Podcasts about secarma

Secarma Head of Testing, Simon Chapman, takes over the hosting duties as the Hacked Off podcast returns. Episode 107 focuses on IoT and the new regulations that are forcing manufacturers to place security at the heart of their devices. Simon interviews Jason Blake, IOT scheme manager at IASME and Jen Williams who heads up consultancy services at Secarma. Jason talks us through the diverse world of IoT devices, from smart letter boxes to B2B moisture content monitors for farmers and explains why the need for tighter security regulation is long overdue. Jen approaches the subject from a consumer perspective and poses the risks of a home network that has dozens of ‘always on' devices connected and the average consumers understanding of this situation. How do we give consumers a confidence around IoT that has perhaps been eroded of late? The panel discuss IASME's IoT Cyber Secure Scheme and why it's one of the simplest ways for manufacturers to give their devices the security health checks that they need. You can find more IoT resources, particularly around the PSTI legislation at https://secarma.com/resources/iot-and-psti/ You can find out more about the IASME IoT scheme on their website at https://iasme.co.uk/internet-of-things/ Or on Secarma's website at https://secarma.com/cybersecurity-services/consultancy/iot-cyber-scheme/

Enjoy this sample of CSO Perspectives, a CyberWire Pro podcast. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. On this episode, host Rick Howard discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles - resilience S1E11: 15 JUN: Cybersecurity first principles - risk S2E3: 03 AUG: Incident response: a first principle idea. S2E4: 10 AUG: Incident response: around the Hash Table.  S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. Other resources: “A BRIEF HISTORY OF SUPPLY CHAIN ATTACKS,” by Secarma, 1 September 2018. “Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers,” by 365 Defender Research Team and the Threat Intelligence Center (MSTIC), Microsoft, 18 December 2020. “A Timeline Perspective of the SolarStorm Supply-Chain Attack,” by Unit 42, Palo Alto Networks, 23 December 2020. “Cobalt Strike,” by MALPEDIA. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 3 June 2014. “Cybersecurity Canon,” by Ohio State University. “FireEye shares jump back to pre-hack levels,” Melissa Lee, CNBC, 23 December 2020. "Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks," by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020. “Orion Platform,” by SolarWinds. “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019.  “Solarstorm,” by Unit 42, Palo Alto Networks, 23 December 2020. “The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Rick Howard, The Cybersecurity Canon Project, 28 January 2015. “Using Microsoft 365 Defender to protect against Solorigate,” by the Microsoft 365 Defender Team, 28 December 2020.

Rick discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles - resilience S1E11: 15 JUN: Cybersecurity first principles - risk S2E3: 03 AUG: Incident response: a first principle idea. S2E4: 10 AUG: Incident response: around the Hash Table.  S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. Other resources: “A BRIEF HISTORY OF SUPPLY CHAIN ATTACKS,” by Secarma, 1 September 2018. “Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers,” by 365 Defender Research Team and the Threat Intelligence Center (MSTIC), Microsoft, 18 December 2020. “A Timeline Perspective of the SolarStorm Supply-Chain Attack,” by Unit 42, Palo Alto Networks, 23 December 2020. “Cobalt Strike,” by MALPEDIA. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 3 June 2014. “Cybersecurity Canon,” by Ohio State University. “FireEye shares jump back to pre-hack levels,” Melissa Lee, CNBC, 23 December 2020. "Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks," by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020. “Orion Platform,” by SolarWinds. “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019.  “Solarstorm,” by Unit 42, Palo Alto Networks, 23 December 2020. “The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Rick Howard, The Cybersecurity Canon Project, 28 January 2015. “Using Microsoft 365 Defender to protect against Solorigate,” by the Microsoft 365 Defender Team, 28 December 2020.

The Hacked Off podcast is back! In this episode, we sit down with Sarah and Sian from the NCSC's CyberFirst initiative to talk about the CyberFirst Girls competition. The National Cyber Security Centre is committed to developing the UK's next generation of IT professionals and has a number of fantastic initiatives designed to introduce 11 – 17 year olds to the fast-paced world of cybersecurity. Because we need the broadest mix of minds to tackle the security threats of tomorrow, and the NCSC’s CyberFirst Girls competition is all about developing that diverse talent pool. The competition is a girls-only event for 12-13 year olds who may be considering a future in cyber, and includes lots of fun activities that will test their problem solving skills to reveal if they have the aptitude required for a career in this exciting industry. Useful Links: Our website: www.secarma.com The latest cybersecurity and tech news: www.secarma.com/news CyberFirst: www.ncsc.gov.uk/cyberfirst/overview The CyberFirst Girls Competition: www.ncsc.gov.uk/cyberfirst/girls-competition Listening time: 37 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

It's the last podcast of the year, so Holly is revisiting some of our key guest interviews from 2020. We also couldn't do a 'A Year in Review' without discussing the impact of the pandemic on business security, and how now is the time to revisit your change management and risk register. Key points: 0'34 Our new training course 4'00 Lockdown and change management 6'49 Time to review the risk register 8'14 Security Awareness Training 10'52 What kind of attacks do we need to worry about? 15'58 Turning off antivirus 17'42 The future of phishing scams Useful Links: Our new training webinars and courses - https://www.eventbrite.co.uk/o/secarma-ltd-31129456455 Jenny Radcliffe's podcast - https://soundcloud.com/hackedoff/044-jenny-radcliffe-hacking-the-human Kevin Fielder's podcast - https://soundcloud.com/hackedoff/061-kevin-fielder-building-security-teams-and-culture Mike Koss's podcast - https://soundcloud.com/hackedoff/047-mike-koss-hear-no-evil-see-no-evil Jame Mckinlay's podcast - https://soundcloud.com/hackedoff/049-james-mckinley-why-i-turned-antivirus-off Listening time: 22 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Generally when you think of eCommerce attacks you probably think of theft of personal information and payment cards, when in fact there are many ways a hacker could attack your online store. Holly Grace discusses the most common threats to eCommerce businesses, and a few you may not have considered before! Key points: 0'47 CIA - Confidentiality, Integrity and Availability 1'38 Denial of Service Attacks 6'43 How to protect your business from Denial of Service Attacks 8'08 Compromising user/administration accounts 11'11 Preventing credential stuffing and horizontal brute force attacks 14'30 Moonpig's breach Listen Time: 18 minutes Host: Holly Grace Williams, MD at Secarma

Application Program Interfaces have increasingly become a target for hackers. With 6 of the OWASP Top 10 vulnerabilities being API related, it is no surprise that OWASP released their first list of API Security Top 10, last year. For those wanting to better understand the process of API penetration testing, Holly Grace takes you through the process, from scoping the job to which vulnerabilities to look out for. 0'16 What is an API? 2'11 Scoping an API test 4'11 Making API testing more efficient 5'54 What vulnerabilities are we looking for? 8'29 Rate limiting 9'52 The Google+ API bug Useful links: OWASP API Security Top 10 - https://owasp.org/www-project-api-security/ Listen Time: 12 minutes Host: Holly Grace Williams, MD at Secarma

