POPULARITY
In this episode of The President's Daily Brief: A major announcement from Secretary of State Antony Blinken at the NATO summit in DC. After months of training and negotiations, the first F-16 fighter jets are on their way to Ukraine and will be flying sorties this summer. All eyes are on Joe Biden's performance at this week's summit as the White House seeks to dispel doubts about the 81-year-old's capability as commander-in-chief. The U.S., Australia, and six other allies sound the alarm on a Chinese state-sponsored hacking group, exposing a coordinated cyber threat orchestrated by Beijing's intelligence services. In today's Back of the Brief, the Biden Administration's ill-fated Gaza pier is set to deliver its final cargo of humanitarian aid in the coming days, marking the end of the road for this controversial initiative. To listen to the show ad-free, become a premium member of The President's Daily Brief by visiting PDBPremium.com. Please remember to subscribe if you enjoyed this episode of The President's Daily Brief. Email: PDB@TheFirstTV.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Willow's Witty Wisdom: Revolutionising Houseplant Care. Cat Comforts: The PaWz Automatic Smart Litter Box Revolution. Travel Troubles: Tech-Driven Scams Skyrocket. Morse Mastery: Modern Magic with a Minimalist Morse Code Translator. Neurotargeting's Nefarious Nexus: Data-Driven Democracy Dilemma. Robotic Repetition: Humanoids Hone Skills by Shadowing Humans. Perth Pupils' Prolonged IT Prowess: Years of Hacking Exposed. Digital Discoveries: Delving into Genealogy with Gadgets. Emotional Empathy: Elevating AI's Understanding.
Shane Leary joins Miles Yu to discuss a massive document leak from Chinese cybersecurity firm I-Soon, which sheds light on the CCP's global surveillance and hacking regime and destroys the illusion of safety around Chinese private sector companies. They then turn to a little-covered spat between the Taiwan Coast Guard and a Chinese fishing vessel which resulted in the drowning of the two Chinese nationals near the island of Quemoy. Finally, they discuss Wang Yi's absence at the G20 Ministerial meeting, and its implications for broader trends in the PRC's foreign policy.
Podcast: The PrOTect OT Cybersecurity Podcast (LS 31 · TOP 5% what is this?)Episode: Todd Beebe: Beyond IT vs. OT, The Common Ground for Securing Any EnvironmentPub date: 2023-12-28About Todd Beebe: Todd Beebe, a cybersecurity veteran since the early 90s, commenced his journey by thwarting attempts to hack his BBS. His expertise led to pivotal roles with an international organization, securing remote access, fortifying websites, and pioneering firewall deployment. Later, at Ernst & Young, he spearheaded the Attack & Penetration practice in Houston, penetrating Fortune 500 clients and contributing to the precursor of the Hacking Exposed book series. Todd's entrepreneurial spirit thrived as he founded cybersecurity companies, notably inventing the telecom firewall 'TeleWall' and the web application firewall 'eServer Secure,' holding nine US patents. His career includes fortifying the White House and Pentagon against cyber threats and building cybersecurity programs for multiple Fortune 500 organizations.In this episode, Aaron and Todd Beebe discuss:Their journeys into cybersecurity careersNavigating the convergence of IT and OT securityFinding common ground and overcoming historical hurdlesShared labs for enhanced understanding and effective problem-solvingCybersecurity challenges in critical infrastructureKey Takeaways:In addressing cybersecurity challenges, it's crucial for IT and OT teams to collaborate closely, recognizing that the threat landscape targets common denominators such as IP addresses, ports, and Windows systems, and adopting a unified approach to securing both environments is essential in the evolving landscape of cyber threats.In navigating the convergence of IT and OT, the key lies in recognizing the shared technological foundation, fostering collaboration to merge expertise, and dispelling the misconception of a takeover, ultimately shifting the focus from being adversaries to allies in the pursuit of a secure and efficient operational landscape.Fostering collaboration between IT and OT teams through shared advisory roles, regular communication, and the establishment of a collaborative lab environment not only enhances technical expertise but also builds trust, camaraderie, and a common language, ultimately contributing to a more resilient and stable organizational infrastructure.While Todd is excited about the increasing diversity of people entering the cybersecurity field, he expresses concern about the SEC's decision to hold CISOs accountable for breaches and emphasizes the challenge of training junior analysts to effectively identify and respond to cyber threats in the evolving landscape. "I'm ready to continue learning. I believe that's the most important part for anyone in cybersecurity. It's whether they have that mindset: it's not failure, it's learning. If we can get that into the mindsets of the next generation, I think then we've done what we needed to do." — Todd Beebe Connect with Todd Beebe: Email: tvbeebe@freeportlng.comLinkedIn: https://www.linkedin.com/in/toddbeebe/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Todd Beebe: Beyond IT vs. OT, The Common Ground for Securing Any EnvironmentPub date: 2023-12-28About Todd Beebe: Todd Beebe, a cybersecurity veteran since the early 90s, commenced his journey by thwarting attempts to hack his BBS. His expertise led to pivotal roles with an international organization, securing remote access, fortifying websites, and pioneering firewall deployment. Later, at Ernst & Young, he spearheaded the Attack & Penetration practice in Houston, penetrating Fortune 500 clients and contributing to the precursor of the Hacking Exposed book series. Todd's entrepreneurial spirit thrived as he founded cybersecurity companies, notably inventing the telecom firewall 'TeleWall' and the web application firewall 'eServer Secure,' holding nine US patents. His career includes fortifying the White House and Pentagon against cyber threats and building cybersecurity programs for multiple Fortune 500 organizations.In this episode, Aaron and Todd Beebe discuss:Their journeys into cybersecurity careersNavigating the convergence of IT and OT securityFinding common ground and overcoming historical hurdlesShared labs for enhanced understanding and effective problem-solvingCybersecurity challenges in critical infrastructureKey Takeaways:In addressing cybersecurity challenges, it's crucial for IT and OT teams to collaborate closely, recognizing that the threat landscape targets common denominators such as IP addresses, ports, and Windows systems, and adopting a unified approach to securing both environments is essential in the evolving landscape of cyber threats.In navigating the convergence of IT and OT, the key lies in recognizing the shared technological foundation, fostering collaboration to merge expertise, and dispelling the misconception of a takeover, ultimately shifting the focus from being adversaries to allies in the pursuit of a secure and efficient operational landscape.Fostering collaboration between IT and OT teams through shared advisory roles, regular communication, and the establishment of a collaborative lab environment not only enhances technical expertise but also builds trust, camaraderie, and a common language, ultimately contributing to a more resilient and stable organizational infrastructure.While Todd is excited about the increasing diversity of people entering the cybersecurity field, he expresses concern about the SEC's decision to hold CISOs accountable for breaches and emphasizes the challenge of training junior analysts to effectively identify and respond to cyber threats in the evolving landscape. "I'm ready to continue learning. I believe that's the most important part for anyone in cybersecurity. It's whether they have that mindset: it's not failure, it's learning. If we can get that into the mindsets of the next generation, I think then we've done what we needed to do." — Todd Beebe Connect with Todd Beebe: Email: tvbeebe@freeportlng.comLinkedIn: https://www.linkedin.com/in/toddbeebe/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
