is pivotal in an era where mobile devices are ubiquitous. Barnhart's focus on the escalation of mobile security threats underscores the critical need for continuous vigilance and advanced protective measures in cybersecurity practices.Johannes Ullrich, Dean of Research for the SANS Technology Institute College, brings his profound insights into web application security to the discussion. His leadership at the Internet Storm Center provides him with a unique vantage point on the latest cyber threats and defensive strategies. Ullrich's work exemplifies the essential nature of forward-looking research in developing effective cybersecurity defenses.The conversation highlights not just individual achievements but also the collective effort of the panel to address current cyber threats while preparing for future challenges. The keynote panelists discussed their approach to selecting topics that not only resonate with current issues but also anticipate future threats. This proactive approach is a testament to their deep understanding of the cybersecurity landscape and their commitment to equipping professionals with the knowledge to stay one step ahead.Terrence Williams, a new addition to the panel and a notable figure in cloud security from Amazon, and Steve Sims, an authority on offensive security curriculum at SANS, were also mentioned as key contributors to the upcoming keynote session. Their inclusion promises to bring fresh insights and a broader perspective to the discussions, enriching the discourse on cybersecurity's most pressing and complex issues.Key Questions AddressedHow does SANS choose the five topics for the RSA Conference SANS Keynote?What are the key cybersecurity trends and threats for the future?How can individuals and organizations mitigate these identified threats?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:

Guests: Ed Skoudis, President at SANS Technology Institute [@SANS_EDU]On LinkedIn | https://www.linkedin.com/in/edskoudis/At RSAC | https://www.rsaconference.com/experts/ed-skoudisHeather Mahalik Barnhart, Faculty Fellow & DFIR Curriculum Lead at SANS, Sr Dir of Community Engagement at Cellebrite [@Cellebrite]On LinkedIn | https://www.linkedin.com/in/heather-mahalik-cellebrite/On Twitter | https://twitter.com/HeatherMahalikAt RSAC | https://www.rsaconference.com/experts/heather-mahalikJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrichAt RSAC | https://www.rsaconference.com/experts/johannes-ullrich____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this new episode of the On Location Podcast with Sean and Marco, listeners were treated to an in-depth preview of the RSA Conference SANS Keynote, featuring engaging dialogues with industry luminaries Ed Skoudis, Heather Mahalik Barnhart, and Johannes Ullrich. Each brought to the fore their unique perspectives and expertise, providing a fascinating glimpse into the current state and future direction of cybersecurity.Ed Skoudis, President of the SANS Technology Institute College, stands at the forefront of cybersecurity education, guiding the future of the field through his leadership and vision. As moderator of the RSA Conference keynote panel, Skoudis emphasized the panel's history and its focus on burgeoning cybersecurity threats and innovations. His dual role as a SANS fellow and the founder of CounterHack challenges underscores a commitment to practical, real-world applications of cybersecurity knowledge.Heather Mahalik Barnhart brings a wealth of experience as the Curriculum Lead at SANS and a Senior Director of Community Engagement at Celebrite. Her expertise in mobile threats and digital intelligence is pivotal in an era where mobile devices are ubiquitous. Barnhart's focus on the escalation of mobile security threats underscores the critical need for continuous vigilance and advanced protective measures in cybersecurity practices.Johannes Ullrich, Dean of Research for the SANS Technology Institute College, brings his profound insights into web application security to the discussion. His leadership at the Internet Storm Center provides him with a unique vantage point on the latest cyber threats and defensive strategies. Ullrich's work exemplifies the essential nature of forward-looking research in developing effective cybersecurity defenses.The conversation highlights not just individual achievements but also the collective effort of the panel to address current cyber threats while preparing for future challenges. The keynote panelists discussed their approach to selecting topics that not only resonate with current issues but also anticipate future threats. This proactive approach is a testament to their deep understanding of the cybersecurity landscape and their commitment to equipping professionals with the knowledge to stay one step ahead.Terrence Williams, a new addition to the panel and a notable figure in cloud security from Amazon, and Steve Sims, an authority on offensive security curriculum at SANS, were also mentioned as key contributors to the upcoming keynote session. Their inclusion promises to bring fresh insights and a broader perspective to the discussions, enriching the discourse on cybersecurity's most pressing and complex issues.Key Questions AddressedHow does SANS choose the five topics for the RSA Conference SANS Keynote?What are the key cybersecurity trends and threats for the future?How can individuals and organizations mitigate these identified threats?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:

