Podcasts about threat analysis

In today's episode of the Security Swarm Podcast, Andy and Eric Siron discuss the Monthly Threat Report of August 2024. They cover the aftermath of the CrowdStrike incident, Microsoft's proposed enhancements to improve the security of their ecosystem, as well as the discovery of a vulnerability in AMD processors that could allow persistent malware.  Additionally, they discuss the emergence of new AI jailbreak attacks, which can bypass content restrictions and generate harmful outputs and a VMware ESXi vulnerability that could allow attackers to gain access to virtual machines.  Key Takeaways:  The CrowdStrike incident highlights the need for rigorous software testing. Microsoft is moving forward with some changes and guidance on kernel access as a direct response to the CrowdStrike incident. Researchers have discovered a vulnerability in AMD processors that could allow threat actors to embed persistent malware, underscoring the ongoing battle against advanced threats. The Olympic Games have been the target of dozens of foiled cyberattacks, demonstrating the high-stakes nature of nation-state cyber conflicts. There is a new critical vulnerability in the VMware ESXi Hypervisor that allows authentication bypass. Broadcom has released a patch  Timestamps:  (01:00) CrowdStrike Incident and Lessons Learned   (04:14) Importance of Proper Software Testing and Development Processes  (7:21) Potential Consequences of Rushed Software Updates   (28:18) AI Jailbreak Attacks and Generative AI Risks   (33:43) VMware ESXi Vulnerability and Potential Ransomware Implications   (37:53) Bumblebee Loader and the Threat of Rapid Active Directory Compromise   (39:41) HealthEquity Data Breach and the Normalization of PII Breaches   (40:17) Anonymous Sudan and Their Disruptive DDOS Attacks  (41:54) Cyber Attacks on the Olympic Games and the Role of Nation-State Actors   Episode Resources: Full Monthly Threat Report Podcast episode on Anonymous Sudan AMD CPU Vulnerability Info Webinar where Andy covers the ways threat actors use Generative AI  VMware ESXi Authentication Bypass Exploit Security Swarm Podcast re: threat actor attacks on the Olympic Games

Today's episode of the Security Swarm Podcast is a continuation from last week's episode where Andy and Paul discussed the CSRB's findings on Microsoft's Storm-0558 Breach. In their discussion, they continue picking apart the findings and providing their insights.  Episode Resources: Cyber Safety Review Board Report - https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf 

Where do we stand with UFO disclosure in 2024? Does NHI contact represent a looming threat? On this episode of Conspiracy Theories, we look to the skies with author, television producer, and podcaster Bryce Zabel, answering your most pressing questions on entities that may be visiting our planet. As co-host of Need to Know with Coulthart and Zabel, Bryce gives his firsthand evaluation of whistleblower David Grusch, and so much more. If you are interested in this topic, this episode is a must listen! Check out Bryce's work related to this subject: Book: A.D. After Disclosure: When the Government Finally Reveals the Truth About Alien Contact by Richard M. Dolan and Bryce Zabel Podcast: Need to Know with Coulthart and Zabel Learn more about your ad choices. Visit podcastchoices.com/adchoices

Almost exactly one year after Epik Mellon began, I chat once again with Jeremy Brown of Trinity Cyber about the newest threat landscape, the technology skills gap, and doubling a company's size in a single year. 

Security headlines have been buzzing with major security events this month. In this podcast episode, Andy and Eric Siron discuss Hornetsecurity's Monthly Threat Report, analyzing recent security incidents and sharing expert insights.   Tune in for more information on Lockbit's takedown and its reemergence days later, the CVSS 10 vulnerability in ConnectWise Screenconnect, and the Change Healthcare cyber-attack that has practically paralyzed prescription refills and is likely contributing to numerous deaths in the US.  Timestamps:  3:32 – Hornetsecurity Industry Data Review for Feb 1st to March 1st   14:10 – The “takedown” and re-emergence of LockBit  18:33 – CVSS 10 Vulnerability in ConnectWise ScreenConnect  31:11 – Optum/Change Healthcare Ransomware Attack  Episode Resources: Read the full report  Lockbit Takedown Notice ScreenConnect Vulnerability – CVE-2024-1709 Ransomware Attack on Optum / Change Healthcare 365 Total Protection

We sat down with the Chairman of the Board at itemis inc. and the world-renowned TARA expert to discuss innovations in Threat Analysis, automotive cybersecurity trends, and much more.

We're kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space.  In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group "Homeland Justice" on the Albanian government, and much more!  Episode Resources: Full Monthly Threat Report for January 2024 Annual Cyber Security Report 2024 Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

TechSpective Podcast Episode 122   There are a number of steps involved in cyber threat analysis to review event information and determine which events are benign or innocuous and which are malicious–or at least deserve greater scrutiny. For the most … Using LLMs to Automate and Streamline Cyber Threat Analysis Read More » The post Using LLMs to Automate and Streamline Cyber Threat Analysis appeared first on TechSpective.

Guest:  Kelli Vanderlee, Senior Manager, Threat Analysis, Mandiant at Google Cloud Topics: Can you really forecast threats? Won't the threat actors ultimately do whatever they want? How can clients use the forecast? Or as Tim would say it, what gets better once you read it? What is the threat forecast for cloud environments? It says “Cyber attacks targeting hybrid and multi-cloud environments will mature and become more impactful“ - what does it mean? Of course AI makes an appearance as well: “LLMs and other gen AI tools will likely be developed and offered as a service to assist attackers with target compromises.” Do we really expect attacker-run LLM SaaS? What models will they use? Will it be good? There are a number of significant elections scheduled for 2024, are there implications for cloud security? Based on the threat information, tell me about something that is going well, what will get better in 2024? Resources: 2024 Google Cloud Security Forecast Report EP112 Threat Horizons - How Google Does Threat Intelligence EP135 AI and Security: The Good, the Bad, and the Magical How to Stop a Ransomware Attack Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner  

