Podcasts about grrcon

  Cybersecurity Response Plan w/ Frank Grimmelmann of ACTRA   - AZ TRT S06 EP03 (264) 2-9-2025                 What We Learned This Week ACTRA Arizona Cyber Threat Response Alliance Cyber threats affect everyone from Gov't to business to private and growing Companies need to be responsive with speed to be effective + share information of attacks ACTRA has members from both government and private sector ACTRA helped create a state cybersecurity response model that other states can use     Guest: Frank Grimmelmann https://www.actraaz.org/actra/leadership President & CEO/Intelligence Liaison Officer   Mr. Grimmelmann also serves as Co-Chair (together with Arizona's Chief Information Security Officer) for the Arizona Cybersecurity Team (‘ACT'), created through the Governor's Executive Order signed in March 2018. He also serves as a Founding Member of the National Leadership Group for the Information Sharing & Analysis Organization Standards Organization (‘ISAO SO') at the University of Texas San Antonio (UTSA), created under the President's Executive Order 13691 in February 2015. As ACTRA's leader, Mr. Grimmelmann was invited as the first private sector representative in the Arizona Counter Terrorism Information Center (ACTIC) and served as its first private sector Executive Board representative from 2014-2019. He presently acts as ACTRA's designated private sector liaison to ACTRA's Key Agency and other non-Member Stakeholders.    Mr. Grimmelmann served four terms as AZ InfraGard's President from 2009-2012, serves today on numerous academic advisory boards, co-Chairs the Greater Phoenix Chamber's Cybersecurity Workforce Collaborative initiative, and is an engaged Member of the Arizona Technology Council's Cybersecurity Advisory Board.  In 2019, Mr. Grimmelmann was honored by the FBI, and the Board of Directors of both ACTRA and Arizona InfraGard as the first recipient of Arizona InfraGard's ‘Visionary Award' for creating the ACTRA framework  over his last 2 terms as Arizona InfraGard's President, and ACTRA's resulting collaboration between law enforcement/ intelligence agencies/USCYBERCOM, and its public, private and academic organizations over the past 7 years.   He was simultaneously recognized by the FBI's then Deputy Director for his contribution over the years. He remains an active Member of InfraGard since 2003 and an active Lifetime Member of the FBI Citizens Academy since 2006.   Since 2002 he has devoted his full-time attention to protecting our nation's critical infrastructure and national security interests, through eliminating unnecessary silos that hinder communication, allowing  us to respond to today's increasing threat from our cyber adversaries, and in turn permitting ACTRA's Member Organizations to protect their critical infrastructure and our national security interests, while protecting their organization's assets .   Educationally, he holds a dual MBA in International Business and Finance from the University of California at Berkeley and brings decades of experience as a senior executive in finance, healthcare and government, prior to focusing on Cybersecurity in response to 9/11.          Notes:   Seg 2   Cyber threats affect everybody, business, personal, and government. Cyber crime is a fact of life that we need to live with it, but stay ahead.   Criminals are on the offense and only have to be correct 1% of the time. Everybody else is playing defense and has to be right 100% of the time.   AI is an advanced tool that is turned out to be a two edge sword, can help and hurt. AI can only catch so much but can give a few of what is going on.   This is a matter of national security, dealing with homeland security and many other departments of the government.   You have threat intelligence to determine roles on how you're going to handle hackers and ransom ware. Hackers can be local or foreign.   All companies need a cyber policy and some sort of rapid tactical response.   Cyber attacks are an ever growing threat to people and businesses, and continue to surge in 2024. There was 107% surge in malware attacks.   These are on corporate computers, computers at work or home computers or even Home devices like Ring. You get a text through devices, phishing attacks.   Company business email can be compromised in an attack, people's passwords come out and it leads to millions of dollars in losses. Elderly people are very vulnerable, 353,000 attacks.   You have supply chain threats by terrorist and nation state actors. There was a recent attack on United Healthcare for 100 million. People‘s information was exposed. This led to a $22 million ransom payment.   Cyber attacks cause $2.9 billion in damages. Companies are paying ransom to faceless criminals. Very tough for the FBI to be tracking down on these criminals and try to fend off the extortion of stolen data.   Payments for ransom could be made through Bitcoin, which is difficult to trace, though it leaves somewhat of a forensic trail. Constant need for regulation and oversight from the government.   Famous incident last year was not even an attack, but the Crowdstrike software update. ACTRA had a quick response that day. One that helps clients and partners recover fast. In a similar instant, Delta was down for weeks with computer problems.   When you think about what goes on with banks back to 2008 - what loans they have on balance sheet and then off balance sheet securitized - not regulated like normal loans.   Issues with underwriting standards on loans. Not even sure what can be affected in a Cyber attack. Off balance sheet loans and debt is similar to crypto or Bitcoin where it is not being regulated.   PPD-41 was a directive to show responsibilities of government agencies and dealing in cyber. You had homeland security as a defensive arm to protect the nation's assets.   Enforcement is done in the US by the FBI. Overseas it's done by US Cyber Command.     Seg 3   Frank background in the 1990s in private business, worked in healthcare. Then was the chief info officer and the only 2000s at clinical in Stanford. Healthcare is very vulnerable.   Post 9/11 he worked with FBI outreach program called InfraGuard on how to share intelligence with cyber threats. Needs to be treated like terrorism or criminal acts, though they're taking stolen IP. Need to move to a more stable world.   2011 study was done by government organizations to review the process and make recommendations on how to deal with counterterrorism and cyber.   90% of the critical infrastructure in the US is in the private sector. They do need Fed level help, but have also have a local response. Cyber threat actors move quickly and act like a terrorist organization.   General Stanley McChrystal had a great quote, ‘It takes a network to defeat a network.' Cybersecurity is everyone's problem. You need education and organization. This is a 5th generation problem and you have to be adaptive.   ACTRA is a nonprofit dealing with cyber security. They've got pillars of empowerment, trust technology and intelligence. Need for the private companies to develop to train and recruit to handle this threat.   