About Todd Beebe: Todd Beebe, a cybersecurity veteran since the early 90s, commenced his journey by thwarting attempts to hack his BBS. His expertise led to pivotal roles with an international organization, securing remote access, fortifying websites, and pioneering firewall deployment. Later, at Ernst & Young, he spearheaded the Attack & Penetration practice in Houston, penetrating Fortune 500 clients and contributing to the precursor of the Hacking Exposed book series. Todd's entrepreneurial spirit thrived as he founded cybersecurity companies, notably inventing the telecom firewall 'TeleWall' and the web application firewall 'eServer Secure,' holding nine US patents. His career includes fortifying the White House and Pentagon against cyber threats and building cybersecurity programs for multiple Fortune 500 organizations.In this episode, Aaron and Todd Beebe discuss:Their journeys into cybersecurity careersNavigating the convergence of IT and OT securityFinding common ground and overcoming historical hurdlesShared labs for enhanced understanding and effective problem-solvingCybersecurity challenges in critical infrastructureKey Takeaways:In addressing cybersecurity challenges, it's crucial for IT and OT teams to collaborate closely, recognizing that the threat landscape targets common denominators such as IP addresses, ports, and Windows systems, and adopting a unified approach to securing both environments is essential in the evolving landscape of cyber threats.In navigating the convergence of IT and OT, the key lies in recognizing the shared technological foundation, fostering collaboration to merge expertise, and dispelling the misconception of a takeover, ultimately shifting the focus from being adversaries to allies in the pursuit of a secure and efficient operational landscape.Fostering collaboration between IT and OT teams through shared advisory roles, regular communication, and the establishment of a collaborative lab environment not only enhances technical expertise but also builds trust, camaraderie, and a common language, ultimately contributing to a more resilient and stable organizational infrastructure.While Todd is excited about the increasing diversity of people entering the cybersecurity field, he expresses concern about the SEC's decision to hold CISOs accountable for breaches and emphasizes the challenge of training junior analysts to effectively identify and respond to cyber threats in the evolving landscape. "I'm ready to continue learning. I believe that's the most important part for anyone in cybersecurity. It's whether they have that mindset: it's not failure, it's learning. If we can get that into the mindsets of the next generation, I think then we've done what we needed to do." — Todd Beebe Connect with Todd Beebe: Email: tvbeebe@freeportlng.comLinkedIn: https://www.linkedin.com/in/toddbeebe/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
Clint Bodungen | Co-Founder / CEO @ ThreatGENClint Bodungen is a globally recognized cybersecurity professional and thought leader with over 25 years of experience (of which 20 years have been focused on ICS/OT cybersecurity). His journey in cybersecurity began at the age of eleven when he started programming on a Tandy 1200, and since then, his career has been nothing short of remarkable. A veteran of the United States Air Force, Clint has established himself as a prominent figure in the field, having worked for notable cybersecurity firms like Symantec, Industrial Defender, Booz Allen Hamilton, and Kaspersky Lab. His expertise extends to the impact of AI on cybersecurity, and he has played a pivotal role in addressing the industry's training and education gaps. Clint is renowned for his innovative approaches and has contributed to the field as the author of two books: the best seller, "Hacking Exposed: Industrial Control Systems," and the upcoming "ChatGPT for Cybersecurity Cookbook." He has written an array of articles, technical papers, and training courses, with a primary focus on cybersecurity vulnerability assessment, penetration testing/red teaming, and risk management. Even before the public emergence of generative AI and large language models (LLM), he had already developed a variety of cybersecurity tools and apps that leverage this technology. Over the past decade, Clint has been at the forefront of integrating gamification and AI applications into cybersecurity training. His dedication and innovation culminated in the creation of ThreatGEN® Red vs. Blue, the world's first online multiplayer cybersecurity game crafted to impart real-world cybersecurity skills. This flagship product marks Clint's foray as a pioneer in cybersecurity gamification, a testament to his progressive vision. Clint's enduring passion and goal are to redefine industry standards for cybersecurity education using computer gaming (gamification) and AI technology to present a revolutionary, engaging approach to this essential field, and set new precedents for effective and interactive learning.Clint rejoins Manufacturing Hub to shed some more light on hackers and what groups can do to learn more about cybersecurity.We'll get into Clint's new book: ChatGPT for Cybersecurity Cookbook.Plus, we'll check in on how Red vs. Blue continues to change about how we learn about cybersecurity.Thanks to Phoenix Contact USA for sponsoring this show and 100-year anniversary wishes. Connect with Us Clint Bodungen Vlad Romanov Dave Griffith Manufacturing Hub SolisPLC #manufacturing #automation #cybersecurity
Control System Cyber Security Association International: (CS)²AI
Derek Harp is happy to welcome Pascal Ackerman as his guest for today's podcast! Pascal is a security professional, focused on industrial control systems and he's currently the Sr Security Consultant for Operational Technology - Threat & Attack Simulation at GuidePoint Security. He has a Master's of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache. He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc. Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines. He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father. In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book. If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more! Show highlights: After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51) Pascal talks about what he did while working as a controls engineer. (8:08) How Pascal got invited to move to the US to continue with his work. (9:50) Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27) Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07) Pascal pinpoints the moment when he decided to change his career path. (16:00) Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35) A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19) Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16) Pascal talks about his book, Industrial Cybersecurity. (23:39) The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50) How Threat GEN became a company based around a game Pascal developed. (29:10) Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36) The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43) Why do you need to figure out what you like the most and focus on that technology? (37:58) Architecture will be the next big step for monitoring everything. (45:06) Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49) Links: https://www.cs2ai.org/ ((CS)²AI) https://www.linkedin.com/in/pascal-ackerman-036a867b/ (Pascal Ackerman on LinkedIn) https://www.amazon.com/Industrial-Cybersecurity-Efficiently-cybersecurity-environment/dp/1800202091 (Industrial Cybersecurity by Pascal Ackerman) Books mentioned: https://www.amazon.com/Hacking-Exposed-Industrial-Control-Systems/dp/1259589714 (Hacking Exposed by Clint Bodungen) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful...
Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 41: Writing a Book to Leverage Your Expertise and Improve Your Career with Pascal AckermanPub date: 2022-06-07Derek Harp is happy to welcome Pascal Ackerman as his guest for today's podcast!Pascal is a security professional, focused on industrial control systems and he's currently the Managing Director of Threat Services at ThreatGEN. He has a Master's of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache.He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc.Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines. He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father. In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book.If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more!Show highlights:After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51)Pascal talks about what he did while working as a controls engineer. (8:08)How Pascal got invited to move to the US to continue with his work. (9:50)Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27)Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07)Pascal pinpoints the moment when he decided to change his career path. (16:00)Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35)A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19) Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16)Pascal talks about his book, Industrial Cybersecurity. (23:39)The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50)How Threat GEN became a company based around a game Pascal developed. (29:10)Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36)The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43)Why do you need to figure out what you like the most and focus on that technology? (37:58)Architecture will be the next big step for monitoring everything. (45:06)Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49)Links:(CS)²AIPascal Ackerman on LinkedInIndustrial Cybersecurity by Pascal AckermanBooks mentioned:Hacking Exposed by Clint BodungenThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
A high court judge has ruled that Sheikh Mohammed bin Rashid al-Maktoum hacked the phone of his ex-wife Princess Haya using Pegasus spyware. In this episode we look at the implications of the affair. Help support our independent journalism at theguardian.com/infocus
A high court judge has ruled that Sheikh Mohammed bin Rashid al-Maktoum hacked the phone of his ex-wife Princess Haya using Pegasus spyware. In this episode we look at the implications of the affair. Earlier this year we brought you an investigation into the use of controversial spyware called Pegasus. As part of that series we revealed that the phone number of Princess Haya, the ex-wife of the ruler of Dubai, had appeared in a data leak of numbers selected as possible targets for surveillance by governments with access to Pegasus. This software gives the user the ability to access photos, videos, phone calls – everything on the target's mobile phone. Last week that story took a dramatic twist. The Guardian's defence and security editor Dan Sabbagh tells Rachel Humphreys that new documents released in a UK court reveal rulings by a senior judge that confirmed that Haya was successfully hacked along with members of her legal and security teams. The judge also ruled that on the balance of probabilities, the hack was ordered by Dubai's ruler, Sheikh Mohammed bin Rashid al-Maktoum. It's an act that has implications not just for Haya and her legal team, but for everyone in the UK. And the affair has posed questions too for the British government over its relationship with its close ally the United Arab Emirates.
A high court judge has ruled that Sheikh Mohammed bin Rashid al-Maktoum hacked the phone of his ex-wife Princess Haya using Pegasus spyware. In this episode we look at the implications of the affair. Earlier this year we brought you an investigation into the use of controversial spyware called Pegasus. As part of that series we revealed that the phone number of Princess Haya, the ex-wife of the ruler of Dubai, had appeared in a data leak of numbers selected as possible targets for surveillance by governments with access to Pegasus. This software gives the user the ability to access photos, videos, phone calls – everything on the target's mobile phone. Last week that story took a dramatic twist. The Guardian's defence and security editor Dan Sabbagh tells Rachel Humphreys that new documents released in a UK court reveal rulings by a senior judge that confirmed that Haya was successfully hacked along with members of her legal and security teams. The judge also ruled that on the balance of probabilities, the hack was ordered by Dubai's ruler, Sheikh Mohammed bin Rashid al-Maktoum. It's an act that has implications not just for Haya and her legal team, but for everyone in the UK. And the affair has posed questions too for the British government over its relationship with its close ally the United Arab Emirates.