Guests:  Nelly Porter, Group Product Manager, Google Cloud Rene Kolga, Senior Product Manager, Google Cloud Topics: Could you remind our listeners what confidential computing is? What threats does this stop? Are these common at our clients?  Are there other use cases for this technology like compliance or sovereignty? We have a new addition to our Confidential Computing family - Confidential Space. Could you tell us how it came about? What new use cases does this bring for clients? Resources: “Confidentially Speaking” (ep1) “Confidentially Speaking 2: Cloudful of Secrets” (ep48) “Introducing Confidential Space to help unlock the value of secure data collaboration” Confidential Space security overview “The Is How They Tell Me The World Ends” by Nicole Perlroth NIST 800-233 “High-Performance Computing (HPC) Security: Architecture, Threat Analysis, and Security Posture”

In this episode, we sit down with Jeremy Brown, VP of Threat Analysis at Trinity Cyber, to chat about packets, stopping bad guys, and how anyone with a “troubleshooting mindset” should consider getting into cybersecurity - regardless of where they come from.

Companies, enterprises, entrepreneurs, and individuals face security threats every day, and Tony UcedaVelez has spent over 25 years understanding and dealing with those threats. During this time, he realized that the cybersecurity industry desperately needed a makeover. He created the company, VerSprite, to fill a void in security consulting where most firms continued to sell their services using fear-factor techniques (“You don't want your organization to face an 8-digit hack, do you..”) instead of value-added services.Join Tony and Jim as they discuss the methodology and practices that have brought VerSprite to the forefront of cybersecurity and risk management. They'll talk about managing risk with intention, scaling a cybersecurity services business, and a spiritual approach to leadership with compassion and accountability.3 Key Takeaways:- Don't Let Fear Control You: Sometimes our fear allows us to validate business decisions that turn out to be bad for the company in the long run. - Be tactical and intentional, don't let a knee-jerk reaction be your response when something goes wrong.  - Secure Your Business with Intention: Understand the risk appetite of your company and the threat landscape of your industry. Set up security where the risk is most relevant. You don't need all the bells and whistles that many companies try to scare you into wasting money on. - Bring in the Experts: As entrepreneurs, we have to not only hone our own skills and strengths but know when to delegate tasks to other experts. Bringing on the right people and giving them the right tasks will make or break your business. ResourcesTony's LinkedInVerSprite WebsiteAbout Tony UcedaVélez is the co-creator of the Process for Attack Simulation & Threat Analysis and the CEO of VerSprite. Tony has over 25 years of IT/InfoSec work experience across a vast range of industries. He is also the OWASP leader for Atlanta, GA.If you love what you are getting out of our show please SUBSCRIBE.For more information on how we dig into the dirt check out our other episodes here: https://www.orchid.black/podcastAll contents of this show are rights of Orchid Black©️ and are not to be used unless authorized by written consent.

On the 2nd episode of our podcast spin-off series, The Route to Networking – The Security Vendor Edition, we were joined by our host, Kieran Waite, and our guest Toby Lewis, the Global Head of Threat Analysis at Darktrace.   During this episode, they cover a range of topics from the start of his career through to what his role entails at Darktrace.   Toby also offers some great advice to those who are just starting out or want to start in the Cyber Security industry and says that you might start off in one area of Cyber Security but that doesn't mean you will stay there due to Cyber Security being such a huge domain now.   Learn more from Toby:   https://www.linkedin.com/in/toby-lewis-bb290b64/  Want to stay up to date with new episodes? Follow our LinkedIn page for all the latest podcast updates!Head to: https://www.linkedin.com/company/the-route-to-networking-podcast/Interested in following a similar career path? Why don't you take a look at our jobs page, where you can find your next job opportunity? Head to: www.hamilton-barnes.com/jobs/

Integrity Institute members Alice Hunsberger and Zara Perumal talk about mis- and disinformation: how to recognize it and how to contextualize it, both individually and at scale. Trust in Tech is hosted by Alice Hunsberger, and produced by Talha Baig.Edited by Alice Hunsberger.Music by Jao Shen. Special thanks to Sahar Massachi and C assandra Marketos for their continued support, and to all the members of the Integrity Institute.