They created a model which allows to bring the fight on offense - and all work together sharing information. Virtual response team, small and big with the private sector as a partner.   ACTRA is a hub for info, and keeps its member information private. Some members are public like Arizona State. Actual model can be used for the rest of the nation. Government and private cannot do it alone. Not all states have this type of organization, but probably need it.     Seg 4   ACTRA started in January 2013. Give U.S. states a model for cyber security. Collective defense and share information with public and private organizations. The goal is to breakdown silos between government and the corporate world.   Not just a thing tank, has an active model. Review of ACTRA model is best in the country and a good hub for response and info.   In 2015, they helped Wisconsin create their own state organization for cyber threats. Soon after, Maryland created one using ACTRA as a model. Needs to be an effort of collaboration, merge the construct of entrepreneur spirit to take action.   So the government cyber threats are handled nationally at a Fort Meade, where the NSA is.   Frank's background in business in finance and healthcare fields.   Info is useless if not used for action. You need actionable intelligence that is current to take down a threat. You need more than continuing education and certificates for people, must go beyond this.   Virtual response team like a local militia who can help protect assets. Going after cyber criminals can be a little bit like a whack a mole.   Overtime, hopefully there will be a national strategy for info sharing. A type of decentralized and local organization that work with government.   The private sector owns the vast amount of data so they have to determine who they're going to share it with and how.   Defend vs Cyber fast while still working within the spirit of the law.       Seg. 1 Clips from Related Shows: Cybersecurity, Disruption, Blockchain & Terrorism w Ari Redbord of TRM Labs - BRT S02 EP31 (78) 8-1-2021     What We Learned This Week Cybersecurity is extremely important industry for national security TRM Labs startup in cyber-security, monitors blockchain OFAC - Gov't administers economic and trade sanctions Ransomeware – specific breach, takeover of a computer system, holds data hostage Programatic Money Laundering – bad guys create new addresses, create ‘shell' companies   Guest: Ari Redbord, Head of Legal and Government Affairs w/ TRM Labs https://www.linkedin.com/in/ari-redbord-4054381b4/ https://www.trmlabs.com/post/trm-labs-appoints-ari-redbord-as-head-of-legal-government-affairs   Ari is formerly a US Attorney, and worked in the Treasury Department, now advises the Government on cybersecurity, and Blockchain. Cybersecurity is a fast growing and extremely important industry for national security, and corporate interests. There are Nation States acting as bad players in the cyber realm and targeting the US Government and US business. We discuss the advancements in technology on cyber crime, blockchain, crypto, and online fraud. How is the FBI dealing with Ransomware, and other cyber attacks on prime targets like the Colonial Pipeline, or other big corps. What Regulations are coming in banking, and Fintech, with KYC (Know Your Customer), plus the big banks like JP Morgan Chase and Goldman are on board.  What the blockchain ledger can help solve in security, to monitor criminal activity in real time with the help of crypto exchanges like Coinbase.  Lastly, what TRM Labs does for clients, how they advise, operate, and who they work with.   Full Show: HERE     Phishing, Malware & Cybersecurity - Try Not to Get Pwned - BRT S02 EP47 (94) 11-21-2021   What We Learned This Week:   Have I been Pwned? Means have I been breached / hacked – did someone hack my email or website Phishing – most common type of email threat, like when you receive a strange email with a link – Do Not Open – DELETE (and alert other office staff of the email) Ramsonware – hack your website, or data – hold it hostage for an extortion ‘ransom' payment Dark Web – where stolen data, & info is being bought & sold VPN Connections – direct and secure   Guests: Vince Matteo, Seven Layer Networks, Inc. https://sevenlayers.com/ Vince Matteo is a certified penetration tester, a security researcher, and a senior consultant at Seven Layers (.com) where he focuses on securing small businesses.  Vince is the author of "Hacking 101 – A Beginner's Guide to Penetration Testing", he's a bug bounty hunter with 17 published critical vulnerabilities, and he's presented talks on offensive hacking at security conferences -- most recently GrrCON in Grand Rapids, MI and BSides in College Station, TX.  Outside of work, Vince is an accomplished endurance athlete, an Ironman age group champion, and in his spare time, you can find him in the desert -- training for the next hundred-mile ultramarathon.    Full Show: HERE     Biotech Shows: https://brt-show.libsyn.com/category/Biotech-Life+Sciences-Science   AZ Tech Council Shows:  https://brt-show.libsyn.com/size/5/?search=az+tech+council *Includes Best of AZ Tech Council show from 2/12/2023   Tech Topic: https://brt-show.libsyn.com/category/Tech-Startup-VC-Cybersecurity-Energy-Science  Best of Tech: https://brt-show.libsyn.com/size/5/?search=best+of+tech   ‘Best Of' Topic: https://brt-show.libsyn.com/category/Best+of+BRT      Thanks for Listening. Please Subscribe to the AZ TRT Podcast.     AZ Tech Roundtable 2.0 with Matt Battaglia The show where Entrepreneurs, Top Executives, Founders, and Investors come to share insights about the future of business.  AZ TRT 2.0 looks at the new trends in business, & how classic industries are evolving.  Common Topics Discussed: Startups, Founders, Funds & Venture Capital, Business, Entrepreneurship, Biotech, Blockchain / Crypto, Executive Comp, Investing, Stocks, Real Estate + Alternative Investments, and more…    AZ TRT Podcast Home Page: http://aztrtshow.com/ ‘Best Of' AZ TRT Podcast: Click Here Podcast on Google: Click Here Podcast on Spotify: Click Here                    More Info: https://www.economicknight.com/azpodcast/ KFNX Info: https://1100kfnx.com/weekend-featured-shows/     Disclaimer: The views and opinions expressed in this program are those of the Hosts, Guests and Speakers, and do not necessarily reflect the views or positions of any entities they represent (or affiliates, members, managers, employees or partners), or any Station, Podcast Platform, Website or Social Media that this show may air on. All information provided is for educational and entertainment purposes. Nothing said on this program should be considered advice or recommendations in: business, legal, real estate, crypto, tax accounting, investment, etc. Always seek the advice of a professional in all business ventures, including but not limited to: investments, tax, loans, legal, accounting, real estate, crypto, contracts, sales, marketing, other business arrangements, etc.  