Holiday Challenges Series - Ep 3 - SANS Holiday Hack Challenge with KringleCon Since some of the information you are about to hear is time specific, I want to let you know that I am recording this near the end of November in 2023. If you missed the first episode, which introduces this series, you can go back and listen to HPR3996 The SANS Holiday Hack Challenge is an interactive online technology and hacking game combined with a virtual security conference, beginning in the second week of December. By the time this episode drops, it may already be live. You can tour the North Pole conference facilities, meeting people, interactive non-player characters (NPC), and maybe even some villains from Holiday Hack Challenges past, as you solve problems and gather clues which you use to help save Christmas. Everything can be done from within the browser, and did I mention there is a virtual security conference, called KringleCon? Some of the biggest rock stars (and most humble and brilliant people) in CyberSecurity speak each year at KringleCon. Many of their talks also provide clues to solving game challenges. Ed Skoudis and his team (The same people who build SANS NetWars) work tirelessly year after year to create the most amazing experience, complete with custom music! This has become one of my favorite holiday traditions each year. You can learn more about the 2023 challenge by watching Ed's Inside SANS Holiday Hack Challenge 2023 YouTube video at https://www.youtube.com/watch?v=X9Gmdr_CxzQ You can access this year's challenge by visiting sans.org/holidayhack or https://www.sans.org/mlp/holiday-hack-challenge-2023/ There, you will learn more about all things Holiday Hack before the game opens in the second week of December. If you want to play now, or just get a feel for it, you can access three of the previous years' challenges right now at the same site. I am not associated with SANS or the Holiday Hack Challenge in any way, other than to have participated for several years now, and I have watched other people learn and grow by taking part in it. I hope that you have enjoyed this short series. If there are other online challenges you find interesting or informative, I encourage you to record a show about them. Have a wonderful day.

Ed Skoudis, SANS.edu President and creator of many a cyber range, will take the reins as host to welcome a bevy of cyber range aficionados, for an episode packed with tips, tricks, and behind-the-scenes looks at all thing's SANS cyber ranges. Hear from range designers about what makes for a good challenge and how SANS ranges are fundamentally different from others. Then, get a look from our event operations team at how cyber ranges come together, and find out about special events like the SANS Tournament of Champions and Services Cup. Finally, hear direct from the players and learn how you can get started using cyber ranges to level-up your cyber skills.Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

Ed Skoudis, President of SANS.edu, joins us as host for another episode of Wait Just an Infosec, this time focusing on the infamous SANS Holiday Hack Challenge – SANS's annual gift to the cybersecurity community. Ed is joined by special guests to share about the history of this free festive cyber challenge, showcase how this year's challenge is coming together, and offer insight from past winners that could put you ahead of the competition to succeed in the 2023 Holiday Hack Challenge.Wait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

In episode 59 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Ed Skoudis, founder of the SANS Penetration Testing Curriculum and Counter Hack. Together, they discuss the value of penetration testing – all while CIS as an organization is undergoing a pentest! They begin by considering the historical perspective of pentests. (In Tony's words, "the foundational perspective for testing back then was to create drama.") They then reflect on how penetration tests excel when they prioritize education using a process of feedback. During the course of the conversation, Sean and Ed draw upon their years of collaboration to explain what this process can look like. They conclude by providing advice on how less mature organizations can get value from a penetration test.ResourcesFollow Ed on LinkedInCounter HackCIS Critical Security Control 18: Penetration TestingPenetration TestingEpisode 35: Remembering the Late Alan PallerIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Join Audra Streetman, Mick Baccio, and Ryan Kovar for another edition of Coffee Talk with SURGe featuring an interview with Dave Herrald and Ed Skoudis about what to expect in this year's SANS Holiday Hack Challenge.   You can watch the full interview with Ed and Dave here. 