HPR News. Threat Analysis; your attack surface. Wireless key fobs compromised in European nations (France, Spain, and Latvia). On October 10, 2022, European authorities arrested 31 suspects across three nations. The suspects are believed to be related to a cybercrime ring that allegedly advertised an “automotive diagnostic solution” online and sent out fraudulent packages to their victims. The fraudulent packages contained malware and once installed onto the victims vehicle, the attackers were able to unlock the vehicle, start the ignition, then steal the vehicle without the physical key fob. European authorities confiscated over €1 million in criminal assets (malicious software, tools, and an online domain). Microsoft Office 365 has a broken encryption algorithm. Microsoft Office 365 uses an encryption algorithm called “Office 365 Message Encryption” to send and receive encrypted email messages. The messages are encrypted in an Electronic Codebook (ECB). The U.S. National Institute of Standards and Technology (NIST) reported, "ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal". Emails can be harvested today then decrypted later for future attacks. User Space. Netflix crackdown on freeloaders. Netflix is testing in Argentina, the Dominican Republic, El Salvador, Guatemala, and Honduras Chile, Costa Rica and Peru different efforts to crackdown on freeloaders. The term “freeloaders” covers the multiple users sharing a single Netflix account from different locations. Netflix plans to charge an additional $3.00 - $4.00 per subaccount. Samsung implements private blockchain to link user devices. While claiming the private blockchain, “has nothing to do with cryptomining”, the Knox Matrix security system links all your devices together in a private blockchain instead using a server based group verification system. The system, Knox Matrix, is suppose to allow devices to “manage themselves” by auto updating, caching updates for other devices then distributing the updates to other devices on the private blockchain. Toys for Techs. Juno Tablet: whois lookup DNS Twister Report Juno Tablet is a Beta product; overall it works with a few bugs. This is a non-refundable product, you will only get store credit. Price: $429.00 USD. Screen Size: 10.1” Screen Type: Full HD IPS screen 1920×1200 Capacitive touch, Capacitive (10-Point) MIPI-DSI. Refresh Rate: 60 Hz. CPU: Intel Jasper Lake Intel Celeron N5100 (4 Cores / 4 Threads) – 1.10GHz (Turbo 2.80 GHz) Graphics: Intel UHD Graphics, Frequency: Base 350 MHz - Max 800 MHz. Ram (SOLDERED): 8GB 2133 MHz LPDDR4. Storage: 256GB, 512GB, 1TB SSD. Chassis: Plastic. Wireless Card: Intel Wireless AC 9460/9560 Jefferson Peak 2.4 and 5GHz + Bluetooth 4.2. Ports: 1x USB3.0 1x Type-C 3.1 (Supports charging + video out) 1x Mini HDMI 1x Micro SD 3.5MM Headphone Jack Built-in Microphone Linux Kernel 5.18+ OS: Manjaro Phosh Manjaro Plasma Mobile Mobian Phosh Windows 11 (Not included – can provide ISO) JingPad A1, It’s the World’s FIRST Consumer-level ARM-based Linux Tablet. JingPad A1 maybe discontinued: https://www.youtube.com/watch?v=cmBG1Sjgsgk Pine64’s Ox64. RISC-V SBC Info: Ram: Embedded 64MB PSRAM Network: 2.4GHz 1T1R WiFi 802.11 b/g/n Bluetooth 5.2 Zigbee 10/100Mbps Ethernet (optional, on expansion board) Storage: on-board 16Mb (2MB) or 128Mb (16MB) XSPI NOR flash memory. microSD - supports SDHC and SDXC Expansion Ports: USB 2.0 OTG port 26 GPIO Pins, including SPI, I2C and UART functionality. Possible I2S and GMII expansion. Dual lane MiPi CSI port, located at USB-C port, for camera module. Audio: mic (optional, on camera module) speaker (optional, on camera module)

Threat Analysis; your attack surface. The Hacker News New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems. A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloads to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos said in a report shared with The Hacker News. Written in GoLang, Alchimist is complemented by a beacon implant called Insekt, which comes with remote access features that can be instrumented by the C2 server.” "Since Alchimist is a single-file based ready-to-go C2 framework, it is difficult to attribute its use to a single actor such as the authors, APTs, or crimeware syndicates." The trojan, for its part, is equipped with features typically present in backdoors of this kind, enabling the malware to get system information, capture screenshots, run arbitrary commands, and download remote files, among others. Alchimist C2 panel further features the ability to generate first stage payloads, including PowerShell and wget code snippets for Windows and Linux, potentially allowing an attacker to flesh out their infection chains to distribute the Insekt RAT binary. The instructions could then be potentially embedded in a maldoc attached to a phishing email that, when opened, downloads and launches the backdoor on the compromised machine. What's more, the Linux version of Insekt is capable of listing the contents of the ".ssh" directory and even adding new SSH keys to the "~/.ssh/authorized_keys" file to facilitate remote access over SSH. The Hacker News Hackers Using Vishing to Trick Victims into Installing Android Banking Malware. Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from the fraudulent websites. The caller, who purports to be a support agent for the bank, instructs the individual on the other end of the call to install a security app and grant it extensive permissions, when, in reality, it's malicious software intended to gain remote access or conduct financial fraud. What's more, the infrastructure utilized by the threat actor has been found to deliver a second malware named SMS Spy that enables the adversary to gain access to all incoming SMS messages and intercept one-time passwords (OTPs) sent by banks. The new wave of hybrid fraud attacks presents a new dimension for scammers to mount convincing Android malware campaigns that have otherwise relied on traditional methods such as Google Play Store droppers, rogue ads, and smishing. The Hacker News 64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan? Founded in 1992, Omnicell is a leading provider of medication management solutions for hospitals, long-term care facilities, and retail pharmacies. On May 4, 2022, Omnicell's IT systems and third-party cloud services were affected by ransomware attacks which may lead to data security concerns for employees and patients. While it is still early in the investigation, this appears to be a severe breach with potentially significant consequences for the company. Omnicell began informing individuals whose information may have been compromised on August 3, 2022. Hackers may be able to access and sell patient-sensitive information, such as social security numbers, due to the time delay between the breach and the company's report of affected patients. The type of information that may be exposed are: Credit card information. Financial information. Social security numbers. Driver's license numbers. Health insurance details. The healthcare industry is one of the most targeted sectors globally, with attacks doubling year over year. And these costs are measured in millions or even billions of dollars - not to mention increased risks for patients' privacy (and reputation). The Washington Post How to protect schools getting whacked by ransomware. Ransomware gangs are taking Americans to school. So far this year, hackers have taken hostage at least 1,735 schools in 27 districts; the massive Los Angeles Unified School District is their latest target. Ransomware hackers breach computers, lock them up, steal sensitive data and demand money to release their hold on organizations’ critical systems. These criminals often attack schools because they are profitable targets. If all ransomware victims refused to pay, the attacks would stop. Indeed, paying up might be illegal: The Treasury Department released guidance last year noting that giving money to global criminal organizations can violate sanctions law. The trouble is, saying no isn’t always easy. Los Angeles didn’t capitulate, and the criminals leaked a trove of data — a consequence that can prove more or less serious depending on the sensitivity of the stolen information. “Because we can,” said a representative of the ransomware gang that took down Los Angeles Unified School District, explaining the collective’s motivations to a Bloomberg News reporter. Schools’ task is to turn “can” to “can’t” — or, at least, to make success pay a whole lot less. CNET News. Verizon Alerts Prepaid Customers to Recent Security Breach. Verizon notified prepaid customers this week of a recent cyberattack that granted third-party actors access to their accounts, as reported earlier Tuesday by BleepingComputer. The attack occurred between Oct. 6 and Oct. 10 and affected 250 Verizon prepaid customers. The breach exposed the last four digits of customers' credit cards used to make payments on their prepaid accounts. While no full credit card information was accessible, the information was enough to grant the attackers access to Verizon user accounts, which hold semi-sensitive data such "name, telephone number, billing address, price plans, and other service-related information," per a notice from Verizon. Account access also potentially enabled attackers to process unauthorized SIM card changes on prepaid lines. Also known as SIM swapping, unauthorized SIM card changes can allow for the transfer of an unsuspecting person's phone number to another phone. From there, the counterfeit phone can be used to receive SMS messages for password resets and user identification verifications on other accounts, giving attackers potential access to any account they have, or can guess, the username for. Consequently, Verizon recommended affected customers secure their non-Verizon accounts such as social media, financial, email and other accounts that allow for password resets by phone.

