POPULARITY
3 episodes with red teams
3 episodes with red teams
2 episodes with red teams
2 episodes with red teams
2 episodes with red teams
2 episodes with red teams
Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn't on commoditized services—it's on what actually makes a difference.At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn't hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.Coalfire's evolution reflects this shift. It's not just about running a penetration test or red team operation in isolation. It's about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they're seeking simplified, strategic programs with measurable outcomes.The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It's about enabling CISOs to own the narrative, armed with context, clarity, and confidence.Henderson's reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.Learn more about Coalfire: https://itspm.ag/coalfire-yj4wNote: This story contains promotional content. Learn more.Guest: Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/ResourcesLearn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfireLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Kevin Flyangolts joins Erum and Karl to talk about the evolving landscape of biosecurity. They discuss the rapid advancements in biotechnology, the growing accessibility of synthetic DNA, and the need for robust screening systems to ensure safety in the bioeconomy. Kevin shares knowledge from his software background, explaining how tools like those at Aclid Bio are bridging gaps in security, protecting against potential misuse, and setting the stage for future innovations in biotech. With reflections on government initiatives, industry collaboration, and the complexities of ethical biosecurity practices, this conversation showcases the urgent issues and exciting possibilities in the intersection of biology and technology. Grow Everything brings the bioeconomy to life. Hosts Karl Schmieder and Erum Azeez Khan share stories and interview the leaders and influencers changing the world by growing everything. Biology is the oldest technology. And it can be engineered. What are we growing? Learn more at www.messaginglab.com/groweverything Chapters: 00:00:00 - Opening with Unchecked DNA Risks 00:00:22 - Drones, Aliens, and the Unknown 00:01:45 - The Biotech Holiday Buzz 00:04:18 - Manufacturing the Future: A Revolution Begins 00:07:05 - DARPA's Wild Moonshot Ideas 00:09:47 - What Keeps Us Up at Night 00:11:55 - Meet Kevin: Biosecurity Pioneer 00:15:30 - The Software Revolution in Biotech 00:19:45 - Tackling Biosecurity Challenges with Innovation 00:24:58 - Regulations in a Rapidly Changing Field 00:28:59 - Red Teams and Hidden Vulnerabilities 00:39:04 - Building Biotech Trust and Collaboration 00:44:21 - A Vision for Safer Biotech 00:46:59 - Wrap-Up and What's Next in Biosecurity Episode Links: Aclid Bio Genspace ECHO NYC Biolabs@NYULangone Quorum Bio The Department of Defense under the Distributed Bioindustrial Manufacturing Program (DBIMP) made 34 awards worth over $60 million. Awardees include Cauldron and Checkerspot. Topics Covered: biosecurity, DNA synthesis, BIOSECURE Act, computer science Have a question or comment? Message us here: Text or Call (804) 505-5553 Instagram / Twitter / LinkedIn / Youtube / Grow Everything Email: groweverything@messaginglab.com Music by: Nihilore Production by: Amplafy Media
In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Johann Rehberger, security expert and Red Team director at Electronic Arts. Johann shares his career journey through roles at Microsoft, Uber, and EA, highlighting his expertise in red teaming and cybersecurity. Johann shares the inspiration behind his book on Red Team strategies and discusses his BlueHat 2024 talk on prompt injection vulnerabilities, a critical and evolving AI security challenge. Johann breaks down the distinction between prompt injection and jailbreaking, offering insights into the potential risks, including data exfiltration and system unavailability, and emphasizes the importance of securing Red Teams themselves. In This Episode You Will Learn: Why AI tools should have stricter default settings to control what kind of outputs they generate The importance of reading technical documentation to understand how AI systems are built Why developers should implement stronger filters for what tokens are allowed to be emitted by LLMs Some Questions We Ask: How are prompt injection and SQL injection similar, and how are they different? What is AI spyware, and how does it exploit memory tools in ChatGPT? Does AI jailbreaking access the LLM's core system like iPhone jailbreaking does the OS? Resources: View Johann Rehberger on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Are there holes in your security program? Quite likely. In this episode of SM Highlights, host Brendan Howard speaks with red team expert Gary DeMercurio about how to develop a testing program and scope that deliver actionable results and value. Also, Marc Weber Tobias outlines the concept of insecurity engineering in locks and the basic awareness security practitioners should leverage. Then, Mark Johnson explains how data-driven video surveillance systems are being used to improve operations and safety for medevac helicopters. Additional Resources Interested in penetration testing? Watch a selection of key takeaways from GSX 2024 speakers here: https://www.youtube.com/watch?v=cHXSh77ONPw Read more about pen testing and red teaming in Security Management's coverage publishing later in December. Read more from WIRED about Marc Weber Tobias's work on Medeco locks here: https://www.wired.com/2008/08/medeco-locks-cr/ For more on medevac helicopter security, read Mark Johnson's article here: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2024/december/Data-Driven-Video-Technology-Enhances-Medevac-Helicopters-Safety/ Learn more about flying debris affecting helipad safety in this National Transportation Safety Board safety alert: https://www.ntsb.gov/Advocacy/safety-alerts/Documents/SA-057.pdf Dive deeper into transportation security in the December 2024 issue of Security Technology here: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2024/december/
Welcome to One CA Podcast. As we go into the holidays, the One CA brings on the show's founder, John McElligott, to talk with Brian Hancock and Jack Gaines about the show's beginnings, current updates and goals for the future. So, stay tuned. --- One CA is a product of the civil affairs association and brings in people who are current or former military, diplomats, development officers, and field agents to discuss their experiences on the ground with a partner nation's people and leadership. We aim to inspire anyone interested in working in the "last three feet" of U.S. foreign relations. To contact the show, email us at CApodcasting@gmail.com or look us up on the Civil Affairs Association website at https://www.civilaffairsassoc.org/podcast --- Episode list: Past Episodes: 202 Andrew Gonzalez on Marine Civil Affairs in the Pacific (Part II) 201 Andrew Gonzalez on Marine Civil Affairs in the Pacific (Part I) 200 Jörg Grössl on the NATO Civil-Military Cooperation Centre of Excellence 199 Jeffrey Fiddler and the U.S. Gaza Relief Mission 198 David Luna, State-sponsored criminality in strategic competition 197 Scott Mann "Nobody is Coming to Save You" 196 Jeffrey Fiddler on the DOD response to COVID 19 195 Cleo Paskal on PRC operations in Guam 194 Doug Stevens on faith-based diplomacy 193 Patrick Alley on Global Influence (Part II) 192 Patrick Alley on Global Influence (Part I) 191 Drew Biemer on Energy Sector Civil Affairs 190 Pavlo Kuktha on Ukraine Reconstruction 189 Phillip Smith in discussion with Brian Hancock 188 Part II, Mickey Bergman on Diplomacy in the Shadows 187 Part I, Mickey Bergman on Diplomacy in the Shadows 186 Major Gustavo Ferreira testifies at the U.S. China Economic and Security Review Commission. 185 Scott Mann, Life After Afghanistan 184 Megan O'Keefe-Schlesinger on Information Operations. Part II. 183 Megan O'Keefe-Schlesinger. Leading Information Operations and Influence. Part I 182 Natacha Ciezki, from Zaire to America 181 Proxy Wars, by Pawel Bernat, Juneyt Gurer, and Cyprian Kozera 180 Sandor Fabian: Europe is Learning the wrong lessons from the conflict in Ukraine 179 Civil Affairs Innovation with Colonel Brad Hughes, part II 178 Civil Affairs Innovation with Colonel Brad Hughes, part I 177 Patrick Passewitz on the Sicilian Model 176 Part II, interview with J. David Thompson 175 Part I interview with J. David Thompson 174 Direct Commissions with Heater Cotter 173 Achieving post conflict stabilization with Prof. Beatrice Heuser (Pt.2) 172 Achieving post conflict stabilization with Prof. Beatrice Heuser (Pt.1) 171 Civil Military What? 170 Combat First Aid in Ukraine by Michael Baker 169 Part II, Bas Wouters on Influence and Persuasion 168 Part I, Bas Wouters on Influence and Persuasion 167 Electronic Warfare with Michael Gudmundson 166 On Alexei Navalny and Political Dissent 165 Part II of the Courtney Mulhern and Dan Joseph interview 164 Part I, Courtney Mulhern and Dan Joseph on the book "Backpack to Rucksack" 163 Sam Cooper on China political and Economic Warfare 162 Rob Boudreau and Joel Searls 161 Curtis Fox, Part II on Russian Hybrid Warfare 160 Curtis Fox: Part I, Russian Hybrid Warfare 159 Albert Augustine and V Corps CA 158 Introducing the 1st CAG Human Dimension Podcast 157 Part II Robert Curris on Psychological Operations integration with CA and SOF 156 Part I, Robert Curris on Psychological Operations integration with CA and SOF 155 Gen (R) David Petraeus at Carnegie 154 Angie Smith, Environmental Science and Foreign Policy 153 One CA Classic. John visits AUSA 152 Dan Blumenthal and Fred Kagan 151 Dan Blumenthal and Fred Kagan 150 The WestPoint Center for the Study of Civil-Military Operations 149 Part II. Tony Vacha on Civil Affairs in Europe and Africa 148 Part I.Tony Vacha on Civil Affairs in Europe and Africa 147 Jack's first year hosting the One CA Podcast 146 Jess Langerud talks on medical diplomacy in Poland 145 Courtney Mulhern. Three tools to improve local public outreach 144 Garric Banfield on the 95th Civil Affairs Brigade 143 Richard Messick. Advising partner nations on Rule of Law and anti-corruption 142 Scott DeJesse and the new Monuments Men and Women 141 Paul Hutchinson on the film ”Sound of Freedom” and human trafficking 140 Brian Hancock interview Col. Rachael Sherrer discuss Army Europe and Africa 139 John Cassara on China's Criminal Economy 138 Part II. Joseph Long on relational leadership and military diplomacy 137 Part I. Joseph Long on relational leadership and military diplomacy 136 Joe Pastorek and the 95th CA Advanced Skills Detachment 135 Jack Gaines interview with Global Integrity 134 Calvin Chrustie on conflict and hostage negotiation 133 Part II: Afghan resettlement in the U.S. 132 Part I: Afghan resettlement in the U.S. 131 Climate and Security 130 Chris Hyslop on human rights and diplomacy 129 Special Episode: Digital Civil Reconnaissance with Carrick Longley and Stephen Hunnewell 