This episode of Wait Just an Infosec focuses on going behind the firewall and inside higher education for cybersecurity, examining the trends that are shaping how we learn and grow in this fast-paced field.Who better to lead this exploration than Ed Skoudis, President of SANS Technology Institute (SANS.edu), where cybersecurity is all we teach — and nobody does it better.Ed is joined by several special guests who will offer their unique perspectives on a variety of trends impacting cybersecurity higher education as well as the value of getting cybersecurity degrees and certificates in this modern landscape.Our guests are:· Betsy Marchant, Vice Provost at SANS.edu· Michael J. Kiphart, Ph. D.· Melissa Bischoping, a student in the SANS.edu's master's degree program in Information Security EngineeringWait Just an Infosec is produced by the SANS Institute. You can watch the full, weekly Wait Just an Infosec live stream on the SANS Institute YouTube, LinkedIn, Twitter, and Facebook channels on Tuesdays at 10:00am ET (2:00pm UTC). Feature segments from each episode are published in a podcast format on Wednesdays at noon eastern. If you enjoy the Wait Just an Infosec live, weekly show covering the latest cybersecurity trends and news and featuring world-renowned information security experts, be sure and become a member of our community. When you join the SANS Community, you will have access to cutting edge cyber security news, training, and free tools you can't find anywhere else. Learn more about Wait Just an Infosec at sans.org/wjai and become a member of our community at sans.org/join. Connect with SANS on social media and watch the weekly live show: YouTube | LinkedIn | Facebook | Twitter

While we most likely do not believe that penetration testing is dead it continues to evolve over time. What do penetration tests look like today? Have they become more or less specialized? What is the continuing value of penetration testing? With development and IT moving so fast, how have penetration tests adapted? This discussion will dive into the details of penetration testing today and provide you with a guide to make the most of this activity.   Without question, we need more people working in cybersecurity today. Our culture has come a long way to be more open and inviting to new folks, but we still have a lot of work to do. What can you do if you want to break into the field of cybersecurity today? While there is no shortage of resources our experienced hosts will offer their thoughts, opinions, and advice on how you can become the next cybersecurity pro!   How well do you know your hacker history and trivia? See how you compare to our hosts as we tackle hacker trivia live on the air! Categories will include hacker movies, hacker history, and hacker tools.   This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw767

While we most likely do not believe that penetration testing is dead it continues to evolve over time. What do penetration tests look like today? Have they become more or less specialized? What is the continuing value of penetration testing? With development and IT moving so fast, how have penetration tests adapted? This discussion will dive into the details of penetration testing today and provide you with a guide to make the most of this activity.   Without question, we need more people working in cybersecurity today. Our culture has come a long way to be more open and inviting to new folks, but we still have a lot of work to do. What can you do if you want to break into the field of cybersecurity today? While there is no shortage of resources our experienced hosts will offer their thoughts, opinions, and advice on how you can become the next cybersecurity pro!   How well do you know your hacker history and trivia? See how you compare to our hosts as we tackle hacker trivia live on the air! Categories will include hacker movies, hacker history, and hacker tools.   This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw767

This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw767

This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw767

In this episode we hear some penetration test stories from Ed Skoudis (twitter.com/edskoudis). We also catch up with Beau Woods (twitter.com/beauwoods) from I am The Cavalry (iamthecavalry.org). Sponsors Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com/darknet. Support for this podcast comes from Cybereason. Cybereason reverses the attacker's advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. View all active sponsors. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Audio cleanup by Proximity Sound. Theme music created by Breakmaster Cylinder. 

This month Chris Hadnagy and Ryan MacDougall are joined by John Strand from Black Hills Information Security. John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much-loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.  He enjoys mountain biking, getting hurt mountain biking, sucking at surfing, and heavy music. January 17th 2022  00:00 – Intro  Social-Engineer.com - http://www.social-engineer.com/  Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/  Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/  Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/  Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb  CLUTCH - http://www.pro-rock.com/  innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/  Human Behavior Conference – https://humanbehaviorcon.com/    02:40 – John Strand Info  03:31 - ILF  04:51 - Ryan intro  06:30 – Chat about Chris getting his company started  08:21 - How did you get started with your own company?  12:17 - Cows  14:56 – The idea of travel and never seeing your family  15:57 - What was the point where you started to feel “this company is going to work”  18:35 – Creating company loyalty  22:06 - “Pay What You Can” training  30:22 – More on how the pandemic changed workflow  34:03 – More on pay-what-you-can training – management of 5,000 people  41:41 – How can someone take action right now?  44:59 – Favorite Books  Dune  All the Birds In The Sky – Charlie Jane Anders - https://amzn.to/3I9lu75  We - Yevgeny Zamyatin - https://amzn.to/3Ihoy1b  The Master and Margarita – Mikhail Bulgakov - https://amzn.to/3Kl6t3R  The Mistborn Series – Brandon Sanderson - https://amzn.to/33qcnQH  The Way of The Kings – Brandon Sanderson - https://amzn.to/3tuF1uJ  47:55 – Who is your biggest mentor  Ed Skoudis  51:34 – Guest Wrap-Up  52:30 - Outro     

Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole.   Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

This week, we kick off the show with an interview featuring Ed Skoudis, SANS Fellow and Counter Hack Founder, where we talk about the holiday hack challenge! Then, Sinan Eren, VP of Zero Trust Access & ZTNA Engineering at Barracuda Networks, joins for an segment walking through What to Expect in 2022 for security!! In the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability!   Show Notes: https://securityweekly.com/psw721 Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu Barracuda research on Ransomware trends and remote code execution vulns: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/ https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/ Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole.   Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

This week, we kick off the show with an interview featuring Ed Skoudis, SANS Fellow and Counter Hack Founder, where we talk about the holiday hack challenge! Then, Sinan Eren, VP of Zero Trust Access & ZTNA Engineering at Barracuda Networks, joins for an segment walking through What to Expect in 2022 for security!! In the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability!   Show Notes: https://securityweekly.com/psw721 Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu Barracuda research on Ransomware trends and remote code execution vulns: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/ https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/ Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Chances are, you know Ed. Ed Skoudis is founder of the SANS Institute's Penetration Testing Curriculum and creator of SANS NetWars, CyberCity, and the Holiday Hack Challenge. Learn more about the upcoming SANS Holiday Hack Challenge at https://www.sans.org/mlp/holiday-hack-challenge/. Disclaimer: The views expressed by the hosts and guests are their own and their participation on the podcast does not imply an endorsement of them or any entity they represent.

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis.  Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges.  He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors to government, military, and commercial enterprises by providing in-depth security architecture, penetration testing, red teaming, incident response, and digital forensics expertise. Ed frequently presents industry keynotes based on the latest attack vectors he identifies during his team's penetration testing projects, expert witness work on large-scale breaches, security research into late-breaking malware and exploits, and incident response engagements. Over his career, Ed has taught over 20,000 students in computer incident response and penetration testing.  Ed and his team are also the creators of the SANS Holiday Hack Challenge, a free gift to the community every December challenging tens of thousands of people to build their cyber security skills in a fun, quirky adventure to save the holiday season. September 20, 2021  00:00 – Intro  www.social-engineer.com   Managed Voice Phishing     Managed Email Phishing     Adversarial Simulations     Social-Engineer channel on SLACK     CLUTCH     www.innocentlivesfoundation.org  03:26 – Ed Skoudis Intro  05:26 – How did you get started, how did you get into this field?  09:18 – What do you looking for when building your team?  10:47 – How long will you observe a person to determine if they have the integrity or skill that you want?  12:44 – What advice would you give for companies to find people with the skill and integrity they need more quickly than observing them for 2-4 years?  22:00 – “Nothing new” in social engineering vs infosec, which is constantly changing  23:45 – Why do you feel experience like participating in CTF's are so valuable for people in this community? 28:57 – What is your advice for people on how to find quality CTF's?  www.holidayhackchallenge.com  www.ctftime.org  www.wechall.net  https://opentoallctf.github.io/  32:04 – How long does it take your team to construct these challenges?  35:54 – If someone wants to sponsor this event, where can they go?  www.holidayhackchallenge.com  36:42 – Who are the colleagues or mentors that have been most influential to you, people you wouldn't be where you are today if not for them?  Ed's Nana – Evelyn Hiddings  Manager at Bellcore - Miriam Hernandez Cagle  SANS instructor, founder of In Guardians - Mike Poor  Security Expert - Johnny Long  SANS founder – Alan Paller  40:30 – What are some action steps corporations should start doing right now based on the advice you gave today to build a great team?  Have a good corporate culture and leadership  Be thoughtful and meaningful, make it fun, and challenge them  Take input from your team and empower them  43:09 – Do you have any advice for employees dealing with burnout, how to practice self-care, or other coping mechanisms?  Monthly meeting with state of the business, business reflections  Rituals – Get a bagel and call mom on Saturdays, morning walk, calling friends out of the blue  Gratefulness – when stressed, pause and think about what you're grateful for  Get off social media for a few days  50:27 – Book Recommendation  The Code Book by Simon Singh 51:53 – Outro  www.innocentlivesfoundation.org  www.social-engineer.com    

