POPULARITY
⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Panelists at the recent Black Hat 2025 USA Conference in Las Vegas included several threat intel experts from security giant Microsoft. Cybercrime Magazine caught up with Travis Schack, principal security researcher, who previously served as CISO for the State of Colorado. In this episode, host Paul John Spaulding is joined by Steve Morgan, Founder of Cybersecurity Ventures and Editor-in-Chief at Cybercrime Magazine, to discuss. The Cybercrime Magazine Update airs weekly and covers the latest news, interviews, podcasts, reports, videos, and special productions from Cybercrime Magazine, published by Cybersecurity Ventures. For more on cybersecurity, visit us at https://cybersecurityventures.com
In this episode, Mike Kosak explains what threat intelligence really is (Mike's former boss said you have to “rub some thinking on it.”), how to define priority intelligence requirements (PIRs), how to treat model, where to find threat intel, and how to keep in actionable with tight feedback loops—not panic. Key takeaways:Threat intel ≠ data. It's analyzed info focused “walls-out” (what's outside your org), then shared clearly so people can act.Start with PIRs. Ask: What are we protecting? What is most valuable to our company? What might threat actors want? How do they operate? What do we need to know to defend? Do this with a broad set of stakeholders, not just the security team.Communicate clearly and with context. Intelligence is only valuable if it's shared in a way others can understand and act on. Avoid overwhelming people with raw data or inducing panic — provide actionable insights that are right-sized for the audience. Mike's advice: “As a threat intelligence analyst, if you're doing your job right, when somebody hears from you they know they need to act on it. You don't want to be the chicken little where you make everybody freak out about everything.”Start small and iterate. Even if you're a one-person team, you can make a big impact. Use free resources (like MITRE ATT&CK, open-source feeds, or even vendor reports), summarize what's relevant, and push that out. Then refine based on feedback—treat it as a continuous cycle, not a one-and-done project. Mike admits, “I always say it's like painting the Golden Gate Bridge. As soon as you get done, you gotta start back at the other end. That's basically what it is.”Mike Kosak is the Senior Principal Intelligence Analyst at Lastpass. Mike references a series of articles he wrote, including “Setting Up a Threat Intelligence Program From Scratch.” https://blog.lastpass.com/posts/setting-up-a-threat-intelligence-program-from-scratch-in-plain-language
How do SOC teams stop threats before they become breaches? In this power-packed episode of our SOC Analyst Essentials series, we uncover the triad every analyst must master: log analysis, vulnerability detection, and threat intelligence. From detecting anomalies in log files to prioritizing high-risk vulnerabilities and leveraging real-world threat intel, this episode dives deep into the day-to-day tools and tactics of top-tier SOC analysts.
In episode 147 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security® (CIS®); and Kaitlin Drape, Hybrid Threat Intelligence Analyst at CIS. Together, they discuss how to actualize threat intel for the purpose of building effective defense programs and operational response plans. Here are some highlights from our episode:01:27. Which two questions you want to answer when providing intelligence on a threat05:19. How to avoid underutilizing or misunderstanding the utility of threat intel13.18. A real-life story from John of when intelligence made a difference in a security incident17:05. The foundation and building blocks of maturing your threat intelligence program22:14. The value of working with non-intelligence groups to formulate effective response plans24:22. CIS's ongoing work to help organizations proactively ingest and use threat intel28:24. How cross-collaboration across an organization brings threat intel into a lifecycle31:01. Kaitlin's work as an exemplar of how to make threat intelligence operational36:20. The ongoing evolution of hybrid threat intel to inform meaningful operational responsesResourcesThreatWA™How Threat Modeling, Actor Attribution Grow Cyber DefensesCountering Multidimensional Threats: Lessons Learned from the 2024 ElectionEpisode 119: Multidimensional Threat Defense at Large EventsSinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ saysIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Cybersecurity leader Nigel Boston joins the Stats On Stats podcast to share how threat intelligence, discipline, and authenticity transformed his career. From warehouse work to leading in cyber, his journey is a testament to intentional growth and giving back to the community.Guest ConnectLinkedIn: https://www.linkedin.com/in/nigelbboston Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks | https://www.codeculturecollective.io Merch: https://www.statsonstats.io/shop LinkTree: https://linktr.ee/statsonstatspodcast Stats on Stats Partners & AffiliatesHacker HaltedWebsite: https://hackerhalted.com/ Use Discount Code: "
You asked, and we answered. This episode of the Adversary Universe podcast takes a deep dive into questions from our listeners. What did you want to know? Well, a lot about adversaries, but also about career paths and the threat intel space. Tune in to hear the answers to questions like: • How did you break into the threat intelligence space? • Who is the first adversary CrowdStrike tracked? • Who is an adversary that keeps you up at night and why? • What was a jaw-dropping moment you experienced in tracking adversaries? • If you didn't work in infosec, what would your dream job be? Thanks to everyone who submitted questions. We'd love to continue hearing from you.