*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn.In this episode, which is the first of a listener requested one around technical topics.With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs of a breach. There are several tools and intel providers that can do this, but they're not cheap. So why don't we just do it ourselves?Python can handle simple tasks surrounding dark web scanning and offers more customization for complex tasks. Using strictly free open-source libraries and any system you have available, you can set up an automated scanner and detect threats as they arise.Scan for IP addresses, potentially compromised emails, crypto addresses, and any regex patterns that you desire. Map your findings to the most relevant onion sites and get an understanding of where your adversaries tend to operate. This is just a start. From here, you can go almost anywhere.Episode Charity:Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.Episode Sponsor:Cloud Security Alliance of West MichiganTalking Points:Why is it important that you at least have a basic understanding of the Dark Web is you are in the Small and Medium sized Business (SMB) space.Pros and Cons of Build vs BuyWhat safeguards do you want when out in the fringes?What are the mental health aspects of doing this type of work? How manage those pressures?What are Seed URLs?How to use Dark Web templates for scanning.Description credit to GrrCon

Robert Leale is the president of CanBusHack, President of Pivvit and is also Founder of Car Hacking Village which can be seen at Def Con, DerbyCON, GrrCON, CypherCon, THOTCON, and many more hacking conferences across the globe. He stops by BarCode and we discuss vulnerable technology in automobiles, manufacturer responsibilities, car hacking tools, how to secure your vehicle and Car Hacking Village.Tony floors a “VTEC Punch”.Support the showContact BarCode Support us on Patreon Follow us on LinkedIn Tweet us at @BarCodeSecurity Email us at info@thebarcodepodcast.com Thanks for listening, and we will see you next round!