Emotet is one of the most evasive and destructive malware delivery systems ever to be deployed and has successfully leveraged various techniques to maximize its infection rate and damage impact. Emotet has variously reinvented itself too - making it the chameleon of security threats! In this CyberSecurity Awareness Month special, I am joined by Giovanni Vigna, Head of the NSBU Threat Analysis Unit at VMware, for a deep dive into their brand new research that provides the very latest insights into Emotet's evolution and how to negate this, and other growing risks. We also explore some fantastic non for profit education opportunities in the CyberSecurity field helping to open up opportunities for all. And we would love your thoughts on the show too - thanks for listening! Sally, Giovanni and the #TTT TeamAnd please join us on Twitter to continue the conversation! @techradiotttToday's guest Giovanni on LinkedIn https://www.linkedin.com/in/giovanni-vigna-7881542And our host Prof. Sally Eaves on Twitter @sallyeavesAnd LinkedIn http://www.linkedin.com/in/sally-eaves

In this episode we talk with John Fitzgerald of Active Rehabilitation about growing a remarkable professional practice.Amongst a range of interesting topics, we discuss –Specialising in profitable niche areasBeing nimble enough to handle staff and patient illness throughout COVIDRecruitment, including how to source, employ and train top level graduatesBuilding a first rate culture within the business – this does not happen through accidentJohn also shares some interesting aspects about inducting new team members, developing written procedures for all aspects of client care and the multi-pronged approach used by his team to ensure timely and effective communication.As a regular consumer of their services, John has some words of advice for accounting practitioners seeking to work with business clients.The collaboration software that John mentioned which is used within Active Rehabilitation Therapy is Basecamp, which can be accessed via basecamp.com/.In the interview John also mentioned two books from which he's drawn insights and inspiration, details of which appear below –The Carrot Principle: How the Best Managers Use Recognition to Engage Their People, Retain Talent, and Accelerate Performance, by Adrian Gostick.The Infinite Game: How great businesses achieve long-lasting success, by Simon Sinek.The book Scott mentions during the Coach's Corner segment is –What really happened in Wuhan: A virus like no other; Countless infections; Millions of deaths, by Sharri Makinson.The downloadable Threat Analysis worksheet that Scott mentions during the Coach's Corner segment can be accessed here: slipstreamgroup.com.au/in-the-slipstream-episode-70/.John Fitzgerald's contact details areEmail:                 John.Fitzgerald@activerehab.com.auPhone:               0417 3163 1188Web:                   activerehab.com.auLinked In:            www.linkedin.com/company/active-rehabilitation-physiotherapy/Kirt's contact details areLinkedIn: www.linkedin.com/in/kirtdaunt/Scott's contact details areEmail:                  scott@slipstreamgroup.com.auPhone:                0409 870 330Web:                   www.slipstreamgroup.com.auLinkedIn:           www.linkedin.com/in/scottcharltonTo take an interest in Tim Lane's music, which is featured on the episode:Facebook:         The Backstick Agenda. (Please go and Like this page.)Website:            www.thebackstickagenda.com/To see film clips and to hear Tim's music: https://thebackstickagenda.bandcamp.com/(To purchase Tim's music, you need to register on Bandcamp before you can download.)

Today's Network Break podcast examines a new Broadcom switch ASIC that can support threat analysis, a startup that's challenging the SD-WAN and MPLS markets, Apple's new partner for an emergency SMS service that uses satellites, a great quarter for data center switch revenue, and more IT news. The post Network Break 398: New Broadcom Trident Chip Supports Threat Analysis; Startup Challenges SD-WAN, MPLS appeared first on Packet Pushers.

Today's Network Break podcast examines a new Broadcom switch ASIC that can support threat analysis, a startup that's challenging the SD-WAN and MPLS markets, Apple's new partner for an emergency SMS service that uses satellites, a great quarter for data center switch revenue, and more IT news. The post Network Break 398: New Broadcom Trident Chip Supports Threat Analysis; Startup Challenges SD-WAN, MPLS appeared first on Packet Pushers.

Today's Network Break podcast examines a new Broadcom switch ASIC that can support threat analysis, a startup that's challenging the SD-WAN and MPLS markets, Apple's new partner for an emergency SMS service that uses satellites, a great quarter for data center switch revenue, and more IT news. The post Network Break 398: New Broadcom Trident Chip Supports Threat Analysis; Startup Challenges SD-WAN, MPLS appeared first on Packet Pushers.