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam discuss the implications of JP Morgan's open letter to SaaS vendors, emphasizing the need for improved security practices in the software industry. They explore the challenges posed by the SaaS model, the importance of collaboration among security practitioners, and Microsoft's initiatives to enhance security. The conversation also highlights a new partnership between Microsoft and CrowdStrike aimed at standardizing threat intelligence naming conventions, showcasing the importance of teamwork in cybersecurity.----------------------------------------------------YouTube Video Link: https://youtu.be/EL0OfDiyQg0----------------------------------------------------Documentation:https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliershttps://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance
Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! On this episode of Storm⚡️Watch, we're breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the CVE program. As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe's ENISA is rolling out the EU Vulnerability Database to ensure regional control, while China continues to operate its own state-mandated systems. Meanwhile, the CVE ecosystem's chronic delays and the NVD's new “Deferred” status for tens of thousands of older vulnerabilities are pushing teams to look elsewhere for timely, enriched vulnerability data. Open-source projects like OSV.dev and commercial players such as VulnCheck and Snyk are stepping up, offering real-time enrichment, exploit intelligence, and predictive scoring to help organizations prioritize what matters most. The result is a fragmented but innovative patchwork of regional, decentralized, open-source, and commercial solutions, with hybrid approaches quickly becoming the norm for defenders worldwide. We're also diving into Imperva's 2024 Bad Bot Report, which reveals that nearly a third of all internet traffic last year came from malicious bots. These bots are getting more sophisticated—using residential proxies, mimicking human behavior, and bypassing traditional defenses. The report highlights a surge in account takeover attacks and shows that industries like entertainment and retail are especially hard hit, with bot traffic now outpacing human visitors in some sectors. The rise of simple bots, fueled by easy-to-use AI tools, is reshaping the threat landscape, while advanced and evasive bots continue to challenge even the best detection systems. On the threat intelligence front, GreyNoise has just launched its Global Observation Grid—now the largest deception sensor network in the world, with thousands of sensors in over 80 countries. This expansion enables real-time, verifiable intelligence on internet scanning and exploitation, helping defenders cut through the noise and focus on the threats that matter. GreyNoise's latest research shows attackers are exploiting vulnerabilities within hours of disclosure, with a significant portion of attacks targeting legacy flaws from years past. Their data-driven insights are empowering security teams to prioritize patching and response based on what's actually being exploited in the wild, not just theoretical risk. We're also spotlighting Censys and its tools for tracking botnets and advanced threats, including collaborative projects with GreyNoise and CursorAI. Their automated infrastructure mapping and pivoting capabilities are helping researchers quickly identify related malicious hosts and uncover the infrastructure behind large-scale attacks. Finally, VulnCheck continues to bridge the gap during the CVE program's uncertainty, offering autonomous enrichment, real-time exploit tracking, and comprehensive coverage—including for CVEs that NVD has deprioritized. Their Known Exploited Vulnerabilities catalog and enhanced NVD++ service are giving defenders a broader, faster view of the threat landscape, often surfacing critical exploitation activity weeks before it's reflected in official government feeds. As the vulnerability management ecosystem splinters and evolves, organizations are being forced to rethink their strategies—embracing a mix of regional, open-source, and commercial intelligence to maintain visibility and stay ahead of attackers. The days of relying on a single source of truth for vulnerability data are over, and the future is all about agility, automation, and real-time insight. Storm Watch Homepage >> Learn more about GreyNoise >>
We dive into the murky case of the alleged Check Point Software breach—what hackers claim they stole, why the company says it's "handled," and why that may not be the whole truth. From admin access screenshots to quiet cover-ups, Darnley unpacks the risks and ask the tough questions security firms don't want you asking. Pour yourself a strong cup and tune in—you'll want to hear what they aren't saying.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
In this episode of Breaking Badness, host Kali Fencl welcomes Wes Young of CSIRT Gadgets and Daniel Schwalbe, CISO and head of investigations at DomainTools, dive into a recent DomainTools Investigations (DTI) analysis involving ValleyRAT and Silver Fox, and how new tools are enabling faster, more accessible analysis for junior and seasoned analysts alike. Whether you're a threat intel veteran or an aspiring analyst, this episode is packed with hard-earned lessons, technical insights, and future-forward thinking. They also unpack the evolution of threat intelligence from early higher-ed days of wiki-scraped snort rules to today's graph-powered AI analysis. Wes shares the origin story behind his platform AlphaHunt, how it's being used to automate and enhance threat detection, and why community sharing remains essential even in an era of advanced tooling.
Grace Chi, co-founder and COO of PulseDive, takes us deep into the often overlooked world of cyber threat intelligence networking. Grace has become a passionate advocate for the human connections that power effective security programs, conducting groundbreaking research on how threat intelligence practitioners share information.What makes this conversation especially valuable is Grace's focus on the practical realities of threat intelligence implementation. She reveals that while formal structure or groups like ISACs provide important frameworks, the most timely and actionable intelligence typically flows through one-to-one relationships and trusted peer networks. These connections become critical during security incidents, when having someone who can provide just-in-time context about a threat can make all the difference between detection and compromise.The discussion tackles common pitfalls in threat intelligence program development, particularly the tendency to invest in platforms without proper implementation planning or ongoing maintenance resources. Grace offers concrete advice for organizations at different maturity levels, emphasizing the importance of starting with clear requirements, assigning dedicated point persons for implementation, and understanding pricing models before making significant investments.For those building threat intelligence capabilities from scratch, this episode provides a roadmap that focuses on identifying organizational pain points, leveraging existing talent, and implementing capabilities incrementally rather than attempting to configure every available feed immediately. Grace also highlights the critical distinction between external intelligence sources and the often-underutilized wealth of internal telemetry and observations.Beyond the tactical aspects, we explore how threat intelligence must be communicated differently to technical teams versus executive stakeholders, and how building a diverse network across multiple channels creates compounding value over time. Whether you're a seasoned security professional or just beginning to explore threat intelligence, this conversation offers insights that will help you build more effective security capabilities through the power of community.
Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro ArmandoCybersecurity is no longer a niche topic—it's a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.Although we weren't there in person this year, we're diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.This year's event, held in Bologna, showcased the growing maturity of Italy's cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it's headed, and why events like ITASEC matter now more than ever.