Is your online store ready for Black Friday and Christmas shopping? Have you considered how automated bots, fake reviews, plugins and a data breach could wreak havoc over the busiest shopping period of the year? This podcast is a perfect starting point for eCommerce businesses wanting to secure their business ahead of the mad rush! 0'52 Preventing the use of automated bots and buying scripts. 3'33 How to avoid fake reviews 5'45 What we can learn from The British Airways data breach 10'09 Using Sub Resource Integrity(SRI)to prevent malicious scripting attacks 12'12 Be aware of plugins Listening time: 14 minutes Host: Holly Grace Williams, MD at Secarma

This month there has been a lot going on in the world of cybersecurity. With major IT firm Sopra Steria getting hit by a cyberattack, Apple paying out over $250,000 to a team of bug hunters for finding 55 vulnerabilities in Apple systems, as well as the USA indicting 6 Russian Intelligence Officers for a range of attacks such as attacks against the Ukrainian Power Grid and the 2017 NotPetya attack. Key Points: 0'20m Google Project Zero, Zero Days and Chrome Vulns 3'14m Fifty-five Apple Bugs and over $250,000 in bounty pay-outs 6'15m Hackney Council Hit by "Hack Attack" 8'06m Six GRU Officers indicted for major hacks 11'00m Sopra Steria hit by cyberattack Useful links: https://chromereleases.googleblog.com/ https://samcurry.net/ Listen Time: 14 minutes Host: Holly Grace Williams, MD at Secarma

Mobile Device Management increases security, reduces risk and plays an important role in Government certified assurance models. Holly Grace discusses the role of device management for Cyber Essentials, and the challenges that come with employees using their own devices at work. Key points: 1'08 What is Mobile Device Management (MDM)? 3'05 Device Management for Cyber Essentials 8'27 Bring your own device (BYOD) 11'30 Passwords, pass codes and pin numbers Listening Time: 14 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

We speak to fellow co-worker and Senior Security Consultant at Secarma, Joe Thorpe, who specialises in app testing. He gives us the low down on hacking mobile apps, how they're similar to web apps, which vulnerabilities are most common and how to choose the right testing for your mobile app. Key points: 0'43 What is mobile application testing? 3'43 Similarities to web application testing 4'49 Finding vulnerabilities in mobile apps 7'21 Hacking mobile apps with Frida and bypassing root detection 9'33 Choosing the right kind of testing for you mobile app 13'09 The Tinder app vulnerability 14'48 The most common vulnerabilities Useful links: Mobile App OWASP Top 10 - https://owasp.org/www-project-mobile-top-10/ Mobile Application Testing - https://www.secarma.com/services/penetration-testing/mobile-application-penetration-testing.html Listening Time: 17 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma Guest: Joe Thorpe, Senior Security Consultant at Secarma

In September's Month in Review, Holly Grace is delighted to announce that this month's hacks aren't just all about ransomware! From political motivation to notoriety, she discusses the different kind of motives a hacker may have, and the kind of attacks they might use to get what they want. Key Points: 0'55 Financially Motivated: KuCoin Hack 3'07 Insider Threat: AT&T Hack 7'09 Politically Motivated: Op Payback 12'00 Different types of attacks Listening Time: 16 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

Although perimeter breaking vulnerabilities are quite rare they're certainly not unheard of - Firewalls aren't perfect systems and they can have vulnerabilities too. In this week's episode, Holly Grace looks at some previous critical vulnerabilities in firewalls and tries to highlight some key lessons learned. 4'37 The firewall vulnerability 'BEIGNCERTAIN' 7'22 Protecting your organisation against threat actors gaining internal network access 10'47 How to protect firewall interface Useful link: Firewall Configuration Security Review - www.secarma.com/services/cybersec…urity-review.html Listening time: 14 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

Our latest 'Intro' podcast takes a look at Firewall Security. Holly discusses different types of firewalls, the importance of network segmentation and Firewall Configuration Security Reviews, and how firewalls are targeted during a pentest. 1'30 How firewalls are they targeted during a Penetration Test? 8'29 Network segmentation 11'08 How threat actors jump between networks 13'56 Next Generation Firewalls 19'14 Web Application Firewalls Useful links: Firewall Configuration Security Review - https://www.secarma.com/services/cybersecurity-assessment/firewall-configuration-security-review.html Listening time: 24 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

From bribery to bug bounties! In August's Month in Review podcast, Holly Grace discusses the failed social engineering attack on a Tesla employee, and the uproar off the back of Slack's minimal payout to a researcher for a critical security bug. Key points: 1'20 The failed social engineering attack against Tesla 3'05 How to test your organisation against bribery 8'21 Critical security bug discovered through Slack's bug bounty program 10'06 How much is a bug worth? Let us know your thoughts on the Slack Bug Bounty over social media: Twitter - @Secarma LinkedIn - @Secarma Ltd Listening time: 15 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

The OWASP Top 10 is a list of the 10 most common web application vulnerabilities. This podcast provides an introduction to this awareness document, and why it's so beneficial to organisations and their journey to better security. Key Points: 1'00 Who are the Open Web Application Security Project? 2'18 What is the OWASP Top 10? 7'55 The current OWASP Top 10 list 9'04 Why it's such a useful document 10'19 Other 'Top 10' lists 11'27 The OWASP Top 10 isn't the be all and end all! Listening time: 17 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

This podcast provides an excellent introduction to vulnerability scanning, covering how it works and what it tests. It discusses the benefits of vulnerabilities scanning and how alongside penetration testing, can provide an organisation with a more continuous testing model. Key points: 1’34 What is vulnerability scanning? 2’16 What does vulnerability scanning test 9’09 How a scanner grades a vulnerability 11’47 Pentesting v vulnerabilty scanning 14’40 The benefits of vulnerability scanning 24’09 Overview Listening time: 26 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

In Episode 3 Jen and Amber interview Holly Grace Williams. Holly has been in security for 13 years and is currently the technical director of Secarma, a cybersecurity consultancy firm specializing in penetration testing. She has a YouTube channel and blog about security, check them out!YouTube: https://www.youtube.com/channel/UCo8a...Blog: https://gracefulsecurity.com/

In July it was revealed that travel company CWT paid $4.5 million in ransom to cyber criminals. Whilst shocking, ransomware is unfortunately not new and not uncommon. Secarma’s MD, Holly Grace Williams, discusses why ransomware is such a popular option for cyber criminals and how companies can prepare for potential attacks with incident response training. Key Points: 1’05 Paying ransoms 2’00 Why is it always ransomware? 2’40 CWT’s ransom negotiation conversation 5’15 Incident response training for ransomware 10’22 The TikTok ban in the US 12’07 Technically, how would you ban TikTok? 15’09 Coming soon - Secarma Webinars! What content would you like to see in our webinars? Let us know on social or email us at enquiries@secarma.com. https://www.linkedin.com/company/secarma-uk/ https://twitter.com/Secarma Listening time: 18 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