We are in a time where global economies are screeching to a halt while cybercrime is not resting. With cybercrime predicted to inflict damages totaling 6 trillion dollars in 2021, its rise has outraced traditional security teams and methodologies, making it harder to detect, mitigate, and resolve an escalating number of threats. A new generation of hackers is blooming to rival the rising cybercrime forces. Once thought of as an unconventional, even underground hobby, ethical hacking and bug bounty hunting has since become a popular movement. Bug bounty hunters and hackers are not just helping organizations face unknown challenges in the current threat landscape and making the internet safer for everyone. Now they have the opportunity to make a sustainable living out of it. Providing resources, mentorship, and support is crucial in gaining trust and building relationships with the next generation of security researchers, bug bounty hunters, and professionals. Who better to fill that role than experienced, creative, and even entertaining role models. Luke Stephens, better known as Hakluke is the Manager of Training and Quality Assurance at Bugcrowd. But he started on the other side as a hunter. Luke is well known and loved in the infosec community he has been a part of for years. Ethical hackers are a curious bunch: Luke has been curating and creating content to feed that curiosity with educational cybersecurity and self-development blog posts, talks, videos, podcasts, and hacking tools.Whether on Twitter, Tiktok, his blog, or a YouTube channel, encouraging and directing new generations of hackers is at the forefront of Luke's positive online presence. As part of the Bug Bounty Hunting Month, Luke released haktrails, a Golang client for querying Securitytrails API data, making it easier to access information directly from the CLI. We were excited to (virtually) sit down with Luke in the tropical oasis of Sunshine Coast, where he recently moved, and find out about his story, how he got into cybersecurity (hint: Matrix was the culprit), the importance of fostering keen minds in the industry, the right hacker mindset, interesting tidbits from his work with Bugcrowd, and much more. Securitytrails: You help many bug bounty hunters and aspiring ones with your content and selflessly shared tips, tricks and just about anything on how to succeed. But what did your start in bug bounty hunting look like? What sparked your interest enough to start? Luke Stephens: I think landing in bug bounties was the result of natural tendencies and personality traits, combined with a few formative events in my life. To give a brief history, I was born with a natural obsession with knowing how things worked under the hood. I gravitated towards computers at a young age, and my interest in hacking was piqued at 8 when I saw The Matrix at a friend's birthday party. At that time, there were basically no resources to learn hacking, at least that I could find. At some point, when I was probably about 12, I managed to convince my parents to buy me a book called Hacking Exposed, which detailed some hacking fundamentals. Despite having very little knowledge, I somehow found my way into some computer systems that I shouldn't have. I made my first responsible disclosure to my school's IT staff. As I approached the end of my schooling, I started up a couple of small online businesses for content creation and web development. My clients were mostly my friends or acquaintances, but it gave me an entrepreneurial spirit.I landed a job straight out of school doing high-level tech support, installations, and code customizations with a company that developed webmail products. I learned a lot about PHP, Linux, and systems administration. After two years working on a computer science degree, I dropped out and started working as a full-time web developer for a few different businesses, but my interest in hacking never subsided. I completed my OSCP and eventually landed a jo...
Stuart McClure is the founder and CEO of Cylance, the first endpoint cybersecurity company that revolutionized the way the industry detects and protects endpoints using machine learning. He is also the co-authored the most successful security book series of all time, Hacking Exposed.If you’re remotely interested in enterprise security in any capacity, you don't want to miss this episode.
Kev and Den debate the actionability, value, and opportunity cost of threat intelligence in the modern enterprise. On the throwback Hacking Exposed author and security industry stalwart Joel Scambray shares how he leveraged his passion for writing and the computer skills he developed in the biology lab into a storied career in computer security.(Intro and Outro theme "Sun Rice" by Adubter, CCL: https://creativecommons.org/licenses/by-nc-sa/3.0/).
Brian Robison: Mobile Malware and APT Espionage Until now, the public’s exposure to mobile phone malware has been dominated by news about the privately run “greyware” vendors, including Gamma Group, Hacking Team and NSO. Their commercial smartphone spyware seems to inevitably end up in the hands of autocrats who use it to hamper free speech, quash dissent, or worse. Consumers of these news stories are often left with the impression that mobile malware is just something paranoid dictators purchase for use within their own borders in luddite countries few people can find on a map. It is not. In a coming report, BlackBerry Cylance researchers will reveal what the focus on those groups has overshadowed: several governments with well-established cyber capabilities have long ago adapted to, and exploited, the mobile threat landscape for a decade or more. In this context, mobile malware is not a new or niche effort, but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere. This week on Insecurity, Matt Stephenson has a chat with BlackBerry Cylance Chief Evangelist Brian Robison about the scourge of Mobile Malware and how the threats that come from attacking mobile devices are different… and thus require a different mindset when it comes to securing those devices and your network. About Brian Robison Brian Robison has over 20 years of cybersecurity experience. As Chief Evangelist at BlackBerry Cylance he is focused on educating and inspiring the world. Robison hosts live Hacking Exposed events, where he demonstrates the tools and techniques of real-world threat actors. Brian is a regular speaker at industry events such as RSA, Black Hat, thought leadership forums like ISC2 Think Tank and is highly sought after to speak at partner events. Prior to joining BlackBerry Cylance, Robison worked to defend organizations from mobile security threats —three years as a Director at Citrix XenMobile and two driving enterprise strategy at Good Technology. Brian also spent over six years at McAfee with a special focus on end-point security -leading efforts to modernize ePolicy Orchestrator. During this time, he also managed vulnerability and policy compliance solutions. His early career ranges from a six-year period with Tripwire, Inc. to cutting his professional teeth in consumer electronics at Diamond Multimedia. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!