Send us a textWe dive into the complex world of cybersecurity through the eyes of Jeremy from Intel 471, exploring his journey from journalism to cyber threat intelligence. The discussion encompasses the evolution of cybercrime, the significance of ransomware, and future trends impacting cybersecurity.• Transition from journalism to cyber intelligence • Engaging with threat actors in cyber forums • Overview of Intel 471 and its mission • Ransomware trends and their implications • The intersection of nation-state actors and cybercrime • Impact of law enforcement collaboration on cyber investigations • Predictions for cybersecurity trends in 2025 • Importance of securing exposed attack surfaces • Call to action for increased cyber resilienceSupport the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today
Three Buddy Problem - Episode 13: This is a special edition of the show, featuring Juan Andres Guerrero-Saade's full keynote day remarks at LABScon2024. In this talk, Juanito addresses the current state of the threat intelligence industry, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of disenfranchisement among professionals, the void in meaningful work, and the importance of reclaiming control and value in cybersecurity. Juan emphasizes the need for researchers, journalists, and even VCs, to be the change to reinvigorate the industry and ensure its relevance and impact. Cast: Juan Andres Guerrero-Saade (SentinelLabs). Costin Raiu and Ryan Naraine are listening to this episode.
In this session SecurityWeek speaks to Bennett Pursell, Ecosystem Strategist at the Open Source Security Foundation (OpenSSF) about OpenSSF Siren, a community data-sharing initiative aimed at bolstering the defenses of open source projects worldwide. In this fireside chat, Pursell discusses the origins and goals of OpenSSF Siren, exploring transparent access to data that can help small- and medium-sized businesses during active incidents. Pursell also shares insights on the value of threat intelligence, the shelf life of IOC (indicators of compromise) and how businesses with limited resources can mitigate exposure to risk.(Recorded at SecurityWeek's 2024 Threat Detection & Incident Response Summit)Follow SecurityWeek on LinkedIn
Welcome to Season 3! This week we're bringing you the live recording of our talk at SquadCon during Hack Summer Camp a few weeks back. Our talk was called, “Future Proof Your Career with Cyber Threat Intelligence Techniques.” Many thanks again to the Black Girls Hack Foundation and the SquadCon crew for having us, and to Rebekah Skeete for the killer intro!And, we're fast approaching episode 100 of this podcast! We're doing an AMA with a very special guest host. So, what do you wanna ask us? Email your questions to bareknucklespod@gmail.com, with "AMA" in the subject line. If we air your question, you can expect some special swag your way!
From Private Military Contractors to Mall Cops, the field of security is full of misconceptions, egos, and opportunities to find yourself hung out to dry for other's safety. But when we look behind the curtain into what goes in to threat prevention, we see a much deeper picture. Rob Rawson of Rozin Security joins the show to teach us about the ideas behind effective security, from red teaming, to security breaches, to threat detection and deterrence. Whether on the level of the nation state, a company, community, family, or the individual, we have something to learn about understanding the skills behind securing a location or persons from potential harm, whether it be man made or natural.Rozin Security and their courses can be found at rozinsecurity.com For more from Rob Rawson follow him on LinkedIn: linkedin.com/in/rob-rawsonThis episode has been sponsored by Obsidian Arms, a manufacturer of tools, parts and firearms, as well as operating as an OEM shop for those looking to bring excellence to the market. Their Minnesota-based shop builds and cuts parts out of U.S.-sourced materials. Their gunsmith tools, custom firearms, and capabilities can be found at www.obsidianarms.comSupport the REDACTED Culture Cast at redactedculture.locals.comSSP and boutique products at redactedllc.comFollow us on Instagram at @redactedllc
In this episode, Jacob speaks with cybersecurity researcher Patrick Garrity!Patrick Garrity is a seasoned security researcher at VulnCheck where he focuses on vulnerabilities, vulnerability exploitation and threat actors.In this episode they discuss the importance of integrating threat intelligence into vulnerability management using the Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities Catalog, and the changes in CVSS 4.0!Here are some highlights from the episode:How Exploit Prediction Scoring System (EPSS) can predict exploitationHow vulnerability scanners integrate EPSSCISA's Known Exploited Vulnerabilities (KEV) CatalogThe national security implications of vulnerability managementFollow Patrick on LinkedIn: https://www.linkedin.com/in/patrickmgarrity/VulnCheck Website: https://vulncheck.com/Thanks to our sponsor Keeper Security!Need a FedRAMP authorized Password Manager? See how Keeper can help you comply with CMMC: https://www.keepersecurity.com/cmmc/?utm_source=grcacademy&utm_medium=display&utm_campaign=cmmc_videoStart a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e22&utm_campaign=courses
In this episode of The Gate 15 Interview, Andy Jabbour welcomes Tom Stockmeyer, Cyware's Director, Enterprise East, ISAC's and Federal. Cyber security leader with experience in helping threat sharing communities such as ISACs and ISAOs and their Member companies improve the fidelity of their intel and accelerate threat intel sharing amongst Members. Tom served in the Marine Corps from 1979 to 1983. He has an MBA from the Michael Coles School of Business, Kennesaw University. Tom has held several executive positions, has served on numerous technology Boards. Tom on LinkedIn. In the discussion we address: Tom's background from the Marine Corps to technology, entrepreneurship, to Cyware. Information Sharing successes and challenges, ISACs, ISAOs and Cyware helping to secure organizations across the Fortune 1000 and more. Challenges to effective info sharing. A shoutout to the good work being done at Aviation ISAC. Cyware, continuous innovation and automated collective defense. Long weekends and holiday threats. We play Three Questions and talk microwave food, the Marines, classic rock, classic movies and more! A few references mentioned in or relevant to our discussion include: Cyware Intelligence Sharing is Caring: Collective Defense for a Safer Nation, an article in HS Today by Cyware CEO Anuj Gul, 13 Dec 2023 Cyware Intel Exchange (CTIX) Cyware Collaborate (CSAP) Cyware Solutions for ISACs, ISAOs, and CERTs The Gate 15 Interview: Jeff Troy, President, Aviation ISAC, on public service, cybersecurity, understanding threats (and… colonizing the ocean?)