After a brief break, the Hacked Off Podcast is back! If you missed our MD’s Trusted Tech Talks webinar last week, Holly Grace Williams summarises the key points of her presentation, Encryption isn’t Magic: Hackers Can Break It. She discusses why encryption is a little more complex than being on or off and the importance of configuring it correctly. Key points: 0’33 Introduction 4’20 Cyptography lasts a long time 7’44 Grading cryptographic weaknesses 11’30 How quickly can you crack passwords and how much does it cost? 17’45 What other hashes might we commonly come across? 22’45 The problem with password strength meters 24’30 Summary Listening time: 19 minutes Hosted by: Holly Grace Williams, Managing Director at Secarma

In today's episode we talk about penetration testing realism versus efficiency, and why sometimes aiming for a security test that exactly matches the options available to criminals isn't always possible and why sometimes it isn't always desirable. It's all about the context. Key points: 1'05 The motiviation behind an assessment is key 2'10 When realism is key 3'45 when total realism isn't possible 8'40 Technique-orientated vs goal-orientated 14'40 Fix the fundamentals first Listening time: 19 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

In today's episode we talk about incentivising your Security Team and making sure that the defensive team are getting praise for a job well done. As well as noting that the red team's job isn't over when they find a high impact vulnerability. Key Points: 0'49 There's more to staff retention than bonuses 1'40 The problem of the romanticisation of the red team 3'30 Measuring progress in security improvement 4'25 Purple Teaming may help reduce the gap 11'00 Empowering the defensive team 15'15 Measuring offensive teams Links: https://soundcloud.com/hackedoff/009-an-intro-penetration-testing-vs-red-teaming https://soundcloud.com/hackedoff/an-intro-cybersecurity-maturity-assessments Listening Time: 18 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Adam Louca joins us today to talk about how to get the most out of security products, and how to cut through the marketing to find out what works for you! Key Points: 0'30 What is a technologist? 2'05 Why do we have to cut through vendor noise? 4'21 How you can determine the truth of products 9'25 Planning for the unknown 12'00 How to know products are working 19'50 Network segmentation, antivirus, and other specifics 22'40 Gaining internal visibility 31'00 Blame: Users vs Products 34'00 The Security People vs Products Links: Mitre Att&ck Framework: https://attack.mitre.org/ Listening Time: 42 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Kevin Fielder joins us today discussing building security and building security teams. We talk risk appetite, balancing likelihood and impact, and team culture! 1'20 Where to start 4'00 Risk Appetite and moving quickly 11'13 Balancing appetite, likelihood and impact 15'15 Keeping the security team happy 18'45 Team Culture 25'45 Team Development and building Careers 38'25 How DevOps affects building security 48'12 Handling staff retention Listening Time: 54 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Today we have a Marc Avery, Kevin Fielder, and Sean Atkinson discussing how to build a business security strategy. We talk about cyber insurance, operational security, and building security in companies. As well as detours to talk about Equifax getting hit by Hurricane Irma, the problems of working from home, and company culture. 01'00 Guest Introductions 05'10 The security risk of the new baseline 15'00 Real-world attacks vs Click-bait News 18'22 Security Awareness Training for the Home 23'00 Pandemics and Business Continuity Plans 27'00 Risk Lifecycles - Revisiting Risk Exceptions 34'36 Cyber Insurance Benefits and Woes 48'05 Will cybersecurity be a priority in the near future? 52'15 Zero Trust: Marketing and Reality Links: "88% Working from Home" - https://www.gartner.com/en/newsroom/press-releases/2020-03-19-gartner-hr-survey-reveals-88--of-organizations-have-e Munich Massacre - https://www.nytimes.com/2017/08/30/sports/olympics/munich-olympic-massacre-1972-memorial-israeli-athletes.html Equifax Hit by Hurricane Irma - https://gracefulsecurity.com/equifax-breach-timeline/ NCSC Attribution Example - https://www.ncsc.gov.uk/news/russian-military-almost-certainly-responsible-destructive-2017-cyber-attack Listening Time: 60 minutes Host: Holly Grace Williams, Technical Director at Secarma

Mike Jones is a former member of anonymous, a former confidential informant, and is here to talk about building better security. We talk about everything from Cyber Prevent programmes to help people avoid becoming cyber criminals to becoming a better penetration tester. 01'12 Working with Anonymous 03'25 Meeting with the Suits 04'18 Working as a Confidential Informant 16'50 A hacker's impression of the legal system 20'40 Cyber Prevent Programme 25'50 Developing PenTesting Skills 32'20 Covering up breaches and vulnerabilities Listening Time: 44 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Many security guides out there presume that you're implementing security on an existing system or an existing product; look at what has been missed and improving things incrementally - but what if you're building something completely new? If it's a new product or a new company, things can be a different. When you're struggling with security many experts will tell you that you should have started sooner - but where exactly do you start? You can't PenTest a product before you've written your first line of code, so what should you do first? It's difficult to fit it all in without making an episode that goes on for days - but in today's episode Holly Grace looks at some of the common aspects to security starting with design and building up to implementation, and response. 2'35 Testing too late makes it harder 4'15 Design, Implementation, and Protection 5'30 Security Policy: Updates, Passwords, and Authentication 6'45 Awareness Training: Why the policy is that way 10'42 Policies and Implementation not matching 15'10 How frequently should you Pen Test? 19'05 Response: Logs, Alert, and Hunting Links Secarma's Cybersecurity Maturity Assessment - https://www.secarma.com/services/cybersecurity-assessment/maturity-assessment.html NIST Cybersecurity Framework - https://www.nist.gov/cyberframework NCSC Cyber Assessment Framework - https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework Listening Time: 24 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

In this episode we follow up on recent news events including the Travelex Ransom payment, fraud linked to Covid-19, and US-Cert Guidance on the cyber risks from North Korea - plus Secarma announce a Charity Support Fund. 2'45 Travelex: Paying the Ransom 4'28 Business Continuity and Getting Through Lockdown 5'25 FTC report on Covid-19 Fraud 8'35 Blurring nation states and organised crime 11'10 Cryptojacking Attacks and the ICO 13'33 Extortion Campaigns 16'43 Charity Support Fund Links Charity Support Fund: https://blog.secarma.com/charity-support-fund.html US-Cert Guidance: https://www.us-cert.gov/sites/default/files/2020-04/DPRK_Cyber_Threat_Advisory_04152020_S508C.pdf FTC Report: https://www.ftc.gov/system/files/attachments/coronavirus-covid-19-consumer-complaint-data/covid-19-daily-public-complaints.pdf Listening time: 19 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

We look into the importance of protecting user privacy and the difficulty of anonymising data - both in regards to COVID19 as well as broadly for businesses. Key Points: 0'45 The benefits of location-tracking 3'15 The risks of location tracking 6'36 Reducing risk through pseudonymisation 10'07 The risk of sharing data 12'00 Balancing benefit and protection 14'10 The 5 Data protection questions Listening time: 20 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

In Lockdown Episode 2 we're talking about video conferencing vulnerabilities, staff complacency, and security awareness risks brought on by job role changes. Key Points: 2'00 Zoom under security researcher scrutiny 6'03 Stealing passwords from video-conferences 9'30 Network architecture and working from home 13'05 Staff complacency and risk 14'35 Job role changes and risk 16'12 Attack surface reduction Listening time: 18 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