Michael Davis explains why cybersecurity is more urgent than ever! Are you a small business and think cybersecurity is really not a concern for you? The hackers are going to go after the big guys: banks, insurance companies, large retailers, not you. Right? Wrong. Listen in as Michael Davis takes us through the swift evolution of cybercrime and the urgent need for all businesses to stop the attackers before they attack you. You literally can't afford to miss this podcast, it's that important. Listen, learn and share. And be careful out there. If you use the Web, you can be hacked Case study: A chain of pizza stores had its point of sale invaded by malware through which hackers could watch transactions taking place and capture individual customers' information. What was even more lucrative for the hackers was watching the chain's bookkeeper post monies to the company bank account, then redirecting the funds into their own account, stealing $300,000 in a quick minute. Even worse, once they knew the way in, they could blackmail the pizza chain's owner for monthly fees to avoid being hacked again. Welcome to the modern-day version of Jesse James. Cybersecurity: what businesses of all sizes should be concerned about: Whether you think your installed malware is sufficient, or you feel you need to hire a chief security officer, or you've decided to outsource your security to a professional cybersecurity firm, now is the time to find out more so you can make the right moves for you and your business! Indeed, this podcast is coming at a great time for all of us. Who is Michael Davis? Michael A. Davis has been educating the global community on the evolution of IT security for several years now. His portfolio of clients includes major corporations such as AT&T, Sears and Exelon, as well as the U.S. Department of Defense. Michael’s early embrace of entrepreneurship earned him a spot on BusinessWeek’s “Top 25 under 25” list, stemming from his launch of IT security consulting firm Savid Technologies, recognized as one of the fastest growing companies of its decade. With a passion for educating others, Michael is a contributing author for the “Hacking Exposed” book series and has become a keynote speaker at conferences and symposiums worldwide. Most recently, Michael has served as CTO of CounterTack, provider of an endpoint security platform delivering real-time cyber threat detection and forensics. Michael recognizes, as should all of us, that the cybersecurity battle is moving to the endpoint, and that conventional IT security technologies can’t ultimately protect enterprises. Firms such as CounterTack offer consumers continuous attack monitoring backed by automated threat analysis. What you can learn from Michael Davis's podcast that you can do today: One of the reasons I am so anxious to share with you Michael’s podcast is that I have a good friend, a fellow consultant and culture change expert, who recently had her data hacked. She paid a ransom but never got her data back. Has this happened to you? Could it? According to Michael, we're all vulnerable. Here are just a few of Michael's tips from our conversation: Your iPad, iPhone and Android are engineered to be much less vulnerable to hackers than your Mac or PC. Use them as much as you can to secure your information. The cloud is an excellent way to thwart hackers. Consider shifting from your office servers to Dropbox, Box and other cloud-based services. They are far more secure and have backups to protect you. Instruct your staff not to open phishing or other suspicious emails. There are lots of training programs that can help you create a more secure business environment. Some blogs and podcasts on this subject you might enjoy: AI Is Infiltrating Every Corner of the Business World. Is This A Good Thing? 4 Top Ways Technology Is Transforming Accounting Firms Jared Tate—Creating DigiByte, Cryptocurrency With the Best Speed, Ease and Security Ask Andi—Why Companies Have Got To Change Or They Will Not Thrive Michael Gale—The Digital Transformation Coming to You Additional resources: My book: "On the Brink: A Fresh Lens to Take Your Business to New Heights" Our website: Simon Associates Management Consultants Download the 1-page synopsis of my book, "On the Brink: A Fresh Lens to Take Your Business to New Heights" here
My Awesome InSecurity Podcast Mixtape: RSA Edition! RSA 2019 was another grand and glorious mess! 50,000+ attendees, vendors, journalists and who knows who else stormed San Francisco for seven days to look, listen, learn and who knows what else. We had time to sit down with a wide swath of people. We found CEOs, Engineers, Global Ambassadors and even a CIO of the White House! How bout that? Kick back and the perspectives this group of experts has to offer on the present state and future of cybersecurity Enjoy! Stuart Mcclureon the BlackBerry & Cylance, Hacking Exposed and the future BlackBerry CMO Mark Wilsonis excited about Cylance joining the BlackBerry family Tom Pace& Kevin Livellipresent Operation Shaheen at RSA Garret Grajekputs the AI in Identity Gabe Dealesees the future of BlackBerry Cylance and it Smart Cities John McClurghas been around the world… is security the tie that binds cultures? Scott Schefermanwants the industry to focus on what users need, not what vendors want Fortalice CEO Theresa Paytonis looking beyond just nation states for who is meddling with us About Matt Stephenson Insecurity Podcast host Matt Stephenson(@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcastand host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!
If you enjoy listening to my podcast, please take a minute to leave a review here! As many of you know, I like to choose podcast topics that are at the forefront in the minds of my audience. I also like to interview leaders who inspire me. When I was looking for a new podcast guest for my show, I asked my CTO at RedZone, James Crifasi, if there was someone he knew in security that he really respected – that stood out for him as a leader in the industry. James recommended Dmitriy Ayrapetov, Executive Director of Product Management at SonicWall. Since RedZone has been a SonicWall partner for many years, I knew Dmitriy, and I knew that he represented most of the network security products that we work with. Luckily, he agreed to come on the show. My conversation with Dmitriy ranges from philosophical to tactical and technical especially with his positions on Machine Learning and AI with security. We discuss a variety of topics including, who are his mentors and what does a product manager do at a high-profile security company like SonicWall? One interesting discussion centered around the thought that, “Humans will always make mistakes – human mistakes are one of the main issues with security. Knowing that we will never fix 100% of the problems of security today, and that we have a massive likelihood of a security breach happening,” – I