128 128 Josh Bedingfield on Shadow Governments Part II 127 Josh Bedingfield on Shadow Governments, Part I 126 Juan Quiroz on CA leading in Competition 125 Chris Hyslop: The Peace Corps 124 Special episode. Jordan Harbinger interviews H.R. McMaster on his book ”Battlegrounds” 123 Part II 38G: Agriculture and foreign policy 122 Part I 38G: Agriculture and foreign policy 121 Korea Reunification by David Maxwell 120 Special episode. IWP: The Columbia Plan 119 Discussing the USMC, 31st MEU CA Marines 118 Part II. Integrating Civil Affairs, field operations and diplomacy, by former Under-Secretary, Michael Patrick Mulroy 117 Part I. former DASD, Michael Patrick Mulroy on Integrating Civil Affairs, field operations and diplomacy 116 Assad Raza talk-back on the Frank Sobchak interview 115 Frank Sobchak on advising and training partner nation forces 114 Special Episode from the IW Podcast: Slow Burn: How Security Cooperation shapes operational environments 113 Jodi Harman and the HillVets Foundation 112 David Maxwell on grand strategy 111 Civil Affairs and Security Cooperation with Chris Stockel 110 CSM Riccio Christmas Day Concert 109 John Hutcheson on Hiring our Heroes 108 Advertisement for the CSM Riccio holiday concert 107 Operation Joint Endeavor 106 Special episode: John McElligott passes the mic 105 Major John Burns on Ghost Team at NTC 104 Stanislava Mladenova on Civ-Mil Relationships in Low-Intensity Conflict and State Fragility 103 Benjamin Ordiway and Anthony Pfaff 102 Nick Krohley and Lt Col Stefan Muehlich on Doctrinal Comparison, Part 2 101 Nick Krohley and Lt Col Stefan Muehlich on Doctrinal Comparison, Part 1 100 Episode 100 of the One CA Podcast 99 Theater Information Advantage Element 98 Brig Gen Chris Dziubek of the 351st CACOM 97 Mark Delaney on Civil Affairs Skills for Post Military Life 96 Colonel Marco Bongioanni on Emergency Preparedness Liaison Officers 95 Maj Gen Jeff Coggin of USACAPOC(A) 94 Operation Allies Refuge: Lessons on Interagency and Multinational Collaboration 93 Vish Odedra on COVID-19 Vaccinations in the UK 92 LTC Greg Banner on Training for Unconventional Warfare 91 Chris Bryant on Social Media for CA 90 CA Issue Papers 2021 - Part 3 89 CA Issue Papers 2021 - Part 2 88 CA Issue Papers 2021 - Part 1 87 USACAPOC(A) Command Strategic Initiatives 86 Civil Affairs Interagency Panel - Part 2 85 Civil Affairs Interagency Panel - Part 1 84 Zach Hyleman and Kevin Chapla on FAO and CA 83 Civil Affairs in Regional Competition for Influence - Part 2 82 Civil Affairs in Regional Competition for Influence - Part 1 81 SFC Josh Spiers on San Pedro Sula, Honduras 80 Major Lauren Holl on San Pedro Sula, Honduras 79 Josh Bedingfield on Human Network Analysis 78 Lieutenant General Eric Wesley on Civil Competition - Part 2 77 Lieutenant General Eric Wesley on Civil Competition - Part 1 76 Maj Gen Hugh Van Roosen on a Career in SF, CA, and PSYOP 75 Brig. Gen. Jeffrey Coggin of USACAPOC(A) 74 Colonel Mattia Zuzzi of the Multinational CIMIC Group 73 Jonathan Papoulidis on Country Coordination Platforms 72 Colonel Frank van Boxmeer of NATO CCOE 71 LTC Matthias Wasinger of the Austrian Armed Forces 70 Request for Capabilities Brief Guests and Show Hosts 69 Lt Col Jahn Olson and Lt Col Korvin Kraics on III Marine Expeditionary Force 68 LTC Albert Augustine on CA Missions in Africa 67 Justin Constantine 66 John Steed of Tesla Government on GIS 65 65 Digital Civil Reconnaissance with Carrick Longley and Stephen Hunnewell 64 Joe Pastorek on the 95th Civil Affairs Brigade's Advanced Skills Detachment 63 Lauren Ladenson, Lieutenant Colonel Matt Holmes, and Lieutenant Colonel Kyle Kouri on Defense Support to Stabilization (DSS) 62 CPT Al Oh and SGM Chris Melendez discuss Civil Reconnaissance 61 Dr. E. Casey Wardynski, ASA (M&RA) on Talent Management 60 LTC Scott Dickerson on the Army CA Force Modernization Assessment 59 MAJ Ashley Holzmann on the History of US Propaganda and Psychological Operations 58 Doowan Lee on Innovating Influence Intelligence 57 LTC Marco Bongioanni on the International Visitor Leadership Program 56 Paul Giannone on CA in Vietnam and his Career in Public Health 55 LTC Jeff Uherka and COL Steve Barry of Joint Task Force - Bravo 54 John Barsa, Acting Administrator of USAID 53 Dr. Ajit Maan - Narrative Warfare 52 Karen Walsh and Bron Morrison of Dexis Consulting 51 Intergrating Civil Affairs, with MAJ Brian Hancock and Dr. Timothy Darr 50 COL Steve Battle on CA Support for the COVID-19 Outbreak in Korea 49 LTC Rachel Sullivan and MAJ Mike Karlson on CA during the COVID-19 Pandemic in Korea 48 Dr. Lynn Copeland on the Future of Civil Information Management 47 Letting the CAT out of the Bag Part 2 46 Letting the CAT out of the Bag, Part 1 45 MAJ Ian Duke on the need for a Civil Knowledge Battalion 44 MAJ James Ontiveros discusses Civil Affairs and Megacities 43 Captains Chapla, Micciche, and Staron on Storyboards as the TPS Reports of the Army 42 LTC Sue Gannon on Leading the 450th CA Battalion 41 Sean McFate on the New Rules of War, Part 2 40 Sean McFate on the New Rules of War, Part 1 39 Abubakr Elnoor on Darfur and Terrorist Recruitment 38 Devin Conley on the National Training Center 37 General Anthony Zinni on a Unified, Interagency Command 36 Garric Banfield on the 95th Civil Affairs Brigade 35 Justin Richmond on the Impl. Project 34 Alexandra Lamarche on Internally Displaced People in Cameroon 33 Jamie Schwandt on Swarm Intelligence, Swarm Learning, and Red Teams 32 Jay Liddick and Scott Dickerson on the CA Force Modernization Assessment 31 Narayan Khadka on Nepal, castes, and community trauma 30 Jay Liddick and Scott Dickerson on CA in Large Scale Combat Operations 29 Giancarlo Newsome and Jesse Elmore on Military Government Specialists 28 Nicholas Krohley on Human Terrain and CA Integration 27 Dale Yeager with Travel Safety Tips 26 Cori Wegener on Cultural Heritage Preservation 25 Major General Darrell Guthrie of USACAPOC(A) 24 Kwadjo Owusu-Sarfo on Ghana and Boko Haram 23 Manya Dotson on Life in the NGO Community 22 Wyatt Hughes Trains the Central Readiness Force of Japan 21 Bonus episode with Ryan McCannell of USAID 20 Ryan McCannell of USAID on the Evolution of CA in Sub-Saharan African 19 Arnel David on Strategy in the 21st Century 18 Michael Coates and Mark Grimes, Startup Radio Network 17 Max Steiner and Mazi Markel, CA Issue Paper 16 Diana Parzik, USAID Office of Civilian-Military Cooperation 15 Will Ibrahim, S-9 of 2/1 CAV 14 What is Civil Affairs - AUSA Answers 13 Scott Fisher and Information Operations 12 Aleks Nesic and James Patrick Christian of Valka-Mir 11 Norm Cotton of the Institute for Defense Analyses 10 Kevin Melton, USAID Office of Transition Initiatives 9 Dr. Larry Hufford discusses the 20th Anniversary of the Good Friday Agreement in Northern Ireland 8 Valor Breez and Jarrett Redman on "Beyond Hearts and Minds" 7 John Stefula and PKSOI 6 Michael Schwille, Iraq and Djibouti and RAND 5 Gonul Tol, Middle East Institute, on Turkey 4 Roberto Carmack, PhD, on Russian actions 3 Sean Acosta, Instructor, USAJFKSWCS 2 Valerie Jackson, 4th CA Group, USMC 1 Jon May: Artificial Intelligence for HA/DR Operations - LORELEI --- Special thanks to Cool Jazz Hot Bassa for sampling music in their album, Energy Jazz Playlist. Retrieved at: https://youtu.be/bdWUj2NYDYQ?si=00ylFfJ6DhGCwPsO
Welcome to One CA Podcast. As we go into the holidays, the One CA brings on the show's founder, John McElligott, to talk with Brian Hancock and Jack Gaines about the show's beginnings, current updates and goals for the future. So, stay tuned. --- One CA is a product of the civil affairs association and brings in people who are current or former military, diplomats, development officers, and field agents to discuss their experiences on the ground with a partner nation's people and leadership. We aim to inspire anyone interested in working in the "last three feet" of U.S. foreign relations. To contact the show, email us at CApodcasting@gmail.com or look us up on the Civil Affairs Association website at www civilaffairsassoc.org --- Past Episodes: 202 Andrew Gonzalez on Marine Civil Affairs in the Pacific (Part II) 201 Andrew Gonzalez on Marine Civil Affairs in the Pacific (Part I) 200 Jörg Grössl on the NATO Civil-Military Cooperation Centre of Excellence 199 Jeffrey Fiddler and the U.S. Gaza Relief Mission 198 David Luna, State-sponsored criminality in strategic competition 197 Scott Mann "Nobody is Coming to Save You" 196 Jeffrey Fiddler on the DOD response to COVID 19 195 Cleo Paskal on PRC operations in Guam 194 Doug Stevens on faith-based diplomacy 193 Patrick Alley on Global Influence (Part II) 192 Patrick Alley on Global Influence (Part I) 191 Drew Biemer on Energy Sector Civil Affairs 190 Pavlo Kuktha on Ukraine Reconstruction 189 Phillip Smith in discussion with Brian Hancock 188 Part II, Mickey Bergman on Diplomacy in the Shadows 187 Part I, Mickey Bergman on Diplomacy in the Shadows 186 Major Gustavo Ferreira testifies at the U.S. China Economic and Security Review Commission. 185 Scott Mann, Life After Afghanistan 184 Megan O'Keefe-Schlesinger on Information Operations. Part II. 183 Megan O'Keefe-Schlesinger. Leading Information Operations and Influence. Part I 182 Natacha Ciezki, from Zaire to America 181 Proxy Wars, by Pawel Bernat, Juneyt Gurer, and Cyprian Kozera 180 Sandor Fabian: Europe is Learning the wrong lessons from the conflict in Ukraine 179 Civil Affairs Innovation with Colonel Brad Hughes, part II 178 Civil Affairs Innovation with Colonel Brad Hughes, part I 177 Patrick Passewitz on the Sicilian Model 176 Part II, interview with J. David Thompson 175 Part I interview with J. David Thompson 174 Direct Commissions with Heater Cotter 173 Achieving post conflict stabilization with Prof. Beatrice Heuser (Pt.2) 172 Achieving post conflict stabilization with Prof. Beatrice Heuser (Pt.1) 171 Civil Military What? 170 Combat First Aid in Ukraine by Michael Baker 169 Part II, Bas Wouters on Influence and Persuasion 168 Part I, Bas Wouters on Influence and Persuasion 167 Electronic Warfare with Michael Gudmundson 166 On Alexei Navalny and Political Dissent 165 Part II of the Courtney Mulhern and Dan Joseph interview 164 Part I, Courtney Mulhern and Dan Joseph on the book "Backpack to Rucksack" 163 Sam Cooper on China political and Economic Warfare 162 Rob Boudreau and Joel Searls 161 Curtis Fox, Part II on Russian Hybrid Warfare 160 Curtis Fox: Part I, Russian Hybrid Warfare 159 Albert Augustine and V Corps CA 158 Introducing the 1st CAG Human Dimension Podcast 157 Part II Robert Curris on Psychological Operations integration with CA and SOF 156 Part I, Robert Curris on Psychological Operations integration with CA and SOF 155 Gen (R) David Petraeus at Carnegie 154 Angie Smith, Environmental Science and Foreign Policy 153 One CA Classic. John visits AUSA 152 Dan Blumenthal and Fred Kagan 151 Dan Blumenthal and Fred Kagan 150 The WestPoint Center for the Study of Civil-Military Operations 149 Part II. Tony Vacha on Civil Affairs in Europe and Africa 148 Part I.Tony Vacha on Civil Affairs in Europe and Africa 147 Jack's first year hosting the One CA Podcast 146 Jess Langerud