For this episode we're starting a new mini-series, investigating how recent news events are impacting companies; in part 1 we're looking at performing effective internal infrastructure tests, remotely. Key points: 5'08 Assessing VPN security 6'41 Differences with remote testing 8'30 Our (VOT) Virtual Onsite Testing Solution 9'30 Hackers hacking home WiFi 11'00 Making remote-internal testing effective Download on iTunes: apple.co/2Ji61Ek Listening time: 13 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

What do you do when a pandemic hits and you are forced to send your entire workforce to work from home? Is your business ready for the technical and security risks that comes with that? What have you missed? COVID-19 is presenting organisations with new challenges and testing their business continuity plans. Holly Grace Williams talks about these challenges and a few things you may not have already considered. 1'58 The challenges of working from home 8'43 The perfect time to be hacked 10,27 Phishing 13'38 Events 16'18 Web traffic Download on iTunes: apple.co/2Ji61Ek Listening time: 18 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Secarma's Technical Director, Holly Grace Williams, discusses how threat actors could bypass your wireless security through guest WIFI, pre shared keys, or even enterprise wireless security. She talks about the benefits of network segmentation and how your networks may not be as separate as you think! Key Points: 1'20 Network segmentation 3'38 Technologies to protect wireless networks 5'56 Open wireless networks 11'12 Pre shared keys(PSK) 13'12 Cracking hashes 19'57 Enterprise security Download on iTunes: apple.co/2Ji61Ek Listening time: 25 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

There seems to be a colour for all the different types of cybersecurity teams these days, but is there any value behind these marketing buzzwords and what do they really mean? Holly Grace Williams takes us through the different 'team' definitions and how to look beyond their colourful names! Key Points: 1'41 The difference between penetration testing and red teaming 3'25 Red Teaming and Blue Teaming 4'13 Purple Teaming 9'04 White Teaming 9'56 Gold Teaming 11'19 Looking past the marketing buzzwords! 14'33 TIBER - Threat intelligence based ethical Red Teaming 16'30 Atomic Red Teaming Download on iTunes: apple.co/2Ji61Ek Listening time: 20 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

On Saturday 8th February 2020, Redcar & Cleveland Council was hit with, what is thought to be, ransomware. Holly Grace Williams discusses the wider impact of hacking a council, and the brand damage that can come from this kind of attack. Key points: 1'27 What happened to Redcar & Cleveland Council? 1'50 Do people really understand what ransomware is? 4'll The timing of ransomware attacks 6'44 Why restoring from backup is not always as simple as it sounds 8'17 The wider impact of councils being hacked 13'04 Dealing with brand damage from a breach 21'39 How can you have confidence in an organisation's security? Download on iTunes: apple.co/2Ji61Ek Listening time: 26 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Every year we are asked the question, 'what are your cybersecurity predictions for this year?', but is there really any value in predictions and have cybersecurity threats really changed that much over the years? Holly Grace Williams, takes a look back at last years predictions to see how accurate they really were, and to discusses the most prominent threats for 2020. Key points: 3'35 Cloud outages 4'16 Nation state attacks 4'48 SQL injection 5'26 Supply chain risk 5'52 Ransomware 10'18 Phishing 11'34 Physical Access 19'10 Holly Grace's predictions! Download on iTunes: apple.co/2Ji61Ek Listening time: 21 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Ransomware has been around since the 80's and unfortunately, due to it's effectiveness, it's not going away. Holly Grace Williams's discusses the recent Travelex ransomware attack - what we can learn from it, how to deal with being held to ransom and predictions for the future. Key points: 0'35 The Travelex breach 7'14 A two-part ransomware attack 9'17 Keep your systems up to date! 10'41 Why attackers use ransomware 13'23 Media response following a breach 15'38 What should you do if you're held to ransom? Download on iTunes: apple.co/2Ji61Ek Listening time: 21 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

We are kicking off our new season of the Hacked Off podcast with an interview with Jenny Radcliffe, Founder & Director of Human Factor Security. Jenny speaks to Secarma’s Technical Director Holly Grace Williams, about the fascinating world of social engineering. 0’26 Guest introduction 6’05 Where companies should start with social engineering 9’32 Exploiting the pattern of life 10’56 The importance of pre-engagement research 14’07 Stumbling across other hackers! 18’19 The aim of a physical access test 32’25 Tricks of the trade 47’48 What happens after an engagement Download on iTunes: apple.co/2Ji61Ek Listening time: 60 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma Guest: Jenny Radcliffe, Founder & Director of Human Factor Security

Catch up on November's cybersecurity news with our month in review. From the Labour Party DDoS attack to the phising attack on the new Disney Plus streaming service, Holly Grace William's discuss the importance of balancing user experience and security. 0'32 Cybersecurity highlights of November 1'05 The Labour Party DDoS attack 7'23 The Disney Plus hack 9'46 Password managers 11'48 Balancing user experience and security Download on iTunes: apple.co/2Ji61Ek Listening time: 16 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

'When you're doing a penetration test, do you ever find hackers?' After receiving this question a few times recently, our Technical Director Holly Grace Williams discusses how likely it is for a pentester to discover that an organisation has been breached and how to deal with this situation. Key points: 1'10 What a pentester will do when they discover a beach 1'46 The signs of a breach 3'05 Different ways companies have discovered breaches 7'55 What action to take after discovering you've been compromised 11'44 Creating an Incidence Response Plan Download on iTunes: apple.co/2Ji61Ek Listening time: 16 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

With Black Friday and Cyber Monday only round the corner, Holly Grace Williams talks about cybersecurity during busy retail periods from both a consumer and retailer's point of view. Here's what to keep an eye out for and how to stay safe! 1'49 The NCSC's guidance for Black Friday. 2'47 The kind of phishing attacks consumers need to keep an eye out for. 9'44 Attackers aren't always after your credit card details 10'57 Cybersecurity for retailers around busy retail seasons 12'51 Why your website might be targeted by a DDoS attack. 15'59 Creating an Incident Response Plan 17'20 Security testing in preparation for peak retail periods What are your cybersecurity concerns when shopping online? Let us know your thoughts on Twitter @secarma! Useful links: Black Friday advice from NCSC: https://www.ncsc.gov.uk/blog-post/lets-have-cyber-chat-about-black-Friday DDoS Protected Hosting: https://www.ukfast.co.uk/ddos-protection.html Download on iTunes: apple.co/2Ji61Ek Listening time: 20 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

After running a poll on Twitter earlier in the year asking "Is SMS based multi-factor authentication better than no multi-factor authentication or should it never be used?", Holly Grace Williams discusses the pros and cons of password managers and multi-factor authentication. Key points: 1'15 How passwords managers work 2'21 The concerns with password managers 4'00 Weighing up the risk 6'29 Two-factor authentication 10'10 Two-factor authentication vs two-step authentication 13'00 Googles research: How effective is basic account hygiene at preventing hijacking What are your thoughts on password managers and multi-factor authentication? Lets us know on Twitter @secarma! Download on iTunes: apple.co/2Ji61Ek Listening time: 20 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