Ethical hacking may seem like an oxymoron, but having someone that you trust do a penetration test on your network may shock you. Our guest today has been helping people for 20 years to know when they’re vulnerable, and he shares his stories and insights to help you keep your information secure. Today’s guest is Brian Self. Brian is a certified Information Systems Security professional, ethical hacker, and professional speaker. He has the unique ability to take a complicated topic like network security and make it easy for a wide audience to understand. He has been in Information Security for over 15 years and in IT for over 20. He is a professional penetration tester doing offensive security, a compliance subject matter expert, an IT security architect, a security engineer, and a consultant in a variety of security domains. Show Notes: [1:10] - Brian shares his background and how he got into the field of IT and security including the story that inspired him to get into ethical hacking. [3:34] -In 15 minutes, a penetration tester taught Brian more about the system he was using than he ever knew was there. He was hooked from then on. [4:37] - Brian defines some common hacking terminology in easy-to-understand verbiage. [6:12] - In Brian’s experience, many people tell him that they don’t have anything of value that a hacker would want. He clarifies that everyone has something that can make them a target, including things you just don’t think of as a vulnerability. [7:01] - In addition to white hat, gray hat, and black hat hackers, Brian explains the different teams of hackers called blue teams and red teams. [8:43] - For penetration tests that Brian does, he doesn’t necessarily avoid getting caught. [9:29] - Chris shares his experience with a penetration testing company and the surprise of what they found. [10:52] - Brian confirms that Chris’s experience is very common. There are a lot of old systems in place that may have been secure when created but haven’t been updated. [12:21] - Brian describes one of his very first pen tests and the ease of finding vulnerability. [13:48] - For pen testers out there who are just starting, here’s a rule of thumb, never tell how you got in until you’re done. Brian explains why. [14:58] - If you are approached by someone who claims to have found vulnerability, like a grey hat hacker, Brian advises to be very careful and to get a legal team involved. [17:02] - Brian is motivated to help people understand security. [18:38] - Responsible disclosure is when a security researcher gives companies ample time to make changes to their vulnerability. Some security researchers disclose the information on social media. [20:33] - Brian suggests starting with the basics first before hiring someone to do penetration testing. Are you patching? If not, patch first. [23:04] - If you’re starting from scratch, you can plan for changes in security. Consider who needs access to certain data. [24:21] - Chris describes the balance that needs to be found between automated systems and human error. [26:01] - Brian started learning social engineering when he had to convince someone to send him to an event to learn more. [27:10] - Brian highly recommends the OWASP foundation to continue learning about penetration testing and overall security. [29:14] - Chris admits that he has been nervous to attend conventions and explains his reasoning. [31:15] - Chris references a previous episode with Ed Skoudis and an experience he had with the Holiday Hack Challenge. [32:17] - Brian suggests taking classes, courses, and learning what you can. He says that if you take a course with Ed Skoudis, you are really learning. [33:09] - In regards to risk, Brian keeps two main points - the likelihood and the impact. [34:15] - Engage with the pen test team. Don’t wait to ask questions. Leverage them while you have their time and attention. [34:55] - Make sure you have some proof from pen testers so you know how you fixed something without having to track down the pen testers later. You need a detailed report with priorities. [36:13] - There are some companies that are now specializing in fixing risks. Brian is cautious of this because of an apparent conflict of interest. [37:34] - It should be negotiated in your contract with a pen test to come back and retest. [38:38] - Brian describes how he became burnt out with pen testing. [40:00] - Many companies only hired pen test companies for compliance reasons. There are other companies who actually care about risk management. Brian explains that the types of testing he did varied due to the company’s reason. [42:04] - What are the things that every security professional always tells people? Two-factor authorization is annoying but it is crucial. [44:01] - Chris and Brian discuss SMS two-factor authorization. Brian explains that for most of us, it is enough. But for some, it isn’t. [45:47] - Brian says that passwords need to be as complex as possible and at least 15 characters long. [46:22] - Comparing two-factor authorization to a home break-in, Brian illustrates that something is better than nothing. [48:16] - Do not use the same password on multiple accounts. You need to have extra security for the accounts that are of value. [49:18] - If you’re not going to take the steps for everything, apply it where you really need to, like bank accounts. [50:08] - Pen tests give companies a lot of assurance, but in a lot of cases it takes away assurance. [51:04] - A lot of times, security becomes a chore for a lot of companies. [52:30] - Brian shares a personal story of hackers contacting one of his clients in an attempt to gain access to her network. [54:07] - One major suggestion that Brian makes to everyone is to block out automatic image loading in emails. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Brian Self Speaks Web Page Brian Self on LinkedIn