talks on medical diplomacy in Poland 145 Courtney Mulhern. Three tools to improve local public outreach 144 Garric Banfield on the 95th Civil Affairs Brigade 143 Richard Messick. Advising partner nations on Rule of Law and anti-corruption 142 Scott DeJesse and the new Monuments Men and Women 141 Paul Hutchinson on the film ”Sound of Freedom” and human trafficking 140 Brian Hancock interview Col. Rachael Sherrer discuss Army Europe and Africa 139 John Cassara on China's Criminal Economy 138 Part II. Joseph Long on relational leadership and military diplomacy 137 Part I. Joseph Long on relational leadership and military diplomacy 136 Joe Pastorek and the 95th CA Advanced Skills Detachment 135 Jack Gaines interview with Global Integrity 134 Calvin Chrustie on conflict and hostage negotiation 133 Part II: Afghan resettlement in the U.S. 132 Part I: Afghan resettlement in the U.S. 131 Climate and Security 130 Chris Hyslop on human rights and diplomacy 129 Special Episode: Digital Civil Reconnaissance with Carrick Longley and Stephen Hunnewell 128 128 Josh Bedingfield on Shadow Governments Part II 127 Josh Bedingfield on Shadow Governments, Part I 126 Juan Quiroz on CA leading in Competition 125 Chris Hyslop: The Peace Corps 124 Special episode. Jordan Harbinger interviews H.R. McMaster on his book ”Battlegrounds” 123 Part II 38G: Agriculture and foreign policy 122 Part I 38G: Agriculture and foreign policy 121 Korea Reunification by David Maxwell 120 Special episode. IWP: The Columbia Plan 119 Discussing the USMC, 31st MEU CA Marines 118 Part II. Integrating Civil Affairs, field operations and diplomacy, by former Under-Secretary, Michael Patrick Mulroy 117 Part I. former DASD, Michael Patrick Mulroy on Integrating Civil Affairs, field operations and diplomacy 116 Assad Raza talk-back on the Frank Sobchak interview 115 Frank Sobchak on advising and training partner nation forces 114 Special Episode from the IW Podcast: Slow Burn: How Security Cooperation shapes operational environments 113 Jodi Harman and the HillVets Foundation 112 David Maxwell on grand strategy 111 Civil Affairs and Security Cooperation with Chris Stockel 110 CSM Riccio Christmas Day Concert 109 John Hutcheson on Hiring our Heroes 108 Advertisement for the CSM Riccio holiday concert 107 Operation Joint Endeavor 106 Special episode: John McElligott passes the mic 105 Major John Burns on Ghost Team at NTC 104 Stanislava Mladenova on Civ-Mil Relationships in Low-Intensity Conflict and State Fragility 103 Benjamin Ordiway and Anthony Pfaff 102 Nick Krohley and Lt Col Stefan Muehlich on Doctrinal Comparison, Part 2 101 Nick Krohley and Lt Col Stefan Muehlich on Doctrinal Comparison, Part 1 100 Episode 100 of the One CA Podcast 99 Theater Information Advantage Element 98 Brig Gen Chris Dziubek of the 351st CACOM 97 Mark Delaney on Civil Affairs Skills for Post Military Life 96 Colonel Marco Bongioanni on Emergency Preparedness Liaison Officers 95 Maj Gen Jeff Coggin of USACAPOC(A) 94 Operation Allies Refuge: Lessons on Interagency and Multinational Collaboration 93 Vish Odedra on COVID-19 Vaccinations in the UK 92 LTC Greg Banner on Training for Unconventional Warfare 91 Chris Bryant on Social Media for CA 90 CA Issue Papers 2021 - Part 3 89 CA Issue Papers 2021 - Part 2 88 CA Issue Papers 2021 - Part 1 87 USACAPOC(A) Command Strategic Initiatives 86 Civil Affairs Interagency Panel - Part 2 85 Civil Affairs Interagency Panel - Part 1 84 Zach Hyleman and Kevin Chapla on FAO and CA 83 Civil Affairs in Regional Competition for Influence - Part 2 82 Civil Affairs in Regional Competition for Influence - Part 1 81 SFC Josh Spiers on San Pedro Sula, Honduras 80 Major Lauren Holl on San Pedro Sula, Honduras 79 Josh Bedingfield on Human Network Analysis 78 Lieutenant General Eric Wesley on Civil Competition - Part 2 77 Lieutenant General Eric Wesley on Civil Competition - Part 1 76 Maj Gen Hugh Van Roosen on a Career in SF, CA, and PSYOP 75 Brig. Gen. Jeffrey Coggin of USACAPOC(A) 74 Colonel Mattia Zuzzi of the Multinational CIMIC Group 73 Jonathan Papoulidis on Country Coordination Platforms 72 Colonel Frank van Boxmeer of NATO CCOE 71 LTC Matthias Wasinger of the Austrian Armed Forces 70 Request for Capabilities Brief Guests and Show Hosts 69 Lt Col Jahn Olson and Lt Col Korvin Kraics on III Marine Expeditionary Force 68 LTC Albert Augustine on CA Missions in Africa 67 Justin Constantine 66 John Steed of Tesla Government on GIS 65 65 Digital Civil Reconnaissance with Carrick Longley and Stephen Hunnewell 64 Joe Pastorek on the 95th Civil Affairs Brigade's Advanced Skills Detachment 63 Lauren Ladenson, Lieutenant Colonel Matt Holmes, and Lieutenant Colonel Kyle Kouri on Defense Support to Stabilization (DSS) 62 CPT Al Oh and SGM Chris Melendez discuss Civil Reconnaissance 61 Dr. E. Casey Wardynski, ASA (M&RA) on Talent Management 60 LTC Scott Dickerson on the Army CA Force Modernization Assessment 59 MAJ Ashley Holzmann on the History of US Propaganda and Psychological Operations 58 Doowan Lee on Innovating Influence Intelligence 57 LTC Marco Bongioanni on the International Visitor Leadership Program 56 Paul Giannone on CA in Vietnam and his Career in Public Health 55 LTC Jeff Uherka and COL Steve Barry of Joint Task Force - Bravo 54 John Barsa, Acting Administrator of USAID 53 Dr. Ajit Maan - Narrative Warfare 52 Karen Walsh and Bron Morrison of Dexis Consulting 51 Intergrating Civil Affairs, with MAJ Brian Hancock and Dr. Timothy Darr 50 COL Steve Battle on CA Support for the COVID-19 Outbreak in Korea 49 LTC Rachel Sullivan and MAJ Mike Karlson on CA during the COVID-19 Pandemic in Korea 48 Dr. Lynn Copeland on the Future of Civil Information Management 47 Letting the CAT out of the Bag Part 2 46 Letting the CAT out of the Bag, Part 1 45 MAJ Ian Duke on the need for a Civil Knowledge Battalion 44 MAJ James Ontiveros discusses Civil Affairs and Megacities 43 Captains Chapla, Micciche, and Staron on Storyboards as the TPS Reports of the Army 42 LTC Sue Gannon on Leading the 450th CA Battalion 41 Sean McFate on the New Rules of War, Part 2 40 Sean McFate on the New Rules of War, Part 1 39 Abubakr Elnoor on Darfur and Terrorist Recruitment 38 Devin Conley on the National Training Center 37 General Anthony Zinni on a Unified, Interagency Command 36 Garric Banfield on the 95th Civil Affairs Brigade 35 Justin Richmond on the Impl. Project 34 Alexandra Lamarche on Internally Displaced People in Cameroon 33 Jamie Schwandt on Swarm Intelligence, Swarm Learning, and Red Teams 32 Jay Liddick and Scott Dickerson on the CA Force Modernization Assessment 31 Narayan Khadka on Nepal, castes, and community trauma 30 Jay Liddick and Scott Dickerson on CA in Large Scale Combat Operations 29 Giancarlo Newsome and Jesse Elmore on Military Government Specialists 28 Nicholas Krohley on Human Terrain and CA Integration 27 Dale Yeager with Travel Safety Tips 26 Cori Wegener on Cultural Heritage Preservation 25 Major General Darrell Guthrie of USACAPOC(A) 24 Kwadjo Owusu-Sarfo on Ghana and Boko Haram 23 Manya Dotson on Life in the NGO Community 22 Wyatt Hughes Trains the Central Readiness Force of Japan 21 Bonus episode with Ryan McCannell of USAID 20 Ryan McCannell of USAID on the Evolution of CA in Sub-Saharan African 19 Arnel David on Strategy in the 21st Century 18 Michael Coates and Mark Grimes, Startup Radio Network 17 Max Steiner and Mazi Markel, CA Issue Paper 16 Diana Parzik, USAID Office of Civilian-Military Cooperation 15 Will Ibrahim, S-9 of 2/1 CAV 14 What is Civil Affairs - AUSA Answers 13 Scott Fisher and Information Operations 12 Aleks Nesic and James Patrick Christian of Valka-Mir 11 Norm Cotton of the Institute for Defense Analyses 10 Kevin Melton, USAID Office of Transition Initiatives 9 Dr. Larry Hufford discusses the 20th Anniversary of the Good Friday Agreement in Northern Ireland 8 Valor Breez and Jarrett Redman on "Beyond Hearts and Minds" 7 John Stefula and PKSOI 6 Michael Schwille, Iraq and Djibouti and RAND 5 Gonul Tol, Middle East Institute, on Turkey 4 Roberto Carmack, PhD, on Russian actions 3 Sean Acosta, Instructor, USAJFKSWCS 2 Valerie Jackson, 4th CA Group, USMC 1 Jon May: Artificial Intelligence for HA/DR Operations - LORELEI --- Special thanks to Cool Jazz Hot Bassa for sampling music in their album, Energy Jazz Playlist. Retrieved at: https://youtu.be/bdWUj2NYDYQ?si=00ylFfJ6DhGCwPsO
Join us in this powerful episode of the Legacy Leaders Show as we welcome Frank Victory, a seasoned IT and cybersecurity expert with over two decades of experience. Frank's career spans hands-on technical roles to strategic leadership, with expertise in Blue Teams, Red Teams, Penetration Testing, and Incident Response.Frank will share his unique insights into how vulnerability in leadership can lead to transformative opportunities for companies, particularly in the fast-evolving field of cybersecurity.In this episode, we discussed:How vulnerability, both personal and organizational, can be leveraged as a strengthHow could CroudStrike avoid the problem that paralyzed half of the world and what is the aftermath of the 2024 incidentThe transformation that leaders must embrace to navigate cybersecurity threats and evolving technology landscapesHow transformation is affecting talent and teams, reshaping how leaders recruit, develop, and retain skilled professionals in a highly competitive environmentThe opportunities presented by cybersecurity challenges and how leaders can make more effective decisions in an increasingly digital worldFrank's dedication to giving back through education and his work with OWASP Denver shows his commitment to building more robust, secure communities. Tune in for a deep dive into leadership, cybersecurity and the path to more impactful leadership.
Join us in this powerful episode of the Legacy Leaders Show as we welcome Frank Victory, a seasoned IT and cybersecurity expert with over two decades of experience. Frank's career spans hands-on technical roles to strategic leadership, with expertise in Blue Teams, Red Teams, Penetration Testing, and Incident Response. Frank will share his unique insights into how vulnerability in leadership can lead to transformative opportunities for companies, particularly in the fast-evolving field of cybersecurity. In this episode, we discussed: How vulnerability, both personal and organizational, can be leveraged as a strength How could CroudStrike avoid the problem that paralyzed half of the world and what is the aftermath of the 2024 incident The transformation that leaders must embrace to navigate cybersecurity threats and evolving technology landscapes How transformation is affecting talent and teams, reshaping how leaders recruit, develop, and retain skilled professionals in a highly competitive environment The opportunities presented by cybersecurity challenges and how leaders can make more effective decisions in an increasingly digital world Frank's dedication to giving back through education and his work with OWASP Denver shows his commitment to building more robust, secure communities. Tune in for a deep dive into leadership, cybersecurity and the path to more impactful leadership.