This is a free preview of a paid episode. To hear more, visit thenextlevel.thebulwark.comTim, Ted and JVL discuss the risk of radicals in our military, President Biden’s student loan forgiveness announcement, and the spineless nature of Lindsey Graham.Bonus! Watch the gang record this episode here:

Having served 7 years as a US Army intelligence officer, Sarah Ostrowski decided she was ready for a new challenge. Her transition plan included going back to school, however, when the acceptance letters started to arrive, her gut was telling her to go in a different direction. Today she is the Manager of Global Intelligence and Threat Analysis for the Walt Disney Company. Her job search was full of mistakes and blunders, but she used informational interviewing, networking and an engaging, open and honest communication style to ultimately land her role at Disney. Sarah discusses how she showcased her military skills in her interview and as an employee, who was promoted during her first year.For the first four years of her military career, Sarah served as a field artillery officer before moving into the intelligence field. During her service, Sarah noticed the need for better access to quality mental health services. Her interest in pursuing a PhD in the psychology field spurred her toward military separation. During her last deployment with Special Forces, she applied to schools. When the acceptance letters came in, she realized she wasn't 100% sure this was the right path. She made the decision to defer school and seek out other opportunities in the private sector. Her first stop was LinkedIn.As an intelligence officer, Sarah used her intelligence skills to gather intel on LinkedIn. However, you don't have to have a background in intelligence to utilize all the functions of LinkedIn for your job search! She relied heavily on the algorithms already built into the platform during her searches. For example, she searched military intel officer and analyzed the profiles to learn what military intel veterans are doing. If a person continued to work in the intelligence community, she poured over the profile to learn the civilian intelligence language. Her next step was reaching out to individuals for informational interviews. During a late-night job search session on LinkedIn, Sarah came across an intelligence analyst role at Disney. At this point, she didn't have a civilian resume but also knew job postings don't stay live for long. She pulled together a resume that was far from perfect. Knowing her resume was not going to be enough to capture the hiring manager's attention, she did a search on LinkedIn for Disney global team members. She cold messaged every single one of them and was pleasantly surprised at the 50% response rate, including one from the hiring manager himself. Through her conversations, she learned the job posting was intended for an internal candidate but that didn't stop her from asking questions and learning and understanding the company's needs. Not long after, she received a phone call for an interview.Sarah highlights the importance of asking questions, listening and learning how to be a solution for an organization's problems. Through her informational interviews, Sarah formed relationships which overcame her weak resume full of military jargon, acronyms and even a misspelling. Sarah discusses how she identified transferable skills and pitched them in her interview. Skills she cultivated in the military such as building teams and understanding systems and processes felt like soft skills when she applied and wrote her resume. After progressing in her career at Disney, she now realizes the value of those skills and mentors others to showcase them on the resume and in the interview.Please head to the LL4V YouTube channel at https://tinyurl.com/llforvets22 to hear a bonus clip on Sarah's career progression and lessons learned during her first year at Walt Disney Company.You can connect with Sarah on LinkedIn at https://www.linkedin.com/in/sarahostrowski/SUBSCRIBE & LEAVE A FIVE-STAR REVIEW and share this to other veterans who might need help as they transition from the military!

Speaking of Disney, Kane Lynch remarks that “their power and wealth is more like a nation than an entertainment company.” As you'll learn in this episode, they even have a secret police force called Global Intelligence and Threat Analysis. Previously, we explored Disney's role in exporting American capitalism around the globe. This week, Kane joins us again to discuss the corporation's efforts to recapture the whimsy and magic of Walt's legacy while reaching their corporate tentacles across the globe. We also explore the company's shady labor practices, their decisions to move jobs overseas rather than negotiating with striking animators, and their recent involvement in the culture wars with Florida's “Don't Say Gay” bill. Tune in to hear how to company went from exporting right wing capitalist ideology to being canceled by conservatives.Kane Lynch is a cartoonist and educator whose non-fiction and journalism comics and illustrations have appeared on The Nib, Slate, and Psychology Today and in the 2020 graphic novel titled Guantanamo Voices. He has a kids graphic novel coming out in 2024 titled First Steps. Follow him on Instagram and Twitter and check out his website here! Duck Blur30    ml    Shadow Ridge Gin15    ml    St. George Raspberry eau de vie15    ml    Giffard Crème de Peche de Vigne Liqueur    15    ml    Giffard Blue Curaçao 22    ml    Lemon JuiceOptional:    Egg WhiteAdd all ingredients to a shaker tin and fill with cubed ice. Shake vigorously until properly chilled and diluted. Fine strain into a chilled coupe of martini glass. Garnish with a little rubber ducky and smile. If using an egg white, add all ingredients except egg white to one half of a shaker. Add egg white to other shaker tin. Combine both tins and shake hard with ice for about 10 seconds. Strain out ice and shake hard for another 10 seconds. Fine strain into a large coupe or martini-style glass. Garnish with a little rubber ducky and smile.Huge thanks to Jesse Torres for crafting the perfect drink for this story! Support the show

Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare)  Topics: discusses his book,  threat intel as a service,  why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften the messaging if you have an insider threat team? www.infoseccampout.com for more information about our 2022 conference in Seattle, WA on 26-28 August 2022! Our full 90 minute stream with Jon, including 30 minutes of audio you won't get on the audio podcast is available at the $5 USD Patreon level, or via our VOD at our Twitch Broadcast site (https://twitch.tv/brakesec) Twitch VOD Link: https://www.twitch.tv/videos/1308277609 Thank you to our Patreon and Twitch supporters for their generous donations and subs and bits!