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Justin Bollinger, Luke Bremer, and Whitney Phillips.   Stories   Title: No fix in sight for mile-wide loophole plaguing a key Windows defense for years URL: https://arstechnica.com/information-technology/2022/10/no-fix-in-sight-for-mile-wide-loophole-plaguing-a-key-windows-defense-for-years/ Author: Dan Goodin     Title: Intel's Alder Lake BIOS Source Code Reportedly Leaked Online URL: https://www.tomshardware.com/news/intels-alder-lake-bios-source-code-reportedly-leaked-online Author: Paul Alcorn   Live-ish From GrrCon Our panel discusses their experience at GrrCon 2022 so far. Luke mentions some research into recovering old botnets ("Botnets Don't Die") by Aamir Lakhani. 

Part four of our impromptu interviews at GrrCON 2021. GrrCON is an annual information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage. In this episode, we hear from Elliott Hirzel.

Part three of our impromptu interviews at GrrCON 2021. GrrCON is an annual information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage. In this episode, we hear from Shannon Maloney and Esquire Triggs.

Part two of our impromptu interviews at GrrCON 2021. GrrCON is an annual information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage. In this episode, we hear from Thurston O'Brien and Sophie Blanchard.

We're back! This is part one of our impromptu interviews at GrrCON 2021. GrrCON is an annual information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage. In this episode, we hear from Jose Luis Bolanos and Elizabeth Whiting.

Your weekly source for locksport news and sometimes interviews. Full show notes, including links, can be found at http://www.thelocksportscast.com  In this week’s episode: Monkey Island's Security Lesson 10 Best Lock Picking Blogs Another Unpickable Lock design New ABUS Fingerprint lock Other New products Events & Meetups Criminals Sales Giveaways and more Announcements: https://twitter.com/Chirael  Corrections: News: Fingerprint padlock ABUS Touch™ 57 ABUS Touch57 Biometric Fingerprint Padlock  Security Lesson from Monkey Island Community News: Lock Noob - What’s that they say about the ‘…sincerest Form of Flattery’? Bsides Triad has been postponed Videos: Sulfur - Never Stop Learning OFFICIAL MUSIC VIDEO (pick a lock with paperclips and quarters) The Official Soundtrack Unpickable Lock? The Co-Axial Lock by Andy Pugh Corliss Cannonball Safe Corliss Cannonball Safe Alpha Guide  Other Resources: 10 Best Lock Picking Blogs and Websites To Follow in 2022  Meetups: Dallas Hackers Association  GrrCON  Yankee Security Convention  DC207 Tickets, Multiple Dates | Eventbrite  SecureWV  Locktoberfest – Pumping Station: One  SAINTCON – Keynote Speakers  BSides Charleston  Pacific Hackers Conference 2022  Products:  Physical Security Village - 27 in 1 Wallet Lock Bypass / Locksmithing Card  LanSpyKey Product Review & Giveaway LanSpyKey - Etsy [09] Bare Bones Handle Review  Bare Bones Lock Picking ‘Bone Skin’  Circular & Tubular Lock Picks & Sets | SouthOrd  LPU Karate Belts: beltranking - lockpicking (reddit.com)  Mentorship Monday 3: The Belt System  2: Breaking Rules and Getting the Belt  All About The Lockpicking Belt Rankings System  Speedlocks: Speedlocks.org  Lock Stories: Criminals: Traffic stop leads to narcotics arrest Akron duo charged with safecracking in Jackson Twp.  Sales: Lock Picking Sale Items Southord sale items Law Lock tools sale - Review Guru post  https://bareboneslockpicking.com/ code ‘Bones15’ for 15% off (excludes Law Lock Tool products) expires end of October https://www.3dlocksport.com/ 10% off. CODE: LSCAST10 https://makolocks.com/ 15% off with code BUYMAKO Unknown exp https://uklockpickers.co.uk/ 10% off with code GIFT Giveaways and Contests: LanSpyKey Product Giveaway - Snake LanSpyKey Product Review & Giveaway  Bare Bones Lock Picking Halloween giveaway GIVEAWAY! BARE BONES-TACULAR RAFFLE!  100 subs GIVEAWAY! - LockHeat Lockpicking 017] 100 subs GIVEAWAY! #Lock100Fumble200 - LockFumbler [100] Giveaway for 100 videos and 200 subscribers! #Lock100Fumble200  thelockpicker1969 giveaways The Lock Picker 1969 - YouTube  KnoxLocks giveaways #KnoxLocksLock3forMe  Knox Locks - YouTube  CLK Supplies Introducing #Lockboss Free Giveaway! Do you work with Locks & Keys or do Locksmithing?  Executive Producers: JimyLongs Founding Executive Producers: m3ddl3r Panda-Frog Michael Gilchrist Starrylock WilliamsBrain  Dave 2BDCy4D Liibans Locksport Journey Pat from Uncensored Tactical  threeraccoonsinacoat  Chirael (Anthony) Associate Executive Producers: DoctorHogmaster Clayton Howard (Kewltune) Co-Producers: m0g Jon Lock Ratyoke MrPickur CrankyLockPicker JHPpicking Bare Bones Lock Picking Deadbolt Cafe NWA Lockpicker Snake Chief Content Producer: Chirael Content Producers: Bare Bones Lock Picking DR HVLogic I fisk int eighty Joshua Gonzalez Knox Lock LockFumbler LockHeat Lockpicking Michael Gilchrist PickSmith Snake thelockpicker1969 Tony Virelli Special thanks to: Contact Information: Email: podcast@thelocksportscast.com Twitter https://twitter.com/charlescurrent  Reddit: currentc57 on r/locksport Discord: Lockpickers United as Current, Extraordinary League of Pickers as Current, The Lock Sportscast as Current Join the Discord at http://discord.thelocksportscast.com The Lock Sportscast on Odysee Donate: http://paypal.thelocksportscast.com https://patreon.com/thelocksportscast https://www.subscribestar.com/thelocksportscast 