There have been a lot of security breaches this month, including NordVPN, Avast and Adobe all falling victim to cyber crime. Holly Grace Williams takes a look at the NordVPN's server breach, what we can learn from it and then discusses why you might want to choose a Virtual Private Network. Key points: 1'03 The NordVPN breach 2'08 Why use a Virtual Private Network? 4'37 Which VPN should you use? 8'43 How NordVPN's breach has impacted the VPN conversation 11'19 What features to look for 13'30 Who is responsible when using a third party provider? 16'00 Summary Download on iTunes: apple.co/2Ji61Ek Listening time: 18 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

How much should you spend on cybersecurity? Whilst there isn't a definitive answer to this question or a one-size-fits all answer, our Technical Director Holly Grace Williams, takes a look at how to measure your risk to determine an answer suitable for your organisation. 0'39 According to statistics... 2'09 Estimating breach costs 6'19 Cybersecurity insurance 7'53 What's your cybersecurity maturity? 9'59 Threat modelling 13'13 What kind of security should you be investing in? Send us you cybersecurity budget questions or thoughts on Twitter @secarma! Useful links: Cybersecurity Maturity Assessment - https://www.secarma.com/services/cybersecurity-assessment/maturity-assessment.html Download on iTunes: apple.co/2Ji61Ek Listening time: 17 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Secarma’s Technical Director Holly Grace Williams, is joined by Secarma’s People & Event manager Lucy Leaper, to discuss some of the most common cybersecurity misconceptions. From money concerns to the ‘it won’t happen to me’ attitude, Holly debunks certain cybersecurity beliefs, which may be leaving your organisation vulnerable. Key points: 1’00 “There’s no ROI with security testing” 5’39 “Cybersecurity isn’t my responsibility” 9’59 “My hosting provider covers our cybersecurity” 13’27 “It won’t happen to me” 20’24 “I’m secure, I’ve had a Pentest” 25’17 What’s the minimum a company can do to be secure? Which misconception do you most commonly hear? Let us know on Twitter @secarma! Download on iTunes: apple.co/2Ji61Ek Listening time: 32 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma Guest: Lucy Leaper, People & Events Manager

Last month an iPhone bootrom exploit dubbed ‘checkm8’ was discovered by researcher axi0mX. This unpatchable vulnerability could give hackers access to iPhones but is it really something we need to be concerned about? 1’40 The new iPhone vulnerability 4’37 Discovering ‘checkm8’ and how it works 11’30 What we can learn from this vulnerability? 13’36 The price of vulnerabilities – bug bounties and brokers 20’53 Which iPhones are affected and how they’re affected 23’21 Is it really something we should be concerned about? What level of confidence do you have in mobile devices? Do you think mobile phones can be trusted? Let us know on Twitter @secarma! Download on iTunes: apple.co/2Ji61Ek Listening time: 26 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

For those who missed The Future of Cyber Security in Manchester this week, our Technical Director Holly Grace Williams, presents her talk on malicious software and how automation will increase the impact of malware attacks. She also discusses the conversation she had with the Q&A panel on cybersecurity insurance. Key points: 1'23 Malicious software hasn't really changed 2'06 A look back on some historical ransomware attacks 3'05 Wannnacry 7'43 Notpetya 14'15 Should cyber insurance be mandatory? 19'20 Self propagating malware 23'37 SamSam Do you think cybersecurity should be mandatory? Let us know on Twitter @secarma! Download on iTunes: apple.co/2Ji61Ek Listening time: 26 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

What does vulnerability management, mean to you? How do you deal with these issues and track this information? Our Technical Director, Holly Grace Williams discusses the process of pulling together vulnerability information and how certain industry scoring systems for vulnerabilities can be misleading. Key points: 0’43 Keeping track of vulnerability information 3’30 Vulnerability aggregation 6’10 Scoring vulnerabilities with CVSS 12’45 ‘High risk’ can mean different things 19’25 Grouping assets into services 27’52 Reporting vulnerabilities to the board 29’24 Tracking vulnerability recurrence We’d love to hear how you’re tracking vulnerability information? Let us know on social via Twitter or LinkedIn! Useful links: Common Vulnerability Scoring Systems version 3.1 - https://www.first.org/cvss/calculator/3.1 OWASP Top 10 - https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Download on iTunes: apple.co/2Ji61Ek Listening time: 36 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

Introducing our new monthly podcast updating you with the latest cybersecurity news, we kick off ‘A Month in Review’ with some security conference controversy! Our Technical Director Holly Grace Williams discusses the BSides Twitter battle about corporate involvement and the controversial talk Crown Sterling presented at Blackhat. Key points: 1’00 The benefits of security conferences 4’29 The ‘Twitter battle’ about corporate involvement at BSides 11’17 Corporate sponsorship for corporate talks 13’34 A controversial "Sponsored Session" at BlackHat 22’26 Vetting sponsored talks and audience participation 23’49 The fallout following BlackHat's "Sponsored Sessions" 29’34 An very brief intro to Cryptography and Quantum How do you think conferences should handle corporate sponsorship? Let us know your thoughts on Twitter @secarma or email us at podcast@secarma.com Download on iTunes: apple.co/2Ji61Ek Listening time: 37 minutes Hosted by: Holly Grace Williams, Technical Director at Secarma

In 2016 it was reported that the Russian government targeted the US election system, and whilst there wasn’t any evidence that votes were tampered with, they could have changed data or even deleted voters. With the start of the US presidential 2020 election campaigns, we take a look at why you’d want to hack an election and the pros and cons of online voting. Key points: 1’00 Why would you want to hack an election? 4’13 The challenges of online voting 8’34 The ‘public intrusion test’ on the Swiss Government’s voting system 15’02 The benefits of online voting 17’24 Electronic voting machines 22’32 The Mueller Report - Russian interference in the 2016 presidential election 27’29 The pros and cons of paper ballets Useful links: Demystifying Tech Podcast: Will the UK ever get to vote electronically? - https://www.businesscloud.co.uk/podcasts/will-the-uk-ever-get-to-vote-electronically Defcon report on Cyber Vulnerabilities in U.S. Election Equipment, Databases, and Infrastructure - https://www.defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf Download on iTunes: apple.co/2Ji61Ek Listening time: 32 minutes For more information, follow us on Twitter @secarma or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

In this week's show host Alistair Hardaker is joined by BusinessCloud's Jonathan Symcox with guest Holly Williams, technical director at cybersecurity firm Secarma and host of the Hacked Off podcast. In this week’s show we discuss: After Apple's admission that it sometimes listens to Siri voice commands, what's the danger of voice assistant eavesdropping? Holly explains the four parts of a Cybersecurity Maturity Assessment, and why every - regardless of size - probably needs one. And finally, as the US pours billions into digital voting tech, will online political voting ever be a reality in the UK? If you enjoy the show, you can find us and subscribe via Apple Podcasts, Spotify, and SoundCloud. ______ http://businesscloud.co.uk Secarma's Blog: https://blog.secarma.co.uk/ Secarma's Hacked Off podcast: https://soundcloud.com/hackedoff