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments.   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw677

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments.   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw677

Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

This week, Vicarius' very own Roi Cohen and Gilad Lev join us to kick off the show with a technical segment titled "From Chaos to Topia"! Jeff Capone from SecureCircle joins us for an interview on zero trust data security! Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!   Show Notes: https://securityweekly.com/psw676 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/securecircle to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Vicarius' very own Roi Cohen and Gilad Lev join us to kick off the show with a technical segment titled "From Chaos to Topia"! Jeff Capone from SecureCircle joins us for an interview on zero trust data security! Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!   Show Notes: https://securityweekly.com/psw676 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/securecircle to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Is there such a thing as an ethical hacker? Do all hackers use their skills to attack infrastructures? If you’re interested in ethical hacking and penetration testing, this is the episode for you.  Today’s guest is Ed Skoudis. Ed has taught upwards of 20,000 security professionals globally and his contributions to information security have had an immense impact on the community. His courses distill the essence of real world frontline case studies he accumulates, because he is consistently one of the first authorities brought in to provide post-attack analysis on major breeches. He’s not just an expert in the field, he’s created many of the founding methodologies empowered by governments and organizations around the world to test and secure their infrastructures. Ed is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and serves on the Board of Directors for the SANS Technology Institute. A consummate presenter, Ed is a keynote speaker appearing internationally at conferences, and is an Advisory Board member for RSA. Show Notes: [1:14] - Ed introduces himself as a penetration tester and hacker. He does expert witness work on large scale breeches and incident response. [1:37] - He started this path as hacking for phone companies. He explains how he started and why he was hired. [3:55] - Ed describes what penetration testing (or pen testing) is. It is when he models the techniques used by real world attackers and then apply them in structured fashion to help protect companies from future attacks. [4:53] - Pen tests can be used by an organization for a specific reason or can be done as a “check-up” to make sure everything is okay. [5:40] - Zero Day is researching vulnerabilities that aren’t known yet. It is called Zero Day because it has been known for zero days. [6:18] - Ed never believed the cybersecurity industry would be as huge as it is today and explains some of the more recent issues we’ve been seeing through Covid. [7:52] - Security is now a part of the process and is becoming less of an afterthought. Ed shares this idea long-term, but sees the same vulnerabilities repeatedly. [8:49] - There is no such thing as 100% safe and secure. The goal is to raise the bar to make things more difficult for an attacker. [9:31] - With ransomware, attackers have figured out a really reliable way to get paid for their malware. [10:08] - Ransomware is a real problem and have even attacked hospitals and local governments. [12:37] - There is so much that we do that leaves us vulnerable. [13:29] - One major piece of advice that Ed gives in regards to general consumer security is to keep all of your devices patched and updated. [14:18] - Another area to be aware of is always spear phishing. Don’t click unless you are confident in the link. [15:19] - Ed has a separate computer that is separate and independent that he only uses for financial transactions.  [17:17] - Chris and Ed discuss routers that consumers buy from their ISP. [19:01] - Ed shares how “Live Off the Land” attacks work by using what is already installed on a computer. These are harder to detect. [20:18] - With ransomware, organizations have to think about what is best for the business. Is it better to give the attacker the money or spend the time and money to fix the problem? [22:27] - The dominant trend in technology today is cloud storage. [24:18] - Ed describes how this works and some of the various problems associated with it. [25:39] - The US Army, Tesla, and Uber are a few organizations that have lost data to this common vulnerability. [26:10] - Ed describes the Holiday Hack Challenge and the fun way he has modeled this problem to educate users. [28:03] - Although there are some security risks if not managed properly, Ed shares that cloud data storage is a very cost effective option for small to medium sized businesses. [29:24] - Most organizations use multiple cloud services. Cloud migration is good if a different service is necessary, but the previous cloud service is left alone and vulnerable. [31:01] - The Holiday Hack Challenge is a free educational event that Ed and his team have created to solve cybersecurity challenges. This is a worldwide event. [34:02] - The Holiday Hack Challenge is something that some people participate in with their kids due to the video game aspect. There is also a social aspect to it with the chat feature. [35:29] - Not only is the Holiday Hack Challenge free, but all of the past challenges are free and accessible to play. This can build your skills. [36:30] - Chris asks if Holiday Hack Challenge has ever been compromised. Ed admits that there are three people who have hacked their way in as players, but there were no purposeful attacks. [39:43] - Ed admits that he sees the world through the eyes of an ethical hacker because he likes to explore and see what’s beyond the edges.  [40:48] - Chris and Ed discuss Bug Bounty Programs and can be useful. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest SANS Web Page Counter Hack Web Page Ed Skoudis on Twitter 2020 Holiday Hack Challenge