Enjoy this exclusive fireside chat with Shane Huntley, head of Google's TAG (Threat Analysis Group). In this session from SecurityWeek's Threat Intelligence Summit, we have a frank discussion on the science of threat intelligence, the cloudy nature of the APT landscape, the surge in big-game ransomware and nation-state malware activity worth tracking.

https://twitch.tv/brakesec www.brakeingsecurity.com @infosystir on Twitter @bryanbrake @boettcherpwned

https://discord.gg/TpZ8nNN4P4     Probability           Unlikely 1 1 2 3 4 5 Possible 2 2 4 6 8 10 Somewhat  likely 3 3 6 9 12 15 Likely 4 4 8 12 16 20 Outcome:  Minor or no damage, first aid injuries 1 Easily repaired damage, recoverable injuries 2 Heavy damage, life-threatening injuries 3 Fatality, localized destruction 4 Multiple fatalities, widespread destruction 5  

InfoSec WOTD is a daily dose of Cybersecurity Terms, Acronyms and Concepts. This PASTA is for a different kind of appetite, the one associated with threats aka #Riskappetite.PASTA is a threat modelling methodology to identify threats in a very systematic way. It stands for Process for Attack Simulation and Threat Analysis , a 7 step risk centric method to identify threats.#INFOSECWOTD

Meteors, Nukes, and a Global Threat Analysis w Steven Ben-Nun Join Johnny Baptist while he discusses the empirical events across the world leading up to World War III, the trickery and deceit of the New World Order, and the bizarre weirdness of the fallen angelic UFO phenomenon as we plunge head first into the forthcoming apocalypse and the Seven Seals of Revelation (chapter 6). Join us tonight for another anointed visit from brother Steven Ben-Nun as he shares reports he has received about an incoming meteor, China and fallen-angel involvment in a nuclear threat, and other global apocalyptic threats. PRAISE GOD. God Bless You - See you there! To sign up for radio show Email Notifications click  Mail Link: http://gem.godaddy.com/signups/185380/join

Anecdotally, most cybersecurity curricula is based on the technical aspects of protecting, defending, and responding to cyber attacks.  While these courses establish a solid foundation in the technical aspects of cybersecurity, what is often missing is establishing a foundation in cybersecurity law. Every individual who puts their hands on a keyboard operates within an uncertain ethical and legal framework. What we do not need is the type of education to produce more lawyers, but rather the type of education to produce more legal-savvy technical workers. Today's tech workers are exposed to more personal information as well as intellectual property – both targets in cyber attacks. They are expected to protect critical infrastructure and design with security "built in." Yet, we do a poor job teaching the legal requirements as well as limitations imposed by law on building in privacy protections.For the past four years, the speaker has taught Cybersecurity Law & Policy to several hundred computer science and engineering students as well as those from business, architecture, technology management, and government policy. I began this course by conducting a data analytics exercise on the NIST NICE Framework to determine what work roles require legal training. The results were quite surprising as even very technical roles such as Threat Analysis and System Architecture require knowledge of laws, policies,and ethics as they relate to cybersecurity and privacy as well as knowledge of investigations.  The feedback from graduating students who take on cybersecurity roles is that they are uniquely qualified to understand the necessity of compliance within their respective roles. This presentation will discuss the basis for legal education as well as a roadmap for how to incorporate such legal education within a cybersecurity curriculum to build the workforce necessary for the current cybersecurity environment. About the speaker: Paula S. deWitte, J.D., Ph.D,. P.E., is an Associate Professor of Practice in the Computer Science and Engineering Department at Texas A&M University, College Station and the Maritime Business Administration Department at Texas A&M University, Galveston where she is building the maritime cybersecurity program. As well, she is an Adjunct Professor of Law at the Texas A&M University Law School, Fort Worth.  She is a licensed attorney (Texas) and a registered patent attorney (USPTO). She holds a Bachelors and Masters from Purdue University where in 2015 she was honored as the Distinguished Alumna in the Department of Mathematics, School of Science.  She obtained her Ph.D. in Computer Science from Texas A&M University (1989) and a law degree from St. Mary's University (2008).  She holds a patent on drilling fluids optimization [US Patent US 8812236 B1]. She teaches Cybersecurity Law, Cybersecurity Risk, and Marine Insurance Law. Her research interests are in those areas as well as in building resilient systems especially in the supply chain.

#TheFamilyMan is an Indian espionage action thriller streaming television series on Amazon Prime Video created, directed, and produced by Raj Nidimoru and Krishna D.K. who also co-wrote the story and screenplay with Suman Kumar, with dialogue penned by Sumit Arora and Suman Kumar. The series features #ManojBajpayee as Srikant Tiwari, a middle-class man secretly working as an intelligence officer for the Threat Analysis and Surveillance Cell (TASC), a fictitious branch of the National Investigation Agency. It also stars Priyamani, Sharad Kelkar, Neeraj Madhav, Sharib Hashmi, Dalip Tahil, Sunny Hinduja and Shreya Dhanwanthary. #SamanthaAkkineni was hired for the second season of the series making her foray into the digital medium. #Priyamani #SharedKelkar #NeerajMadhav #SharibHashmi #DalipTahil #SunnyHinduja #ShreyaDhanwanthary #RajNidimoru #KrishnaDK

Disclosure - The action of making new or secret information known. A fact, especially a secret, that is made known.Defense Officials Know UFOs Are Real, but What Is the Threat? Could there be an alien attack? Find out today, on Conflict Radio.Tony is a writer, media contributor and a master craftsman of light, uponthe shadow of the secret world of the UFO phenomena. He is a surfer of thespiritual Darknet. Tony has appeared on ITV’s This Morning, The One Show, Channel 4, Channel 5 and BBC 2, Sky Arts, Tattoo Fixers, Sony Pictures, E4, BBC Regional & National News and various radio shows across the globe. He is a member of the NUJ.https://www.tonytoppingufos.com/Join this channel to get access to perks:https://www.youtube.com/channel/UCHzWqM_Xm-EgRfwt2cbBAHQ/joinConflict Radio - Episode 98 UFO Disclosure & Alien Threat Analysis with Tony Toppinghttps://conflictradio.net/