asked Dmitriy “How can you approach this problem?” Key Points of Interest in This Episode: How Dmitriy researches and keeps on the pulse of security How his mind works when he is thinking of how his customers will be impacted by security Who are his mentors? What would he focus on if he was a startup founder? How would I want to react if I was a customer? Are your security vendors as concerned about business continuity as you are? I think you will really appreciate Dmitriy’s philosophy for CIOs and CISOs – in particular, his thoughts on human mistakes. He believes that since human mistakes can’t be prevented, that you must realize the need for continuity of the business and be prepared for them. With this, I want to welcome you to my interview with Dmitriy Ayrapetov. Major Take-Aways From This Episode: In this podcast we discuss cutting edge strategies with security: sandboxing, block until verdict, remediation and roll back. What does a product manager do at a high-profile security company like SonicWall? o Find people’s problems and bring these engineered solutions to market Evolution of Security – Block first, then ask questions later. Staying current with security is imperative with a current approach centered on business continuation. New ways of thinking – Prevention vs. Continuity, continuous operations like auto-rollback functions. Supply Chain Attacks – Next Gen behavior analytics which led us into an industry education on old fashioned heuristics vs. machine learning and AI. Read Full Transcript Here About Dmitriy Ayrapetov: Dmitriy Ayrapetov has been with SonicWall for over 13 years. He is currently the Executive Director of Product Management at SonicWall, in charge of product security. Prior to this position, Dmitriy held product management and engineering roles at SonicWall and at enKoo Inc., an SSL VPN startup acquired by SonicWall in 2005. As a cybersecurity expert, he speaks at industry conferences including, RSA, Gartner Security Summit, Dell World and is a regular presence at SonicWall’s annual partner conference Peak Performance. Dmitriy holds an MBA from the Haas School of Business at U.C. Berkeley and a BA in Cognitive Science at UC Berkeley. You can see all the SonicWall products Dmitriy has had his hand on since the beginning. • Network Security • Firewalls • FTDMI – Automation and Security • SonicWall ips Series • Client Capture – rollback • Email Security How to get in touch with Dmitriy Ayrapetov LinkedIn Twitter Facebook Key Resources + Links Link to Dmitriy’s SonicWall blog page: https://blog.sonicwall.com/authors/dmitriy-ayrapetov/ • Blog, pub. 9/12/2018: Botnets Targeting Obsolete Software • Blog, pub. 2/13/2017: Practical Defense for Cyber Attacks + Lessons from 2017 SonicWall Annual Threat Report Other SonicWall blog pages that cover suggested topics of discussion listed above: • Sonic Wall Threat Intelligence blog page: https://blog.sonicwall.com/categories/threat-intelligence/ • Annual and mid-year cyber threat reports: https://brandfolder.com/s/pix4u8-fllsa0-f5587c Other presentations and videos by Dmitriy Ayrapetov: SonicWall Roadmap and Industry Trends: https://www.youtube.com/watch?v=p0vAqko1E2s, pub. July 13, 2018 2018 SonicWall Cyber Threat Report – Webcast: https://www.sonicwallsales.com/Video.aspx?code=KJSCK7 RSA Presentation 2017: The Strategic Advantage of Adaptive Multi-Engine Advanced Threat Protection (this is a pdf file of the slide presentation) Learn How to Detect and Prevent Malicious Files with SonicWall Capture ATP: https://www.youtube.com/watch?v=55tw20crqhk, pub. Sept 1, 2017. Also, published as a webinar through BrightTALK, Sept 19, 2017 How SonicWall SuperMassive Next-Gen Firewall Series ensures that every byte of every packet coming into and going out of your network is inspected while maintaining high-performance and low latency: https://www.facebook.com/SonicWall/videos/10155323557848859/, pub. Aug 17, 2017 Other resources mentioned in the Podcast, provided by Dmitriy Ayrapetov: There are two people that Dmitriy mentioned as thought leaders in the field: one of them is well known, Bruce Schneier, an internationally renowned security technologist; while the other is less known, Dan Geer, CISO at In-Q-Tel. Bruce provides a lot of industry as well as practical advice on his website: https://www.schneier.com/. Dan’s keynote at Black Hat 2014 was, in my opinion, direction setting. It was one of the highest signal to noise ratio keynotes that I’ve ever heard and I still come back to it from time to time. It’s very dense, and is based on an essay that he authored. Black Hat Keynote: https://www.youtube.com/watch?v=nT-TGvYOBpI Essay: http://geer.tinho.net/geer.blackhat.6viii14.txt Dan has many other essays/keynotes and your listeners can find them on his website: http://geer.tinho.net/pubs The book that Dmitriy mentioned early in the podcast is Hacking Exposed –they’re on the 7th edition now. I’m not “recommending” the book, I just referenced it as something that piqued my curiosity in security early on. This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here. Click here for instructions on how to leave an iTunes review if you’re doing this for the first time. About Bill Murphy Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.
In this episode of Data Driven, Frank and Andy talk to Lynn Langit. Lynn’s a triple threat: Microsoft MVP, Google Cloud Developer Expert, and AWS Community Hero. Over one million people have watched her Hadoop Fundamentals online course. We are honored to have Lynn on our show! Links Mentioned: Lynn’s Website (https://lynnlangit.com) Lynn’s LinkedIn Learning Page (https://www.linkedin.com/learning/instructors/lynn-langit) Genome Engineering Applications: Early Adopters of the Cloud (https://aws.amazon.com/blogs/aws/genome-engineering-applications-early-adopters-of-the-cloud/) XKCD WebComic: Listening (https://xkcd.com/1807/) Sponsor: Enterprise Data & Analytics (http://entdna.com?dd3) Cool Conversation Blurbs The Coding Architect and Lifelong Learner ([7:30]) Bio-informatics research ([10:50]) Opportunistic Learning ([21:15]) Algorithms run our day-to-day ([27:45]) The law and DNA ([31:45]) Unintended consequences ([36:53]) Hacking Exposed ([41:00]) Lynn Langit Bio Lynn Langit was a developer evangelist for the Microsoft MSDN team for the past 4 years.. Prior to working at Microsoft, she founded and served as lead architect of a development firm that created BI solutions. She holds a number of Microsoft certifications, including MCITP, MCSD, MCDBA, and MCT. Lynn left Microsoft to do consulting and training in October 2011. Lately she’s authored and taught for DevelopMentor (SQL Server 2012 and Google App Engine). Lynn’s been doing production work with SQL Server, .NET, Java and more. Her data blog is at www.LynnLangit.com. She is also the co-founder of the non-profit ‘Teaching Kids Programming’ – more at www.TeachingKidsProgramming.org.