Hope in one hand and shit in the other! this is what I was told as a child about hope, this is because hope is commonly associated with expectations, and expectations lead to disappointment. It was not until later that I learned hope could also mean a want or desire for something to happen, that hope is about anticipation for positive outcomes.Then I remembered I work in information security, an industry that at times appears to be a hopeless wasteland of soul sucking, ungrateful people, never-ending greed, over inflated egos, blaming and shaming and awful behavior. An industry were the vendors treat their customers like victims, while peddling rebranded anti-virus and packet inspection as next gen and don't get me going on the “Rock stars” of the industry are high on their own farts.Work in this industry long enough and you will start to lose hope, lost hope that anything will change, that we can get ahead of the criminals, that we can do the right thing, that we will become diverse and inclusive, that we will help and protect those we serve, that the next generation will know how a computer and network actually works. Feeling hopeless makes it hard to get up each day and keep fighting this fight, hopelessness is hard on mental health, passion and drive start to suffer and apathy starts to set in. It was in this spiral of negative feelings about our industry and its future that I found myself, when I arrived at my very first GrrCON. What unfolded over the next few days, surprised, renewed, refreshed, inspired, encouraged, empowered, energized and left me with a restored since of hope.After spending an amazing time hanging with and learning from some of the kindest, nicest, humblest, smartest people in infosec. I could see we have a chance to do better, to be better and there are some of us in this industry who are in it for all the right reasons. From the amazing folks at ILF to the thoughtful sessions, the openness to share knowledge, and humbleness of some of the biggest names in the game. Every person I met from the newest in the industry to the dusty old dinosaurs (holding up a mirror) every single person was eager to help, excited to grow and learn from one another regardless of experience level.We need to take what makes the attendees of GrrCON so special, put it in a bottle and sell it as a service.All this and more tonight on the Security Shit Show with Chris, Evan and Ryan.