Whilst the British Airways breach of 2018 is 'old news' it has been bought to the fore front of everyone's mind with the recent announcement that they face a record-breaking GDPR fine of £183 million. Secarma's Technical Director discusses what we know about the BA breach, the misconceptions over what may have happened and the remediation steps you can take after a data breach. 2'25 - What happened to British Airways? 13’31 - Attack misconceptions 15’51 - Have there been similar attacks? 21'45 - Can you remove third party scripts? If not what should you do? 22’27 - Are you using Content Security Policy and Sub Resource Integrity? Download on iTunes: apple.co/2Ji61Ek Listening time: 29 minutes For more information, follow us on Twitter @secarma or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

In this week's show host Alistair Hardaker is joined by BusinessCloud's Jonathan Symcox with guest Holly Williams, technical director at cybersecurity firm Secarma and host of the Hacked Off podcast.. In this week’s show we discuss: The founder of MoneySavingExpert, Martin Lewis, has dropped a lawsuit against Facebook in exchange for a new UK scam helpline. Whose responsibility is it to protect people from nefarious online ads? Holly explains pen-testing, and the many ways the professionals of Secarma can test a business' security. Finally, with AI-powered anti-bullying measures being introduced to Instagram, we consider tech as a solution to the very human problem of abuse. _______ Hacked Off: https://soundcloud.com/hackedoff Latest tech news: https://www.businesscloud.co.uk

Secarma’s Technical Director Holly Grace Williams speaks to Mo Ahddoud Security Consultant and interim CISO, about his vast experience in the cybersecurity industry. They cover everything from the difference between a Security Manger and CISO role, the benefits of working with start ups and a little bit about his experience working with critical infrastructure. 0’49 Guest introduction 1’50 The Security Manager role vs the CISO role 4’06 The CISO role in different sectors 10’04 How to separate the snake oil from the useful technology 13’41 The benefits of working with start-up sized vendors 22’40 Tailoring vendor offerings 30’08 To patch or not to patch 36’25 The supply chain risk 46’34 The affect of IOT on critical infrastructure Download on iTunes: apple.co/2Ji61Ek Listening time: 55 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma Guest: Mo Ahddoud, Security Consultant and interim CISO

We talk to Senior Security Consultant Thomas Ballin, on what he thinks are the major facets of red team engagements, how they can differ by provider or scenario, and how he thinks they might evolve over time. 0’32 Thomas’ unconventional route into the cybersecurity industry and his role at Secarma 4’31 The many ‘definitions’ of penetration testing 7’30 The benefits of red teaming and where to start 15’02 The race between attack and defence 20’15 Debriefing after a red team 26’00 The future of red teaming 31’31 What you should do after a red team 37’47 The infrastructure that’s used for red team engagement 41’00 How to become a red teamer! Download on iTunes: apple.co/2Ji61Ek Listening time: 47 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma Guest: Thomas Ballin, Senior Security Consultant at Secarma

We take a look at the history of malicious software, some of the oldest known attacks and how it has changed over the years. Holly also speaks about her own personal experience of the 2017 Notpetya attack and predicts what the future holds for malicious software attacks. It doesn’t look good… 1’22 Different types of malicious software 5’33 The oldest known malware attacks 12’13 Dealing with the Notpetya attack 16’14 Automated propagation 19’24 Manual propagation 20’24 The future of malware 21’47 Why anti-malware isn’t perfect Download on iTunes: apple.co/2Ji61Ek Listening time: 33 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Cybersecurity is just a reality of running a business, yet despite several high profile attacks, it is still being overlooked. In 2017 the cost of cyber attacks to small and medium size businesses amounted to more than £2 million pounds on average per organisation. A pretty sobering thought! Holly Grace Williams is technical director at Manchester-based cybersecurity firm, Secarma. She talks to Trish about the steps businesses can take now to help prevent an attack. There's also the serious chat about Amy, Holly Grace's pet hedgehog! Top takeaways: - The types of phishing attacks - Protecting your business on a budget - Keeping your supply chain secure - Why you need an incident response plan Host: Patricia Keating Guests: Holly Grace Williams, technical director at Secarma www.secarma.com/ Listening Time: 33 mins Follow Tech Manchester: Twitter: @tecmcr LinkedIn: www.linkedin.com/company/techmanchester/ Or visit us at www.techmanchester.co.uk Let us know what you'd like to hear to take your business forward. Don't forget to subscribe and leave us a review.

We share the talk we presented at UKFast’s recent Cybersecurity 101 workshop, in a little more detail, discussing where companies should start with cybersecurity and how they can be comfortable that they have covered a broad enough area of security to be safe. 1’41 What is Cyber Essentials and is it right for your company? 5’57 Risk management – building a security culture and getting the board involved 10’39 Security protections – what you can do yourself and when to get a third party involved 19’43 Incident detection – alert generation, automatic monitoring and training the team 27’57 Minimising impact – response testing and planning, root cause analysis and backups Download on iTunes: apple.co/2Ji61Ek Listening time: 39 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Just 27% of businesses in the UK reported that staff had attended internal or external training on cybersecurity in the last 12 months* and more often than not, what is being taught is either incomplete or no longer relevant. This talk, which our Technical Director Holly Grace Williams presented at InfoSecurity Europe, discusses the miseducation of cybersecurity aspects such as physical security, phishing and malicious websites and why trying to oversimplify security is a part of the problem. Key points: 2’11 Physical access isn’t just tailgating 10’02 ‘Diffused responsibility’ lowers the chance of a challenge 16’49 Phishing isn’t just emails 19’15 HTTPS doesn’t stop phishing 21’19 Identifying suspicious links 23’00 Cross-site scripting 29’29 Password cracking *https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/791940/Cyber_Security_Breaches_Survey_2019_-_Main_Report.PDF Download on iTunes: apple.co/2Ji61Ek Listening time: 36 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Looking to take the first steps to ensuring your business is secure but not sure where to start? Holly Grace takes a fresh look at some basic, fundamental security steps that every business should be adopting. Highlights include: 0’53 Software updates 2’08 Passwords 4’06 Network Segmentation 5’40 Manage out of band 6’26 If you don’t need it, disable it! 8’58 Pre-shared keys 10’09 Network access control 11’15 Credential stuffing 12’50 Restrict user input 15’01 Trust but verify! Download on iTunes: apple.co/2Ji61Ek Listening time: 19 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

We’ve previously discussed the difference between Penetration Testing and Red Teaming, so in this episode we delve a little deeper into the different stages of PenTesting. For organisations who are considering this security assessment, it’s is an excellent starting point to better understand the process. The discussion includes: 2’00 What is a Penetration Test? 3’02 How is it performed? 5’03 An example of a vulnerability: SQL Injection 6’52 What kind of vulnerabilities do we look for? The OWASP top ten* 8’07 What we do when we find a vulnerability 11’50 Reporting after a penetration test *https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Download on iTunes: apple.co/2Ji61Ek Listening time: 15 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