Welcome to Episode 92 Main Topic Interview with Ed Skoudis!  Who is Ed? What is holiday hack (for those that are new to this) How many participants did you get last year? What sort of new theme can we expect this year? You guys developed an entire web game engine for this.. How'd that go? What kind of infrastructure do you have the event running on this year? Want to be a Kringleconcierge?  Contact: info@counterhack.com  Register for KringleCon: https://holidayhackchallenge.com  Announcements Patreon Update, 20 patrons for $87/month  rootisgod Bruce Robert Matt David S0l3mn Erwin Trooper_Ish LinuXsys666 gimpyb Ryan Mark DeMentor PowerShellOnLinux Jon Marc Julius Andi J Charles 22532 Get your Iron Sysadmin Merch at Teespring! https://teespring.com/stores/ironsysadmin    Reviews Nothing New Chat [nate] https://www.redhat.com/en/blog/introducing-using-openshift-serverless-event-driven-applications Serverless without the lock-in! https://jon.sprig.gs/blog/post/1980  [unclemarc] Cool list of ASCII terminal games: https://ligurio.github.io/awesome-ttygames/ Watched “Bushwick” on Netflix last night. Kinda like “Red Dawn” but different. Stars Drax from the Avengers AppleTrek: http://www.virtualapple.org/appletrekdisk.html “News” (not really) Parler…   https://en.wikipedia.org/wiki/Parler Was originally intended to be pronounced as “Parlay”.   It feels sort of like “old” twitter. Or even ‘old’ facebook No filtering, little moderation Timeline is chronological instead of curated Simple UI, not cluttered with ads No fact checking Pros Doesn’t appear to use a tracking cookie (though i could be wrong) Cons Well… It’s a bit of an echo chamber at the moment Critical Mass We get a little passionate... Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast  OR https://twitch.tv/IronSysadminPodcast   Matrix Community: https://matrix.to/#/+ironsysadmin:trixie.undrground.org  Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin   Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/ 

Though Ed Skoudis knew he was a tinkerer since playing with Legos during childhood, his younger self could never have envisioned the expansive career he now has. In this episode, Ed shares advice gleaned from years of creating challenges, building teams, and writing and teaching SANS courses. He and Jason discuss why CTFs are essential skill-building tools at any career level, how to overcome self-doubt and imposter syndrome, and why you should never let fear stop you from starting.

In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute!   To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode653

In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute!   To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode653