There are many ways your network can be accessed, not just remotely but physically. How equipped are you and your coworkers to prevent intrusions? Today's guest is Jayson E. Street. Jayson is the author of Dissecting the Hack: The F0rb1dd3n Network Series. He is the DEFCON Groups Global Ambassador and the VP of InfoSec for SphereNY. He has also spoken at DEFCON, DerbyCon, GRRCon, and at several other cons and colleges on a variety of Information Security topics. Jayson was also featured in The National Geographic series Breakthrough Cyber Terror. Show Notes: [1:00] - Jayson explains how he hacks to help. [1:59] - People want to see how Jayson can get into their facility and rob them. [3:39] - Jayson shares how “being the bad guy” can get the information needed to educate users and clients on preventing more. [4:51] - Jayson has been known to rob banks and shares the story about how he robbed the wrong bank because he had to go to the bathroom. [7:24] - The devices Jayson uses emulate keyboards and code.  [9:03] - Some employees for big companies like Microsoft have posted their badge on social media from which Jayson prints and uses as his own. [10:08] - How did Jayson get caught in robbing the wrong bank? [13:21] - He found out later that the bank he robbed by mistake wound up wiping their machines which cost them a lot of money even though Jayson's procedure was harmless. [16:01] - Jayson has a 100% success rate which shows how employees trust anyone who looks official. [17:13] - What is the yellow method and why does Jayson use it? [18:18] - Jayson describes the facility that took the longest amount of time to get into in Jamaica. [20:17] - In one instance, Jayson did not go back to talk to the client after conducting the pen test for a charity. [22:30] - When these tests happen, it isn't about winning and losing. Jayson makes sure he is caught so he can provide education and training. [25:08] - “The biggest thing that people can do to protect themselves is to listen to the voice in the back of your head saying that something is odd or unusual. Realize when you're at work, part of your job and responsibility is to think that something bad may happen.” [26:25] - Companies need to give a proper avenue for employees to feel comfortable in reporting something strange. [28:39] - Jayson shares some of the techniques he uses that have a 100% success rate in penetrating the company's network. [30:06] - At events, oftentimes there are company USB drives loaded with giveaway items. These could be dangerous to use. [31:39] - There is no way to completely eliminate threats. The important piece is how you respond to a threat. [33:10] - Network security is great, but physical security of a network is just as important. [35:01] - Jayson explains that the users of the programs in a network are the people that need to have the proper education. [37:45] - Jayson has a program where he gamifies security education. [39:50] - Many people don't realize how easy it is for an official looking badge to be recreated. [41:41] - Jayson describes his most boring and simple robbery he completed in 15 seconds. [42:29] - What was Jayson's most successful interaction? [43:51] - After obliterating a company one year, management took the lessons to heart, educated their team, and had him come back the next year. [46:19] - If pen testers are not rooting for the client, they are in the wrong business. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Jayson E. Street Home Page Jayson E. Street on Darknet Diaries Podcast Jayson E. Street on Twitter Jayson E. Street on LinkedIn Dissecting the Hack: The F0rb1dd3n Network by Jayson E. Street

https://www.linkedin.com/in/amandaberlin/ (Amanda Berlin) is the Lead Incident Detection Engineer for https://www.blumira.com/ (Blumira) and the CEO and owner of the nonprofit corporation https://www.mentalhealthhackers.org/ (Mental Health Hackers). She is the author of a Blue Team best practices book called "https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388 (Defensive Security Handbook: Best Practices for Securing Infrastructure)” with Lee Brotherston through O'Reilly Media. She is a co-host on the https://www.brakeingsecurity.com (Brakeing Down Security podcast) and writes for several blogs. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings, and industry events such as DerbyCon, O’Reilly Security, GrrCon, and DEFCON. In this episode, we discuss her start in help desk, speaking amount mental health, depression and anxiety, men's reluctance to report health issues, neurodiversity, how organizations can encourage self-care, using medication, the Mental Health Hackers organization, and so much more. Where you can find Amanda: https://www.linkedin.com/in/amandaberlin/ (LinkedIn) https://www.mentalhealthhackers.org/ (Mental Health Hackers) https://www.brakeingsecurity.com/ (Brakeing Down Security Podcast) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