In this episode of the AI + a16z podcast, a16z General Partner Anjney Midha speaks with PromptFoo founder and CEO Ian Webster about the importance of red-teaming for AI safety and security, and how bringing those capabilities to more organizations will lead to safer, more predictable generative AI applications. They also delve into lessons they learned about this during their time together as early large language model adopters at Discord, and why attempts to regulate AI should focus on applications and use cases rather than models themselves.Here's an excerpt of Ian laying out his take on AI governance:"The reason why I think that the future of AI safety is open source is that I think there's been a lot of high-level discussion about what AI safety is, and some of the existential threats, and all of these scenarios. But what I'm really hoping to do is focus the conversation on the here and now. Like, what are the harms and the safety and security issues that we see in the wild right now with AI? And the reality is that there's a very large set of practical security considerations that we should be thinking about. "And the reason why I think that open source is really important here is because you have the large AI labs, which have the resources to employ specialized red teams and start to find these problems, but there are only, let's say, five big AI labs that are doing this. And the rest of us are left in the dark. So I think that it's not acceptable to just have safety in the domain of the foundation model labs, because I don't think that's an effective way to solve the real problems that we see today."So my stance here is that we really need open source solutions that are available to all developers and all companies and enterprises to identify and eliminate a lot of these real safety issues."Learn more:Securing the Black Box: OpenAI, Anthropic, and GDM DiscussSecurity Founders Talk Shop About Generative AICalifornia's Senate Bill 1047: What You Need to KnowFollow everybody on X:Ian WebsterAnjney Midha Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
Financial fraud is something we hear about ALL the time. It feels like there's a new headline about losses stemming from a hack at a financial institution constantly, and we've all seen shows like The Tinder Swindler where scams of individual consumers can have huge consequences. The problem with most fraud prevention? It's backward-looking. By the time you solve one problem, criminals have found a new way to steal your money. We sat down with Greenway Solutions, a firm working to revolutionize the space not only for financial institutions, but also for their customers, via the use of "red teams". These red teams can at times sound like complex spy operations --- yet at other times are deceptively simple in their approach. We talk about the (terrifying!) magnitude of the financial fraud landscape, how it is changing in the face of AI and deepfakes, and some of the most surprising ways that fraudsters are staying ahead of conventional security measures. To learn more about Greenway Solutions, please visit their website here: https://greenway-solutions.comTo connect with our podcast guests, you can find them on LinkedIn here:https://www.linkedin.com/in/jerrytylman/https://www.linkedin.com/in/pjs1969/https://www.linkedin.com/in/katie-tylman-96b64720b/Follow us on Instagram and Tik Tok at @thewallstreetskinnyhttps://www.instagram.com/thewallstreetskinny/All investing involves risk. Brokerage services for US listed securities, options and bonds in a self-directed brokerage account are offered by Public Investing, member FINRA & SIPC. Not investment advice. Public Investing offers a High-Yield Cash Account where funds from this account are automatically deposited into partner banks where they earn interest and are eligible for FDIC insurance; Public Investing is not a bank.Cryptocurrency trading services are offered by Bakkt Crypto Solutions, LLC (NMLS ID 1828849), which is licensed to engage in virtual currency business activity by the NYSDFS. Cryptocurrency is highly speculative, involves a high degree of risk, and has the potential for loss of the entire amount of an investment. Cryptocurrency holdings are not protected by the FDIC or SIPC. Securities investments: Not FDIC Insured; No Bank Guarantee; May Lose Value. See public.com/#disclosures-main for more information.
“Running with scissors is a cardio exercise that can increase your heart rate and require concentration and focus,” says Google's new AI search feature. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Long-term success is contingent on consistent performance. In the context of healthcare's continual change, leaders are challenged with maintaining performance standards while the walls shift around them. This unpredictability impacts more than the day-to-day — it can rattle the confidence of every stakeholder and create doubt that impedes teams' ability to act. In this week's High Stakes podcast, we discuss the virtues and strategies of thoughtful change management with Shawn Evans, executive coach and organizational advisor, and Jarrard Inc vice president Kevin Kearns, who holds a doctorate in organizational psychology. Key points Every change is unique, but leaders' response strategy can be routine (but not turnkey). Their imperative should be defining the change - proactively creating order out of potential chaos. There should be a process for understanding unexpected developments at a management level, then translating it so that everything is clear when it's cascaded down to the frontline teams. Trust is a prophylactic. Change management is both an opportunity to engender good relationships between leaders and their teams, and a muscle test for how much those team members trust their leaders. The best way to prepare for the unpredictable is by garnering the faith of employees so that, when lightning strikes, response efforts are quick and efficient. Test before launching. Borrowing from his work with the military, Evans relies on the concept of “red teaming.” A red team is a designated group that brings due diligence to change management by critiquing planned organizational response to an initiative. How well is it communicated? Where might managers fall short? What did they do right? This approach can also be used in project post mortems, but is better when it comes on the front end. Vulnerability is the linchpin to agility, which is a critical trait in change management. Leaders need to be aware that not everything is going to go according to plan. But the right strategic approach, paired with an intentional willingness to discuss problems openly and admit when they don't understand something, is the first step to learning how to manage the unpredictable. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this very special year-end episode, we're cranking up the heat as we explore some of our favorite InfoSec tools of 2023. Guest Lineup: Drew Kirkpatrick - JS-Tap Unleashed Drew Kirkpatrick is the maestro behind "JS-Tap." He dropped this pentesting bombshell at Wild West Hackin' Fest this year with his talk, "JS-Tap: Weaponizing JavaScript for Red Teams." Skyler snagged an exclusive interview with Drew at the conference and we'll get to hear that discussion on this episode. Luke Bremer - Hackvertor Luke Bremer graces our podcast to dive into his blog, "What is Hackvertor (and why should I care?)." Get ready to dive into the use cases of this Burp Suite plugin and how you can utilize it on your next pentest! Ben Mauch (Ben Ten) - Unveiling Impede We end our discussion with Ben Mauch, aka @Ben0xA, as he unveils TrustedSec's latest software offering: Impede. Brace yourself for a deep dive into the features and innovations packed into this cybersecurity marvel. Gather 'round and settle in for our year-end episode of SECURITY NOISE!
This week's guest is Rebecca Balebako, Founder and Principal Consultant at Balebako Privacy Engineer, where she enables data-driven organizations to build the privacy features that their customers love. In our conversation, we discuss all things privacy red teaming, including: how to disambiguate adversarial privacy tests from other software development tests; the importance of privacy-by-infrastructure; why privacy maturity influences the benefits received from investing in privacy red teaming; and why any database that identifies vulnerable populations should consider adversarial privacy as a form of protection. We also discuss the 23andMe security incident that took place in October 2023 and affected over 1 mil Ashkenazi Jews (a genealogical ethnic group). Rebecca brings to light how Privacy Red Teaming and privacy threat modeling may have prevented this incident. As we wrap up the episode, Rebecca gives her advice to Engineering Managers looking to set up a Privacy Red Team and shares key resources. Topics Covered:How Rebecca switched from software development to a focus on privacy & adversarial privacy testingWhat motivated Debra to shift left from her legal training to privacy engineeringWhat 'adversarial privacy tests' are; why they're important; and how they differ from other software development testsDefining 'Privacy Red Teams' (a type of adversarial privacy test) & what differentiates them from 'Security Red Teams'Why Privacy Red Teams are best for orgs with mature privacy programsThe 3 steps for conducting a Privacy Red Team attackHow a Red Team differs from other privacy tests like conducting a vulnerability analysis or managing a bug bounty programHow 23andme's recent data leak, affecting 1 mil Ashkanazi Jews, may have been avoided via Privacy Red Team testingHow BigTech companies are staffing up their Privacy Red TeamsFrugal ways for small and mid-sized organizations to approach adversarial privacy testingThe future of Privacy Red Teaming and whether we should upskill security engineers or train privacy engineers on adversarial testingAdvice for Engineer Managers who seek to set up a Privacy Red Team for the first timeRebecca's Red Teaming resources for the audienceResources Mentioned:Listen to: "S1E7: Privacy Engineers: The Next Generation" with Lorrie Cranor (CMU)Review Rebecca's Red Teaming Resources Guest Info:Connect with Rebecca on LinkedInVisit Balebako Privacy Engineer's website Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Randy Rose is the Senior Director of Security Operations & Intelligence for the Center for Internet Security (CIS). In this episode, he joins host Charlie Osborne to discuss cyber red teams, including what activities these teams might perform, examples of success in the field, and more. Guarding the Digital Frontier is a Cybercrime Magazine podcast series brought to you by Georgetown University, where students who are interested in anticipating the next threat, managing risks, and protecting data can secure their future with a Master's in Cybersecurity Risk Management. To learn more about our sponsor, visit https://scs.georgetown.edu/programs/484/online/online-masters-in-cybersecurity-risk-management/?utm_source=cybercrime&utm_medium=stream&utm_campaign=fy24-dmi-cyrm-stream-cybercrime-podcast-gen-text-onlhp-923
Episode 31: In this episode of Critical Thinking - Bug Bounty Podcast, we're thrilled to be joined by Alex Chapman, a seasoned InfoSec hacker and bug bounty hunter. We kick off with Alex sharing his hacking journey, from a guest lecturer that inspired him, to working on internal Red Teams, to his transition to working with HackerOne, and finally as a bug bounty hunter focusing on searching out those few, high impact bugs. We also discuss the power of collaboration, the challenges of balancing hacking with other responsibilities, and the necessity of flexibility and taking breaks in bug bounty work. Don't miss this episode where we explore the depths of bug bounty with Alex Chapman!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterToday's Guest:https://twitter.com/ajxchapman@ajxchapman@infosec.exchangehttps://ajxchapman.github.io/https://hackerone.com/ajxchapman?type=userPerforce RCEhttps://hackerone.com/reports/1830220 https://ajxchapman.github.io/bugreports/2019/04/04/perforce-local-file-disclosure.html (00:00:00) Introduction(00:01:50) Alex Chapman's InfoSec journey and evolution(00:05:55) Real-world experience vs. chasing degrees, and the pivot into Bug Bounty(00:13:12) The benefit of programming knowledge(00:16:50) Experience in Internal Red Team and hacker mentalities.(00:23:35) Transitioning to HackerOne and full time Bug Bounty(00:33:37) Bug Bounty tips, time management, and best practices(00:41:00) The importance of note-taking and organizational tools(00:46:27) Hunting Methodologies and focusing on Critical Exploitations(01:02:37) Collaboration in the hacking community(01:06:00) Binary Exploitation and Source Code Review(01:10:59) Configuration file injections(01:17:38) Justin vs. Alex at a LHE
Cybercrime Magazine CISO Minute host Theresa Payton, Former White House CIO, discusses red teams, artificial intelligence, and why CISOs should have these items on their radar. The CISO Minute is sponsored by https://knowbe4.com/ • For more on cybersecurity, visit us at https://cybersecurityventures.com/
Why Red Teams Wins More In Football?
On today's episode of Cybersecurity Hot Takes, we delve into Artificial Intelligence (AI) and its repercussions on the cybersecurity industry. As we all learn to use ChatGPT, GPT-4, (and even GPT-5 soon), could AI replace Red Teams? How can AI be used to launch or defend against cyber attacks? Follow Beyond Identity: twitter.com/beyondidentity linkedin.com/company/beyond-identity-inc Website: beyondidentity.com Send any voice submissions to Podcast@beyondidentity.com Informal security chat with Beyond Identity's CTO Jasson Casey, Founding Engineer Nelson Melo, and VP of Global Sales Engineering Husnain Bajwa and our host Marketing Empress Reece Guida. Join us for the good, the ugly, and the unexplored in the cybersecurity space. Chat topics include MFA, authentication, passwordless solutions, and how Beyond Identity is utilizing asymmetric cryptography to create the first unphishable multi-factor authentication on the planet. --- Send in a voice message: https://podcasters.spotify.com/pod/show/beyondidentity/message
The White House releases its US National Cybersecurity Strategy. Red-teaming critical infrastructure. Redis cryptojacker discovered. Russia bans several messaging apps. Our guest is Kapil Raina from CrowdStrike with the latest on Threat Hunting. Dinah Davis from Arctic Wolf on the top healthcare industry cyber attacks. And hacktivist auxiliaries continue their nuisance-level activities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/41 Selected reading. National Cybersecurity Strategy (The White House) FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy (The White House) Biden administration releases new cybersecurity strategy (AP NEWS) White House pushes for mandatory regulations, more offensive cyber action under National Cyber Strategy (The Record from Recorded Future News) Here's why Biden's new cyber strategy is notable (Washington Post) How the U.S. National Cyber Strategy Reaches Beyond Government Agencies (Wall Street Journal) Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity (Wall Street Journal) CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks (Cybersecurity and Infrastructure Security Agency CISA) CISA red-teamed a 'large critical infrastructure organization' and didn't get caught (The Record from Recorded Future News) Redis Miner Leverages Command Line File Hosting Service (Cado Security | Cloud Investigation) Russia bans foreign messaging apps (Computing) U.S. Consulate hacked by "Putin supporters" (Newsweek)
Hallo und willkommen zum t3n Daily vom 8. Februar. Heute geht es um KI-Chatbots bei den Suchmaschinen. Außerdem: Netflix-Umfrage zum Account-Sharing, Kryptowährungen im Visier der SEC, Googles interne Red Teams und KI-Künstler Frida.