A Concerned Citizen Visits. This "Concerned Citizen"? Well--he also happens to work in Threat Intel. Brett and he sit down for a talk you do not want to miss. Note--there are no Time Stamps this Episode. This is simple a conversation between two Cyber Peeps.
#SecurityConfidential #DarkRhinoSecurity Phillip is an offensive security professional, educator, mentor, author, and frequent public speaker. His passions outside of the technical side of cybersecurity are sharing resources, professional networking, and bringing people together. He is also the host of The Hacker Factory Podcast and his new podcast, the Phillip Wylie Show. Phillip is the concept creator and coauthor of The Pentester Blueprint: Starting a Career as an Ethical Hacker. 00:00 Introduction 00:18 Our Guest 01:45 Phillips Origin Story 04:06 Wrestling a 750 pound bear 07:41 From Wresting to Cyber 10:12 What motivated Phillip to pursue Ethical Hacking? 11:43 Vulnerability management: What are we getting wrong? 14:52 Changing the Mindset 26:51 What is the role of Threat Intel? 28:08 Asset Intel approaches31:05 Ransomware: It's still growing34:35 The Hacker Factory Podcast34:59 The Phillip Wylie Show36:17 News from Phillip37:44 Connecting with Phillip ---------------------------------------------------------------------- To learn more about Phillip visit :https://www.linkedin.com/in/phillipwylie/https://www.thehackermaker.com/Podcasts:https://www.thehackermaker.com/the-hacker-factory-podcast/https://www.thehackermaker.com/phillip-wylie-show/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @OfficialDarkRhinoSecurity Facebook: @Dark-Rhino-Security-Inc Twitter: @darkrhinosec LinkedIn: @dark-rhino-security Youtube: @Dark Rhino Security
Control System Cyber Security Association International: (CS)²AI
Derek is delighted to have Megan Samford joining him today!Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!In today's episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.Show highlights:How Megan's mother helped Megan grow into her full potential.Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.How Megan gained a core foundation for critical infrastructure while doing an internship at the governor's office in 2007.Megan discusses her first encounter with policy work and explains how much she loved it.Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.Why do people like working with Megan professionally?How Megan got to work at GE, and how she ended up working at Schneider Electric.Megan dives into the work she does with ICS4ICS.Megan shares free resources via ICS4ICS for FEMA online incident command system training.Links and resources:(CS)²AI Derek Harp on LinkedInSchneider ElectricMegan Samford on LinkedInICS4ICS training
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 79: Achieving Leadership Roles in an Early Cybersecurity Career with Megan SamfordPub date: 2023-04-25Derek is delighted to have Megan Samford joining him today!Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!In today's episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.Show highlights:How Megan's mother helped Megan grow into her full potential.Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.How Megan gained a core foundation for critical infrastructure while doing an internship at the governor's office in 2007.Megan discusses her first encounter with policy work and explains how much she loved it.Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.Why do people like working with Megan professionally?How Megan got to work at GE, and how she ended up working at Schneider Electric.Megan dives into the work she does with ICS4ICS.Megan shares free resources via ICS4ICS for FEMA online incident command system training.Links and resources:(CS)²AI Derek Harp on LinkedInSchneider ElectricMegan Samford on LinkedInICS4ICS trainingMentioned in this episode:Join CS2AIJoin the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. Preroll MembershipOur Sponsors:We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG CyberThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments 00:00 - Introduction 01:22 - What is Threat Intelligence? 02:17 - How did you get into Threat Intel? 03:20 - All Source vs Threat Intelligence 04:09 - What was the transition into cyber like? 07:03 - What is the salary potential for Threat Intel analysts? 09:00 - What skills do Threat Intel Analysts need? 10:09 - How to answer tough Threat Intel interview questions 10:47 - What does the first day on the job look like? 12:07 - What are the expectations of a Threat Intel Analyst? 13:18 - What expectations should an Intel Analyst have for their employer? 16:51 - Are threat intel feeds valuable? 18:26 - Chris' first big threat intel “win” 22:24 - How have you changed as an analyst over the years? 24:22 - How to stand out in cybersecurity 27:24 - Advice for those breaking into Cyber Threat Intel Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Grit in the context of behavior is defined as “firmness of character; indomitable spirit.” Andres Andreu, a NYC bred leader, has a career built on grit and sheer perseverance with experience spanning from the D.E.A. to corporate America.Co-Host, and cybersecurity sales veteran Doug Gotay and I post up with Andres and talk about overcoming adversary as a youth, his time within the D.E.A., his mastery in the judo philosophy, and traversing his unique skillset and mentality into success in the boardroom. TIMESTAMPS0:03:46 - Reflection on Growing Up in Queens in the 1980s0:07:30 - The Judo Philosphophy: Discussion on Physical and Mental Strength Resilience for Life and Business 0:15:10 - Transitioning from NYC to the DEA 0:19:05 - Reflections on the DEA Hiring Process and Title Three Intercepts0:23:07 - Self-Taught Technology and Creative Problem Solving 0:27:49 - The Origins of Blockchain Technology 0:29:27 - Analytical thinking in Government Investigations 0:31:47 - The Impact of Intelligence Sharing on Drug Enforcement Coordination 0:33:45 - Threat Intelligence and its Role in Cybersecurity 0:36:05 - Proactive Security Strategies 0:38:34 - Understanding the Global Dynamics of Information Sharing 0:40:47 - Human Trafficking and Technology's Role in Prevention 0:43:30 - Analysis of Metadata and Its Impact on Law Enforcement Investigations vs. Cybersecurity Investigations 0:48:52 - Personal Security During Time at the DEA 0:51:01 - The Benefits of Adapting to Different Situations 0:54:39 - The Human Element of Sales 0:56:17 - Understanding the Need for Key Man Insurance Policies 0:58:15 - Executive Kidnapping and the Need for Balance in Business and Physical Fitness 1:01:23 - Executive Protection and Cybersecurity Transitioning 1:04:26 - The need for Soft Skills and Technical Chops 1:07:46 - Finding Balance in Professional Development 1:09:06 - The Importance of Self-Growth and Seeking Help for SuccessSYMLINKSLinkedInGalleryWebsiteDRINK INSTRUCTIONpicEPISODE SPONSORN/ACONNECT WITH USBecome a SponsorSupport us on PatreonFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com
Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Alex Hamerstone, Whitney Phillips, Skyler Tuter. Get ahead of the new PCI requirements PCI 4.0 is coming! Find out how the new requirements will affect your organization's goals and prepare now, with a PCI DSS assessment from TrustedSec. Penetration testing the cloud isn't the same as your network Go to TrustedSec.com to get our guide on how to get the most out of your cloud penetration test. Join the TrustedSec Discord Community TrustedSec is on Discord! Join our server to interact with the security community and the TrustedSec team. Go to discord.gg/trustedsec to join. Stories Title: Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices URL: https://thehackernews.com/2023/01/realtek-vulnerability-under-attack-134.html?m=1 Author: Ravie Lakshmanan Title: Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook URL: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-extract-actionable-intelligence-from-text-based/ba-p/3729508 Author: Vani Asawa Title: Dashlane publishes its source code to GitHub in transparency push URL: https://techcrunch.com/2023/02/02/dashlane-publishes-its-source-code-to-github-in-transparency-push/ Author: Paul Sawers
VIDEO EPISODE HERE. Excellent discussion with security expert, hacker, famous father, husband and former military professional from the UK, GARY RUDDELL. A former Military Intelligence operator turned hacker and Cyber Threat Intelligence specialist, Gary has almost two decades of sec experience across the Government and Finance sectors. He is On a personal mission to educate 25,000 people in cyber-security. More on Gary here. You can join his newsletter here.New Exclusive Content at CCJ PRIME. For less than 1 cup of coffee a month you can have it all. Exclusive videos, in-depth interviews, Premium Resources for Skills training and Brand Building and Brand Protection. CLICK HERE TO SUBSCRIBE to PRIME. https://glow.fm/cybercrimejunkiesprime/. Support the show
Jump in and join the conversation!Get daily cyber threat briefings with Simply Cyber every weekday. https://simplycyber.io/streams for all the details.Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
checkout our website: https://www.brakeingsecurity.com Follow and subscribe with your Amazon Prime account to our Twitch stream: https://twitch.tv/brakesec Twitter: @infosystir @boettcherpwned @bryanbrake @brakesec Find us on all your favorite podcast platforms! Please leave us a 5 star review to help us grow!
In episode 77 of The Cyber5, we are joined by our guest, Eric Lekus, Senior Manager for Threat Intelligence at Deloitte. Eric delivers for Deloitte's internal security team and is not a client-facing consultant. We talk about how to evolve cyber threat intelligence in a SOC environment, beyond basic indicators of compromise (IOC) integration. We discuss the different stakeholders a CTI team has beyond a SOC, but also focus on what a CTI team needs to push and pull from a SOC to be relevant for a broader audience. We also outline success metrics for a CTI team. Four Takeaways: 1. Indicators of Compromise are a Baseline Activity, Not Holistic Threat Intelligence Indicators of compromise consist of known malicious IPs and domains. Stakeholders expect security teams to be doing this as a baseline. However, IPs and domains can change in the matter of seconds so it's not fruitful to only rely on IOCs to be integrated into a SIEM that alerts with other network traffic and logging. 2. A Security Operations Team Already Has A Rich Source of Baseline Activity; Enrich with Threat Intelligence Security teams should be integrating many sources of logging, such as IPs from emails, using threat intelligence to alert on malicious activity. This should then establish two-way communication where a threat intelligence team is pulling information from the SOC to enrich and provide feedback. A SOC team is generally writing tickets for alerts and a threat intelligence team can't just ask for bulk data; therefore automation to integrate into threat intelligence platforms is critical. A SOC analyst will ask, “what's in it for me” and a threat intelligence professional should address this. 3. Threat Intelligence Should be a Separate Entity from the SOC; They Have Numerous Customers The following services are generally associated with cyber threat intelligence teams. Since the SOC is a major stakeholder, the CTI usually has the following functions: Adversary infrastructure analysis Attribution analysis Dark Web tracking Internal threat hunting Threat research for identification and correlation of malicious actors and external datasets Intelligence report production Intelligence sharing (external to the organization) Tracking threat actors' intentions and capabilities Malware analysis and reverse engineering Vulnerability Research and indicator of compromise analysis (enrichment, pivoting, and correlating to historical reporting) 4) Success for Security Teams Means Reducing Risk Through Outcomes Regardless of who the stakeholders are in an organization, improving security should be focused around reducing risk and influencing outcomes for disrupting actors. This should be accomplished in alignment with the executive team and the culture of the organization. Showing how you are reducing risk over time is what makes threat intelligence teams successful in the eyes of business executives.
Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare) Topics: discusses his book, threat intel as a service, why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften the messaging if you have an insider threat team? www.infoseccampout.com for more information about our 2022 conference in Seattle, WA on 26-28 August 2022! Our full 90 minute stream with Jon, including 30 minutes of audio you won't get on the audio podcast is available at the $5 USD Patreon level, or via our VOD at our Twitch Broadcast site (https://twitch.tv/brakesec) Twitch VOD Link: https://www.twitch.tv/videos/1308277609 Thank you to our Patreon and Twitch supporters for their generous donations and subs and bits!
GreyNoise Intelligence, a Washington D.C.-based cybersecurity startup that analyses internet scanning traffic to help organizations separate threats from internet “background noise,” has landed $15 million in Series A funding to expand its threat collection capabilities and help protect organizations from emerging vulnerabilities.
In this episode I talk with David Monnier who is a threat intel expert. We talk about everything from Russia & Ukraine to how his technology is enabling organizations to make educated risk based decisions on how to best secure their environment. This was a fantastic conversation and I hope you enjoy it. If you enjoy the podcast please go leave a review on the platform you listen, like it & share the podcast. You can also follow the podcast on social media at the links below.Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastDavid's Social Media:https://www.linkedin.com/in/davidmonnier/ https://team-cymru.com/Support the show
Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare) Topics: discusses his book, threat intel as a service, why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften the messaging if you have an insider threat team? www.infoseccampout.com for more information about our 2022 conference in Seattle, WA on 26-28 August 2022! Our full 90 minute stream with Jon, including 30 minutes of audio you won't get on the audio podcast is available at the $5 USD Patreon level, or via our VOD at our Twitch Broadcast site (https://twitch.tv/brakesec) Twitch VOD Link: https://www.twitch.tv/videos/1308277609 Thank you to our Patreon and Twitch supporters for their generous donations and subs and bits!
The sky IS NOT falling with this one. Is it important? Yes. Does it highlight an area that's under-researched and likely contains additional attack vectors and techniques? Absolutely. Resourceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629ehttps://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bughttps://github.com/NVISOsecurity/nviso-cti/blob/master/advisories/29052022%20-%20msdt-0-day.mdJohn Hammond's Excellent CVE-2022-30190 VideoBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpov
In episode 73 of The Cyber5, we are joined by Snap Finance Chief Security Officer Upendra Mardikar. We discuss how threat intelligence is used in application programming interface (API) security and development security operations (devsecops). Any organization building an application has data or user-generated content as the primary product. Once connected to customers, consumers, clients, or partners there is a new set of security considerations generated. The API serves as the software intermediary that allows two applications to talk to one another. It's bad enough if an attacker exfiltrates sensitive data, but imagine if they are able to gain visibility to see who is querying for the data held in the application. Imagine if Russia can see who is querying certain individuals in a credit bureau data set. That's a whole other set of problems organizations face. As we've talked about in previous podcasts, devsecops is the security of protecting the software development lifecycle (SDLC). We talk about why API security should be added to the wider MITRE ATT&CK framework and further discuss the impact of organizational immaturity as it relates to tackling API and DevOps security. Five Key Takeaways: 1) APIs are at the Forefront of Digital Transformation and Must be Protected APIs go north/south between the company and customers and east/west establishing interconnectivity between different applications within the enterprise. A giant need exists to go “outside the firewall” to observe threats that are attacking APIs because they are fundamental to many enterprise functions, regardless of industry. 2) API Security is Very Immature in Enterprise Many security practitioners focus on north/south protections of APIs and implement firewalls and DDoS protections to keep intruders out of the environment. However this is a myopic strategy because it does not protect against lateral movement and privilege escalation when an attacker compromises perimeter security. When perimeter security is compromised, protecting east/west APIs becomes critical. We are seeing trends around Zero Trust. Zero Trust is based on the premise that location isn't relevant and users and devices can't be trusted until they are authenticated and authorized. To gain security from a zero trust security model, we must therefore apply these principles to our APIs. This aligns well since modern API-driven software and apps aren't contained in a fixed network — they're in the cloud — and threats exist throughout the application and infrastructure stack. An API-driven application can have thousands of microservices, making it difficult for security and engineering teams to track all development and their security impact. Adopting zero trust principles ensures that each microservice communicates with the least privilege, preventing the use of open ports and enabling authentication and authorization across each API. The end goal is to make sure that one insecure API doesn't become the weakest link, compromising the entire application and data. 3) Integrating API Security into the MITRE ATT&CK Framework API Security is different from traditional application security (OWASP), which is integrated into the MITRE ATT&CK Framework along with attacks on servers, endpoints, and TLS, etc. API security focuses more on the potential attacks of exposed, internet-facing microservices in addition to the business logic. API security primarily focuses on: Users: The most common API vulnerabilities tend to be centered around issues with an authorization that enables access to resources within an API-driven application. Transactions: Ensuring that transport layer security (TLS) encryption is enforced for all transactions between the client and application ensures an extra layer of safety. Since modern applications are built on microservices, software developers should enforce encryption between all microservices. Data: It is increasingly important to ensure sensitive data is protected both at rest and while in motion and that the data can be traced from end-to-end. Monitoring: This means collecting telemetry or meta-data that gives you a panoramic view of an application, how it behaves and how its business logic is structured. 4) Improvements for Threat Intelligence Against APIs of Applications Threat intelligence providers need to go beyond the features of user stories, but also be able to alert and automate when malicious actors are targeting the microservices of APIs as the business logic of these APIs are more central to business operations. 5) Threat Intelligence Should Try to Integrate with Threat Hunting to Conduct Proper Malicious Pattern Matching, Reducing False Positives Pattern matching to detect malicious behavior over legitimate user traffic has evolved over time: Netflow: track network traffic emanating from the routers to the endpoints Applications: track application traffic to deter anomalies of authentication Data: track data flows in motion and at rest in the data lakes Devices: mapping devices to determine proper asset inventory Users: tracking user behavior such as off business hour queries to sensitive databases The industry still needs solutions that detect and correlate these behaviors at scale because thus far this has been extremely fragmented.