Get a peek behind the curtain of security architecture careers from Pranshu Bajpai, a security architect with Motorola who recently earned his doctorate in computer science with an emphasis on ransomware research and analysis. Pranshu discusses how to break into security architecture and build the skills you need for that type of a career. In particular, he says academic study at that height mostly prepares you for research and teaching work, and there are there are quicker and easier ways to build up your skill set.– Take the Cyber Work listener survey and you could win $100: http://www2.infosecinstitute.com/survey– Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastPranshu Bajpai has research interests in systems security, malware, digital forensics and threat intelligence. He has authored several papers for reputed magazines and journals including IEEE, Elsevier, ACM and ISACA. His work has been featured in various media outlets including Scientific American, The Conversation, Salon, Business Standard, Michigan Radio, GCN, GovTech and others. He is an active speaker at conferences and has spoken at APWG eCrime, DEFCON, GrrCon, Bsides, ToorCon and many others. He obtained his doctorate in Computer Science from Michigan State University and master's in Information Security from Indian Institute of Information Technology. About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Learn all about fuzzing and application security with repeat guest Dr. Jared DeMott, CEO and founder of VDA labs. The last time he appeared (October 2018), the focus was on Internet-of-Things (IoT) security, but Jared is also the author of Fuzzing for Software Security Testing and Quality Assurance. In this episode we go deeper into continuous integration and deployment (CI/CD), fuzzing, dynamic analysis security testing and other AppSec tools, as well as practical tips and suggestions for entering the field.– Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastDr. Jared DeMott is the Founder & CEO of VDA Labs, a full-scope cybersecurity company. DeMott previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on cyber matters at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, HITB and others. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the U.S. Military Academy. Jared is a Pluralsight author, and is often interviewed by media to weigh in on cyber matters.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Day 2 of our meanderings through GRRCON: an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Grrcon update   2019-039-  bluekeep Weaponized… and more   Bluekeep weaponized https://www.bleepingcomputer.com/news/security/bluekeep-remote-code-execution-bug-in-rdp-exploited-en-masse/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/    https://www.wired.com/story/bluekeep-hacking-cryptocurrency-mining   NordVPN hacked: https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/   Null sessions and how to avoid them:https://www.dummies.com/programming/networking/null-session-attacks-and-how-to-avoid-them/ https://social.technet.microsoft.com/Forums/en-US/2acdfb53-edee-444e-9ffa-25dcebcd9181/smb-null-sessions   Linux has a marketing problem: https://hackaday.com/2019/10/31/linuxs-marketing-problem/   20 accounts could pwn majority of NPM   https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/    Chrome 0day   https://thehackernews.com/2019/11/chrome-zero-day-update.html   India Nuclear plant is hacked https://arstechnica.com/information-technology/2019/10/indian-nuclear-power-company-confirms-north-korean-malware-attack/   High Tea Security Podcast:  https://www.podcasts.com/high-tea-security-190182dc8   https://TAGNW.org - Bryan Panel and talking about networking   Securewv.org - Training - https://www.eventbrite.com/e/security-dd-tickets-79219348203  Bsides Fredericton - https://www.eventbrite.ca/e/security-bsides-fredericton-2019-tickets-59449704667      Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Day 1 of our meanderings through GRRCON: an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

GRRCON is October 24th and 25th 2019 at DeVos Place in Grand Rapids, MI. It’s an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-035-business_continuity-After_the_disaster.mp3   We are back this week after a bit of time off, and we getting right back into it... What happens after you enact your business continuity plan? Many times, it can cause you to have to change processes, procedures... you may not even be doing business in the same country or datacenter, and you may be needing to change the way business is done. We also talk a bit about 3rd party vendor reviews, and what would happen if your 3rd party doesn't have a proper plan in place. Finally, we discuss the upcoming #reverseEngineering course starting on 30 October 2017 with Tyler Hudak, as well some upcoming appearances for Ms. Berlin at SecureWV, GrrCon, and Bsides Wellington, #newZealand   RSS: http://www.brakeingsecurity.com/rss Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2  #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast   Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/     ---SHOW NOTES--- You have enacted your BC/DR plan Step 1. Panic Step 2. Panic more, or let your management panic Step 3. Follow the plan… you do have a plan, right?   Enacting a BC/DR plan RPO/RTO - https://www.druva.com/blog/understanding-rpo-and-rto/   Recovery Point Objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or “tolerance.”   https://en.wikipedia.org/wiki/Recovery_point_objective   Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.   https://en.wikipedia.org/wiki/Recovery_time_objective   https://uptime.is/99.99   Excerpt from "Defensive Security Handbook" - Buy from Amazon (sponsored link):  http://amzn.to/2zcmWBY Recovery Point Objective   The recovery point objective (RPO) is the point in time that you wish to recover to. That is, determining if you need to be able to recover data right up until seconds before the disaster strikes, or whether the night before is acceptable, or the week before, for example. This does not take into account of how long it takes to make this recovery, only the point in time from which you will be resuming once recovery has been made. There is a tendency to jump straight to seconds before the incident; however, the shorter the RPO, the more the costs and complexity will invariably move upwards. Recovery Time Objective   The recovery time objective (RTO) is how long it takes to recover, taken irrespective of the RPO. That is, after the disaster, how long until you have recovered to the point determined by the RPO.   To illustrate with an example, if you operate a server that hosts your brochureware website, the primary goal is probably going to be rapidly returning the server to operational use. If the content is a day old it is probably not as much of a problem as if the system held financial transactions whereby the availability of recent transactions is important. In this case an outage of an hour may be tolerable, with data no older than one day once recovered.   In this case the RPO would be one day, and the RTO would be one hour.   There is often a temptation for someone from a technology department to set these times; however, it should be driven by the business owners of systems. This is for multiple reasons:   It is often hard to justify the cost of DR solutions. Allowing the business to set requirements, and potentially reset requirements if costs are too high, not only enables informed decisions regarding targets, but also reduces the chances of unrealistic expectations on recovery times.   IT people may understand the technologies involved, but do not always have the correct perspective to make a determination as to what the business’ priorities are in such a situation.   The involvement of the business in the DR and BCP plans eases the process of discussing budget and expectations for these solutions.   RPO should be determined when working through a Business impact analysis (BIA) https://www.ready.gov/business-impact-analysis   https://www.fema.gov/media-library/assets/documents/89526   There is always a gap between the actuals (RTA/RPA) and objectives After an incident or disaster, a ‘Lessons Learned’ should identify shortcomings and adjust accordingly. This may also affect contracts, or customers may require re-negotiation of their RTO/RPO requirements   If something happens 4 hours after a backup, and you have an hour until the next backup, you have to reconcile the lost information, or take it as a loss Loss = profits lost, fines for SLAs   You may not be doing the same after the disaster. New processes, procedures   https://www.bleepingcomputer.com/news/security/fedex-says-some-damage-from-notpetya-ransomware-may-be-permanent/ Ms. Berlin’s appearances Grrcon - http://grrcon.com/   Hack3rcon/SecureWV -  http://securewv.com/   Oreilly Conference - https://conferences.oreilly.com/security/sec-ny/public/schedule/detail/61290 Experts Table?   Bsides Wellington (sold-out) ---- CLASS INFORMATION Introduction to Reverse Engineering with Tyler Hudak Starts on 30 October - 20 November 4 Mondays Sign up on our Patreon (charged twice, half when you sign up, half again when 1 November happens