Between the emergence of sophisticated nation-state actors, the rise of ransomware-as-a-service, the increasing attack surface remote work presents, and much more, organizations today contend with more complex risk than ever. A “Secure-by-Design” approach can secure software environments, development processes and products. That approach includes increasing training for employees, adopting zero trust, leveraging Red Teams, and creating a unique triple-build software development process. SolarWinds calls its version of this process the "Next-Generation Build System," and offers it as a model for secure software development that will make supply chain attacks more difficult. On this episode of CyberWire-X, host Rick Howard, N2K's CSO, and CyberWire's Chief Analyst and Senior Fellow, discusses software supply chain lessons learned from the SolarWinds attack of 2020 with Hash Table members Rick Doten, the CISO for Healthcare Enterprises and Centene, Steve Winterfeld, Akamai's Advisory CISO, and Dawn Cappelli, Director of OT-CERT at Dragos, and in the second half of the show, Rick speaks with our episode sponsor, SolarWinds, CISO Tim Brown.
The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack surface and discover the impact that can be made by actively exploiting the soft spots of the company. In this podcast, Justin Tiplitsky, Director of the Red Team at Adobe, talks about how his team uses adversary intel to perform continuous testing on the parts of the company that attackers are the most interested in targeting. This continuous testing leads to the relentless identification of the most opportunistic areas to attack, more closely emulating the never-ending threat from real adversaries. Testing is followed up by storytelling and data to influence change within the company. To learn more about Adobe, please visit: www.adobe.com To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts
Daixin Team claims ransomware attack against AirAsia. DraftKings users suffer credential harvesting and paycard theft. Assessing cyber risk in the US pharmaceutical industry. Killnet claims successes few others can discern. In Ukraine, kinetic attacks on IT infrastructure eclipse cyberattacks. Carole Theriault on digital echo chambers and what's in it for us. Nancy Wang from Forta's Alert Logic discusses how she is helping more young women get into the STEM field and leadership positions. Google seeks to render Cobalt Strike less useful to threat actors. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/224 Selected reading. Daixin Team claims AirAsia ransomware attack with five million customer records leaked (Tech Monitor) Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (The Hacker News) DraftKings Users Hacked, Money In Account "Cashed Out" (Action Network) DraftKings says no evidence systems were breached following report of a hack (CNBC) Assessing cyber risk in the US pharmaceutical industry. (CyberWire) Killnet DDoS hacktivists target Royal Family and others (ComputerWeekly.com) Ukraine Data Centers Became Physical Targets When Cyber Attacks Failed (Meritalk) Making Cobalt Strike harder for threat actors to abuse (Google Cloud Blog) Google seeks to make Cobalt Strike useless to attackers (Help Net Security) Google Releases YARA Rules to Disrupt Cobalt Strike Abuse (Dark Reading) Google releases 165 YARA rules to detect Cobalt Strike attacks (BleepingComputer)
נחשון פינקו מארח את עידו נאור שותף מייסד ומנכ"ל ג'ויס אבטחה, ממייסדי קהילת בטוחים אונליין ומרצה סייבר מבוקש, בשיחה על ניהול משברי סייבר, תוקפים ומבדקי חדירה מה יהיו הפעולות המקדימות של תוקף פעולות הגנתיות נדרשות טרם תקיפה מבדק חדירה PT מול מבדק של Red team מה הציפיה מלקוח בהכנות מקדימות לתקיפה ועזרה לצוות IR במהלך אירוע ועוד Nachshon Pincu hosts Ido Naor, co-founder, and CEO @ Security of Joyce, Co-founders of the safe online community and an international cyber lecturer, in a conversation about managing cyber crises, attackers, and penetration testing. What will be the preliminary actions of an attacker? What Defensive actions are required before an attack in the eyes of IR? PT penetration test vs. Red team test? What is expected from a client in preliminary preparations for an attack and helping the IR team during crises? and More
After a long hiatus, Dr. Matt Brodhead returns to Behavioral Observations. In this episode, we discuss the use of punishment in the context of creating effective, ethical behavioral interventions. Of course, pursuant to the Behavior Analysis Certification Board's Ethics Code for Behavior Analysts, punishment should only be considered, "only after demonstrating that desired results have not been obtained using less intrusive means, or when it is determined by an existing intervention team that the risk of harm to the client outweighs the risk associated with the behavior-change intervention" (Code Element 2.15, page 12). So Matt and I talked about what this means in practice, the role of coercive or aversive events in everyday life, weighing the pros and cons of treatment choices, and much more. As we state in the first few minutes of the show, we made the editorial decision not to discuss the ABAI Task Force report on Contingent Electric Skin Shock. It's not that we don't have opinions on this topic; rest assured, we certainly do. But we felt like it would be more helpful for practitioners to hear Matt's thoughts on things like response cost, time-out, and so forth, as these are procedures that are more likely to be used by "everyday" practitioners. We also meandered into a few other topics, like the necessity of teaching cooperation and compliance under certain stimulus conditions, the utility or role of descriptive assessments vs. analog functional analyses, as well as other digressions. On a stylistic note, because Matt and I have gotten to know each other pretty well, this is an even more conversational episode that usual (versus one that is a series of questions and answers), with the attendant joking around that we usually engage in. If you're interested in Matt's work, go over to his website, betteraba.com, and pick up a copy of his excellent workbook, Behavioral Systems Analysis and Ethical Behavior. It's a bargain at $25 bucks... and remember, the holidays are right around the corner Matt is also available for workshops and consultations, and you can reach him through the same website. And while I'm plugging Matt's stuff, the popular text book he co-authored with Drs. David Cox and Shawn Quigley, is out in its second edition (disclosure: Amazon Associates Link). Other resources we discussed: Brodhead and Oteto (2022): Ethics and Ethical Problem Solving. Thomas and Brodhead (2022): Bringing Challenge to Coercion and the Status Quo. Matt's earlier appearances on the BOP. Musical references: "I Love this Bar" and "Check Yo Self" Hanley et al. (2005). On the Effectiveness of and Preference for Punishment and Extinction-Based Components of Function-Based Interventions. Hanley (2012): Functional assessment of problem behavior: dispelling myths, overcoming implementation obstacles, and developing new lore. Congenital Insensitivity to Pain. Perone (2003): The Negative Effects of Positive Reinforcement. The Importance of Red Teams, Peter Attia, MD. Michael (1975): Positive and Negative Reinforcement, a Distinction That Is No Longer Necessary; Or a Better Way to Talk about Bad Things. MacKenzie (2021): Caring by Lying. Fisher et al. (1996): On the reinforcing effects of the content of verbal attention. CBIT for Tic Disorders. Inside JABA #3 with Iser DeLeon on Accumulated vs. Distributed Reinforcement. This podcast is brought to you with the generous support of: Behavior University. Their mission is to provide university quality professional development for the busy Behavior Analyst. Learn about their CEU offerings, including their brand new 8-hour Supervision Course, as well as their RBT offerings over at behavioruniversity.com/observations. Abaspeech.org - the brainchild of Session 203 guest, Rose Griffin, is giving listeners a 30% discount on all of her courses which include, The Advanced Language Learner, Help Me Find My Voice, and Start Communicating Today. The offer is valid through December 1st, 2022. Go to abaspeech.org, check out the ‘courses' link, and use the promo code, aba30, at checkout. Behavior Development Solutions For BCBA and BCaBA candidates, they report a 98.5% pass rate for first-time exam takers… plus a money-back guarantee! They also have solutions for RBT aspirants, plus CE courses, and live webinars (most of which are free for anyone to attend). To learn more, head over to bds.com/bop for a special offer for podcast listeners!
With Manchester United and Liverpool both emerging victorious on their respective game days, it'll be safe to say that Red Teams are getting back on track. In this week's episode of Football Twaddle, our hosts talk about possibly the best Manchester United game of the season, the Cristiano Ronaldo controversy, Liverpool stealing a win, Chelsea managing a draw and much more from the world of football. Stay tuned to Football Twaddle for everything football and much more. Follow your Hosts on Instagram & Twitter:https://twitter.com/gsarvagna / https://instagram.com/gsarvagnahttps://twitter.com/mrsavs / https://instagram.com/yashpradipsawanthttps://twitter.com/barucracy / https://instagram.com/barucracyYou can also email us are: footballtwaddle@gmail.comYou can listen to this show and other awesome shows on the IVM Podcasts app on Android: https://ivm.today/android or iOS: https://ivm.today/ios, or any other podcast app.Follow your Hosts on Instagram & Twitter:https://twitter.com/gsarvagna / https://instagram.com/gsarvagnahttps://twitter.com/mrsavs / https://instagram.com/yashpradipsawanthttps://twitter.com/barucracy / https://instagram.com/barucracyYou can also email us are: footballtwaddle@gmail.comYou can listen to this show and other awesome shows on the IVM Podcasts app on Android: https://ivm.today/android or iOS: https://ivm.today/ios, or any other podcast app.
Dr. Lance Eliot explains the use of adversarial red teams for AI & Law. See his website www.ai-law.legal for further information.
Red teams and pen tests are point-in-time assessments. What if you could simulate an ongoing attack to test your teams' readiness? You can with a cyber range. Lee Rossi, CTO and co founder.of SimSpace, a cyber range company, joins The Hacker Mind podcast to explain how using both live Red Teams and automated cyber ranges can keep your organization ahead of the attackers. I have so many stories about hackers who are making a positive difference in the world, and I don't want you to miss out. Let's keep this conversation going. Follow me @RobertVamosi on Twitter.
In this episode of Women In Technology, I am joined by the amazing McKenna Yeakey, Security Engineer. We will be chatting about all things Cybersecurity including misconceptions about the Red and Blue Teams, a day in the life of a security engineer, plus McKenna shares helpful insight into the field for those looking to pursue Cybersecurity! McKenna Yeakey is a Security Engineer with a passion for guiding others toward a successful career. By mentoring and sponsoring emerging talent, McKenna ensures women have the advocate they need to flourish in tech and cybersecurity. Apart from her leadership efforts, McKenna is dedicated to promoting cyber literacy among marginalized communities by sharing her cyber defense strategies and techniques expertise. She emphasizes the importance of asking questions, seeking support, and establishing sustainable systems and processes in order to develop meaningful solutions. ✉️ Connect with McKenna: LinkedIn https://linkedin.com/in/mckenna-yeakey Twitter @CyberKenna
We've all heard of “Red Teams” and “Blue Teams” when it comes to cybersecurity. But what about the “Purple Team”, the “Yellow Team” or the “Blue Team”. What are those? In February of 2020, Louis Cremen introduced the InfoSec Colour Wheel to the security community. The wheel expands upon April Wright's work on bringing builders into the security team. The value of the wheel is to show the various types of security teams, seven in all, and the role each plays in security. Jasmine Henry brought the wheel to my attention. As she and I talked, we realized the InfoSec Wheel can be used as a thought exercise to show beginning cybersecurity professionals the various roles they can play within the community. This led to the discussion of careers in cybersecurity and what the near future looks like. In this broadcast, we'll evaluate the wheel, talk through each of the seven personas and give our thoughts on the value of each role, how it works with the other roles, and the basics of what each provides. Let's figure out what your primary color is. Stay tuned… https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700 The OWASP Podcast Series is supported by the Open Web Application Security Project, home to over 240 community driven security projects, including the OWASP Top 10, the Web Security Testing Guide, and the Security Knowledge Framework projects. ABOUT JASMINE HENRY Jasmine Henry is a security practitioner who's used JupiterOne to create a compliant security function at a cloud-native startup. She has 10 years of experience leading security programs, an MS in Informatics and Analytics, and a commitment to mentoring rising security practitioners from underrepresented backgrounds. Jasmine is a Career Village co-organizer for The Diana Initiative security conference. She lives in the Capitol Hill neighborhood of Seattle, WA.