@bettersafetynet @infosystir @boettcherpwned @bryanbrake @brakeSec Discord Invite! "please click OK to accept the Code of Conduct in the 'Rules-and-info' channel" https://discord.gg/jhzm4bK9 #AmazonMusic: https://brakesec.com/amazonmusic #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast Apple Podcasts: https://podcasts.apple.com/us/podcast/brakeing-down-security-podcast/id799131292 #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec #Patreon: https://brakesec.com/BDSPatreon #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
There exists a universal no-fix local privilege escalation in Windows domain environments where LDAP signing is not enforced (the default settings). Thanks to the research and open source tools of several researchers, it's now trivial to elevate to SYSTEM on most Windows Operating Systems.Resources:https://github.com/Dec0ne/KrbRelayUphttps://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.htmlhttps://github.com/cube0x0/KrbRelayhttps://github.com/Dec0ne/KrbRelayUpSocial:https://twitter.com/cyberthreatpovhttps://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfw
In episode 71 of The Cyber5, guest Nisos moderator and teammate Matt Brown is joined by security practitioner Matt Nelson. They talk about a recent intelligence blog Matt Nelson wrote about how to operationalize intelligence for the SOC and some outcomes that an incident response team looks for from intelligence. They also talk about how to make intelligence more broadly used for investigations and discuss the intelligence market more holistically. Three Key Takeaways: 1) Threat Intelligence Augments Threat Hunting in the Security Operations Center (SOC) Intelligence requirements are critical throughout the business and not just limited to the SOC. Threat intelligence can be a significant help to the threat hunting and detection team. The outcomes that threat hunting teams generally look for are: Cyber Kill Chain: Analyzing payload, including commands it's running, attack hosting infrastructure, what ports is the infrastructure using to communicate, etc. Target Verification: Identifying who and how they are being targeted and for what intent is often missing context when just looking solely at forensics data. Collection Intent of Attacker: Trying to determine what kinds of data the attackers are aiming for. This is hard to determine simply from forensics data. Target of Opportunity Versus Targeted Attack: Determining if attacks are targeting the many or the select few is critical for defense strategies. If targeting efforts are directed solely at IT personnel with admin access, that's more significant than a “spray and pray” campaign. Outcomes: Outlining detections, protection strategies, and awareness campaigns. 2) Evolving Threat Intelligence Beyond the SOC Threat intelligence is not just cyber news or indicators of a compromise (IoC) feed. Threat intelligence is useful for insider threat, fraud, platform abuse, corporate intelligence, and supply chain risk. 3) Single Data Aggregators for Enterprises (SIEMs, TIPs, MISP) Aren't the Panacea The SIEM is not the greatest place for threat intelligence data because there are too many internal logs that aren't relevant. The TIPs are mostly focused externally and good for IOCs and correlating threat intelligence that's not useful. It's simply repeating what is already known. MISP (https://www.misp-project.org/) is open source but can be effective with the right resources. Data modeling and getting the right taxonomy of the data is the most critical.
In this episode (originally recorded in November of 2021) we speak with Palo Alto Networks, VP of Threat Intel, Ryan Olson. Ryan helps define what threat intelligence actually is and how to get started building a program. He aptly reminds us that producing threat intel for the sake of threat intel is a waste of time. More importantly you first have to ask yourself, “Who's going to be using this information?”.Tweetables“Producing threat intel for the sake of threat intel is a waste of time. What you should be doing is thinking ‘Who's going to take the information that I have produced and use that to make a better decision?' Because that's the goal of threat intelligence, to help a system, or a person, or a team, or a company make better decisions that will help secure them better.” — Ryan Olson [0:04:24]“If I could give people one recommendation, if you can get access to your SSL traffic so that you can decrypt it and you can inspect it, you will have a much better chance at detecting bad stuff in your network than you would without it.” — Ryan Olson [0:29:58]Links Mentioned in Today's Episode:Ryan Olson on LinkedInUnit 42Unit 42 on TwitterUnit 42 Palo Alto Networks CareersComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Neil Clausen, regional CISO for Mimecast in Boston joins the podcast this week to take us through SIEM detection strategies, the best use of threat intel, running tabletop exercises, and Purple Teaming. Neil is seasoned security practitioner, who along with his leadership role at Mimecast lectures at Northeastern University College onDatabase Management, Security, and other IT-related courses. He's also been on advisory boards for McAfee and Cisco and has built and managed SOC functions.