In my opinion, it should be done at the vehicle level. Simply put - OEMs know the entire architecture of the car. Whereas if the analysis and assessments are done at the component level, the scope has to be narrowed down. What do you think - when is the best time to complete TARA? #autonomousvehicle #autonomousvehicles #automotiveindustry #autonomousdriving #automotivecybersecurity #automotivesecurity #threatanalysis #threatassessment

Introducing the audio edition of our teissTalk series. Each week we dive into the latest cyber security news with our expert panel and then deep dives into an issue that is vital to the cyber security industry. On this episode: How utilising AI can and will be realistic for any security team in the move toward machine-led securityAI & Data Protection:  The need for explainability and the role of humans in performing ongoing monitoring.Where are the potential risks for organisations who use AI without human intervention in sensitive areas?Host: Jenny Radcliffe, The People HackerGuests: Mishu Rahman, Director of Cyber Security, BNP ParibasReena Shah, Director, Cyber Security Strategy, Culture & Process Optimization, London Stock Exchange GroupReinhard Hochrieser, VP, Global Product Management, JumioArdie Kleijn, Chief Information Security Officer, TransaviaAttend a live teissTalk, for free, by visiting https://www.teiss.co.uk/talk/

Independent Americans is your trusted, independent source for news, politics, culture and inspiration. It’s a smart, fresh, candid perspective you won’t find anywhere else in the media. And we’ll always be grounded in a focus on national security, foreign affairs and domestic threats.  Despite the lack of media coverage, America is still very much at war. While the rest of the media obsesses over Trump’s CPAC appearance, Ted Cruz’s travel, and changes to Mr Potato Head and Dr Seuss, we’re digging into the real and urgent threats facing you, your family and our country.  Why are defense leaders guarding against extremists strikes again this week on/around March 4th? Why that date? What’s the story behind the recent missile strikes in Syria ordered by Biden? What will happen next with Russia after new sanctions? With our country slammed by COVID, will our enemies use this opportunity to strike? Where’s the next hot spot in the world for the US military? Why did Laura Ingraham and Fox News put a target on the back of one of our frequent guests and a decorated Navy veteran? Our host, Army combat veteran and author Paul Rieckhoff (@PaulRieckhoff) is bringing his extensive national security and political expertise to focus this vital episode on the under-reported national security threats that should keep all Americans up at night. It’s a look into the stories that aren’t on the front pages, but probably should be.  And we’re doing a rapid-fire tour of the global landscape with one of our most popular guests of all time: Malcolm Nance (@MalcolmNance). America’s favorite terrorism expert, Malcolm is a decorated military veteran, an astute analyst, and a truth teller, MSNBC’s Terrorism Analysts and a NY Times Bestselling author, the retired Navy Master Chief served as a specialist in Naval Cryptology and was involved in counter-terrorism, intelligence, and combat operations around the world and served as an instructor in Survival, Evasion, Resistance and Escape (SERE) training. He’s also one of the most interesting guys anywhere. The man has stories--and enemies foreign and domestic. That now includes Fox News primetime host, Laura Ingraham.  Last fall, Malcolm joined this show and predicted the kind of post-election violence we saw in Washington on January 6th. Back in Episode 13 and Episode 94, he also predicted national security threats to come. And he joins Independent Americans again now to share some new predictions.  America is more divided than ever before. But Independent Americans is adding light to contrast all the heat of other political shows. Every episode brings the Righteous Media 5 I’s: independence, integrity, information, inspiration and impact--and explores the most pressing issues of the day with leaders who are shaping what America will be in the future.  If you’re among the 40% of Americans who are independent, this is your show. If you’re a Republican or Democratic Party, but you’re not a die-hard partisan, this is your show. If you’re a concerned American who cares about the future of your country, this is your show. All are welcome. And join us for exclusive access and events by becoming a member of the Independent Americans Patreon community. For just $5, you get access to events, our guests, merch discounts and exclusive content.  You can also see video of this conversation with Malcolm Nance and over 100 episodes with leaders from Chuck D to Chuck Hagel; Sarah Jessica Parker to Meghan McCain; Stephen Colbert to Mayor Pete Buttigieg on the Righteous YouTube page. Independent Americans connects, informs and inspires--and is powered by Righteous Media. Stay vigilant, America.  On the web: http://IndependentAmericans.us Twitter: https://twitter.com/indy_americans Youtube: https://www.youtube.com/channel/UCrlrGIJcmgIsJQgOR1ev-ew Instagram: https://www.instagram.com/IndependentAmericansUS Facebook: https://www.facebook.com/IndependentAmericansUS https://youtu.be/ui3YpX5gDPg Learn more about your ad choices. Visit megaphone.fm/adchoices

A special 12-episode series with Women In Cyber at CrowdStrike. Host Hillarie McClure, Multimedia Director at Cybercrime Magazine, goes one-on-one with a cross-section of women working in various cybersecurity roles at CrowdStrike to explore what it’s like to work in one of the fastest growing industries in tech, why your background isn’t a barrier to creating a successful career, and why it’s so crucial we get more women into this field. The world's largest organizations trust CrowdStrike to Stop Breaches. Learn more at crowdstrike.com

To live in the peace of God, we need to do appropriate threat analysis. Hear more about this idea in this message from Ps Nate. The video of this message is available on our YouTube channel.