Neil Smith is the CEO and founder of Prolo.io, an internet infrastructure startup that provides edge computing and internet exchange solutions across the United States. Before Neil started Prolo, he spent the last five years working in cloud computing where he served as the Director of Security Assurance for Oracle Cloud Infrastructure and Director of Red Teams for IBM Cloud. When not working on building a better internet, Neil spends his free time advocating for responsible public land management in his home state of Idaho. This will likely be a very technical conversation, as Neil is one of the smartest (and funniest) people I know. Join us!Connect with Behind Company Lines and HireOtter Website Facebook Twitter LinkedIn:Behind Company LinesHireOtter Instagram Buzzsprout
בפרק זה היה לנו את הזכות לדבר עם יוסי סאסי, שהוא קודם כול מוזיקאי בנשמה ומהיוצרים של ההרכב מטאל הנפלא אורפנד לנד שבילה על במות העולם לצד מטליקה, וגם White Hacker (ולא סייבר-קרימינאל) בנשמה כבר מעל 30 שנה, ראה הרבה, עשה הרבה, ומלא בתובנות. היום יוסי עסוק בין היתר בלהדריך Red Teams ב 4 יבשות ב 3 שפות, וחלק מצוות חירום לטיפול באירועי מחשב (DFIR) לצבאות וממשלות, בקיצור - מרתק!חידה לסקרנים -- מי יכול לנחש מה זה בוזוקיטרה, ואיך יוסי קשור לזה...חג שמח ושנה טובה ובטוחה לכולם![Links]https://yossisassi.com/Yossi Sassi: The power of music to unite the worldhttps://www.youtube.com/watch?v=ZwXFdsmxWsAThe meeting point of Oriental roots and rock | Yossi Sassi | TEDxJaffahttps://www.youtube.com/watch?v=CiJ6ybB-m10Yossi Sassi - Opening Keynote "WhoAmI, anyway? Attribution & Deception"https://www.youtube.com/watch?v=I6Uh553GTxU
Welcome to Episode 76 of Nooks and Crannies! Your Next Lt. Governor for the Green Garden State, Comrade Heather and Their Eco-Socialistic Green New Deal :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: That's right folks, Heather went all Big-Time on us, is running for Lt. Governor of New Jersey and they Need YOUR MONEY! To get into the debates *in NJ you need to raise 500k to be allowed into the state-wide leadership debates, very democratic system…here is how to help: https://hoffmanforgovnj.com/donate Madelyn Hoffman (Governor) and Heather Warburton (lt. Governor) are looking to pull the upset of all upsets by winning their election on November 2nd in New Jersey! Like the sounds of universal healthcare, free post secondary (and a reinvestment/leveling of grade schools) and a vibrant Sustainable Economy? Well, what about clean public transportation that will reconnect ghettoized communities, or some good ass legal chronic?? If that sounds even slightly more appealing than what the Blue or Red Teams are offering; Which is likely tax cuts to the maga rich and corporations, slashing public expenditures to pay for this, and then participating in petty character assassination attempts of each other so that you are simply distracted and unable to see what levers that “little man behind the curtain” is pulling, if you are tired of the same old bull shit broken promises, and want to see real change and the system to be shaken up…Throw like 50 bux at the Greens, tell your friends to do the same. Lets at least try to do something folks… ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Put Madelyn Hoffman and Heather Warburton into office Platform: https://hoffmanforgovnj.com/platform/ Donate: https://hoffmanforgovnj.com/donate/ Press Releases: https://www.gpnj.org/gpnjwp/author/heather-warburton/ Earth Day 2021 Announcement: https://myemail.constantcontact.com/Earth-Day-2021-Announcement--Green-Party-of-NJ-Ticket-with-Heather-Warburton--Lieutenant-Governor-and-Madelyn-Hoffman--Governor.html?aid=XJm-r4-cGfk&soid=1131038390892 March for Medicare for All: https://www.gp.org/gpnj_co_sponsors_march_for_medicare_for_all :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: N&C Links All The Episodes https://nooksandcrannies.podbean.com All Our Links in One Place https://linktr.ee/nooksandcrannies Drop us a line: Nooksandcranniespod@gmail.com Tweet a little Tweet at Us: https://twitter.com/NooksCrannie Facebook: https://www.facebook.com/nooksandcranniespodcast Ponder Evan's Blurry Pictures: https://www.instagram.com/nooks_and_crannies_pod/ Find Nooks and Crannies on Spotify Follow, Rate and Review on Podchaser (please!) Graphics by Donna Hume https://donnahumedesigns.com/contact ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Theme Music Attribution: Cullah - "Neurosis of the Liver" on "Cullah The Wild" https://www.cullah.com/discography/cullah-the-wild/neurosis-of-the-liver Under license (CC BY 4.0) https://creativecommons.org/licenses/by/4.0 Music: Cullah - "Bow" on "Spectacullah (2019)" (http://www.cullah.com) Under license (CC BY 4.0) https://creativecommons.org/licenses/by/4.0 Music: Cullah - "Be Nine To Thrive" on "Cullahsus (2018)" (http://www.cullah.com) Under license (CC BY 4.0) https://creativecommons.org/licenses/by/4.0 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :-) Shit Played without their Consent: West Wing Theme, because it is funny and fuck Aaron Sorken Yakidy Sacks, because it SHOULD be in the public domain Reefer Madness (1936), because it directly lead to the war on drugs and the death and loss of freedom of millions around the world. So fuck you Harry Anslinger, you asshole!
These days as we move from one unforeseeable event to the next, it might seem that any effort to plan is a waste of time. Dwight Eisenhower would agree, at least in part, when he said, “Plans are worthless.” But here's the rest of that great quote and what we can take from it to help us prepare for the next time the unimaginable happens.Notes and Resources:Prefer to read? Here's the full post: Plans are Worthless: Why We Should Plan AnywayFor more on the idea of “Red Teams” check out Rapid Deliberation: 7 Ways to Hit the Target While Under StressHere's the full text of Eisenhower's Speech.Quotable: “Plans are worthless, but planning is everything.” - Dwight D. EisenhowerThe primary reason for planning is to keep ourselves “steeped in the character of the problem that [we] may one day be called upon to solve.” – Dwight D. EisenhowerRelated posts: Planning to Be Lucky: Are We Betting on the Wrong Thing?Visualization Techniques: 5 Simple Ways We Can Influence the FutureThe Brilliant Planning Trick Lewis and Clark Used that Nobody Noticed
Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. He is the co-founder of the ICS Village, a non-profit advancing awareness of industrial control system security. Bryson is also a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute. In this OODAcast we examine approaches Bryson has seen make positive differences in evaluating and mitigating risks to enterprises, specifically in the domain of adversary emulation. The discussion covers: A practitioner's view of the state of cybersecurity The demise of the perimeter as a security control What leaders need to know to mitigate risk Attack, Detect and Response tools and how their automation can help continuously mitigate risks Mitre ATT&CK and how to use it to help frustrate adversaries Assisting Blue Teams, Purple Teams and Red Teams with tooling The use of cyber threat intelligence to inform automated adversary emulation More on cybersecurity: Ransomware: An update on the nature of the threat The technology of ransomware has evolved in sophistication and the business models of the criminal groups behind it have as well. The result: The threat from ransomware has reached pandemic proportions. This post provides an executive level overview of the nature of this threat. It is designed to be read as an introduction to our accompanying post on how to mitigate the threat of ransomware to your organization. See: Ransomware, an update on the nature of the threat China's Plan for Countering Weaponized Interdependence In an article entitled “The international environment and countermeasures of network governance during the “14th Five-Year Plan” period” by Xu Xiujun (徐秀军) in the February 27, 2021 edition of China Information Security, we see the continuation of China's concerns over Weaponized Interdependence and China's desire to shape a global technology and economic environment that is less influenced by Western power. Xiujun identifies concerns in several interconnected areas including cybersecurity, economic centralization, and advancement in technologies like AI, Quantum, and 5G. See: China's Plan for Countering Weaponized Interdependence If SolarWinds Is a Wake-Up Call, Who's Really Listening? As the U.S. government parses through the Solar Winds software supply chain breach, many questions still remain as to the motive, the entities targeted, and length of time suspected nation state attackers remained intrenched unseen by the victims. The attack stands at the apex of similar breaches in not only the breadth of organizations compromised (~18,000), but how the attack was executed. See: If SolarWinds Is a Wake-Up Call, Who's Really Listening? Russian Espionage Campaign: SolarWinds The SolarWinds hacks have been described in every media outlet and new source, making this incident perhaps the most widely reported cyber incident to date. This report provides context on this incident, including the “so-what” of the incident and actionable insights into what likely comes next. Russian Espionage Campaign: SolarWinds The Cyber Threat to NASA Artemis Program: NASA is enabling another giant leap for humanity. With the Artemis program, humans will return to the Moon in a way that will enable establishment of gateways to further exploration of not just the Moon but eventually the entire solar system. The initial expenses of the program will return significant advances for scientific understanding and tangible economic returns. As Artemis continues, the project will eventually deliver improvements for humanity that as of yet have only been dreamed of. But there are huge threats. For more see: The Cyber Threat To Artemis Security In Space and Security of Space: The last decade has seen an incredible increase in the commercial use of space. Businesses and individual consumers now leverage space solutions that are so integrated into our systems that they seem invisible. Some of these services include: Communications, including very high-speed low latency communications to distant and mobile users. Learn more at: OODA Research Report: What Business Needs To Know About Security In Space Also see: Is Space Critical Infrastructure, and the special report on Cyber Threats to Project Artemis, and Mitigating Threats To Commercial Space Satellites
In this episode of Hack Chat, we discuss maturing as a red teamer and opportunities manifesting themselves and mental awareness while creating good energy to colleagues and friends. Chris has extensive experience in network and web application penetration testing as well as other Information Operations experience working as an operator for a DoD Red Team and other Full Scope penetration testing teams (Red Teams). Learn more about Hack Chat: https://www.sentinelone.com/lp/hackchat Learn more about SentinelOne: https://www.sentinelone.com
To improve on peer review, social psychologist Daniël Lakens is subjecting research to a "red team" approach from software, where developers pay independent teams bounties to find bugs in their code. He even thinks red teaming your research could make communicating it easier by certifying its credibility.
During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and every network service probed leaves some trace that the red team was there. Mature blue teams can correlate those pieces of information to identify red […] The post Webcast: OPSEC Fundamentals for Remote Red Teams appeared first on Black Hills Information Security.
Much of the discussion on cybersecurity concerns, well “cyber” - computers surveilling computers, algorithms to detect algorithms, or AI scanning massive amounts of data. What is often lost is a focus on human beings. The field of cybersecurity itself is rapidly evolving into an established profession in which a combination of technical and analytical skills are required. A lot of the discussion on the 4ID around the world covers technology replacing humans. While this is true across many industries, it’s not the entire story. The field of cybersecurity is a great window into an emerging industry which is rapidly professionalizing, and on a search for new talent. Here human intelligence, human response teams and hybrid skill sets are very much in demand. Today we’re talking with Maher Yahmout, Senior Security Researcher of Global Research & Analysis Team at Kaspersky, on humans in cybersecurity
Hear from a Cybersecurity Incident Response Team Lead at a Fortune 50 company what it’s like to be on the Blue Team fighting off threats and Red Teams with fascinating stories. On top of that, we get career advice from Matt on how to get started in this field with practical tips.