https://twitch.tv/brakesec www.brakeingsecurity.com @infosystir on Twitter @bryanbrake @boettcherpwned
Watch the live stream: Watch on YouTube About the show Sponsored by FusionAuth: pythonbytes.fm/fusionauth Special guest: Ian Hellen Brian #1: gensim.parsing.preprocessing Problem I'm working on Turn a blog title into a possible url example: “Twisted and Testing Event Driven / Asynchronous Applications - Glyph” would like, perhaps: “twisted-testing-event-driven-asynchrounous-applications” Sub-problem: remove stop words ← this is the hard part I started with an article called Removing Stop Words from Strings in Python It covered how to do this with NLTK, Gensim, and SpaCy I was most successful with remove_stopwords() from Gensim from gensim.parsing.preprocessing import remove_stopwords It's part of a gensim.parsing.preprocessing package I wonder what's all in there? a treasure trove gensim.parsing.preprocessing.preprocess_string is one this function applies filters to a string, with the defaults almost being just what I want: strip_tags() strip_punctuation() strip_multiple_whitespaces() strip_numeric() remove_stopwords() strip_short() stem_text() ← I think I want everything except this this one turns “Twisted” into “Twist”, not good. There's lots of other text processing goodies in there also. Oh, yeah, and Gensim is also cool. topic modeling for training semantic NLP models So, I think I found a really big hammer for my little problem. But I'm good with that Michael #2: DevDocs via Loic Thomson Gather and search a bunch of technology docs together at once For example: Python + Flask + JavaScript + Vue + CSS Has an offline mode for laptops / tablets Installs as a PWA (sadly not on Firefox) Ian #3: MSTICPy MSTICPy is toolset for CyberSecurity investigations and hunting in Jupyter notebooks. What is CyberSec hunting/investigating? - responding to security alerts and threat intelligence reports, trawling through security logs from cloud services and hosts to determine if it's a real threat or not. Why Jupyter notebooks? SOC (Security Ops Center) tools can be excellent but all have limitations You can get data from anywhere Use custom analysis and visualizations Control the workflow…. workflow is repeatable Open source pkg - created originally to support MS Sentinel Notebooks but now supports lots of providers. When I start this 3+ yrs ago I thought a lot this would be in PyPI - but no
Dale Peterson's guest on the Unsolicited Response show is Sergio Caltagirone, VP of Threat Intel at Dragos. What is good threat intel? How does threat intel "reduce harm by reducing operational meantime to recovery"? Should an asset owner care about the various threat actors named by Dragos, Mandiant and others? Does it matter if it was Petrovite or Erythracite? Why are the top recommendations in Dragos and other threat intel annual reports the typical, same as they always are, recommendations? What is the value if this is the case? What does an asset owner need to have in place to make use of threat intel? How does threat intel deal with the fact we are very bad at calculating or predicting likelihood? Why did you feel the new Journal of Threat Intelligence and Incident Response was needed? Links: Dragos 2021 Year In Review Webinar with Sergio on 2021 Year In Review Sergio's Threat Intel Class at the Threat Intelligence Academy S4x22, April 19-21 in Miami South Beach
Jax Scott has had an incredible career from the front lines in Afghanistan all the way to leading Threat Intel teams in the private sector. Hear her inspiring story.Conversation highlights:The of success for the Cultural Support Leader program in AfghanistanHow Jax started her cyber military careerWhat Electronic Warfare Officers doThe difference between threat intel in the military vs the private sectorWhat it's like to serve in the National Guard and work full-time in the private sectorHow Jax balances her incredibly busy scheduleWhat it's like starting a Woman-Owned Small Business (WOSB) and Service Disabled Veteran Owned Small Business (SDVOSB)Why it's so important to engage policymakers on behalf of the special operations forces (SOF) community________________________________GuestJaclyn (Jax) ScottOn ITSPmagazine
Threat intelligence automation should be how we share, not how “Intel” is produced.Yet, we continue to create more data - generate more noise - introduce more false positive - require more analysis - increase the need for correlation - which, in turn, forces the need for more automation.GuestsCyberSquarePeg (aka Rebecca Ford)On Twitter
In episode 44 of The Cyber5, we are joined by Ronald Eddings. Ron is a Security Engineer and Architect for Marqeta, host of Hack Valley Studio podcast, and a cybersecurity expert and blogger have earned him a reputation as a trusted industry leader. In this episode, we discuss the fundamentals of automating threat intelligence. We focus on the automation and analysis of forensic artifacts such as indicators of compromise and actual attacker behaviors within an environment. We also discuss metrics that matter when the objective is to show progress for a security engineering program. 5 Topics Covered in this Episode: Define the Use Cases: (01:19 - 04:17) For a mature security team, the automation of cyber threat intelligence should start with defining use cases. An enterprise should ask, “What problems am I trying to solve?” Detecting malicious binaries on devices is a good place. For example, let's start with a problem that plagues all organizations: phishing. Creating an inbox for phishing emails is a good first step. Then, an organization needs to make a decision whether to automate the extraction of file hashes, URLs, and IPs for analysis or to direct employees not to click on the link or open the file. Storage and Logging Components that Need to be In Place: (04:17 - 06:59) For security engineering to be effective, data must be available. Security engineers should define a data acquisition strategy by eliciting stakeholder requirements and assessing your collection plan. The right data is often spread across multiple tools and systems. This must be consolidated into one location for automation to be effective. For example, if an organization wants to detect lateral movement from an Advanced Persistent Threat and is only storing a month of Windows event logs, success is unlikely. To be effective, the following logging should be in place: 1) Windows event logs 2) Netflow (which can be expensive) 3) Cloud logs 4) EDR logs from endpoint devices, and 5) VPN and RDP logs. Prioritizing MITRE ATT&CK in Security Engineering: (06:59 - 10:12) When beginning a program, security engineering should resist the temptation to automate APT groups. Instead, they should automate alerts in the reconnaissance stages within MITRE ATT&CK and then work down the cyber kill chain towards exfiltration. Reconnaissance stages are easier to automate and by the time an attack escalates to the lateral movement stage, automation will facilitate and speed human analysis. Security Orchestration and Automated Response (SOAR): (10:12 - 12:00) Python and Go are helpful languages to learn in the SOAR process and useful with incident response. Useful Metrics and What Cannot be Automated in Security Engineering: (12:00 - 19:00) Mean time to detection, response, and remediation are critical metrics for security engineers to measure. Case management systems such as JIRA can facilitate interaction between the security team roles, including SOC, Incident Response, Security Engineering, Threat Hunt, Threat Intel, Vulnerability Management, Application Security, Business Units, and Red Team. Identifying new threats and understanding why a threat occurred is almost impossible to automate and will always require analysis.