This week, we kick things off with the Blue Team Roundtable, to discuss defensive techniques that actually work, and ones that don't! In the second segment, we'll switch teams and transition to The State of Penetration Testing Roundtable, where we'll discuss the evolution of Penetration Testing, and how to get the most value from the different types of assessments! In our final segment, we welcome back long-time friend of the show Ed Skoudis, to discuss this year's Counterhack Holiday Hack Challenge, a holiday tradition here at Security Weekly, and one of the community's favorite hacking challenges!   Show Notes: https://wiki.securityweekly.com/PSWEpisode631 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick things off with the Blue Team Roundtable, to discuss defensive techniques that actually work, and ones that don't! In the second segment, we'll switch teams and transition to The State of Penetration Testing Roundtable, where we'll discuss the evolution of Penetration Testing, and how to get the most value from the different types of assessments! In our final segment, we welcome back long-time friend of the show Ed Skoudis, to discuss this year's Counterhack Holiday Hack Challenge, a holiday tradition here at Security Weekly, and one of the community's favorite hacking challenges!   Show Notes: https://wiki.securityweekly.com/PSWEpisode631 Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year's Holiday Hack Challenge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Somewhere hidden in the sleepy suburbs of New Jersey, there is a very small town. This all-American village boasts good public transit, its own reservoir, a coffee shop, a church, a bank... you name it. Their international airport rarely has delays.  Where is this idyllic hideaway? That's a military secret.  CyberCity, as it's called, serves as a training ground for a new class of specialized "cyber warriors," capable of defending against cyber attack. Every day, soldiers plot to take over the town, by hacking into its schools, its water systems, its power grid, and its Internet, as colleagues and instructors watch on screens in the other room. It's run by the SANS Institute's Ed Skoudis, whom the military hired to design a new generation of training equipment –  and, as Skoudis said, your average digital simulator wasn't going to cut it: "If you tell them, 'Hey, one of your folks was able to hack into a power grid and turn the lights back on,' certain people in the military leadership would look at that and say, 'You just showed me that my people can play a video game.' Whereas we can say it was a real power grid. Admittedly controlling a city whose surface area was 48 square feet – but still." While we can't disclose CyberCity's precise location, we can say this: Skoudis' souped-up model train set sits very near the center of innovation in military training, national security and technology-fueled warfare. We sent radio producer Eric Molinsky (of the podcast "Imaginary Worlds") to check it out in person. We were oohing and aahing right along with him (listen above). Because what Skoudis told him was simultaneously terrifying... "Those people in CyberCity are not physical little people. What they are is, they're data.... Most of the residents have birth records in the hospital, some of them are getting various medical treatments, they have prescription medications – all that stuff is in the hospital. We have social networking inside of Cyber City. We have something very like Facebook, we have something very much like Twitter. We have a newspaper in Cyber City. We call it the Cyber City Sentinel. So for example we'll have a reporter who writes Cyber City Sentinel articles. That reporter also has a bank account. That reporter also has birth records. She has a family. So there's really – I guess the way to describe it is there's a fabric to the citizenry of Cyber City." ...and kind of charming. Listen to the full story on this week's episode of New Tech City, in the audio player above, on iTunes, Stitcher, TuneIn, I Heart Radio, or anywhere else using our RSS feed. CyberCity by day. Everything has a specific purpose for cyber war scenarios. One mission involves thwarting a train hijacking. (Eric Molinsky) Skoudis is proud of the details within CyberCity like this house with a flowerpot. Those details reminds him that people's livelihoods are at stake in cyber warfare. (Eric Molinsky) It feels like a hazy bright morning by the power plant in CyberCity. (Eric Molinsky) There are some notes of whimsy on the model, like the DeLorean from Back to the Future. (Eric Molinsky) Some cyber war games involve challenging but realistic rules of engagement, like avoiding the school. (Eric Molinsky)   The military requested a mission where a fire breaks out in the chemical plant. They couldn't use real fire, so they use lights and orange and yellow streamers until the "fire" is put out. (Eric Molinsky) The eerie calm of night settles over a city steeling for the next attack. (Eric Molinsky) The power plant may be a plastic simulation, but the computer system that runs it underneath the model is as realistic as possible.. (Eric Molinsky) Technicians monitor CyberCity through web cams. They can also use those laptops to make mayhem happen. (Eric Molinsky) Ed Skoudis describes his Steampunk office as “a mad scientists' lab from the 1880s.” There's a model train that runs along the ceiling. He also has Edison bulbs, an Enigma machine, vintage radios. (Eric Molinsky)   This week, Manoush is up for a challenge: Come up with a topic you know you should care about, but it just sounds so boring. We'll figure out a way to make it interesting, and we'll convince you to care once and for all (well, first we'll figure out if you need to care. That first.)  Email us (newtechcity@wnyc.org), tweet at us (@NewTechCity), or leave a comment on our New Tech City Facebook page.