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/) What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac. Thanks to this week’s podcast sponsor, PlexTrac. PlexTrac is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time. On this episode of Defense in Depth, you’ll learn: Don't make the mistake of red teaming too early. If you don't have your fundamental security program in place, you'll be testing out non-existing defenses. If you're just starting to build up your security program, conduct a vulnerability scan and do some basic patch management. A red team exercise exists to discover risks you didn't even know about and couldn't have predicted in your threat model exercises. Have a plan of what you're going to do after the red team exercise. Just discovering you've got problems with no plan to remediate them will not only be a waste of money, but will also breed discontent. Don't red team just to fill out an audit report. You can do a vulnerability scan for that. Consider moving the red team to purple to actually help the blue team remediate the findings. If you don't have a plan for remediation you'll find yourself running the same red team and filling out the same report. Prioritize! The red (now purple) team can greatly help along with those who've assessed business risks. First to remediate are the ones that are high impact and easy to execute. The rest is determined by an analysis of likelihood and impact.
Tim and Chris discuss the differences between Penetration Testing, Red Teams, and Purple Teams. Learn how these security testing exercises have evolved, and why you would perform one over the other.
Dave Kennedy (@hackingDave) TrustedSec Released SEToolkit, Pentester Framework (PTF) PoC release for “Shitrix” bug (was disclosed after Google zero initiative India group) Jeff Snover, Lee Holmes - Powershell gods Arguments against release Tools are released are utilized by the ‘bad guys’ Tooling makes it more difficult to fingerprint who are who they say they are “Fuzzy Weasel Vs. Psycho Toads” Makes the bad guys job harder by making them have to create the PoC (presumably most bad actors are skids) Arguments for release Tools allow for teaching Blue team, and SIEM/logging systems to understand Learning how something was created, being able to break down the vulnerability https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/ Show #2:DerbyCom - Tell us about it Dave Kennedy Center for gaming and Leadship https://twitter.com/hackingdave/status/1220150360779710464?lang=en Offensive Security Tool release (PowerShell Empire 3.0) Powershell is re-released, using Python:https://twitter.com/BCSecurity1/status/1209126652300709888 Initial tweet: https://twitter.com/taosecurity/status/1209132572128747520 “We believe that Powershell and Empire framework will remain a major threat vector employed by APTs, malware authors, and Red Teams.” SO WHY ARE YOU UPDATING IT? You are improving capabilities you explicitly say are *used by bad guys.* Scottie, beam me up from this bizarro world. Affirmations and evidence: https://twitter.com/taosecurity/status/1209287582439395330 Nope. One example: Iranian APT “CopyKittens” uses Powershell Empire. Incidentally, I found this example via @MITREattack . https://clearskysec.com/tulip/ https://twitter.com/michael_yip/status/1209151868036886528 One can innovate without sharing with the adversary no? It’s literally how the defense industry work or am I missing something? https://twitter.com/michael_yip/status/1209247219796398083 … “Are we really justifying lowering the R&D cost of the adversary is the only way to attract talent to the defensive side. Not to mention - no one is saying developing OST is wrong. It’s the way they're being shared that’s problematic” https://twitter.com/2sec4u/status/1209169724799623169?s=20 The whole idea is that actors can't just git clone an advanced post exploitation framework which bypasses 95% of organisations defences. It should cost actors time & money to bypass these defences but because red team keep releasing new stuff with bypasses... the cycle continues. Comments in Support of initial argument https://twitter.com/IISResetMe/status/1209180945011621889?s=20 I really _want_ to agree. ... but I also work in an org with million dollar budgets, a dozen full-time detection engineers and analysts and an army of devs and sysadmins, and even we are having a hard time keeping up - how does this arms race "help" non-F500 orgs? (later discussion does mention that he has a hard time seeing it as net negative) https://twitter.com/IISResetMe/status/1209183774182907904?s=20 https://twitter.com/cnoanalysis/status/1209169633460150272?s=20 “If we don’t create the offensive tools then the bad guys will!” That is a terrible argument for OST release. “We might as well do something that harms because someone else will do that eventually anyway...” there are so many logical fallacies I don’t have enough space Rebuttals https://twitter.com/r3dQu1nn/status/1209207550731677697 Limiting yourself by not exposing more tooling to defenders is NOT how to improve security. Yikes. The more exposure you provide defenders gives you more detection's/IOC's you can build to help defend against APT's. That's the whole point of Proactive security. https://twitter.com/bettersafetynet/status/1209138002473160707 It's vital that we continue to sharpen our swords. The commoditization of attacker techniques allows better defense against what adversaries are doing. https://twitter.com/dragosr/status/1209213064446279680 And this whole discussion ignores a simple fact that released information is way better than exploits passed around quietly or kept in stockpile caches regardless of anyone’s metric of responsibility (which is a debatable, very hypothetical line of what’s acceptable or not). https://twitter.com/bettersafetynet/status/1209139099979923457 The very fact that you and others who are taking this side are trying to cajole and brow beat to this position shows how weak your argument is. MITRE ATT&CK took off like gang-busters not because they had a better trolling game, but because it was a great idea implemented well. https://twitter.com/bettersafetynet/status/1209139578579275776 It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions. https://twitter.com/bettersafetynet/status/1209154592560353280 My stance is likely to tick off both sides here. I think there are times that limited release is good. But over and over, we've seen where vendors do not change until something is publicly released. It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions. https://twitter.com/r3dQu1nn/status/1209346356151631873 Security is a service that can be improved with products. Having no security or limiting exposure to offensive tool sets increases the chances of a breach. Ethical hackers sole purpose is to help make Blue better. Which is why purple teams are a great resource for any company. https://twitter.com/ippsec/status/1209354476072689664?s=20 To the people upset by public red team tools. If you cant detect open source tools than what chance do you have at detecting private one off tools. It’s much easier to automate a battle against 100 duck sized horses than it is to face off against a single horse sized duck. Defender Classification of PowerShell Empire 3.0 https://www.bc-security.org/post/the-empire-3-0-strikes-back Is there a way to protect against it? Where does this sit in the ATT&CK Matrix? Features: Enhanced Windows Evasion vs. Defender DPAPI support for “PSCredential” and “SecureString” AMSI bypasses JA3/S signature Randomization New Mimikatz version intergration Curveball test (CryptoAPI test scripts) Dave’s new Esport initiative (opens in February): https://twitter.com/HackingDave/status/1220150360779710464 DERBYCON community updates Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Dave Kennedy (@hackingDave) TrustedSec Released SEToolkit, Pentester Framework (PTF) PoC release for “Shitrix” bug (was disclosed after Google zero initiative India group) Jeff Snover, Lee Holmes - Powershell gods Arguments against release Tools are released are utilized by the ‘bad guys’ Tooling makes it more difficult to fingerprint who are who they say they are “Fuzzy Weasel Vs. Psycho Toads” Makes the bad guys job harder by making them have to create the PoC (presumably most bad actors are skids) Arguments for release Tools allow for teaching Blue team, and SIEM/logging systems to understand Learning how something was created, being able to break down the vulnerability https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/ Show #2:DerbyCom - Tell us about it Dave Kennedy Center for gaming and Leadship https://twitter.com/hackingdave/status/1220150360779710464?lang=en Offensive Security Tool release (PowerShell Empire 3.0) Powershell is re-released, using Python:https://twitter.com/BCSecurity1/status/1209126652300709888 Initial tweet: https://twitter.com/taosecurity/status/1209132572128747520 “We believe that Powershell and Empire framework will remain a major threat vector employed by APTs, malware authors, and Red Teams.” SO WHY ARE YOU UPDATING IT? You are improving capabilities you explicitly say are *used by bad guys.* Scottie, beam me up from this bizarro world. Affirmations and evidence: https://twitter.com/taosecurity/status/1209287582439395330 Nope. One example: Iranian APT “CopyKittens” uses Powershell Empire. Incidentally, I found this example via @MITREattack . https://clearskysec.com/tulip/ https://twitter.com/michael_yip/status/1209151868036886528 One can innovate without sharing with the adversary no? It’s literally how the defense industry work or am I missing something? https://twitter.com/michael_yip/status/1209247219796398083 … “Are we really justifying lowering the R&D cost of the adversary is the only way to attract talent to the defensive side. Not to mention - no one is saying developing OST is wrong. It’s the way they're being shared that’s problematic” https://twitter.com/2sec4u/status/1209169724799623169?s=20 The whole idea is that actors can't just git clone an advanced post exploitation framework which bypasses 95% of organisations defences. It should cost actors time & money to bypass these defences but because red team keep releasing new stuff with bypasses... the cycle continues. Comments in Support of initial argument https://twitter.com/IISResetMe/status/1209180945011621889?s=20 I really _want_ to agree. ... but I also work in an org with million dollar budgets, a dozen full-time detection engineers and analysts and an army of devs and sysadmins, and even we are having a hard time keeping up - how does this arms race "help" non-F500 orgs? (later discussion does mention that he has a hard time seeing it as net negative) https://twitter.com/IISResetMe/status/1209183774182907904?s=20 https://twitter.com/cnoanalysis/status/1209169633460150272?s=20 “If we don’t create the offensive tools then the bad guys will!” That is a terrible argument for OST release. “We might as well do something that harms because someone else will do that eventually anyway...” there are so many logical fallacies I don’t have enough space Rebuttals https://twitter.com/r3dQu1nn/status/1209207550731677697 Limiting yourself by not exposing more tooling to defenders is NOT how to improve security. Yikes. The more exposure you provide defenders gives you more detection's/IOC's you can build to help defend against APT's. That's the whole point of Proactive security. https://twitter.com/bettersafetynet/status/1209138002473160707 It's vital that we continue to sharpen our swords. The commoditization of attacker techniques allows better defense against what adversaries are doing. https://twitter.com/dragosr/status/1209213064446279680 And this whole discussion ignores a simple fact that released information is way better than exploits passed around quietly or kept in stockpile caches regardless of anyone’s metric of responsibility (which is a debatable, very hypothetical line of what’s acceptable or not). https://twitter.com/bettersafetynet/status/1209139099979923457 The very fact that you and others who are taking this side are trying to cajole and brow beat to this position shows how weak your argument is. MITRE ATT&CK took off like gang-busters not because they had a better trolling game, but because it was a great idea implemented well. https://twitter.com/bettersafetynet/status/1209139578579275776 It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions. https://twitter.com/bettersafetynet/status/1209154592560353280 My stance is likely to tick off both sides here. I think there are times that limited release is good. But over and over, we've seen where vendors do not change until something is publicly released. It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions. https://twitter.com/r3dQu1nn/status/1209346356151631873 Security is a service that can be improved with products. Having no security or limiting exposure to offensive tool sets increases the chances of a breach. Ethical hackers sole purpose is to help make Blue better. Which is why purple teams are a great resource for any company. https://twitter.com/ippsec/status/1209354476072689664?s=20 To the people upset by public red team tools. If you cant detect open source tools than what chance do you have at detecting private one off tools. It’s much easier to automate a battle against 100 duck sized horses than it is to face off against a single horse sized duck. Defender Classification of PowerShell Empire 3.0 https://www.bc-security.org/post/the-empire-3-0-strikes-back Is there a way to protect against it? Where does this sit in the ATT&CK Matrix? Features: Enhanced Windows Evasion vs. Defender DPAPI support for “PSCredential” and “SecureString” AMSI bypasses JA3/S signature Randomization New Mimikatz version intergration Curveball test (CryptoAPI test scripts) Dave’s new Esport initiative (opens in February): https://twitter.com/HackingDave/status/1220150360779710464 DERBYCON community updates Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
This week we are joined by Jared Folkins (@JF0LKINS) as he introduces us to his open source honeypot sensor system, Kushtaka, that helps you detect cyber attackers before they become entrenched. Jared will be joined by Nathan McNulty (@nathanmcnulty), to give his firsthand account of using Kushtaka in production. This week we also introduce a new segment where we'll be highlighting a non-profit charity or upcoming conference each episode. This week we'll be talking with wirefall, founder of @Dallas_Hackers and board member @BSidesDFW. About Jared: After surviving the dot-com crash of the late 90s, Jared Folkins went on to have a long career in systems and programming. In 2013 he turned a hobby into a career and has never looked back. Known for having technical chops and a high emotional IQ, he enjoys working with those who prioritize goals and people, while placing egos last. He currently Red Teams for ThreatHound.com, Blue Teams for Bend La Pine Schools, and breaks down software while building up people at OpsecEdu.com. If you want his help or you just need a new InfoSec friend, contact him at JaredFolkins.com. Connect with Jared: LinkedIn - https://www.linkedin.com/in/jared-folkins-b18783179/ Twitter - @JF0LKINS --- Send in a voice message: https://anchor.fm/cyberspeakslive/message
Jamie Schwandt, Major in the Army Reserve, talks about swarm intelligence, swarm learning, red teams, and how they relate to Civil Affairs. We also discuss lessons learned from Ender's Game. Major Schwandt is a prolific writer. Learn more about him and his ideas at https://www.jamieschwandt.com/
Head of Threat Intelligence at Cybereason, Assaf Dahan, shares some fascinating research about the latest cyber security trends.Assaf, shares some of the most notable attacks we’ve seen over the past year, which techniques were used, what were the attackers after and what you need to know about how to protect yourself from such attacks. We also discuss how the criminals are collaborating and what makes Israel a leader in cyber innovation.Assaf has over 15 years in the InfoSec industry. He started his career in the Israeli Military 8200 Cyber Security unit where he developed extensive experience in offensive security. Later in his career he led Red Teams, developed penetration testing methodologies, and specialized in malware analysis and reverse engineering.