Widely recognized as Co-Author of the Hacking Exposed book series, Joel has worked/consulted for companies like Foundstone (co-founder), Microsoft, Amazon, Costco, Softcard, and Ernst & Young. Joel came on the show to talk about how he got started in security, the changes in vulnerability management, cloud security and IoT. Joel currently is a Technical Director at NCC Group. Full Show Notes: https://wiki.securityweekly.com/Episode514 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Widely recognized as Co-Author of the Hacking Exposed book series, Joel has worked/consulted for companies like Foundstone (co-founder), Microsoft, Amazon, Costco, Softcard, and Ernst & Young. Joel came on the show to talk about how he got started in security, the changes in vulnerability management, cloud security and IoT. Joel currently is a Technical Director at NCC Group. Full Show Notes: https://wiki.securityweekly.com/Episode514 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Brad Antoniewicz works in Cisco Umbrella’s security research group. He founded the NYC branch of Security BSides. Brad is also a contributing author to both the Hacking Exposed and Hacking Exposed: Wireless book series. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode507 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Brad Antoniewicz works in Cisco Umbrella’s security research group. He founded the NYC branch of Security BSides. Brad is also a contributing author to both the Hacking Exposed and Hacking Exposed: Wireless book series. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode507 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Joel Scambray joined us this week to discuss good app design, why it's so difficult, and what can be done to fix it when possible. Joel also co-authored many of the "Hacking Exposed" series of books. We ask him about other books that could come from the well known series. We also ask about why the #infosec person often feels like they need to protect their organization to the expense of our own position (or sanity) and how we as an industry should be not 'in front of the train', but guiding the train to it's destination, one of prosperity and security. Conversely, we also discuss why some positions in security are so short-lived, such as the role of CISO. From SC magazine (https://www.scmagazineuk.com/joel-scambray-joins-ncc-group-as-technical-director/article/634098/): "Security expert and author, Joel Scambray, has joined NCC Group as technical director. He will be based at the Austin, US office. Scambray has more than 20 years of experience in information security. In his new role, he will work with some of the company's biggest clients using his experience in business development, security evangelism and strategic consultancy." Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-006-Joel_scambray-infosec_advice-hacking_exposed.mp3 iTunes (generic link, subscribe for podcast): https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 Brakesec Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw Bsides London is accepting Call for Papers starting 14 Febuary 2017, as well as a Call for Workshops. You can find out more information at https://www.securitybsides.org.uk/ ---------- HITB announcement: “Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ ------- Show Notes: Joel Scambray In a bio: “Joel’s words of security wisdom: Security is a type of risk management, which is about informing a decision. The security professional’s challenge is to bring the most evidence possible to support those decisions, both technical and non.” Building and maintaining a security program Which is better? starting with a few quick wins Or having an overarching project to head where you want to go Starting companies (buyouts / stock options / lessons learned) Hacking Exposed Will you stop at ‘7’? Will there be a “hacking exposed: IoT”? Medical devices What leadership style works best for you? Things we couldn’t cover due to time: Security Shift from network layer to app layer Software defined networking, for example How to set policies to keep your devs from running amok ------
Host Kevin Greene and guest Stuart McClure, CEO and visionary at Cylance, discuss Operation Cleaver, a report developed by Cylance detailing cyberthreats to the critical infrastructure. McClure — who served as an executive at McAfee before founding Cylance — shares his thoughts on how the threat landscape is changing and offers insight on helping federal agencies prevent cyberattacks. He also talks about how to improve the Department of Homeland Security's Einstein program and gives an update about “Hacking Exposed," a book series for which he is a lead author.
McGraw-Hill Executive Editor Jane Brownlow interviews Stuart McClure, lead author of "Hacking Exposed: Sixth Edition".
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
Don't get caught. Building off of Foster's log manipulation and bypassing forensics session at BlackHat Windows 2004, James C. Foster and Vincent T. Liu will share over eighteen months of continued private forensic research with the Black Hat audience including ground-breaking vulnerabilities and key weaknesses in some of the most popular tools used by forensic examiners including EnCase, CA eTrustAudit, and Microsoft ISA Server. Watch live demonstrations as Foster and Vinnie detail how to leverage these weaknesses to avoid being detected, and discover the theory and practice behind the most effective and cutting-edge anti-forensics techniques. Finally, learn how to turn a forensic analyst's training against himself by joining the speakers in a lively discussion of the "Top 10 Ways to Exploit a Forensic Examiner". This talk should be required viewing for all those on both sides of the fence, so come prepared to watch trusted forensics tools crumble. James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation. Foster is responsible for directing and managing the vision, technology, and operational design for CSC's global security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc (acquired by McAfee). and was responsible for all aspects of product, consulting, and corporate Rresearch and developmentD initiatives. Prior to joining Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc (acquired by Verisign) and an editor at Information Security Magazine(acquired by TechTarget Media), subsequent to working as an Information Security and Research Specialist for the Department of Defense. Foster's core competencies include high-tech management, international software development and expansion, web-based application security, cryptography, protocol analysis, and search algorithm technology. Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial and government cryptography implementations. Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, BlackHat, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been cited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds degrees in Business Administration, Software Engineering, and Management of Information Systems and has attended the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include "Snort 2.0", "Snort 2.1" 2nd Edition, "Hacking Exposed" 4th Ed and 5th Ed, "Special Ops Security", "Anti-Hacker Toolkit" 2nd Ed, "Advanced Intrusion Detection", "Hacking the Code", "Anti-Spam Toolkit", "Programmer's Ultimate Security DeskRef", "Google for Penetration Testers", "Buffer Overflow Attacks", and "Sockets, Shellcode, Porting, and Coding". Vincent Liu is an IT security specialist at a Fortune 100 company where he is responsible for assessing the security of the enterprise network infrastructure and participating as a member of the global incident response team.Before moving to his current position, Vincent worked as a consultant with the Ernst and Young Advanced Security Center and as an analyst at the National Security Agency. His specialties include penetration testing, web application assessments, incident response, binary reverse engineering, and exploit development. Vincent holds a degree in Computer Science and Engineering from the University of Pennsylvania. While at Penn, Vincent taught courses on operating system implementation and C programming, and was involved with DARPA-funded research into advanced intrusion detection techniques. He is currently a contributor to the Metasploit project, and is a contributing author for Sockets, Shellcode, Porting, and Coding. Vincent has also studied at the University of Maryland and the University of Kentucky.>
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
In a refreshing different format, Foster cracks the audience with a twenty minute comedic dissertation of the past year in the information security industry. Performing standup, Foster will roast the year's worst companies' business mistakes, stereotypes, books, websites, Fucked Company security excerpts in addition to posing fun of those who don't have the dream job, boatloads of cash, the supermodel girlfriend, or cabana boy - boyfriend with humorous hints of how to get there. Wrapping up the session, Foster will make his 2006 security predictions. James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation. Foster is responsible for directing and managing the vision, technology, and operational design for CSC's global security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc (acquired by McAfee). and was responsible for all aspects of product, consulting, and corporate research and development initiatives. Prior to joining Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc (acquired by Verisign) and an editor at Information Security Magazine(acquired by TechTarget Media), subsequent to working as an Information Security and Research Specialist for the Department of Defense. Foster's core competencies include high-tech management, international software development and expansion, web-based application security, cryptography, protocol analysis, and search algorithm technology. Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial and government cryptography implementations. Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, BlackHat, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been cited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds degrees in Business Administration, Software Engineering, and Management of Information Systems and has attended the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.0, Snort 2.1 2nd Edition, Hacking Exposed 4th Ed and 5th Edition, Special Ops Security, Anti-Hacker Toolkit 2nd Ed, Advanced Intrusion Detection, Hacking the Code, Anti-Spam Toolkit, Programmer's Ultimate Security DeskRef, Google for Penetration Testers, Buffer Overflow Attacks, and Sockets/Porting/and Shellcode.