The ‘Internet of Things’ is evolving fast and more and more companies are seeing the value it can bring by increasing business productivity and efficiency. However, adding IOT devices to a company can increase security vulnerabilities in a way that businesses might not have considered. We take a look at hardware hacking as an aspect of penetration testing and how IoT can affect an organisation's security. Key points discussed include: 0’28 Hardware hacking as an aspect of penetration testing 2’31 How you perform hardware testing 07’05 Why should your company be concerned about hardware hacking? 8’58 How is this different to traditional testing? Download on iTunes: apple.co/2Ji61Ek Listening time: 12 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Cloud computing offers many benefits, such as scalability and elasticity; but with new technologies and terminologies some companies worry about the security implications. In this week's episode Holly Grace gives us an intro to Cloud Security Testing perspectives. Here's what she covers: 0’52 Perspectives when looking at Cloud hosted systems 3’15 Where are things the same? 4’41 Where do we start in terms of Cloud security? 6’10 What should we have tested? 6’38 When Cloud has gone wrong! NCSC Cloud Security Guidance: https://www.ncsc.gov.uk/collection/cloud-security Download on iTunes: apple.co/2Ji61Ek Listening time: 11 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

In 2018 it was reported that there had been a 36% increase in total bug bounty payouts*, but does this mean this kind of security testing is best for your business? We take a look at the pros and cons of bug bounty programs and how it compares to penetration testing. Key points include: 1’13 A brief definition of penetration testing and bug bounties 1’53 How the costing works 3’05 The difference between a penetration test and a bug bounty 6’46 The difficulty with reporting bug bounties 7’42 The negatives and positives of the output of both pen testing and bug bounties 9’36 The time Uber was held to ransom by a bug hunter! 14’32 Summary * https://www.bugcrowd.com/resource/2018-state-of-bug-bounty-report/ Download on iTunes: apple.co/2Ji61Ek Listening time: 17 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Security risks aren’t always found through vulnerability scanning and hacking. Holly Grace talks us through how physical access testing and social engineering can be used to demonstrate security risks in a target organisation. This introduction to social engineering talks about how these assessments are performed and their benefits, through some funny on-the-job stories. 1’43 What is social engineering? 3’25 Three common Phishing attacks 7’00 Training staff to recognise the signs of a social engineering 15’40 What is physical access? 17’13 How physical access assessments are performed 28’18 The time Holly got stopped by a security guard! Download on iTunes: apple.co/2Ji61Ek Listening time: 32 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

We’re often asked about the career pathway to becoming an ethical hacker, or penetration tester. So, we thought it would be best to let a current penetration tester share her thoughts on working in the industry. Whether you’re interested in penetration testing, computer science or security in general, Holly Grace's intro to becoming a penetration tester is packed full of tips you can use when getting started in cybersecurity. 1’00 What is a penetration tester? 1’35 What makes a good candidate? 4’10 Paths into pentesting. 5’00 Practising pentesting 6’36 Do I need programming skills? 7’30 The benefits of attending security conferences 8’36 Exams and certifications Useful links: Damn vulnerable web app http://www.dvwa.co.uk/ Download on iTunes: apple.co/2Ji61Ek Listening time: 12 minutes For more information, follow us on Twitter @secarma or @secarlabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

You’ve probably heard of the term ‘penetration testing’ and ‘red teaming’, but are you clear about what they really mean? Our Principal Security Consultant, Holly Grace Williams talks us through the difference between these two security tests, elaborating why you’d choose them, how they work and the benefits of each one. 1’44 What is penetration testing? 3’55 What is a Red Team engagement? 7’42 Summary Download on iTunes: apple.co/2li61Ek Listening time: 9 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Some say education is the most powerful weapon which you can use to change the world, so we brought together two of the most influential educators in cybersecurity. Manchester University’s Academic Cybersecurity Lead and overall cyber enthusiast, Dr Daniel Gideon Dresner, BSc (Hons), FInstISP and our very own Head of Education at Secarma, Paul Mason to discuss all things cyber. From Danny’s first memories of ‘computers’, to finding his first job, learning technical skills, developing frameworks for the government and what’s next in bridging the skills gap. Paul hears what many students, educators, all the way up CEOs will find useful when it comes to why ‘cyber’; although complex it is an interesting area to gain a deeper understanding. This podcast really is for everyone with an interest in cybersecurity. Some of the key points include: 2’00 My first Commodore 64, Star Trek, Hitchhikers Guide and Dr Who 5’00 Astronomy, applied physics and computer science 11’00 How I got into technical writing 13’00 Lord Robertson of NATO and choosing between civil and military 15’00 The National Computing Centre heritage, building security bodies and certification history 28’00 Fighting the corner for small businesses and the importance of Cyber Essentials 35’00 Risk profiling your business 38’50 How I got into teaching security 44’00 ‘Pimping security’ Links you may be interested in: ALGOL 68 - https://en.wikipedia.org/wiki/ALGOL Cyber Essentials - https://www.secarma.com/services/cybersecurity-assessment/cyber-essentials/ Download on iTunes: https://itunes.apple.com/gb/podcast/hacked-off/id1439083220?mt=2 Listening time: 49 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: Dr Daniel Dresner, Academic Co-ordinator for Cybersecurity at the University of Manchester

The risk of a cybersecurity attack on the UK’s critical infrastructure, like the one that hit Ukraine’s energy grid in 2015 and 2016, is growing. With the threat landscape constantly evolving it’s vital for public sector organisations to adopt a robust approach to defending key targets from cyber-attacks. In this episode Paul speaks with Stephen Jewell, Director of UKFast Public Sector, which has worked with Government departments and private industry partners, for more than 18 years. Some of the topics of discussion include: 3’00 Why it’s important to understand the potential damage of a security breach. 7’30 How to make individuals more security aware in the interests of national security. 10’35 The history of Secure Information Assurance (S-IA) and its acquisition by UKFast. 14’55 Pioneering the use of the internet with the Ministry of Defence. 17’04 Developing technology to secure public networks, including the MoD. 29’36 What, or who, are the threats? 30’51 The Norse Threat Map http://www.norse-corp.com/map/ Download on iTunes: apple.co/2Ji61Ek Listening time: 33 minutes For more information, follow us on twitter @Secarma or @SecarmaLabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: Stephen Jewell, Director of UKFast Public Sector

Becoming an Ethical Hacker The cybersecurity industry is working hard to close the skills gap. But, with increasing advancements in technology and a continuously rising number of attacks, the gap is widening. It’s predicted that, by 2022, there will be a shortage of 1.8 million workers in the information security sector. Paul is joined by Gordon, a senior consultant at Secarma, to discuss his path into cybersecurity. Warning – he doesn’t take a direct route! If you're short on time here are some of the key points: 2'46 Hours lost to Command and Conquer! 21'23 What is EternalBlue? 23'41 Metasploit: What type of hacker are you? Run or exploit? 25'41 We all make mistakes, it's how you deal with them that matters. 38'00 Top tips for starting a career in cyber Download on iTunes: apple.co/2Ji61Ek Listening time: 40 minutes For more information, follow us on twitter @Secarma or @SecarmaLabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: Gordon, Senior Consultant, Secarma