Matt Johnson has spoken at conference's like GrrCon and DerbyCon on using PowerShell for security. He also has his own podcast titled, Leveled up Infosec Podcast and he's the founder of PoshSec. You can catch Matt tweeting about security on Twitter @mwjcomputing. In this interview we cover: what is PowerShell; how to get started; how to best utilize it for security; resources; and what mistakes made using it.

Jared DeMott is a principal security researcher at Bromium and has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course. Windows Meterpreter recently got some new capabilities thru the Extended API module by OJ Reeves also known as TheColonial. He added support for: *Interacting with the Clipboard *Query services *Window enumeration *Executing ADSI Queries We will cover in this Technical Segment the ADSI interface since it gives us a capacity in enterprise environments not available previously in meterpreter other than a module from Meatballs called enum_ad_computers.

Jared DeMott is a principal security researcher at Bromium and has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course.

Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.

Jaime "WiK" Filson enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village. Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.

Synopsis Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of interest including the ugly phrase "it's a business decision" and why we say that. We also dive into how decisions are made, and why security and business are still often at odds on goals and acceptable 'risks'... and why our recommendations and guidance still falls on seemingly deaf ears. We sample some of the sage wisdom of J.W. Goerlich as he runs his IT and security organization, and how he asks his security employees to think business, and put themselves into the frame of reference of the business when making decisions. Jen Fox brings up Miller's Law, and teachs us to ask "What is that true of?" when framing discussions in the business context with non-technologists. Jen makes us think about frames of reference. She tells us that we must assume that a statement someone makes is true ... from their frame of reference and we simply must get inside their frame of reference to understand their thinking. Steven Fox gives us a little bit of a glimpse into the government world where you can't always go sit down with the decision maker, and have to depend on your relationships, cooperation, and sometimes back-room politics to get things done. I invite you to listen in, this is a timeless discussion that everyone should participate in. Guests J.W. Goerlich - @JWGoerlich - Information Systems and Information Security Manager. Regular InfoSec practitioner, occasional speaker and writer. INTJ. #MiSec, #BSidesDetroit, #CSA, #Owasp Jen Fox - @J_Fox - Making security accessible to the end user. Independent consultant, biz analyst, tech-to-biz translator, and diplomat. CIPP/IT and locksport enthusiast. Steven Fox - @Securelexicon - I am a Security Architect at the U.S. Dept of the Treasury & Penetration Tester passionate about security as a business value and differentiator.