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
Don't get caught. Building off of Foster's log manipulation and bypassing forensics session at BlackHat Windows 2004, James C. Foster and Vincent T. Liu will share over eighteen months of continued private forensic research with the Black Hat audience including ground-breaking vulnerabilities and key weaknesses in some of the most popular tools used by forensic examiners including EnCase, CA eTrustAudit, and Microsoft ISA Server. Watch live demonstrations as Foster and Vinnie detail how to leverage these weaknesses to avoid being detected, and discover the theory and practice behind the most effective and cutting-edge anti-forensics techniques. Finally, learn how to turn a forensic analyst's training against himself by joining the speakers in a lively discussion of the "Top 10 Ways to Exploit a Forensic Examiner". This talk should be required viewing for all those on both sides of the fence, so come prepared to watch trusted forensics tools crumble. James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation. Foster is responsible for directing and managing the vision, technology, and operational design for CSC's global security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc (acquired by McAfee). and was responsible for all aspects of product, consulting, and corporate Rresearch and developmentD initiatives. Prior to joining Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc (acquired by Verisign) and an editor at Information Security Magazine(acquired by TechTarget Media), subsequent to working as an Information Security and Research Specialist for the Department of Defense. Foster's core competencies include high-tech management, international software development and expansion, web-based application security, cryptography, protocol analysis, and search algorithm technology. Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial and government cryptography implementations. Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, BlackHat, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been cited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds degrees in Business Administration, Software Engineering, and Management of Information Systems and has attended the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include "Snort 2.0", "Snort 2.1" 2nd Edition, "Hacking Exposed" 4th Ed and 5th Ed, "Special Ops Security", "Anti-Hacker Toolkit" 2nd Ed, "Advanced Intrusion Detection", "Hacking the Code", "Anti-Spam Toolkit", "Programmer's Ultimate Security DeskRef", "Google for Penetration Testers", "Buffer Overflow Attacks", and "Sockets, Shellcode, Porting, and Coding". Vincent Liu is an IT security specialist at a Fortune 100 company where he is responsible for assessing the security of the enterprise network infrastructure and participating as a member of the global incident response team.Before moving to his current position, Vincent worked as a consultant with the Ernst and Young Advanced Security Center and as an analyst at the National Security Agency. His specialties include penetration testing, web application assessments, incident response, binary reverse engineering, and exploit development. Vincent holds a degree in Computer Science and Engineering from the University of Pennsylvania. While at Penn, Vincent taught courses on operating system implementation and C programming, and was involved with DARPA-funded research into advanced intrusion detection techniques. He is currently a contributor to the Metasploit project, and is a contributing author for Sockets, Shellcode, Porting, and Coding. Vincent has also studied at the University of Maryland and the University of Kentucky.>
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
In a refreshing different format, Foster cracks the audience with a twenty minute comedic dissertation of the past year in the information security industry. Performing standup, Foster will roast the year's worst companies' business mistakes, stereotypes, books, websites, Fucked Company security excerpts in addition to posing fun of those who don't have the dream job, boatloads of cash, the supermodel girlfriend, or cabana boy - boyfriend with humorous hints of how to get there. Wrapping up the session, Foster will make his 2006 security predictions. James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation. Foster is responsible for directing and managing the vision, technology, and operational design for CSC's global security services. Prior to joining CSC, Foster was the Director of Research and Development for Foundstone Inc (acquired by McAfee). and was responsible for all aspects of product, consulting, and corporate research and development initiatives. Prior to joining Foundstone, Foster was a Senior Advisor and Research Scientist with Guardent Inc (acquired by Verisign) and an editor at Information Security Magazine(acquired by TechTarget Media), subsequent to working as an Information Security and Research Specialist for the Department of Defense. Foster's core competencies include high-tech management, international software development and expansion, web-based application security, cryptography, protocol analysis, and search algorithm technology. Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial and government cryptography implementations. Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, BlackHat, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been cited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds degrees in Business Administration, Software Engineering, and Management of Information Systems and has attended the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania's Wharton School of Business. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.0, Snort 2.1 2nd Edition, Hacking Exposed 4th Ed and 5th Edition, Special Ops Security, Anti-Hacker Toolkit 2nd Ed, Advanced Intrusion Detection, Hacking the Code, Anti-Spam Toolkit, Programmer's Ultimate Security DeskRef, Google for Penetration Testers, Buffer Overflow Attacks, and Sockets/Porting/and Shellcode.