You can use a red team strategy to discover your medical group's weaknesses and to correct them before someone else takes advantage of them.
DEF CON Villagers discuss the future of cybersecurity conferences. Bring the popcorn! Watch and listen to this episode of ITSPmagazine’s Unusual Gathering to hear DEF CON Villagers discuss the future of cybersecurity conferences and the role that hackers have in bringing safety to our digital and connected world. GUESTS Russell Mosley (Blue Team Village) Ariel Herbert-Voss (AI Village) Ted Harrington (IOT Village) HOSTS Sean Martin and Marco Ciappelli Here are some of the things we covered during this conversation: * What does the Circus reference mean? * The evolution of the DEF CON Villages from a handful just a few years ago to a whopping 28 this year. * What happens in the Villages and why are they so special? * What’s with Sean Martin’s green hat? * Blue Teams, Red Teams, bad people, good people, what is a hacker and why has the public gotten the hacking concept all wrong? * Can we make the Villages travel together around the world to educate people outside of the cybersecurity community? Now grab some popcorn, sit back and enjoy the show — and share it with your community! Also, be on the lookout for the Villages Circus; hopefully, it will be coming to your town soon. Watch the video here: https://www.itspmagazine.com/itspmagazine-unusual-gatherings/itspmagazine-talk-show-episode-ii View more An Unusual Gathering Talk Shows from ITSPmagazine here: https://www.itspmagazine.com/unusual-gatherings
This is Mark Miller, Executive Producer. 4 years ago I took over the creation and curation of the OWASP podcast series. In that time, there have been 118 episodes, with a combined listenership of over 269,000 plays. The series began as a way to speak with OWASP project leads and chapters leaders to let the community hear what was being worked on. Gradually, the show has morphed into something broader. Recent broadcasts highlighting the work done in the DevOps and DevSecOps Communities receives well over 2000 listeners per episode. We have helped give exposure to DevSecOps practitioners at major AppSec Conferences in Europe and the United States, I have produced the DevSecOps tracks at RSA Conference in San Francisco and Singapore for the past 3 years, and we've given voice to the security practitioner in lieu of the security vendor through the production of All Day DevOps. This has allowed us to reach out to new communities, a new listenership, interested in hearing how software security is changing from a manual, labor intensive process, to an automated, supply chain solution. Cultural transformation, Continuous Delivery/Continuous integration, Cloud Native Infrastructure, and Site Reliability Engineer are all topics needing coverage if we are to truly build secure software. The future of this podcast series is in focusing on DevSecOps and the practitioners who are willing to share their stories and solutions to the OWASP Community. I'll talk with people like DJ Schleen who runs the DevSecOps initiative at Aetna, John Willis who brought the first DevOps Days to the United States, and Shannon Lietz who has introduced the concept of Red Teams to her colleagues at Intuit. We will continue to highlight OWASP projects and chapters, while having discussions that are inclusive of other communities with different ideas on the future of software security. It's an important transition historically to a safer, more secure world and we want everyone be be a part of it. I hope you stay with us as we begin to explore new voices, expand on existing ideas and highlight the diversity that will truly change our industry. Welcome to the new podcast series, DevSecOps Days.
Red Teams have become a common tool for testing enterprise security. They attempt to penetrate security defenses as if they were hackers with nefarious intent. Atomicorp's Mike Shinn comments that bad security is almost always the result of limited imagination. Red teams are motivated to be creative and determine the best way to circumvent security measures in place, sometimes by any means possible. Mike has been red teaming since the 1990's, before there was a term for the practice. He breaks down how red teams operate, their objectives, the difference between physical and digital vulnerabilities and how constraints can limit their value. He also shares some stories about past red teaming experience. Enjoy!
Sandra Crosswell, CISO/CSO @sonicwall joins the HACKED podcast. We dive deep into Red Teams and all sorts of penetration testing topics. She gives an inside look to her role and the challenges of being the first individual in the seat. Additionally, she shares her thoughts on the talent gap and hiring penetration testers. During Overrated/Underrated, we get her opinion on hacking certifications and black hats moving into corporate roles.
Red Teams. For some, it's the "frenemy". For others, it's the greener grass on the other side of the defence wall. In this episode I spend some time speaking with security consultant Mark Kikta about Red Teaming. Mark has been a Red Teamer for a while and has a lot of experience to share. We talk about a number of different things, share some laughs and try to shed some light on an often misunderstood group. Mark has also graciously offered to hang out in our Slack channel! Just message @mark to get in touch with him if you have questions or just want to say "hey". Some links of interest: CircleCityCon - Seeing Purple Hybrid Security Teams for the Enterprise Time Based Security Slack Sign-Up Link: https://signup.purplesquadsec.com Want to reach out to the show? There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time!Find out more at http://purplesquadsec.com
This week we hear from Dr Jessica Barker about how to think about your company's security from a psychosocial point of view, and from Dr Grigorios Fragkos from DeepRecce about Red Teams and outsourcing your infosec.
This week we hear from Dr Jessica Barker about how to think about your company's security from a psychosocial point of view, and from Dr Grigorios Fragkos from DeepRecce about Red Teams and outsourcing your infosec.
Cybercriminals are brilliant, relentless, and ruthless. So how can organizations hope to fight them? One way is to hire people just like them (minus the ruthless part). A growing wave of companies are using hackers to foil hackers. They unleash “researchers” (aka hackers) to “attack” an organization’s defenses. Some of these companies create their own elite Red Teams of ethical, or white hat, hackers, as they are known. Others commandeer virtual armies of crowd-sourced hackers. The goal is the same: probe for weaknesses that may have escaped the internal security team’s best efforts. Kevin Delaney, senior writer for Connected Futures is joined by Jay Kaplan, CEO of the ethical hacking firm Synack.
Robert P. Seawright is the Chief Investment & Information Officer for Madison Avenue Securities, a boutique broker-dealer and investment advisory firm headquartered in San Diego, California. At Madison, Bob’s role is a thought leader for the firm’s independent advisors, providing counsel and guidance with respect to the latest industry trends, research and best practices. In September of 2014, The Wall Street Journal published a list of fifteen smart people for investors to follow that included Bob, along with Warren Buffett, Howard Marks, William Bernstein and the CFA Institute. Bob is a columnist for Research magazine, a Contributing Editor at Portfolioist as well as a contributor to the Financial Times, The Big Picture, The Wall Street Journal’s MarketWatch, Pragmatic Capitalism, and ThinkAdvisor. Bob’s blog, Above the Market, has received “best of” recognition from a wide variety of sources, including The Wall Street Journal, Financial Planning, the CFA Institute, Insider Monkey, Financial Social Media, and Investment News. He also speaks regularly to a variety of audiences on topics related to finance, investing and the markets. Bob’s Challenge; Sit down and think of a few examples of mistakes you are making. If you liked this interview, check out episode 55 with Morgan Housel, where we discuss finance writing and cognitive biases.
![DEF CON 23 [Audio] Speeches from the Hacker Convention](https://ivyfm.s3.amazonaws.com/i320/160193.jpg)
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Walker-Wiens-Machine-vs-Machine-DARPA-Fully-Automated-CTF.pdf Machine vs. Machine: Inside DARPA’s Fully Automated CTF Michael Walker Program Manager, DARPA/I2O Jordan Wiens CTF A(p|nthro)pologist @vector35.com For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show just how real this is. The teams: we’ll talk about the finalists who prevailed to make it to the CGC final round. Visualization: the product of CTF players working with game designers, this talk will include a live interactive demo of a graphical debugger for everyone that will let an audience follow along in real time. The machines: we’re bringing high performance computing to the DEF CON stage. The event: In 2016, machines will Capture the Flag! Follow DARPA Cyber Grand Challenge on Twitter: #DARPACGC Mike Walker joined DARPA as a program manager in January 2013. His research interests include machine reasoning about software in situ and the automation of application security lifecycles. Prior to joining DARPA, Mr. Walker worked in industry as a security software developer, Red Team analyst, enterprise security architect and research lab leader. As part of the Computer Science Corporation "Strikeforce" Red Team, Mr. Walker helped develop the HEAT Vulnerability Scanner and performed Red Team engagements. Serving as a principal at the Intrepidus Group, Mr. Walker worked on Red Teams that tested America's financial and energy infrastructure for security weaknesses. Also, on the DARPA SAFER Red Team, Mr. Walker discovered flaws in prototype communications technologies. Mr. Walker has participated in various roles in numerous applied computer security competitions. He contributed challenges to DEF CON Capture the Flag (CTF) and competed on and led CTF teams at the highest levels of international competition. Mr. Walker was formerly a mentor of the Computer Security Competition Club at Thomas Jefferson High School for Science and Technology (TJHSST). Jordan started his professional career at the University of Florida where he got to do a little bit of everything security related. His love of CTFs, however, drove him to a job at a government contractor where he honed his reverse engineering and vulnerability research skills. Now, his goal in life is to become a professional CTF e-sports caster so he founded a startup Vector 35 to try to get paid to do stuff with CTFs and gaming.
Synopsis I had the pleasure of sitting down with Nathaniel Dean, someone I had met through a mutual colleague's introduction, and hear about a neat concept that takes the software security program to a new level. Interestingly enough, Nathaniel runs a red team but it's guaranteed to be unlike any red team you've probably ever worked with. The crazy thing? It's working. We talk through the mechanics, psychology, and business implications of what he's driving, and how he's rollig up his sleeves and getting it done which is probably more important than anything else. Jack in and get a 25-minute does of knowledge from someone I know you'll learn something from. Guest Nathaniel Dean - Business Information Security Officer at a major financial institution. Nathaniel has been managing and building programs in this space for a long time, and his experience shows.
© 2020-2025 Ivy Podcast Discovery LLC