The Singapore Government announced an Operational Technology Cybersecurity Masterplan in Oct, to secure critical infrastructure services with interconnected devices and computers. In Mind Your Business, Howie Lim and Bernard Lim speak to Mike Beck, Global Head of Threat Analysis at Darktrace to get his insights

Oil and gas rig performance integrity is an extremely important capability that involves risk analysis, threat analysis, failure mode and effect analysis, safety, health, environmental safety, situational awareness, and last, but not least, software quality. Software quality plays a very important role in rig performance, and one that is not fully appreciated. In this episode Don Shafer discusses the challenges, pitfalls, and successes with software quality in the oil patch.Don Shafer is a cofounder of the Athens Group and technical fellow. Don developed Athens Group’s oil and gas practice and leads engineers in delivering software services for exploration, production, and pipeline monitoring systems for clients such as BP, Chevron, ExxonMobil, ConocoPhillips, and Shell. He led groups developing and marketing hardware and software products for Motorola, AMD, and Crystal Semiconductor. Don managed a large PC product group producing award-winning audio components for Apple. From the development of low-level software drivers to the selection and monitoring of semiconductor facilities, he has led key product and process efforts. You can connect with Don here:Email: donshafer@athensgroup.com LinkedIn: Don ShaferWeb Site: Athens GroupAbout PPQC:Process and Product Quality Consulting (PPQC) helps global executives tackle complex corporate challenges.To learn more about PPQC, visit www.ppqc.netSupport the show (https://ppqc.net)

5/31/19 AI in Security; Data Science and Threat Analysis; OGusers Hacked | AT&T ThreatTraq

Olga Polishchuk is a security and intelligence professional with over a decade of experience in corporate security, open source intelligence, threat & risk assessments, and a wide array of physical and information security investigations. Olga serves as the Senior Director in the Threat Analysis and Investigations Unit at LookingGlass Cyber Solutions, focusing on tactical investigations, threat assessments, and strategic intelligence. In her current position, she acutely focuses on expanding clients' understanding of the potential and emerging threats and aids in real-time operational and strategic decisions. Jeremy Haas is the Chief Security Officer at LookingGlass Cyber Solutions, a cybersecurity company that operationalizes threat intelligence and delivers unified threat protection solutions against sophisticated cyber attacks to global enterprises and government agencies. Mr. Haas leads LookingGlass' internal cybersecurity program; the threat research team's collection, threat actor engagement, and analysis activities; and contributes subject matter expertise to customers and the development of products that conduct advanced threat detection and mitigation.

DirtySecurity Podcast: Israel Perez & Wajnih Yassine are The Real CSI Cyber Guys It’s Sunday afternoon, about a quarter past 3.  You are in your backyard with friends and family members… Everyone is relaxed with a refreshing beverage… sharing stories… laughing at jokes… life is good. Then it happens…. You get that call from one of your C-Level Execs That buzz kill moment when you realize extremely sensitive corporate data is now in the hands of a stranger capable of causing significant damage to your corporate reputation.   Your heart races… Your stomach aches… Your head is spins trying to figure out one thing… who am I going to call to help me return my world to normal? In this week’s episode of DirtySecurity, host Edward Preston talks with Cylance Incident Response teammates Israel Perez and Wajih Yassine about the Stages of a Cybersecurity Incident and what their team does to get the world spinning back on its axis again. About Israel Perez Israel is a Consulting Director, IR & Forensics at Cylance. Specializing in incident response, network intrusions, malware reverse engineering and digital forensics. Israel’s expertise with digital forensics has taken him from the Orange County District Attorney’s office, through the ranks at Foundstone and McAfee to Cylance, where he was the very first member of the Incident Response team.  About Wajih Yassine Wajih began his time at Cylance as an intern and quickly moved through the ranks thanks to his stellar work with the Threat Analysis team. He is now a Sr. Incident Response & Forensics consultant with a focus on forensic investigation. About Edward Preston   Edward Preston (@eptrader) has an eclectic professional background that stretches from the trading floors of Wall Street to data centers worldwide. Edward started his career in the finance industry, spending over 15 years in commodities and foreign exchange. With a natural talent for motivating, coaching, and mentoring loyal, goal-oriented sales teams, Edward has a track record for building effective sales teams who have solid communication lines with executive management. Every week on the DirtySecurity Podcast, Edward Preston chats with Cylance’s best and brightest about what is happening in the world of Cybersecurity and the work Cylance is doing to make things better.  Each episode shines a spotlight on the people of Cylance and the work they do with our technology and consulting services to clean up the often dirty world of the data center. To hear more, visit: ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html  iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

Priorities of Survival & Planning Scenarios

Local School Shooting Threat - School Safety- Heartbreaking Change - NK Issues

The Different Prepper Types.

The buzz: Woo woo or woo hoo? Companies like yours across all industry sectors are trying to deal with almost daily security threats to your networks and devices. Can available Security Incident and Event Monitoring (SIEM) analytics tools help you mine and analyze data to protect your vital data from eagerly prying eyes? Ideally, the analytics will enable you to detect and prevent future attacks, recover quickly from present breaches, and learn from past vulnerabilities. Ready for a reality check? The experts speak. Paul Alvarez, EY: “It is amazing what you can accomplish if you do not care who gets the credit” (Harry Truman). Richard McCammon, Delego Software: “Be vigilant, for nothing one achieves lasts forever” (Tahar Ben Jelloun). Gerlinde Zibulski, SAP: “The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge” (Stephen Hawking). Join us for Security Breach Threat Analysis and Intelligence: Just Voodoo or Real Help?

The buzz: Woo woo or woo hoo? Companies like yours across all industry sectors are trying to deal with almost daily security threats to your networks and devices. Can available Security Incident and Event Monitoring (SIEM) analytics tools help you mine and analyze data to protect your vital data from eagerly prying eyes? Ideally, the analytics will enable you to detect and prevent future attacks, recover quickly from present breaches, and learn from past vulnerabilities. Ready for a reality check? The experts speak. Paul Alvarez, EY: “It is amazing what you can accomplish if you do not care who gets the credit” (Harry Truman). Richard McCammon, Delego Software: “Be vigilant, for nothing one achieves lasts forever” (Tahar Ben Jelloun). Gerlinde Zibulski, SAP: “The greatest enemy of knowledge is not ignorance, it is the illusion of knowledge” (Stephen Hawking). Join us for Security Breach Threat Analysis and Intelligence: Just Voodoo or Real Help?