Today, women make up 20% of the global cybersecurity workforce. That figure has increased from 11% in 2013, but the numbers are still desperately low. So, why does cybersecurity have such a gender problem? To discuss the issue of diversity in cyber and how to encourage more women into the industry, Paul is joined by Noha Amin, Information Security Awareness Manager at TalkTalk. The key points: 3’00 The main problems with communicating cybersecurity issues with non-technical staff. 12’20 The challenges of being a woman in cybersecurity. 17’50 How does the industry move away from the image of ‘white men in hoodies eating pizza’? 20’35 Why a healthy business ecosystem needs both male and female employees. 24’35 Advice for women wanting to pursue a career in cybersecurity. Download on iTunes: apple.co/2Ji61Ek Listening time: 26 minutes For more information, follow us on twitter @Secarma or @SecarmaLabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: Noha Amin, Information Security Awareness Manager at TalkTalk

Cyber criminals are constantly looking to exploit the weakest link in your chain. Using social engineering, they’re targeting employees, looking to abuse their trust and willingness to help, in order to gain access to sensitive information. Paul Mason is joined by Edward Whittingham, founder of the British Fraud Prevention Partnership (BFPP), to understand how companies can best get to grips with the security risk posed by their staff. Some of the key points of discussion are: 1’48 – The obstacles around staff training 5’00 – What is phishing? 13’37 – The difference between phishing and spear phishing 22’28 – Cybercrime in policing 31’08 – How do you make your employees your strongest defence? Download on iTunes: apple.co/2Ji61Ek Listening time: 36 minutes For more information, follow us on twitter @Secarma or @SecarmaLabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: Edward Whittingham, Founder the BFPP https://www.thebfpp.org/

When it comes to cybersecurity, can you believe everything you read in the news? In the opening episode of Hacked Off, Paul Mason and David Quinn dissect the recent Superdrug breach. They explore how the breach was reported by the media and delve a little deeper to uncover the real takeaway lessons that need to be learned. The discussion then moves on to the issue of password security. What makes a strong password? How can people effectively manage their passwords? There’s even the discussion of what happens to your accounts after you die. It’s more cheery than it sounds, we promise! In this podcast we discuss: 1.48 - How the media report cybersecurity breaches 10.46 - Password advice 22.56 - What happens when I die? Digitally speaking The links we mention: 6.13 - Superdrug breach - https://www.bbc.co.uk/news/business-45265601 8.05 - Check your email against breach lists - https://haveibeenpwned.com/ 15.55 - xkcd comic - https://xkcd.com/936/ 21.35 - Impartial advice on password managers - https://www.techradar.com/uk/news/software/applications/the-best-password-manager-1325845 Download on iTunes: https://apple.co/2Ji61Ek Listening time: 25 minutes For more information, follow us on twitter @Secarma or @SecarmaLabs or email us at podcast@secarma.co.uk Hosted by: Paul Mason, Ethical Hacker & Head of Education at Secarma Guest: David Quinn, Content Marketing Manager at Secarma Listening time: 25 minutes

In May 2017 hundreds of thousands of computers across the world were hit by a massive ransomware attack called Wannacry. The perpetrators encrypted the contents of users' computers and demanded payment to unscramble their data. What made the threat worse was that it had the ability to literally spread virally across the Internet by exploiting connections between computers on networks. But where did it come from, what can we do to mitigate the threat, and who is at risk of attacks like this? Chris Smith, Kate Feller and Andrew Holding put these questions to cybersecurity expert Paul Harris,... Like this podcast? Please help us by supporting the Naked Scientists

In May 2017 hundreds of thousands of computers across the world were hit by a massive ransomware attack called Wannacry. The perpetrators encrypted the contents of users' computers and demanded payment to unscramble their data. What made the threat worse was that it had the ability to literally spread virally across the Internet by exploiting connections between computers on networks. But where did it come from, what can we do to mitigate the threat, and who is at risk of attacks like this? Chris Smith, Kate Feller and Andrew Holding put these questions to cybersecurity expert Paul Harris,... Like this podcast? Please help us by supporting the Naked Scientists

This weeks panellists are: Chris Andrews, UKFast, Daniel Austin, UKFast, Brad Bagherian, Aftershock, Stuart Coulson, Secarma, Steve Gibson, Gibson Strategy,

This weeks panellists are: Chris Andrews, UKFast, Daniel Austin, UKFast, Brad Bagherian, Aftershock, Stuart Coulson, Secarma, Steve Gibson, Gibson Strategy,

Hackers: Protecting Your Business Round Table March 2011. UKFast invited six security experts to its round table event in March to ask: "Should we be afraid of the hacker?" The debate looked at the profile of today's hacker, the common targets of hack attacks and the measures businesses can take to protect themselves. The biggest threat to a firm's security often comes from within - whether it's a sales person accessing the client list or programmers dealing with code. How can businesses guard against the internal dangers, what information do they need to protect and is it possible to prevent hack attacks altogether? Panellists featured: Stuart Coulson, Secarma; Tony Richardson, OCTREE; Dave Whitelegg, ITSecurityExpert Ltd; Neil Lathwood, UKFast; Philippe Jan, Lancaster University; Adam Brown, Quotium Technologies and hosted by Jonathan Bowers for UKFast.

Threats: Who's Most At Risk? Round Table March 2011. The biggest threat to a firm's security often comes from within - whether it's a sales person accessing the client list or programmers dealing with code. How can businesses guard against the internal dangers, what information do they need to protect and is it possible to prevent hack attacks altogether? Ethical hackers, script kiddies and hacktivists - what dangers do they pose to business and which should be feared most? Hacking is becoming more and more common yet the majority of businesses don't have a policy to guard against it. UKFast's "Should we be afraid of the hacker?" Round Table outlines the risks businesses run by ignoring the serious threat. Panellists featured: Stuart Coulson, Secarma; Tony Richardson, OCTREE; Dave Whitelegg, ITSecurityExpert Ltd; Neil Lathwood, UKFast; Philippe Jan, Lancaster University; Adam Brown, Quotium Technologies and hosted by Jonathan Bowers for UKFast.

Hackers Round Table Summaries March 2011. UKFast invited six security experts to its round table event in March to ask: "Should we be afraid of the hacker?" The debate looked at the profile of today's hacker, the common targets of hack attacks and the measures businesses can take to protect themselves. The biggest threat to a firm's security often comes from within - whether it's a sales person accessing the client list or programmers dealing with code. How can businesses guard against the internal dangers, what information do they need to protect and is it possible to prevent hack attacks altogether? Ethical hackers, script kiddies and hacktivists - what dangers do they pose to business and which should be feared most? Hacking is becoming more and more common yet the majority of businesses don't have a policy to guard against it. UKFast's "Should we be afraid of the hacker?" Round Table outlines the risks businesses run by ignoring the serious threat. Panellists featured: Stuart Coulson, Secarma; Tony Richardson, OCTREE; Dave Whitelegg, ITSecurityExpert Ltd; Neil Lathwood, UKFast; Philippe Jan, Lancaster University; Adam Brown, Quotium Technologies and hosted by Jonathan Bowers for UKFast.